What is Toluu?
Toluu is a free service for sharing the feeds you read and discovering new ones.		 Get Invite

Windows Vista Security


Microsoft SIRv5 ReleasedNovember 3

Good day, Paul Cooke here.

 

The Microsoft Malware Protection Center has published volumefive of the Microsoft Security Intelligence Report. If you have not taken a look at this report before, I urge you to go download it from http://www.microsoft.com/sir. It provides a thorough view of the current threat landscape and is filled with a number of great data points. In my first scanning of the document, the following items immediately jumped out at me:

 

·         Microsoft vulnerabilities accounted for 42% of the total vulnerabilities on Windows XP for browser based attacks; however, on Windows Vista-based machines the proportion of vulnerabilities attacked in Microsoft software dropped to just 6% of the total. This highlights our not only our continued security investments in the browser but also that attackers are focusing more and more on the applications that run in the browser.

 

·         The infection rate for Windows Vista is significantly lower than Windows XP, regardless of service pack levels. In addition, 64-bit versions of XP and Vista have lower infection rates than their 32-bit counterparts.

 

·        

TechED - EMEANovember 3

Good day, Paul Cooke here.

I am in Barcelona getting set up for some sessions at TechEd-EMEA in Barcelona. The weather was a bit dicey for parts of yesterday but today is clear and beautiful. I've got two full sessions and a bit part in a third where I will be talking about Windows 7 security features. If you are in Barcelona and have a passion for security, come to one of my sessions or find me on the exhibition hall floor, I would love to chat.

Posting is provided "AS IS" with no warranties, and confers no rights.

aggbug.aspx?PostID=9032493
Windows Vista Security Stories @ TechEd - RecapJuly 18

Good day! Paul Cooke, Director of Enterprise Security, here.

Orlando entertained close to 9,500 customers, partners, and staff at the first Microsoft Tech·Ed for IT Professionals. For four days, IT Professionals from around the world experienced in-depth technical learning with more than 770 Breakout Sessions, Hands-on Labs, and Instructor-led Labs; they also networked and shared information with Microsoft partners and industry peers. It was great to to discuss security topics with both old friends and new.

This year we tried something a little new for us: we went searching for Windows Vista Security Stories and wanted to get them on camera, so that our engineers could hear from you directly. We figured we would get some complaints and some kudos from the participants, but what we were really hoping for is an honest assessment of what you thought about Windows Vista Security! The participation from attendees was great and the candid feedback was exactly what we were looking for….

Well, it’s been just over a month and we have finally finished combing through the hours of video and selected our favorite stories! So without further ado, I would like to congratulate the following story tellers and let you know what you won:

Xbox 360

Zune

·         Russ Alexander

·      Â

Windows Vista and MalwareMay 9

Hi, Austin Wilson here.   Recently there have been some questions raised about the susceptibility of Windows Vista to malware – specifically, that it’s more susceptible to malware than Windows 2000.  I’d like to show why we reject that claim.   We study the malware space very carefully and publish our results twice a year in the Security Intelligence Report.  This report is compiled from statistics on malware infections based on over 450 million executions of the Malicious Software Removal Tool (MSRT) every month.  Microsoft is a member of AMTSO (Anti Malware Testing Standards Organization) and its charter includes defining test methodology so that there is a minimum quality bar to all testing of this type.  

 

Our results published in the April 2008 version of the Security Intelligence Report show that Windows Vista is significantly less susceptible to malware than older operating systems.  In fact, from June – December 2007, using proportionate numbers, the MSRT found and cleaned malware from 60.5% fewer Windows Vista-based computers than from computers running Windows XP with Service Pack 2 installed.  How about Windows

Disk encryption: Balancing security, usability and risk assessmentFebruary 22

Hi: Russ Humphries here.  There’s been a lot of attention this week paid to memory attacks against disk encryption technologies and I wanted to provide some commentary and thoughts. The focus of these conversations is centering on investigating the contents of a computer’s memory – if it’s running or shortly after it has been recently powered down; where ‘recently’ could be seconds to perhaps minutes. The concept that memory retains a ‘ghost image’ of what was last stored on it has been well documented and is an industry-wide issue.

However, the current debate has an interesting angle to it - specifically a method has been detailed in which an application might be able to reconstruct an encryption key, which might have been used for almost any security purpose, from these ghost images.

Since disk encryption is a topic that gains headlines perhaps it was inevitable that the practical demonstration of this key-reconstruction would be to investigate a computer’s memory to ‘break disk encryption products’ and potentially access data stored on the hard drive.

The thing to keep in mind here is the old adage of balancing security, usability and risk.  For example BitLocker provides several options that allow for a user (or more likely Administrator) to increase their security protections but at the cost of somewhat lowering ease-of-use.  BitLocker supports options that will not allow a machine to