Secure Configuration of Windows XP Desktops


This article can also be found in the Premium Editorial Download "Information Security magazine: Everything you need to know about today's information security trends."

Download it now to read this article plus other related content.

Having trouble with PCI compliance? You're not alone. Auditors and audit survivors offer tips for how to achieve it.

By all accounts, compliance with the Payment Card Industry Data Security Standard (PCI DSS) is on the upswing. According to Visa USA, compliance among the largest merchants shot up dramatically, from about 12 percent in March 2006 to 77 percent by the end of last year. And media reports indicate the standard is gaining ground in the European Union, where many countries--the U.K. in particular--are stepping up compliance efforts.

Yet successful PCI Report on Compliance (RoC) completion remains a confusing venture and elusive to many. Some of the confusion stems from the convoluted path of accountability. Although the PCI DSS is often touted as a one-stop standard, each of the five major card brands continues to maintain separate compliance programs. Some brands have announced heavy noncompliance fees in the form of penalties and higher transactions rates, but it is the acquiring banks that decide when and how to pass on these fees to their retail and merchant customers. And despite the prescriptive nature of PCI, the standard changes when updates are issued, and Qualified Security Assessors (QSAs) have room to interpret the standard. It's not uncommon for a QSA's interpretation of the standard to differ from that of the

    Requires Free Membership to View

company under review.

Still, while PCI DSS compliance may not always be easy, it's definitely achievable.

data points

ships Windows XP on October 25, 2001 in two versions, Professional and Home Edition. Features include a built-in firewall, and the Professional version includes file encryption and other security functions.

First-year fixes
the first year of Windows XP's availability, Microsoft issues 30 security bulletins with corresponding patches for 65 vulnerabilities.

Security Campaign
Bill Gates
announces Microsoft's Trustworthy Computing initiative in an internal email to employees on Jan. 15, 2002. Company reorganizes its code development around a secure development lifecycle program.

announces the release to manufacturing of Windows XP Service Pack 2 on Aug. 6, 2004. The software giant touts the update's security features, including stronger default security settings.

reports that 34 percent of the 193 security advisories it issued for Windows XP Professional between 2003 and 2008 were highly critical. Four percent were extremely critical and 23 percent were ranked as moderate, according to the Danish vulnerability tracker.

to Windows XP, Vista is released to business users on Nov. 30, 2006. In Vista's first year, Microsoft releases 17 security bulletins addressing 36 security vulnerabilities.

This was first published in July 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: