New or not, it is one of the major gripes I always hear from Sys Admins in reference to MS software. No doubt, it should have happened a long time ago, but....as they say....better late than never.Most of it appears to be tighten the defaults. Usefull, yes, but not very new..
> The application white list is an extension for ICF that has the same
The application firewall sounds like a good idea. Of course, it may take a few iterations and some bug fixes to get it right and make it easy to administer, but you've got to start somewhere and this also seems to me like a step in the right direction. The ultimate fix would be to promote better (and more secure code), but since this will also protect 3rd party applications that MS has no control over it'll definitely help. A little 'defense in depth' (hardly) ever hurts.problem, who knows what apps are valid, who is to manage the list of 'known to be good' etc. Usually admins consider the Firewall a thing that just is, and often it is managed by a specialized admin. Now every NT-admin will have to know the working of an application firewall, and generally, of all the installed software. This will raise the TCO, and if companies do not employ more and more skilled support staff, the feature will just be in the way, and ICF probably disabled.
I agree that 'less features is more security', but lets face it....people (by people, I mean the general public) want features and MS is in the business of making money. More features == more money for them. I don't begrudge them this (I work for a software company myself), so taking steps to make the additional features more secure (if even by using sane defaults) is a good thing.My 0.02 cents: nice try, but next time go for less is more - less features is more security, this is just another featuritis.
I have traditionally been an anti-MS bigot. However, I am always happy to see vendors making an effort (however small it may seem) to improve the security of the environment that they provide. I don't even own a Windows machine, but if these 'enhancements' help mitigate the spread of things like Blaster and SoBig.F, then I don't have to spend my time going through a zillion IDS alerts and wasting CPU cycles on my Unix-based MTA filtering out crap emails.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
