Windows 7 from a vendor perspective - a chat with BeyondTrustby Steve Ragan - Nov 18 2009, 22:00
When Symark acquired BeyondTrust, in our opinion, the business deal was one that honestly merged two solid programs into one. BeyondTrust has a good deal of experience with Windows-based security, so we asked them about Microsoft’s newest family member.
As it turns out, Eric Voskuil, BeyondTrust CTO, took the time to answer our questions and offer his thoughts on the new OS, as well as address what the new BeyondTrust is doing now that Windows 7 is official. As we have covered the company (as well as Symark) in the past, we wanted to ask some product related questions. Below is the conversation.
One of the first things we asked was how long BeyondTrust had been testing Windows 7, and we weren’t surprised to learn that they had been testing their flagship product (BeyondTrust Privilege Manager) on it for almost six months.
The Tech Herald (TTH): Do you think Windows 7 is as secure as it could be from your testing?
Eric Voskuil (EV): Overall, Windows 7 is a big improvement and a much more secure operating system.
However, UAC in its default configuration is a time bomb. By default, users have administrator rights in Windows 7 and the UAC feature is not set to a secure setting. As a result, UAC will not notify the user each time system privileges are elevated, thus creating an attack vector. Once Windows 7 is widely deployed, it’s likely this will be exploited by Malware.
We recommend that enterprises that manage their endpoints run end-users as standard users in Windows 7. For consumers and unmanaged end-points, administrator accounts should be configured so that UAC is on the highest setting – which is not the default. In these configurations the operations system security is excellent. There will always be vulnerabilities, but regular patching and running with least privilege are strong defenses to even zero-day attacks.
TTH: Windows 7 is the first product to go through Microsoft's Secure Development Lifecycle; what do you think of that?
EV: Clearly, the procedures that Microsoft has implemented to improve security in its products have had a positive effect.
TTH: In windows 7, Microsoft has kept UAC but lowered the number of popup messages. How will you help your customers keep this feature, instead of turning it off like some did with Vista’s UAC?
EV: BeyondTrust Privilege Manager allows organizations to remove administrator rights and still allow users to run required applications without any prompts or passwords. It does so by allowing network administrators to attach permission levels to Windows applications and processes, without exposing those permissions to the end-user.
This allows companies to run end-users as standard users and reduce UAC prompts to those that would arise from attempting to launch unapproved applications or tasks – in which case the prompt requires the entry of administrator credentials, which the user would not possess.
TTH: What do you think of BitLocker and AppLocker? How will they help what you are doing?
EV: BitLocker and AppLocker will help improve enterprise security. Both are complimentary to the functionality provided by BeyondTrust Privilege Manager. Take, for example, AppLocker.
With AppLocker, a company can create rules in Group Policy to specify the applications a user can execute. If no policy is created for a particular application, a user will not be allowed to run it. This is done to prevent users from running or installing unauthorized applications and to prevent malware from infecting a computer.
The potential problem with this approach is that in many instances, users require administrator rights to do authorized activities for their job, but allowing them to have administrator rights also gives them complete control over the computer and undermines the security benefits of AppLocker.
With administrator rights, a user can disable AppLocker and install whatever they want. Unfortunately, malware can also leverage a logged-in user’s administrator rights and do the same thing to undermine AppLocker.
AppLocker does nothing to enable users to effectively run as standard users. Privilege Manager allows organizations to remove administrator rights and still allow users to do their jobs. Additionally Privilege Manager and AppLocker are both managed from Group Policy, which increases the complementary nature of the products.
TTH: How will what you do help or hurt businesses that need XP Mode enabled on Windows 7?
EV: Microsoft has taken an interesting approach to addressing application compatibility needs by introducing Windows XP Mode in Windows 7. The idea behind Windows XP Mode is to allow older applications that refuse to run on Windows 7 to run on a Windows XP virtual machine environment on the Windows 7 OS. Basically, what you have is a license for Virtual PC and Windows XP with every license of Windows 7.
This is a helpful last-ditch solution when an application will simply not run in Windows 7. However, there are several significant downsides to this approach: How long will Microsoft now support Windows XP? How does one patch all of these Windows XP virtual machines?
Do they have to be domain joined in an enterprise environment? What about policy and configuration management? What about anti-malware applications? The answer is yes, you are now potentially running and managing twice as many computers.
From the perspective of standard user application compatibility, Windows XP Mode might seem a tempting solution, but if companies run virtual XP end-users as administrators, they then have the same security problems that they would have if they were just running XP end-users and administrators. Privilege Manager can help companies get these XP virtual operating systems to standard user, just as if they were running non-virtualized versions of Windows XP.
TTH: Will your offerings tie into XP Mode at all on a single system?
EV: Privilege Manager integrates seamlessly into Group Policy and the operating system, and is well-integrated into XP, whether it is running virtualized or otherwise.
TTH: Will you offer any migration help to clients moving to Windows 7? If so what will you offer exactly?
EV: When companies deploy Windows 7, they will likely be configuring the majority of their users as standard users for the first time. Applications that require administrative rights to run will present a serious application compatibility issue. Standard users will not be able to use these applications because they do not have the appropriate privileges.
BeyondTrust Privilege Manager will enable standard users to run applications that require elevated privileges, which will solve a significant number of the application compatibility issues that arise when organizations migrate to Windows 7.