Answers to IT managers' questions about Vista
Government Computer News held an online forum about Microsoft Vista featuring Patrick Svenburg, Microsoft Federal's program manager for Windows Client Solutions. Some key exchanges between fed IT managers and Svenburg:
Q: Is Vista shortly going to work with the Navy and other DoD Information Assurance program offices to accredit and certify the operating system under the DoD Information Technology Security and accreditation Process (DITSCAP)? I
Svenburg:
An Air Force accreditation would not apply to an Army system. We can certainly reference agencies that have successfully accredited their networks with components that are built on Microsoft products but there is not a universal accreditation that would apply across DOD. What we do corporately is to ensure that our products do conform to established universal standards such as Common Criteria for our operating systems and selected products and FIPS 140-2 for the crypto.
Q: What sorts of new services, functionalities and workflows could administrators and CIOs start to think about once Vista in place?
Svenburg:
One key area where we have seen a lot of interest is the Windows BitLocker Drive Encryption, a new technology which helps prevent sensitive data and intellectual property from falling into the wrong hands if a computer is lost or stolen. Windows BitLocker uses hardware-based data encryption technology that gives you greater peace of mind knowing that your agency intellectual property is safer. Also, since the entire hard drive is encrypted, Windows BitLocker reduces the cost associated with decommissioning old PCs.
Examples of other improvements include User Account Control (UAC) which enables users to change common settings without requiring administrative privileges. Standard users are prevented from making potentially dangerous changes to their computers, and can run most applications.
Group policies have been enhanced and expanded. For example, you can control device insertion to the point where you can prevent USB sticks from being used while allowing use of a USB keyboard and mouse. IE7+ offers protected mode browsing, tabbed browsing, RSS support, anti-phishing and improved printing features like fit-to-page.
Q: Is it worth the effort? Is Vista a step above XP Pro to the level that makes the risk acceptable? What are the key improvements as you see it?
Svenburg:
Yes, very much so. Windows Vista is the most secure version of Windows yet because it is the first operating system to go through the full Security Development Lifecycle (SDL) process from start to finish. Windows Vista has been developed with the highest attention to security and will be the first client-based operating system to go through the complete SDL.
Building on the significant security advances in Windows XP Service Pack 2, Windows Vista includes fundamental architectural changes that will help make customers more secure from evolving threats, including worms, viruses, and malware.