I ran several tests against Windows Vista as both an untrusted outsider and a trusted insider, as well as with/without the Windows Firewall enabled. These best- and worst-case scenario techniques always uncover issues that would be tough to find otherwise, so be sure to make them part of your security testing methodology.
I admit that this was a pre-production version of Vista, but what I found didn't really surprise me because the same old Windows issues were present: NetBIOS leaks here, ports open there, generic network problems -- you name it. Sure, it's not the final release of the operating system (OS), but I'll wager that none of these fundamental problems will change. The fact is, it's a complex, networked OS, and no matter what the marketing gods want us to believe, it's going to have certain flaws that people can and will take advantage of.
The following screenshots, along with brief descriptions, show what I was able to uncover using the standard ethical hacking methodology of enumerating, checking for vulnerabilities and exploiting those vulnerabilities.
Port scan results show which services are available on a typical Vista system.
QualysGuard scan results show that many of the old Windows weaknesses still exist in Vista.
Proactive Password Auditor crack was successful against Vista accounts.
I know, I know. This was carefully setup in a lab environment and no big-time exploits were found. But just wait; it's only a matter of time before serious Vista flaws are made public and the guys over at the Metasploit Project and the experts at vendors like Core Security Technologies have nicely packaged exploits to help us out.
But that's just the beginning, because once other tools like the powerful Ophcrack Live CD and many others support Vista, we're back to square one with Windows weaknesses in the enterprise.
That is, unless you've really hardened your Vista systems against attacks -- including turning on BitLocker Drive Encryption and tweaking Windows Firewall -- and your users are always doing the right things. (Ha ha!)
As Vista becomes more prevalent over the next year or two, just like any other operating system, it'll serve to introduce risks into your environment. So, test and test often. Also, make sure you have good tools that you're comfortable using to help you find a lot of the vulnerabilities that would be next to impossible to uncover yourself -- that's almost half the battle. Don't overlook the importance of manually poking and prodding the OS from every possible angle keeping that malicious mindset intact.
Thinking like the bad guys and understanding how they can (and will) exploit OS weaknesses will prove to be very fruitful -- for Vista and beyond.
About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has more than 19 years of experience in IT and specializes in performing information security assessments regarding compliance and IT governance. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheels audiobook series. You can reach Kevin at email@example.com>.