Archive

Archive for the ‘Trustworthy Computing’ Category

RSA Conference 2015: Enhancing Cloud Trust

March 31st, 2015 No comments

RSA Conference USA 2015 is just a few weeks away (April 20-24) in San Francisco. Given the numerous noteworthy cybersecurity events that have occurred over the last 12 months, I expect this conference to be well attended, yet again!

Once more, Microsoft is a Diamond sponsor, and Scott Charney, Corporate Vice President, Trustworthy Computing, will deliver a keynote at the conference. His keynote, entitled “Enhancing Cloud Trust,” will be delivered Tuesday, April 21st at 8:50 AM PT.

On Tuesday, April 21st at 1:10 PM PT, I will be delivering a speaker session, “Exploitation Trends: from potential risk to actual risk” as part of the Breaking Research track. Microsoft researchers have studied some of the exploits discovered over the past several years and the specific vulnerabilities in Microsoft software that were targeted. The goal of this of study is to understand which vulnerabilities are exploited, who exploits them, the timing of exploitation attempts relative to when security updates are available, and how these vulnerabilities were introduced into code. These findings are key in helping security professionals more accurately assess the risk vulnerabilities pose.

I’m excited to be joined by two exploit researchers Matt Miller, Principal Security Software Engineer from the Microsoft Security Response Center and David Weston, Principal Program Manager from the Microsoft One Protection Team. Together, we will be discussing the long-term trend data and our brand new research.

And finally, we will examine how exploits are monetized through exploit kits that are sold as commercial software or as a service as well as development practices that can help minimize such vulnerabilities.

There are several Microsoft speakers at the conference this year; below is a full list of their sessions.

MICROSOFT SPEAKER SESSIONS

Title Date Time (PT)
License to Kill: Malware Hunting with the Sysinternals Tools – Mark Russinovich Tuesday, 4/21 1:10 PM
Exploitation Trends: from potential risk to actual risk – Tim Rains, Matt Miller, David Weston Tuesday, 4/21 1:10 PM
Security and Privacy in the Cloud:  How Far Have We Come? – Bret Arsenault (Panel Discussion) Tuesday, 4/21 4:40 PM
Assume Breach: An Inside Look at Cloud Service Provider Security – Mark Russinovich Wednesday, 4/22 8:00 AM
Doing Security Response with your Cloud Service Provider – Jerry Cochran (Peer-to-Peer Session) Wednesday, 4/22 8:00 AM
License to Kill: Malware Hunting with the Sysinternals Tools – Mark Russinovich Wednesday, 4/22 9:10 AM
Enterprise Cloud: Advancing SaaS Security and Trust – Chang Kawaguchi Wednesday, 4/22 10:20 AM
The Legal Pitfalls of Failing to Develop Secure Cloud Services – Cristin Goodwin Thursday, 4/23 10:20 AM
Pass-the-Hash II: The Wrath of Hardware – Nathan Ide Thursday, 4/23 10:20 AM

 Microsoft is also hosting a booth on the expo floor where we will host a number of theater sessions. To find session descriptions and times, as well as details on the Microsoft party (Wednesday, April 22nd, 8:00 PM PT), please visit http://rsa2015.microsoft.com.

One other session that I think you should check out is being delivered by a longtime colleague, Nicole Miller, Senior Vice President, Cybersecurity & Issues Management, Waggener Edstrom. Nicole has been working with companies on cybersecurity for many years, and it’s a rare treat to hear her speak in public. Her session is called “From the Battlefield: Managing Customer Perceptions in a Security Crisis” and is scheduled on Tuesday, April 21, 2015 at 3:30 PM PT.

I hope to see you at the conference!

Congratulations! You’ve won $800,000!!

Well, maybe not.

But that’s just one of the many ploys that scammers send in their relentless efforts to part people from their money or sensitive personal information like passwords and account numbers.

Microsoft is asking people to take a survey of their experience with online fraud—what kinds of scams they’ve encountered (including those on mobile devices and Facebook), how concerned they are about online or phone fraud, and what steps they take to protect themselves.

In 2012, Microsoft fielded its first such study, interviewing 1,000 US residents to understand their exposure to, and perception of, online fraud and scams.

Respondents reported having encountered roughly eight different scams on average, with these as the top four:

  • Scams that promise free things or coupons (44 percent)

  • Fake antivirus alerts that imitate real programs offering virus repair but that download malware instead (40 percent)

  • Phishing scams using fake messages that mimic those of trusted businesses to trick people into revealing personal information (39 percent)

  • Fraud that features a request for bank information or money upfront from someone (such as a “foreign prince”) who needs help transferring large sums of money for a cut of the total (39 percent)

In the new survey, we’re interested in how scams and responses to scams might have changed since 2012. Are there different scams? What are the most common? Where are they most often occurring—on mobile devices? On Facebook?

Results of our last survey showed that nearly everyone (97 percent) took steps to safeguard their computers, but more than half (52 percent) did nothing at all to protect their mobile devices. So we’re particularly interested to see if these numbers have changed. 

You can help us fight online scams and fraud by taking our survey.

We will release the results of the survey during National Cyber Security Awareness Month this October. Follow the hashtag #NCSAM to read the story. 

Microsoft vs. malware: a history

March 5th, 2014 No comments

At 2:00 A.M. on July 13, 2001, Microsoft’s then head of security response got a phone call about a computer worm named “Code Red” that was spreading across computers that connected to the Internet. When the worm quickly spread to hundreds of thousands of computers, Microsoft redoubled its security efforts. But the criminals weren’t going away anytime soon.

Some say that this was the defining moment that began Microsoft’s real battle against worms, viruses, and other malware and the people who create them.

Microsoft learned early on that if it wanted to succeed at building trust with its customers, it could not make security an afterthought when developing its products and services.  Thus, the Security Development Lifecycle was born.

Read the full story at SDLstory.com.

Q & A: Keeping kids safer online

I recently sat down with Sonia Livingstone, a professor in the Department of Media and Communications at the London School of Economics to discuss children and kids and the Internet.

Q. You’ve spent the last two months at Microsoft’s Cambridge research facility. How did that opportunity come about?

A. I have known danah boyd, who started the Social Media Collective at Microsoft Research New England, for quite a while, since we’re both interested in studying teenagers’ ‘risky’ activities on social networking sites. And I’d known Nancy Baym, who invited me to visit, for even longer—since we began our careers researching the soap opera audience. Now I see parallels between soap opera and social media—they’re both about the everyday ways that people create a shared social world through seemingly mindless but actually significant chat and gossip.

Q. Share a key learning from this experience and how it will influence your work.

A. The lab values intellectual discussion across disciplinary boundaries. We all find this difficult, requiring lots of ‘translation’ to understand what people from different traditions find interesting questions, let alone how they come to their answers. I appreciate the recognition that it is important not to stay siloed in our separate spaces, but to talk across divides and seek common ground. The design of the lab echoes this principle—open doors, flexible spaces for discussion, frequent moments when everyone comes together to talk about ideas. It’s a contrast with the academic model I’m used to.

Q. You’re the lead researcher for the EU Kids Online network, which is the “gold standard” when it comes to kids’ Internet use in the EU. What’s next for this project?

A. We are coming to the end of our third phase of funded activity. The European Commission’s (EC) Safer Internet (now Better Internet for Kids) Programme is changing into something new. We are focused on completing interviews and focus groups in 9 or 10 countries, aiming to understand the contexts in which children talk about online risk and how they try to cope with it—or, what support they think they need. As I look ahead, I see the value of our network both for its high-quality cross-national research and for its infrastructural role, paralleling the networks for awareness raising, children’s charities, and helplines to provide the evidence base for policymaking and practical safety/empowerment initiatives in Europe.

Q. Any observations on the way American parents approach kids and technology compared to their European counterparts?

A. My sense is that parents’ expectations are greater in the US than in Europe, where we rely more on schools to guide kids, but also on kids themselves. For example, British parents generally do not check their child’s phone or laptop because the child’s right to privacy outweighs the parents’ duty to protect. I think American parents strike a different balance, considering that they have a right to check their phone because they pay the bill. As I see it, children have a right to privacy, but parents have a duty of care. That’s a difficult balancing act in any culture. My hope is that we find ways for parents and children to share responsibility and talk openly about risks rather than parents snooping on kids and kids finding ways to escape scrutiny.

Q. How can we make parents, educators, and policymakers aware that there is a difference between risk versus harm, and how should we be thinking about that?

Statistics on risk (for example, the proportion of children being exposed to online pornography) are inevitably higher than statistics on harm (for example, the proportion of children who are damaged, upset, or threatened by online pornography or other online risks). In our findings, around one in eight children aged 9–16 across Europe had seen explicit online sexual images, but only one in three of those said that was an upsetting experience. We can take different positions—some will decide that children don’t know what harms them and that all exposure to explicit porn is harmful; others will decide that children’s voices should be respected; there’ll be positions in between too. My main point is that this should be discussed.

Q. What is industry’s role in this discussion?

Two factors influence when risk turns into harm. The first depends on the child and the circumstances in which they use the Internet. A psychologically vulnerable child has less resilience when finding extreme images and is more readily upset. The second depends on the industry’s design of the online environment. If a mildly pornographic image links to more extreme images, risks can lead to harm. If a search for self-harm offers professional advice on sources of help (instead of peer advice on how to cut), risk may not lead to harm.

One hopes that multiple stakeholders—including industry, child welfare, and researchers—will discuss openly where the risks are arising and work together to minimize harm. Ideally, they’d find ways that don’t restrict children’s opportunities to explore and benefit from the Internet.

Q. What do you think parents struggle with the most, and what would you tell them to help calm their anxiety about their kid’s digital lifestyles?

I think parents struggle with two things in particular. The first is that the media are full of panicky headlines that raise fears of abduction, porn addiction, and cyberbullying, and it would help if the media could raise awareness in a more balanced and proportionate way. The second is that they struggle with protecting versus empowering their children. Parents want to trust their kids and respect their privacy. Stakeholders need to provide more nuanced and age-sensitive advice to guide parents. And parents should read the press more critically and listen to their children more sensitively.

Q. Kids are going online at increasingly younger ages. Most of our work focuses on reaching parents of children and teens, but who is thinking about the really young kids, 2–5-year-olds?

The marketing and content industries are thinking about very young kids as a new market. Despite claims of educational outcomes, there is very little evidence that it benefits kids to be going online so young. A few researchers are also studying the contexts and consequences of young kids’ Internet use, and I hope we see more of this in the future.

Q. Where is the online safety debate headed? There is talk about moving from a “safer” to a “better” Internet, and from protecting kids to empowering them. Is a shift taking place? What will the impact be?  

The argument for a better Internet for kids is a good one: there’s no point having a safe Internet if it has little that’s great for kids to do. Dealing with the risk of harm should become a ‘hygiene factor’: like immunizations against disease or reliable systems for clean water, life without good hygiene is problematic, even intolerable. Once those systems are in place, the important questions are about how society should be organized for positive goals. We are so preoccupied with eliminating threats that we’ve lost sight of what we want for the Internet. Remember those early debates about kids having the world of knowledge at their fingertips. What’s our present vision of what we want for kids? That’s where creative thinking is now needed.

Q. There has been a lot in the news from the UK recently. Any thoughts on what PM Cameron is trying to accomplish?

Our prime minister has put children’s Internet safety high on the political agenda. He is focused on eliminating child abuse images from the Internet. He has also insisted that all ISPs provide usable filters for parents. While welcoming both developments, I have two concerns. The first is that we will need new research to be sure that the benefits are reaching children: will children encounter fewer risks online, will their parents feel more empowered to deal with what worries them, and will this be achieved in ways that don’t restrict children’s rights to free expression, privacy, and participation. Second, government intervention online always raises concerns about wider freedom of expression, censorship, and rights. I would like to see an independent, accountable, trusted body established to oversee child protection and empowerment online in a way that responds to wider public concerns. This would also help ensure that Internet safety remains on the agenda.

Q. Lastly, the theme for Safer Internet Day in 2014 is “Let’s Create a Better Internet Together.” Will you be doing anything special to mark the day?

A. We plan to release the first part of our report on the qualitative work on kids’ perceptions of risk that I described earlier. But the findings are a secret till then! I will be in Brussels announcing the winner of the EC’s positive online content competition, of which I chair the jury. That’s a nice role—celebrating what’s good about the Internet for kids.

Weekend Reading: Dec. 13th Edition – Microsoft introduces the Cloud OS Network

December 13th, 2013 No comments

In this edition of Weekend Reading, we’ve got stories on Microsoft’s new Cloud OS Network, Xbox One sales and a gift guide for goodies under 100 bucks to help you get through the holidays.

On Thursday, Microsoft introduced the Cloud OS Network, a worldwide group of more than 25 leading cloud service providers who have embraced our Cloud OS vision and will deliver hosted services built on the Microsoft Cloud Platform, which includes Windows Server with Hyper-V, System Center and the Windows Azure Pack. To get the rest of the story, read this post on The Official Microsoft Blog from Takeshi Numoto, corporate vice president of Cloud and Enterprise Marketing, and watch the video below.

Xbox One sales totaled more than 2 million in first 18 days. Since its Nov. 22 launch, sales have averaged more than 111,111 units a day, a record-setting pace for Xbox. “We continue to be humbled and overwhelmed by the positive response from our fans,” said Yusuf Mehdi, corporate vice president of strategy and marketing, Xbox. “Demand is exceeding supply in our 13 launch markets and Xbox One is sold out at most retailers. The Xbox team is continuing to work hard to meet consumer demand, delivering consoles to retailers as fast as possible this holiday season.” To help people find Xbox One, Major Nelson recently shared some tips for consumers this holiday season.

Xbox_Times_Square_3

If you’re feeling the holiday pinch, in terms of time and cash, we’ve got some great gift ideas for under $100. There’s plenty of cool technology options that won’t break the bank, including Microsoft’s Wireless Mouse 3500 Studio Series Artist Edition, Nokia Lumia 925 Windows Phone device and a 12-month Xbox Live Gold Membership. Check out those ideas and more in the slideshow below, and see other ways people are using technology at Made Possible by Microsoft.


Affordable gifts for tech lovers
1|8

Turn heads wherever you go with this phone’s unique metal design and polycarbonate back. With SkyDrive built in, your photos are automatically backed up to protect your holiday memories. $49 with two-year contract at AT&T; $0 up front with two-year contract at T-Mobile (pricing may vary).
Nokia Lumia 925 Windows Phone
December 12, 2013
Turn heads wherever you go with this phone’s unique metal design and polycarbonate back. With SkyDrive built in, your photos are automatically backed up to protect your holiday memories. $49 with two-year contract at AT&T; $0 up front with two-year contract at T-Mobile (pricing may vary).
Image: Web | Print

Click here to embed this slideshow in your website or blog

New security features were being rolled out this week to give Microsoft account users more visibility and control of their accounts. Last spring, we released two-step verification. Since then, many users said they would like to get more insight into activities on their accounts. “So we added a new view that allows you to see your sign-ins and other account activities,” wrote Eric Doerr, Group Program Manager, Microsoft Account. As you can see in the example below, different types of activity are now visible to you, including “successful and unsuccessful sign-ins, the addition and deletion of security information and more.” If you do see something suspicious, “there’s an easy ‘This wasn’t me’ button that will help you take steps to protect your account.”

Security 1682_Activity_thumb_37FA155A

Microsoft joined AOL, Apple, Facebook, Google, LinkedIn, Twitter and Yahoo in calling for reforms in government surveillance. “People won’t use technology they don’t trust. Governments have put this trust at risk, and governments need to help restore it,” wrote Brad Smith, Microsoft’s general counsel and executive vice president, Legal & Corporate Affairs. While many recent revelations have focused on the U.S. government, he said, “in reality this is a global issue. It requires coordinated steps to ensure the flow of information across borders and avoid conflicts between governments. By definition, the world needs a global discussion.” Microsoft and other industry leaders suggest principles for government reform at a new site, ReformGovernmentSurveillance.com.

It was the week that could change young lives forever, and it involved an “Hour of Code.” Many from Microsoft worldwide participated in the annual “Hour of Code” event, giving an hour – and in many cases, more – of their own time to teach students to code. “Right now, less than 2.4 percent of college students graduate with a degree in computer science, yet computer programming jobs are growing at twice the national average and are among the top paying fields,” wrote Satya Nadella, executive vice president, Cloud and Enterprise, at Microsoft. “Hour of Code” is sponsored by Code.org, the nonprofit organization that Microsoft is a founding member of, which is dedicated to “growing computer science education by making it available in more schools.” If you missed it, check out these Microsoft sites for some quick coding lessons: Kodu Game Lab and TouchDevelop.

From the “breathtaking” category of the week’s events, a preview version of the new Photosynth was released. On the Bing Search Blog, the Photosynth team wrote that the preview version represents “the next phase of our ground-breaking experience that analyzes digital photographs to generate three-dimensional views of real world spaces.” Combined with the recent release of Bing Maps Preview for Windows 8, the team hopes this will be a “step forward toward our goal of creating a digital replica of the planet with an immersive 3D way to traverse and explore the world.” The New York Times headline put it another way: “Updated Microsoft Photosynth Makes HDTV Look Low-Resolution.”

Ceiling of Palau de la Musica Catalania by David on Photosynth

This week on the Microsoft Facebook page, we made holiday shopping a little easier with six awesome ultrabooks, four great touchscreen laptops and seven amazing tablets.

Holiday Collage

That’s it for this edition of Weekend Reading. Hope you get some time to relax and rest up this weekend, in between all the holiday shopping. We’ll see you next week!

Posted by Suzanne Choney
Microsoft News Center Staff

CISO Perspectives on Compliance in the Cloud

September 9th, 2013 No comments

Regulatory compliance is a hot topic among many of the customers I talk to. Of particular interest is compliance as it relates to the cloud. It is a challenging topic and there are many regulations that Chief Information Security Officers (CISOs) need to be aware of and adhere to and these can vary significantly by industry and location.

Today Trustworthy Computing is releasing an executive level article providing insight on the challenges, success factors and potential solutions of compliance from CISOs representing some of the world’s largest organizations. Our aim is to share and highlight some of the key things that other CISOs and information and security risk specialists might want to consider in relation to the topic of compliance.  Read more

…(read more)

CISO Perspectives on Risk

September 5th, 2013 No comments

Many of the Chief Information Security Officers (CISOs) and security executives that I talk to tell me that they are always craving information. It always seems as though while some parts of their job responsibilities are under control, they think that other areas need more of their attention or could be more efficiently managed.  Since they typically have limited time, limited information and limited resources, they look for sources of information that are tailored for their specific needs, making the information easy to consume and highly valuable.  One such source of information for security executives is… other security executives. Most, if not all of the CISOs that I talk to, rely on other security executives in the industry to provide insights into topics they are interested in.  When they can get valuable information and advice on an important topic from someone doing a similar job in another organization, they typically are willing to listen and engage.  Read more

…(read more)

When should kids be allowed online?

August 9th, 2013 No comments

As a parent or caregiver, you probably needed only one trip to the playground to realize that children can have radically different styles of play. Just as there’s no “one size fits all” approach to helping children navigate the jungle gym, the way you talk about online safety with kids will depend on the child, their maturity level, and your family’s values.  

But what is your parenting style when it comes to introducing your children to new devices and online technology?

Take a brief survey and get tailored tips to help you have conversations with young Internet users about staying safer on the ever-changing digital playground.

Get advance notice about August 2013 security updates

August 8th, 2013 No comments

Today, the Microsoft Security Response Center (MSRC) posted details about the August security updates.

If you have automatic updating turned on, most of these updates will download and install on their own. Sometimes you may need to provide input for Windows Update during an installation. In this case, you’ll see an alert in the notification area at the far right of the taskbar—be sure to click it.

In Windows 8, Windows will turn on automatic updating during setup unless you choose to turn it off. To check this setting and turn on automatic updating, open the Search charm, enter Turn automatic updating on or off, and tap or click Settings to find it. 

For other versions of Windows, you can check whether automatic updating is turned on through the Microsoft Update website. This will open Windows Update in Control Panel; if automatic updating is not turned on, you’ll be guided through the steps to set it up. After that, all the latest security and performance improvements will be installed on your PC quickly and reliably.

If you are a technical professional

The Microsoft Security Bulletin Advance Notification Service offers details about security updates approximately three business days before they are released. We do this to enable customers (especially IT professionals) to plan for effective deployment of security updates.

Sign up for security notifications

7 ways to avoid TMI

July 23rd, 2013 No comments

Technology can make everything in our lives easier—including sharing too much information (TMI). Just because you can take a picture of your new credit card and post it on Instagram doesn’t mean that you should. In fact, you shouldn’t.

Sharing too much information can lead to identity theft. It can also damage your online reputation, which could prevent you from getting into college, getting a job, or even getting health insurance.

Here are ways to avoid sharing TMI:

  1. Never share your address, phone number, Social Security number, or other personal information through online interactions. 
  2. Use and manage your privacy settings. Limit who can see details of your online profiles.
  3. Never shop, bank, or enter passwords or credit card numbers over public Wi-Fi.
  4. Ask questions. Sometimes we do need to share personal information, but before doing so, ask why the information is necessary and beware of imposters.
  5. Use sites that you can trust. Learn what to look for.
  6. Stop and think before you post an image, blog, tweet, or comment. What does it say about you and how you want to be viewed online?
  7. Take charge of your online reputation: Discover, evaluate, protect, cultivate, and restore as needed.

For more tips on avoiding TMI, check out the hashtag #IsThisTMI on our Twitter channel.

 

Online fraud: Get practical advice

November 22nd, 2012 No comments

Need help spotting an online scam? Download our new free 12-page booklet called Online Fraud: Your Guide to Prevention, Detection, and Recovery.

This guide includes:

  • Real-world examples of false promises made in fake emails
  • Images of scam emails to help you avoid them
  • Tips for guarding your computer and your sensitive information
 

For more information, see the Trustworthy Computing blog.

Mobile safety tips for back to school

September 4th, 2012 No comments

Are you sending your child back to school with a mobile phone, laptop, or tablet PC?

Director of Microsoft Trustworthy Computing Communications, Jacqueline Beauchere, offers these tips:

  • Set clear use limits for kids on their mobile phones.
  • Lock kids’ phones with a personal identification number (PIN), and keep the PIN secret—even from “best” friends.
  • Tell kids to avoid clicking links in advertisements, contest pages, text messages, or posts on social networking sites.
  • If you use a family location service to monitor your children’s whereabouts, make sure those outside the immediate family can’t locate them. Otherwise, consider disabling the location feature on the phone or, at the very least, turn off the feature in the phone’s camera.

More resources

Security, privacy, and reliability in a connected world

February 28th, 2012 No comments

Microsoft’s Trustworthy Computing corporate vice President Scott Charney shared his security vision for the next decade in his keynote address at the RSA conference today. Charney’s keynote highlighted new and persistent security risks in light of society’s increased dependence on information systems and identified key drivers of change in today’s interconnected world.

Learn more about security, cybersecurity and technology trends, news and guidance at the Official Microsoft Security blog or follow Microsoft Security on Twitter.

Why Trustworthy Computing is still a Microsoft priority

January 17th, 2012 No comments

Ten years ago this week, Bill Gates sent a memo to all Microsoft employees announcing the Trustworthy Computing (TwC) initiative and defining the key aspects of TwC.

 Gates wrote:

 “Trustworthy Computing is computing that is as available, reliable and secure as electricity, water services and telephony.”

 That announcement and the creation of TwC set the company on a path to help increase security and privacy for all of our computing experiences.

 Learn about the history of TwC and read how Microsoft has reaffirmed its commitment to it for the next decade.  

 More information about Trustworthy Computing

 

 

Categories: security, Trustworthy Computing Tags:

Creating a Safer, More Trusted Internet

March 3rd, 2010 Comments off

The RSA Security Conference is underway this week in San Francisco and Microsoft’s own Scott Charney, Corporate Vice President Trustworthy Computing, delivered one of yesterday’s keynote addresses: Creating a Safer, More Trusted Internet. The keynote centered on Microsoft’s Trustworthy Computing initiative, our End to End Trust vision, and how we have been working to further protect the security and privacy of for all the users of the Internet.

The End to End Trust vision has not changed over the last couple of years and we don’t anticipate it changing for some time. We continue to make progress along this vision and Scott outlined many areas where we are actively engaged and providing thought leadership. The keynote showcased how our vision for End to End Trust applies to cloud computing, detailed progress toward a claims-based identity meta-system, and called for public and private organizations alike to prevent and disrupt cybercrime.

One of the most interesting aspects from my perspective was the notion of creating a “World Health Organization” model for the Internet. We are calling on the governments and industry to creatively help prevent cybercrime by implementing technology and policy models that assess PC health before connecting the machine to the Internet. This is an ambitious vision and one I am proud to support.

If you want to know more about the things Scott talked about in his keynote and our End To End vision, I encourage you to visit the newly revamped End To End Trust website for more details.

Creating a Safer, More Trusted Internet

March 3rd, 2010 No comments

The RSA Security Conference is underway this week in San Francisco and Microsoft’s own Scott Charney, Corporate Vice President Trustworthy Computing, delivered one of yesterday’s keynote addresses: Creating a Safer, More Trusted Internet. The keynote centered on Microsoft’s Trustworthy Computing initiative, our End to End Trust vision, and how we have been working to further protect the security and privacy of for all the users of the Internet.

The End to End Trust vision has not changed over the last couple of years and we don’t anticipate it changing for some time. We continue to make progress along this vision and Scott outlined many areas where we are actively engaged and providing thought leadership. The keynote showcased how our vision for End to End Trust applies to cloud computing, detailed progress toward a claims-based identity meta-system, and called for public and private organizations alike to prevent and disrupt cybercrime.

One of the most interesting aspects from my perspective was the notion of creating a “World Health Organization” model for the Internet. We are calling on the governments and industry to creatively help prevent cybercrime by implementing technology and policy models that assess PC health before connecting the machine to the Internet. This is an ambitious vision and one I am proud to support.

If you want to know more about the things Scott talked about in his keynote and our End To End vision, I encourage you to visit the newly revamped End To End Trust website for more details.

Creating a Safer, More Trusted Internet

March 3rd, 2010 No comments

The RSA Security Conference is underway this week in San Francisco and Microsoft’s own Scott Charney, Corporate Vice President Trustworthy Computing, delivered one of yesterday’s keynote addresses: Creating a Safer, More Trusted Internet. The keynote centered on Microsoft’s Trustworthy Computing initiative, our End to End Trust vision, and how we have been working to further protect the security and privacy of for all the users of the Internet.

The End to End Trust vision has not changed over the last couple of years and we don’t anticipate it changing for some time. We continue to make progress along this vision and Scott outlined many areas where we are actively engaged and providing thought leadership. The keynote showcased how our vision for End to End Trust applies to cloud computing, detailed progress toward a claims-based identity meta-system, and called for public and private organizations alike to prevent and disrupt cybercrime.

One of the most interesting aspects from my perspective was the notion of creating a “World Health Organization” model for the Internet. We are calling on the governments and industry to creatively help prevent cybercrime by implementing technology and policy models that assess PC health before connecting the machine to the Internet. This is an ambitious vision and one I am proud to support.

If you want to know more about the things Scott talked about in his keynote and our End To End vision, I encourage you to visit the newly revamped End To End Trust website for more details.

New Microsoft Security Intelligence Report Released

November 2nd, 2009 No comments

Volume seven of the Microsoft Security Intelligence Report (SIRv7) – part of Microsoft’s  commitment to providing an unparalleled level of security intelligence to help keep individuals and organizations better informed and to maximize security investments – was released today and there are a couple of tidbits in the report that caught my attention that I thought I would pass on. As a reminder, the SIR is published by Microsoft twice per year and looks at the data and trends observed in the first and second halves of each calendar year.

The first thing that struck me while reading through the report is that for the first time, the SIR shares some high-level security best practices from countries that have consistently exhibited low malware infection. For example, Japan, Austria and Germany’s infection rates remained relatively low during the first half of this year.

So how do these regions keep their customers and resources safe from cyber threats?  Japan’s infection rates remain relatively low is due in large part to collaborations like the Cyber Clean Center. The Cyber Clean Center is a cooperative project between ISPs, major security vendors and Japanese government agencies aimed at educating users on how to keep their PCs infection free. Austria has implemented strict IT enforcement guidelines to lower piracy rates and this, along with strong ISP relationships and fast Internet lines, has helped ensure the ecosystem is kept up to date with security patches. Germany has also leveraged collaboration efforts with its CERT and ISP communities to help identify and raise awareness of botnet infections and, in some cases, quarantine infected computers.

The other thing that stood out to me was the graph below. This graph shows the effectiveness of automatic updating and shows what happened to the trojan downloader family Win32/Renos once Microsoft released a signature update for Windows Defender via Windows Update and Microsoft Update. Within three days, enough computers had received the new signature update to reduce the error reports from 1.2 million per day to less than 100,000 per day worldwide! To me this shows how important it is for users and organizations to utilize automatic updates to help prevent the spread of malware! 

The report also underscores some of the trends that we have seen from previous versions of the report: for example, the infection rate for Windows Vista is significantly lower than that of its predecessor, Windows XP. It also tells me that the higher the service pack levels of an OS, the lower the infection rate. Once again, these items help point out that you need to keep your software up-to-date. With Windows 7 now available it might be a good time to look at upgrading your OS!

Take a look at the full report at http://www.microsoft.com/sir and use the information to help protect yourself, your networks, and your users.

New Microsoft Security Intelligence Report Released

November 2nd, 2009 Comments off

Volume seven of the Microsoft Security Intelligence Report (SIRv7) – part of Microsoft’s  commitment to providing an unparalleled level of security intelligence to help keep individuals and organizations better informed and to maximize security investments – was released today and there are a couple of tidbits in the report that caught my attention that I thought I would pass on. As a reminder, the SIR is published by Microsoft twice per year and looks at the data and trends observed in the first and second halves of each calendar year.

The first thing that struck me while reading through the report is that for the first time, the SIR shares some high-level security best practices from countries that have consistently exhibited low malware infection. For example, Japan, Austria and Germany’s infection rates remained relatively low during the first half of this year.

So how do these regions keep their customers and resources safe from cyber threats?  Japan’s infection rates remain relatively low is due in large part to collaborations like the Cyber Clean Center. The Cyber Clean Center is a cooperative project between ISPs, major security vendors and Japanese government agencies aimed at educating users on how to keep their PCs infection free. Austria has implemented strict IT enforcement guidelines to lower piracy rates and this, along with strong ISP relationships and fast Internet lines, has helped ensure the ecosystem is kept up to date with security patches. Germany has also leveraged collaboration efforts with its CERT and ISP communities to help identify and raise awareness of botnet infections and, in some cases, quarantine infected computers.

The other thing that stood out to me was the graph below. This graph shows the effectiveness of automatic updating and shows what happened to the trojan downloader family Win32/Renos once Microsoft released a signature update for Windows Defender via Windows Update and Microsoft Update. Within three days, enough computers had received the new signature update to reduce the error reports from 1.2 million per day to less than 100,000 per day worldwide! To me this shows how important it is for users and organizations to utilize automatic updates to help prevent the spread of malware! 

The report also underscores some of the trends that we have seen from previous versions of the report: for example, the infection rate for Windows Vista is significantly lower than that of its predecessor, Windows XP. It also tells me that the higher the service pack levels of an OS, the lower the infection rate. Once again, these items help point out that you need to keep your software up-to-date. With Windows 7 now available it might be a good time to look at upgrading your OS!

Take a look at the full report at http://www.microsoft.com/sir and use the information to help protect yourself, your networks, and your users.

Steve Riley on Windows 7 Security

April 23rd, 2009 No comments

While walking the show floor here at RSA, I ran into Steve Riley, who’s an incredibly passionate and knowledgeable Security Evangelist (or officially “Senior Technical Evangelist”) in Microsoft’s Trustworthy Computing organization. He’s a well respected and sought out speaker on security topics. So I thought it would be great to get Steve’s take on his favorite two security features in Windows 7. Take a look at what Steve has to say about Windows 7 security!


Steve Riley discusses Windows 7 Security Features at RSA