Here’s a fun video showing what can happen to an unprotected computer by visiting a malicious website:

Nasty, right? The user isn’t guilty of anything worse than a typo. What happens if you visit the same page with Windows Vista in a completely default, unpatched state? I recorded this:

Read more »

Wole Moses has a great overview of Windows Service Hardening (WSH). I’ve written about this a couple of times–basically, it’s a defense-in-depth (think belt-and-suspenders; a second layer of security) that keeps services from doing something really bad even if they get compromised. So, if the Server service doesn’t normally add startup programs, WSH will block it if it ever tries to, because clearly it must be under the influence of an attacker. So, WSH doesn’t prevent a compromise, but it helps reduce the damage done after a compromise.

It might be a good reason to upgrade to Vista, but you don’t really need to know about it. You can’t configure it; it’s already setup for standard Windows services. If you’re a developer, you can use the SC.exe tool to configure WSH, but you’ll probably choose to configure it programmatically as part of service installer.

Windows XP included several security templates (.inf files that represent a computer’s security configuration), but Windows Vista includes none. Want some? Download and install the Windows Vista Security Guide.

The Windows Vista Security Guide includes several templates:

Read more »

To quickly copy the full path of a file to your clipboard, hold down the Shift key, right click a file, and then click Copy as Path. The full path to the file is placed on your clipboard.

Read more »

Question:

Hi Tony,

I have been reading you vista clues and I appreciate the help.

Is there a way to run a batch file on vista to set the “Run as administrator” on an exe.

We have a exe that is delivered to our customers monthly. The exe writes files and expects them to be were we installed the product. Of course, with vista this is not true. I can fix this problem but setting the Run as administrator.

The applications are built under XP so I can not set this property before I packages, so what I was thinking was as part of my install/update

Install the exe on vista and then run a batch program to set it as run as administrator. I can not have the customer do this manually.

Do you think this will work? Do you know how to do this?

Any help would be appreciated.

Thank you

Answer:

Read more »

You can run a command prompt or any application as an administrator by right-clicking it and then clicking Run As Administrator. If you have a batch file that you need to always run as an administrator, follow these steps so it runs with the proper privileges every time:

Read more »

You can run a command prompt or any application as an administrator by right-clicking it and then clicking Run As Administrator. If you always run an app as an administrator, you can usually change a setting to automatically elevate privileges.

You have to follow different steps to always run the command prompt as an administrator:

Read more »

Vista tells you it needs a TPM for BitLocker, but it lies. Follow these steps to enable BitLocker without a TPM:

Read more »

BitLocker is a Windows Vista security feature that encrypts an entire hard disk (technically, a volume) to protect your data if someone steals your entire computer. If you see, “The drive configuration is unsuitable for BitLocker Drive Encryption. To use BitLocker, please re-partition your hard drive according to the BitLocker requirements.”, it means you need two partitions (a partition is a smaller section of your hard disk). As shown in the figure above, BitLocker needs a small, 1.5GB “active” partition to store the Windows Boot Manager, which basically decrypts your BitLocker-protected partition so Windows can start. The main partition, your C: drive, is the BitLocker encrypted one with your personal files, the paging file, and everything that needs to be encrypted.

Instructions after the jump.

Read more »

BitLocker is a Windows Vista security feature that encrypts an entire hard disk (technically, a volume) to protect your data if someone steals your entire computer. Unfortunately, in the event of disk corruption, it can make your computer more difficult to fix and might prevent you from recovering your data–so it’s really important to do nightly backups if you enable BitLocker. Because of this, it’s not right for most people; you only need it if the privacy of your data is really important.

More after the jump

Read more »

User Account Control (UAC) prompts you before an application makes an important change to your computer that requires administrative privileges. By default, the UAC prompt appears on the “secure desktop”, which freezes and darkens your screen. By freezing your screen, secure desktop makes it more difficult for another application to impersonate Windows and trick you into typing your administrator password into a fake UAC prompt.

The flashing screen is distracting, and slows things down a bit. To turn off the flashing without completely disabling UAC, follow these steps (after the jump):

Read more »

Vista includes Windows Defender, which is antispyware software. Unfortunately, Windows Defender doesn’t protect you from viruses, worms, and Trojan horses, which are the nastiest types of malicious software. They’re the ones that cause all the damage and can really make your computer unusable.

Antivirus software designed for Windows XP won’t work on Windows Vista. Currently, all the antivirus companies (including Microsoft OneCare) are updating their software to run on Vista, and most of them have beta versions available. For more information about antivirus software, check CNet.