Windows Vista : Threat-driven Design combined with Security Quality Process

What is the difference between foundational security and security features? Name 3 security companies.  Who did you name?  Symantec?  Checkpoint?  RSA?  ISS? These companies all offer products that provide security features or capabilities.  What if Microsoft had no firewall?  What if we had no PKI and certificate services?  What if we had no plans for Forefront Security products?  Would those of in the Security Technology Unit (STU) be out of … Read more »

Trend Micro CTO hints that Trend will Open Source Code

In a stunning revelation in Trend Micro: Open source is more secure, Trend CTO Raimund Genes hints that Trend may release their code as an open source project! Though Genes stopped short of actually saying that Trend would be releasing their code and joining the Free Software movement, there are only two possible obvious conclusions from his statements made to CNET: “Open source is more secure. Period,” Raimund Genes, chief technical … Read more »

Linus’s Law aka "Many Eyes Make All Bugs Shallow"

How many of you have heard “many eyes make all bugs shallow”?  My guess is that many of you have and that it may have been in conjunction with an argument supporting why Linux and Open Source products have better security.  For example, Red Hat publishes a document at www.redhat.com/whitepapers/services/Open_Source_Security5.pdf, which they commissioned from TruSecure (www.trusecure.com) which has a whole section called “Strength in Numbers: The Security of “Many Eyeballs” … Read more »

Artima: Microsoft Under Attack

A new article called Microsoft Under Attack summarizes itself by saying: Not by angry customers suing for damages after security breaches, or by governments breaking up monopolies, but by open source developers and security professionals accusing them of being obsessed by security. The content goes on to chronicle a panel discussion moderated by the author “Should companies be emulating Microsoft’s Security Development Lifecycle?” at the OWASP Europe conference in Leuven. … Read more »

A (Not Always Funny) History and Analysis of Web-Based Antivirus and Security Products

When I first read (in 2006) about the “new category for security products” represented by Microsoft OneCare Live, Symantec Genesis and McAfee Falcon, I must admit to a small chuckle.  In my AV days, I saw a few of these web security products launched, each of which did a big belly flop.  Maybe it will be different this time, we’ll have to wait and see. DISCLOSURE:  Before we go further, … Read more »

Web-based Security Deja-Vu: Microsoft OneCare Live, Symantec Genesis and McAfee Falcon

Windows Live OneCare has made it’s debut, among various comments about this being a new category of security product and apparently it is a hot new category to judge from the established antivirus vendors and the press activity.  Symantec announced in February that it will have a competitive product, code-named Genesis, and McAfee announced this past week it’s own product, code-named Falcon in the same space. As always, exciting exciting … Read more »

A (Not Always Funny) History and Analysis of Web-Based Antivirus and Security Products

When I first read (in 2006) about the “new category for security products” represented by Microsoft OneCare Live, Symantec Genesis and McAfee Falcon, I must admit to a small chuckle.  In my AV days, I saw a few of these web security products launched, each of which did a big belly flop.  Maybe it will be different this time, we’ll have to wait and see. DISCLOSURE:  Before we go further, … Read more »

New Enterprise Linux – Ubuntu

For business use, the largest driver of Linux adoption has been the Enterprise Linux releases.  Product names aside, I am referring to those Linux-based distributions that offer longer, multi-year support commitments for a version of the product.  To date, the primary examples of this (and not coincidentally market leaders) have been Red Hat Enterprise Linux, Novell SuSE Linux Enterprise Server and Mandriva Linux. Matt Zimmerman of the Ubuntu team has just … Read more »

Address Space Layout Randomization (ASLR) in Windows Vista Beta2 ?

UPDATE:  Mike Howard has posted to his blog, confirming David and providing details on the Vista ASLR features.   So, a couple of weeks ago, Jesper Johannsen wrote how the Windows Firewall was one of his favorite security features in Windows Vista.  My favorite security enhancements tend to be architectural security improvements.  I recall the Data Execution Prevention and NX bit support as two good previous examples of this.   … Read more »

Windows Vista Beta2 Security Paper

Was reading Dana Epp’s blog and found reference to a new Microsoft paper called  Microsoft® Windows Vista™ Security Advancements.  Good overview of most security enhancements in Beta2. The funny part of this story is that Dana noticed the paper while reading Mike’s blog, which I hadn’t read yet today. I hadn’t read this paper yet, so thanks to Dana and Michael.  The paper itself is here.