Tonight, Windows Vista will go on sale to consumers. For many Microsoft subscribers (mostly businesses), it has been available since December. If you have any particular security related "gotchas", let us know.
A couple things to consider before jumping into Vista:
- Make sure your Anti Virus solution works with Vista.
- Windows Vista's firewall is configured by default to allow all outbound connections. You may want to tighten this down. There are a few specific outbound "allow" rules which you should probably keep enabled (for example for DNS and DHCP). So by default, the outbound firewall comes with "all traffic allowed" + specific "allowed" rules. I know, this sounds reduntant. But the idea is to keep your system working even if you switch the default rule to block outbound traffic.
- Note that Windows Vista will not prevent users (or administrators) from doing stupid stuff ;-). If ou know how to secure XP or your current Windows version, stick with it for production use until you are familiar with Vista.
As with all major upgrades like this: Test! Test! Test! Don't implement with haste. Ultimately, this will be a forced upgrade as support for XP will be ceased at some point. So look at alternatives (e.g. Vista or another OS) in time. Support for XP will be available for at least 12 more months. See http://www.microsoft.com/windows/lifecycle/default.mspx
I will be teaching next: Defending Web Applications Security Essentials - SANS Silicon Valley - Cupertino 2020