5 Steps to Securely Configure Windows XP Desktops - Information Security Magazine - Page 1

Secure Configuration of Windows XP Desktops

Having trouble with PCI compliance? You're not alone. Auditors and audit survivors offer tips for how to achieve it.


By all accounts, compliance with the Payment Card Industry Data Security Standard (PCI DSS) is on the upswing. According to Visa USA, compliance among the largest merchants shot up dramatically, from about 12 percent in March 2006 to 77 percent by the end of last year. And media reports indicate the standard is gaining ground in the European Union, where many countries--the U.K. in particular--are stepping up compliance efforts.

Yet successful PCI Report on Compliance (RoC) completion remains a confusing venture and elusive to many. Some of the confusion stems from the convoluted path of accountability. Although the PCI DSS is often touted as a one-stop standard, each of the five major card brands continues to maintain separate compliance programs. Some brands have announced heavy noncompliance fees in the form of penalties and higher transactions rates, but it is the acquiring banks that decide when and how to pass on these fees to their retail and merchant customers. And despite the prescriptive nature of PCI, the standard changes when updates are issued, and Qualified Security Assessors (QSAs) have room to interpret the standard. It's not uncommon for a QSA's interpretation of the standard to differ from that of the

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

company under review.

Still, while PCI DSS compliance may not always be easy, it's definitely achievable.

data points

Launch
Microsoft ships Windows XP on October 25, 2001 in two versions, Professional and Home Edition. Features include a built-in firewall, and the Professional version includes file encryption and other security functions.

First-year fixes
Within the first year of Windows XP's availability, Microsoft issues 30 security bulletins with corresponding patches for 65 vulnerabilities.

Security Campaign
Bill Gates announces Microsoft's Trustworthy Computing initiative in an internal email to employees on Jan. 15, 2002. Company reorganizes its code development around a secure development lifecycle program.

Updates
Microsoft announces the release to manufacturing of Windows XP Service Pack 2 on Aug. 6, 2004. The software giant touts the update's security features, including stronger default security settings.

Statistics
Secunia reports that 34 percent of the 193 security advisories it issued for Windows XP Professional between 2003 and 2008 were highly critical. Four percent were extremely critical and 23 percent were ranked as moderate, according to the Danish vulnerability tracker.

Vista
Successor to Windows XP, Vista is released to business users on Nov. 30, 2006. In Vista's first year, Microsoft releases 17 security bulletins addressing 36 security vulnerabilities.

This was first published in July 2008