This was the time Windows XP was designed. Windows XP was launched in 2001 and – judging by its success – it was a really great piece of technology. It just runs, rock-solid. Well, it was attacked by a few worms like Blaster, Sasser which led to the development of Service Pack 1, which made us stop development for a few months to look for security vulnerabilities. Over all the years of improvement and learning, this finally led into Windows 7.

If you are still on Windows XP, you probably should re-think your strategy today as the Operating System you are using was not designed to survive in today’s threat landscape. Let me give you 10 reasons why you should definitely move off Windows XP as soon as possible:

1. First and foremost, Windows XP will go out of support April 8^th, 2014. From then onwards, there will be no more security updates for Windows XP. Even though it is still two years down the road, larger organizations typically need some time to migrate and I am convinced that you need to start now!
2. Changes in development processes like the introduction of the Security Development Lifecycle (SDL) over the last 10 years within Microsoft significantly reduced the number of vulnerabilities, the likelihood for getting infected by malware and the attack vectors. This can easily be seen when you look at the data from our Security Intelligence Report:
   
3. Most probably you are still using Internet Explorer 6, when you are running Windows XP. As the browser is your window to the Internet and the most attacked application you run, running a browser which is three versions behind the latest one is definitely not something you should do for different reasons. One is the point I made above. Development processes have come a long way in the industry to incorporate security into the product from a code level and you would want to leverage this. Additionally, there is a lot of technology built into a modern browser to protect you from current attacks like the Smartscreen filter. So, move off IE6 to Internet Explorer 9 (for Windows Vista and later) or at least Internet Explorer 8 if you stay on Windows XP (which you should not J). To show you the impact, here is a graph published by NSSLabs on how far the browser can protect you from socially engineered malware:
   
4. The Security Development Lifecycle is not only about reducing security vulnerabilities at a code level but it is about adding additional protection as well, if there is a vulnerability in the code. It is about Defense in Depth as well – or mainly. As a result we introduced technology like DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) into the platform, which makes it much harder to exploit a vulnerability in the code.
5. Ever tried to run Windows XP without being local Administrator? Yes, you will tell me know that you run it in the enterprise like that. What about changing the time zone when you travel with your notebook? Or adding your home printer? Or, or, or? I have to admit that I tried it more than once and gave up. User Access Control helps greatly. It is a huge improvement and makes the non-admin use of the OS much simpler. Even if you would decide to run as a local admin, you work with the user token until you need admin privileges.
6. On Windows XP you might be using some third-party disk encryption tool, something which comes for free on Windows 7 – even for USB sticks. It is called Bitlocker and Bitlocker To Go.
7. Talking of Bitlocker: One of the points which are often forgotten when talking about the OS is that one of the key attack vectors is during the boot process. We have seen successful attacks on Windows XP during the boot processes with rootkits. If you switch on Bitlocker on Windows 7 (and Vista) you get a fairly sound boot protection. If you use a 64-bit version with kernel protection, the risk of getting infected during the boot process is actually fairly low.
8. Managing Software Restriction Policies in Windows XP was a very hard – close to impossible – task. AppLocker on Windows 7 has improved this greatly.
9. There are quite some changes on the IP layer: We support IPv6 and there are a lot of improvements in the Windows Firewall.
10. The last point: Windows XP is just not cool anymore. Windows 7 is just much nicer, cooler to use and just much, much more fun

Besides all the security improvements, which make most sense if they are used in a combination like Bitlocker on Windows 64-bit and Applocker it has to be said that managing such a Windows 7 environment has proofed to be much, much more efficient than Windows XP.

I guess you did not have time to finish reading the post? Started your migration project immediately? Great, go ahead!

Roger

• Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards.
• Office 365 is the first and only major cloud productivity service that enables HIPAA compliance.
• The Office 365 Trust Center provides in-depth information about the privacy and security practices for Office 365 and was recently redesigned to be more accessible and easy to understand.  The new site can be accessed at http://trust.office365.com.

If you are interested in the official press statement: http://www.microsoft.com/Presspass/press/2011/dec11/12-14O365CloudPR.mspx

Roger

Today I heard of TouchMountain – PeakFinder on steroids. These are some screenshots from the marketplace:

You can see the map around you:

But the real cool thing is the real view through the camera:

Including webcams:

And if a peak is missing, there is an interface to add it.

Last but not least: If an app still has five stars in their rating after 10 people submitting, it has to be really, really, really cool

Roger

Probably I should convince my kids, not my wife

Roger

You can find all the necessary information on EMET here:

• That’s the article on our support website: The Enhanced Mitigation Experience Toolkit
• Here a TechNet blog post: New version of EMET is now available
• To download EMET v 2.1
• And a BlueHat session

Before you start, please make sure that you have the Bitlocker recovery key ready (you are running Bitlocker, don’t you?) or that you suspend Bitlocker for the time of the configuration as EMET might change your Data Execution Prevention settings, which change your bootloader, which invalidates the Bitlocker signature, which needs to be proven.

I always love to strengthen my policies and see when something breaks and how. I started to use it and it actually provides you a fairly straight-forward interface with what is running and in which state:

You can then configure your applications and define on which level you want them to be protected. It might then happen that this pops up:

I wont tell you which application it was but I was a little bit scared…

Anyway, if you did not use it yet, I think you should!

Roger

When my parents recently wanted to buy a smartphone, they asked me… I told them fairly simple: “It is your choice but I cannot give you any support on an iPhone as I do not know it”. I guess, it is kind of blackmailing but that’s life . So, they bought a Windows Phone 7 and guess what – they love it but they are under constant pressure by their friends… And then recently a person (owning an iPhone) said: “It is actually fairly simple: If you just want to do simple and easy stuff, iPhone is the right device. If it gets sophisticated, you need a Windows Phone 7” – and I did not even offer this guy a bottle of wine, I probably should have.

The reason for this blog is an article I started to read called Windows Phone 7.5 vs. iOS 5 – you should read it. He kind of stumbles across the same issues as I do with my iPod (and btw, he seems to be an experienced iWhatever user):

But it’s not really the performance that bothers me with iOS 5, and as noted previously I’m sure the iPhone 4S will clear those issues up nicely. It’s the usage model. Apple’s mobile OS, like its desktop OS, is inscrutable. It presents a grid of icons, none of which can offer more than the dumbest heads-up that something has happened: A little red “2″ on the Mail icon suggests you have two unread emails, for example, but that’s all you get.

On Windows Phone, yes, we have these dumb little overlays too. And yes, the Mail tile will indeed display a little “2″ when you have two unread emails. But other tiles are more descriptive, “alive with information” as Microsoft says. The Calendar tile has the title and time of your next appointment, so you can check that information without diving into the app. Third party weather apps actually display the weather forecast, so, again, you don’t have to actually tap anything to find out what’s happening. All across the Windows Phone ecosystem, these more intelligent apps provide you with information right from the Start screen, no navigation required.

Before that, he was actually looking at Apple’s business model (emphasis is by me):

On the 3GS, it’s also dog slow, a situation that will obviously not be the case on the iPhone 4S, which has dramatically faster innards. You tap and then wait, and just when you start to doubt you tapped anything, whatever it is you tapped finally launches. It’s not a good experience, and one suspects that’s completely by design. Apple, after all, has mastered the quickie obsolescence/upgrade model better than any company.

Back to the user interface:

I’ve used photo viewing as a canonical example of why the Windows Phone usage model–which thinks and works the way you do, not vice versa–is superior to that of the iPhone and iOS. And that’s as true today as it was a year ago. If you want to view photos in iOS, you–yes, you, the user–needs to think first where those photos may reside. Are they in the Photos app? Are they in the Facebook app? Are they in the MobileMe Gallery app? The App Store for iOS, after all, is just bursting with apps. It’s the platform’s single biggest selling point, as you know.

In Windows Phone, you just visit the Pictures hub. Here, all of your photos are brought together in one place, whether they’re on the phone (taken with the camera or otherwise saved to the device), on Windows Live (where your camera photos can be automatically backed up, albeit in versions for sharing, not full-sized originals), on Facebook, or on Twitter. Third party photo apps also integrate into the Pictures hub, so while you could do the iOS-style “think, then search for the app” thing, you don’t have to: They’re all in one place.

To be fair, he has quite some nice words for iPhone as well:

Where iOS really excels, of course, is with the devices on which it runs. Apple is, at heart, a mobile devices company, and its iPhone, iPod touch, iPad, and Mac laptop product lines are all highly rated and desirable. I don’t have my iPhone 4S yet, but aside from a concern about the too-small screen, which makes the virtual keyboard hard to use, and the lack of an all-new design, there’s little to genuinely criticize there. The current crop of Windows Phones, which date back a year, are getting long in the tooth.

Looking forward to Nokia…

And the last statement I love:

In the end, iOS 5 is the safe choice, the one you recommend to less experienced users. But it is Windows Phone that occupies the innovation seat that Apple once commanded, back in 2007. If you’re looking for the best aesthetics, the best efficiency, and the best software design, Windows Phone is where it’s at. And that’s something I suspect Apple’s most ardent fans will have difficulty understanding. But look beyond your favorite platform for a moment and you will discover that the outside world is in some ways moving along faster than is Apple. And that what brought you to Apple in the first place is happening elsewhere.

Ah, yes you have more apps in the marketplace on iPhone – I know. But I usually challenge people to give me one single app I really want to use (not the stuff I delete after the second use), which I do not have on Windows Phone 7. There is one (1) – it is called “Peak Finder Alps” and that’s it so far. I know that I am not the ultimate representative sample…

When are you going to get your Windows Phone 7?

Roger