Considering the small user base and that this is almost a complete
rewrite of windows there probably aren't too many active exploits. I'd
allow it with the following caveats:
1. He must run a local bi-directional firewall (Windows Vista firewall I
believe is bi-directional)
2. If exploits are uncovered he'll have to re-image the machine to the
standard.
3. You offer no support or assistance
4. If you see suspicious traffic on the machine you'll kill the
connection
If he knows what he's doing he could just set up dual boot and you may
or may not be able to tell what he's running. Better to be upfront than
to push him to work around the system.
No offence, but an un-patched XP machine is probably riskier at this
juncture, but I'm assuming the security standards aren't that high. This
is just my opinion.
Lance Druger
-----Original Message-----
From: Jon Lawhead [mailto:samurai@berkeley.edu]
Sent: Monday, September 26, 2005 9:01 PM
To: security-basics@securityfocus.com
Subject: Windows Vista current flaws
Greetings all,
I work in Network Security for UC Berkeley's residence halls. We have a
list of several "minimum
security standards" that we require all connected computers to meet
before being allowed access to
the network (stuff like having a firewall program, antivirus, etc). One
of the standards involves
having the latest patched version of a secure operating system. I have
a user on the network who
wishes to run a (legitimately acquired, or so he says) version of
Windows Vista beta version.
Before I decide on this, I wanted opinions on whether or not this is a
good idea. My first
instinct is to disallow any beta operating systems simply on the grounds
that they'll be buggy by
definition and may potentially have serious security flaws, but I can't
find anything to back this
up. Just wondering if I could get a few opinions on whether or not this
is a good idea. Thanks!
Jon Lawhead
Network Security Coordinator
Residential Computing
University of California, Berkeley
