Nov-182008

How Spam Filters work

Just a short one: I think I had to feed that into the requirements list for our Exchange team:

Roger


Published: Nov-18-08 | 0 Comments | 0 Links to this post
Tagged as: Fun

Nov-182008

Get Safe Online - This Week

We see this concept all over Europe: There are National Security Awareness Days (or how ever they are called) in a lot of European countries. During these events, the industry (from software to banking to government to …) gets together to raise awareness on the most important trends, criminals explore attacking  their victims.

This week in the UK there is the Get Safe Online Week, which is a very good example for me how this can work out. A lot of partners come together this week to drive awareness around different themes in the area of Online Safety.

I quote from their press release:

Today (which was actually yesterday) the UK’s fourth annual Get Safe Online kicks off, a weeklong internet safety awareness campaign encouraging UK computer users to take steps to ensure that they and their machines are protected.

In a time of economic uncertainty, online security is becoming even more important as the growth of the ‘shadow economy’ in stolen identities can mean a person’s assets such as savings accounts can be stolen and emptied faster than ever.

Particularly, the use of ‘phishing attacks’ is rapidly on the rise – where criminals send fraudulent emails designed to trick internet users into submitting their financial or other confidential details. 23% of UK internet users surveyed said that they or someone they knew fell victim to such an attack this year, compared to just eight per cent in 2007.

The image of the geeky hacker is inaccurate: the vast majority of computer crime in the UK is highly organized, with criminals dealing in the buying and selling of personal information used to defraud targets such as full name, address, passport details, driver's license number, date of birth, bank account details and sort codes, plus credit card numbers and security codes.

Get Safe Online Week aims to give everyone the tools and confidence to enjoy and use the internet safely. In the span of a couple of hours, anyone can learn a few simple steps to remain up-to-date and aware about online safety – a small investment compared to the potential loss and inconvenience if they are instead victims of identity theft.

I think that this is a great initiative, which needs our broad support:

Roger


Published: Nov-18-08 | 1 Comment | 0 Links to this post
Tagged as: Consumer, Behavior, Cybercrime, Politics, Policies, Security

Nov-162008

Security - One of the Key Reasons to Migrate to Windows Vista (part 2)

In my last post, I briefly touched on different features of Windows Vista, which I think are important with regards to the view on Windows XP vs. Windows Vista. Let’s take a different approach now: I recently was on a panel in Eastern Europe where I was asked, which model generates more secure software: The shared source (like ours) or the Open Source. I asked back, whether they could define “more secure” for me. It turned out, that we were talking about vulnerabilities.

Let’s look at some statistics now and let’s start with vulnerabilities:

In Jeff Jones’ Desktop OS Vulnerability Report we published figures on vulnerabilities between Desktop OS Vendors and it turns out that this view already gives you a reason to migrate to Windows Vista:

But this is the view on an industry problem giving us confidence that our Security Development Lifecycle works. But how is the comparison between Widows XP and Windows Vista? He has a really interesting chart in there:

If we compare Windows XP and Windows Vista, we see different things:

  • There are vulnerabilities we had to address in Windows XP which were not in Windows Vista anymore.
  • There are vulnerabilities which had less impact on Windows Vista compared to Windows XP. A good example for this was the latest Out of Band Security Update we had to release, called MS08-067, which was Critical for all the OSs except Windows Vista and Windows Server 2008, where we rated it Important. The reason for that is UAC – even if you would have switched off the UI!
  • Finally, there was one vulnerability which was introduced in new code in Windows Vista.

So, this picture shows very well that defense in depth in Windows Vista (with technologies like ASLR, DEP, UAC etc.) actually pays off.

An other view on this is the attack/malware side. In our Security Intelligence Report v5 we talk about browser-based exploits and where the criminals attack the victims on Windows XP and Windows Vista. If you look at the XP picture you see the following:

With regards to browser-based exploits, 58% of the time, Microsoft software was attacked and 42% 3rd party. This changes drastically in Windows Vista:

Here our software drops to 6%!

In the Security Intelligence Report we have some other figures as well (like the malware infection rate on the different OS) but I want to leave it with that.

We once discussed in our community an interesting question: If we could give our customers just one advice, what would that be? I think it would be to stay on the latest versions of all your software. The reason is not license fees or anything like that. The reason is that this is the only way to cope with the changing threat landscape!

Roger


Published: Nov-16-08 | 0 Comments | 0 Links to this post
Tagged as: Microsoft, Microsoft Products, Security, Trends

Nov-112008

Security - One of The Key Reasons to Migrate to Windows Vista (part 1)

The value of Windows Vista is often questioned. There are a lot of customers who still think that there might be nor reason to migrate to Windows Vista. I will publish two blog posts giving you some views on the security of our latest operating system. Most of the facts in here are widely known but this might give you some additional guidance.

Let’s start with the Operating System itself. We published the Windows Vista Security Guide, which is split into different sections as shown below:

Let’s look at some of the key challenges to face:

Defend Against Malware

There is different technology in Vista to help you to defend against malware and I would like to touch on a few (some of them not in the guide):

  • ASLR (Address Space Layout Randomization): This is a piece of technology which just helps to defend against attacks against buffer overflows and similar. Basically it just makes sure that a potential exploit does not know where a vulnerable piece of software is located. There is actually a pretty good blog post (on Beta 2 of Vista but the technology is the same) by Michael Howard: Address Space Layout Randomization in Windows Vista.
  • DEP (Dynamic Execution Prevention): Well, this was in Windows XP SP2 already. Basically it leverages a processor feature which is able to distinguish between executable and non-executable memory (to NX flag). Unfortunately a lot of hardware vendors disable this on processor level…
  • User Account Control (UAC): The most hated/loved feature in Vista. There were so many debates about this but I am still a big supporter of UAC. Might well be that we have to adapt the User Interface (well, we have to adapt the user interface). Nevertheless it showed the value several times already: The last time with the out of band release where we could rate the update “only” Important for Vista but Critical for XP.
  • Additionally, there is technology in the platform which was either available for download or built in to Windows XP (Windows Defender, Windows Firewall, Windows Security Center, Malicious Software Removal Tool, Software Restriction Policies). This technology and these tools help you to run the platform in a secure and safe way.
  • Last but definitely not least, there are a lot of improvements around Internet Explorer 7. With one exception (Protected Mode), the features are available on XP as well. However, having the ability to run IE in protected mode by itself allows for a safer browsing experience.

You see, even without active protection, there is already a lot being done around the defense against malware.

So, looking at the next area:

Protect Sensitive Data

The nightmare scenario: You lost your notebook with sensitive data on! So, there is different technology you can use to protect information on your Notebook:

  • Bitlocker Drive Encryption: This is well known and often discussed. I know that there is third-party software being able to deliver drive encryption but Bitlocker is built in to the platform, is part of your license, and can be managed through Active Directory (the recovery key can be mandated to be stored in AD). What a lot of people do not know is that Bitlocker has actually two components (see technical information):
    • It encrypts your disk
    • It verifies the integrity of some key boot components. This helps to boot into a more or less trusted state
  • In order to protect your sensitive information, there is even more you can do. To me the most important piece of technology is Rights Management Services (RMS) in this space as it keeps the protection of the information persistent which allows you not to care anymore where the data resides.

And there is a lot, lot more but I do not want to write too long blogs which then nobody reads :)

I would like you to look into this and I would like you to look into the above mentioned guide and the really go for Windows Vista deployment…

Roger


Published: Nov-11-08 | 0 Comments | 0 Links to this post
Tagged as: Microsoft Products, Security

 Next >>