Windows Vista Security for Dummies
Brian Koerner, CISSP
£15.99, €20.99, $34.99
Not for dummies Peter Berlich The majority of our readers will be using Windows on their main workstation, be it at home or at the oﬃce. Securing that workstation is a crucial task, and a book that makes it easy on the reader to conﬁgure, operate and maintain their Windows Vista securely is certainly a valuable addition to everybody’s book shelf. After all, as computers (and, for the most part, Windows PCs) have permeated our lifestyle, we are entrusting them with coveted assets; holiday pictures, medical records and access to our bank accounts. Security professionals have always known the risks, but only recently has the requirement for securing one’s PC reached the collective conscience of the population at large. Microsoft has certainly studied the writing on the wall. Windows Vista comes with an impressive number of security tools, especially when compared to previous versions, but without support, the novice and intermediate user may not be aware of them, let alone know how to put them to productive use. Windows Vista Security for Dummies by Brian Koerner, CISSP, wants to be the book that provides that support. Like the whole “Dummies” series, it is aimed at the advanced layperson, with a fairly solid understanding of a ﬁeld’s basics and a willingness to learn. The author, Brian Koerner, is probably known best for his series on identity theft at http://crime.about. com/od/identity/Identity_Theft.htm. The book itself is about 350 pages long and structured in six main parts, covering Vista security essentials, access control,
data recovery and encryption, network security and anti-virus, “advanced” security conﬁguration, and a closing chapter describing certain threats and tools in more detail. It is written in the leisurely and sometimes colloquial style typical of the “Dummies” series. Also typical of the books, it contains six cartoons by Rich Tennant, the house cartoonist for the series. For the technically inclined this can be the cause of distraction, but it makes the read easier, especially for ﬁrst time readers. The author, while by choice of his subject focused on the technology side, doesn’t forget to mention that security is not just in the bits and bytes, but that it’s a process, even for home users, who will have to manage and maintain their computer’s security on a regular basis. Probably the most important chapter for many end-users will be the one on browser security. While covering only the soon-to-bereplaced Internet Explorer 7, it covers that browser’s security features comprehensively and gives practical advice. The only issue I have with this chapter, and a number of others, is that it’s silent on the alternatives. Windows Vista security doesn’t necessarily mean a limitation to Microsoft software. I would have liked to have seen at least an honourable mention – but better an in-depth discussion – of the Firefox browser for instance, or various anti-virus products and third party ﬁrewall and backup software. It is a bit of a puzzle why the author would choose such a puristic approach.
Setting the reservations stated above aside, the book covers what it should. One might argue that it should go into more depth on certain subjects (such as securing your home network) or that it should dedicate less page space to others (how much will the average reader of this book want to know about Microsoft’s “Information Rights Management”?) but all bases are covered, and that’s all the book promises. While the book tries to appeal to nontechnical readers, such noble aims will only carry so far. For certain activities – take conﬁguring a WLAN or a ﬁrewall for example – technical understanding is required. The book doesn’t warn the user about the things he or she shouldn’t try at home; it tries to be helpful but does little to prevent the user from making mistakes. The book certainly accomplishes its objective; to provide a useful and usable overview of Vista security features to owners of Home PCs and power users. It will also be useful for administrators of small sized business networks who are looking to deploy Vista and want to have a reference. Administrators of larger Vista deployments will want to look into more specialised literature. Complete technology agnostics will likely be overwhelmed by the abundance of technical terms but may ﬁnd it useful in identifying areas where help is needed. All in all, Windows Vista Security for Dummies is a useful companion. Peter Berlich, CISA, CISM, CISSP-ISSMP, is the founder of Birchtree Consulting LLC in Switzerland