The operating system (OS) is locked down from the get-go. Windows Firewall is enabled by default, along with Windows Defender and Windows Update. Microsoft has also made it easy to tweak User Account Control settings. They're relatively strong by default, like they were in Vista, but nothing that can't be adjusted by an administrator. The Action Center, available via Control Panel/System and Security, is eager to point out if you don't have any malware protection installed. In fact, it links straight to the Windows 7 security software providers page.
The Action Center also makes it clear that system backups are not configured by default. These things, especially backups, may not seem important in the enterprise on the surface, but they are. The more security assessments I perform the more I realize that many organizations rely on their users to do these "basic" administrative tasks. I caution against allowing users to be responsible for the management of their own systems. It's extremely risky.
With these controls in place, just how does Windows 7 stand up to vulnerability scanning tools? Arguably it's the slimmest set of vulnerability findings for an out-of-the-box OS I've ever seen. I ran the latest versions of the commercial security vulnerability scanners GFI LANguard and QualysGuard against my default Windows 7 installation and, frankly, they didn't turn up much. Just that the NetBIOS names were discoverable. No real concerns there. Even an authenticated scan turned up only a few issues -- none of which I think are critical -- as shown in the following LANguard screenshot:
Interestingly enough, when running MBSA on Windows 7 it returned the message, "This is not a Windows NT/2000/XP/2003 Server or Workstation." This was kind of funny and quite ironic. I assume Microsoft is still working on it. Or, perhaps, they don't want anyone poking around with Windows 7's security just yet.
Granted, this is still the Release Candidate version of Windows 7. And no applications were installed, so the attack surface was minimal. Furthermore, I don't consider this to be a "typical" Windows 7 system where users go in and start playing around sharing out their drives, installing software and so on, increasing the risks. Even with some of the purported zero day hacks and "unfixable" flaws floating around on the Web, all-in-all, Windows 7 seems pretty stout. It'll be interesting to see how exploits evolve for this platform moving forward. As a safe reminder: Never let your guard down as the commonly-exploited Windows flaws will be around for some time to come.
|ABOUT THE AUTHOR:|
Kevin Beaver is an information security consultant, keynote speaker, and expert witness with Atlanta-based Principle Logic, LLC. Kevin specializes in performing independent security assessments. Kevin has authored/co-authored seven books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley). He's also the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at kbeaver /at/ principlelogic.com.
This was first published in July 2009