To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39165051,00.htm

Vista security got helping hand from US gov
Friends in high places...

By Joris Evers

Published: Wednesday 10 January 2007

Microsoft got input from the US National Security Agency (NSA) for a document with tips on how to use the Windows Vista operating system in larger organisations.

The NSA Information Assurance Directorate reviewed the Windows Vista Security Guide and provided comments that were incorporated in the published version, according to Microsoft. The US Department of Commerce's National Institute of Standards and Technology, Nist, had a similar role, the software behemoth said.

A Microsoft representative said in an emailed statement: "Feedback from these agencies as well as enterprise customers informed Microsoft's development of a security configuration guide to aid governments and other large organisations in deploying and configuring Windows Vista to meet their specific security and privacy needs."

Neither the NSA nor any of the other agencies, however, had a special role in the development of the actual Vista operating system, Don Armstrong, a senior program manager for Microsoft's Government Security Program, said by phone. But they were free to provide feedback on Vista throughout the beta process, just like any other testers, he said.

He added: "They did not participate in the code development of Vista, they just had input in the security guide." In total, nine agencies in five countries participated, he said.

To contribute to the installation guide, the NSA tested Vista by putting systems running the operating system under attack, according to a report in The Washington Post. The NSA had two teams - one tried to break in, while the other tried to configure Vista securely, the newspaper reported.

Microsoft first published its Windows Vista Security Guide in November, on the same day that it wrapped up work on Vista. A new version of the document was published last week after an error was discovered in the earlier release.

The online guide is meant for organisations planning to use Vista in a domain with Microsoft's Active Directory service. It provides instructions and recommendations designed to help strengthen the security of desktop and laptop computers running Vista in such a set-up, Microsoft said.

The Windows Vista Security Guide is available for download at no cost.

Joris Evers writes for CNET News.com