10 Years of Trustworthy Computing at Microsoft
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? ...
10 Reasons to migrate off Windows XP
I would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the ...
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and Security
A long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major ...
Cybersecurity–More than a good headline
A lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy.
This made us thinking about what is needed to run a successful Cybersecurity Agenda within a country? What themes ought to be ...
The Latest Internet Explorer 0Day By Roger Halbheer, on March 1st, 2010 As it happens: I have been skiing last week (the weather was gorgeous) and now I am back (unfortunately) and confronted with the next Internet Explorer 0Day vulnerability, which already causes noise – in my opinion too much for the real technical problem. If you read the blog post of the Microsoft Security Response Center called Investigating a new win32hlp and Internet Explorer issue, you will find the following facts – as far as we know them by now:
- The user has to be tricked into pressing F1 in response to a Pop-Up (no automation)
- We are not aware of any attacks exploiting this issue
- It is Windows XP “only”
This leads me back to the discussions I had with customers over the last few weeks: Windows XP was released 31. December 2001 – 8 years ago. If you would give it 2 years development and engineering time, we are talking of a 10 year old operating system. During a discussion a friend of mine said “your are not driving a 10 years old car neither” – which is not accurate. If you look how the threat landscape developed on the Internet over the last 10 years, you should probably compare it with a 50 years old car. The real problem with Windows XP in my opinion is, that it is rock-solid – but in my opinion not suited anymore for today’s threats. As you have a great alternative now – you should definitely consider moving to Windows 7. And you should move from IE 6 (if you are still there) to IE8!!
If I would have one wish to you from a security perspective: Move to the latest version of your software – everywhere (knowing that this is not an easy task to do)
Roger
Related posts:
- Update on the Internet Explorer Vulnerability
- Security Advisory on the recent Internet Explorer Vulnerability
- Join the Windows 7 and Internet Explorer 8 Security Baselines Beta
- Internet Explorer Security Update Ready
- The latest SQL Injection Attacks
Leave a Reply
|
|
|
