April 28, 2003

Windows 2003 Security Guide

Michael Howard has let the world know that Microsoft has released the new Windows 2003 Security Guide. For those of us that this applies to, feel free to go grab it over here.

Microsoft has also released a paper called "Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP" which can be grabbed here.

Happy hunting.

Posted by SilverStr at April 28, 2003 07:42 AM
Comments

Only MicroCrap would release a "guide" as an executable.

Posted by: raskal at April 28, 2003 09:38 AM

Ya, well apparently they don't like using raw zip files. Dunno.

Its a topic of contention though. On BugTraq there is a few comments similar to yours, with Jason Coombs publically attacking Microsoft on the list for doing this.

What ticks me off is that there is no MD5 checksums to verify the exe's are actually FROM them, and being that this is a simple HTTP stream, how can I be guaranteed the exe isn't coming from a cache thats tainted, or a MITM attack is otherwise injecting faulty data into my download stream.

Oh well. I still believe MS is making a serious attempt to stay on the right track now when it comes to security, and the documentation is a good start. Their deployment... well that will come in time.

Posted by: SilverStr at April 28, 2003 01:42 PM