Feeds

Feds mandate 'secure' Windows set-up

One registry setting to rule them all

Choosing a cloud hosting partner with confidence

Changes in US government purchasing policies due to come into effect this summer could have a huge effect on computer security, particularly for Windows desktops.

A White House directive to federal chief information officers issued this week calls for all new Windows PC acquisitions, beginning 30 June, to use a common "secure configuration". Applications (such as anti-virus, email etc) loaded onto systems remain flexible but what will be specified in the registry settings and which services would be turned on or off by default.

Even more importantly, the directive calls for suppliers (integrators and software vendors) to certify that the products they supply operate effectively using these more secure configurations.

The federal government scheme builds on the "comply or don't connect" program of the US Air Force. The principal targets are Windows XP and Vista client systems but the same ideas might be applied in Unix and Windows Servers environments over time. The schedule for introduction gives application developers building applications for Windows Vista to test against. The incentives for developers to get this right will be huge.

"No Vista application will be able to be sold to federal agencies if the application does not run on the secure version of Vista," explained Alan Paller, director of research at The SANS Institute. "XP application vendors will also be required to certify that their applications run on the secure configuration of Windows XP.

Common, secure configurations reduce the effort required to patch systems. Such configurations directly block certain modes of attack. Improved security is likely to save money for application developers and integrators because it reduces support costs in the long-run, Paller told El Reg. "Organizations that have made the move report that it actually saves money rather than costs money."

"The principal frustration has been you can't always patch systems quickly because they might break applications. Software developers point out that they can't test against every different configuration as user might have. From summer developers will be able to make sure their patches work on more securely configured systems, reducing the patching headache and saving costs," he explained.

The purchasing power attached to the $65bn federal IT spending budget means that suppliers will have no choice but to take notice. Paller said the scheme is likely to be adopted by large organisations outside government.

Kit purchased by governments needs to meet common criteria standards and this will remain the case even after the new programme kicks off in the summer. Paller said that common criteria is a measure of the design documentation of products. "This, on the other hand, specifies that the kit will be set up in the right way. The two approaches are complementary but different," he added. ®

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.