Dave Sayers' Blog

Security blogger joins MS

DaveSayers — Fri, 30 Jun 2006 16:48:00 GMT

Whether you're familiar with Adam or not, this is a really positive article about how Microsoft's attitude to security has really changed and why this member of the security community would now want to come and work with us...

http://www.emergentchaos.com/archives/2006/06/im_joining_microsoft.html

EMC to buy RSA..

DaveSayers — Fri, 30 Jun 2006 13:12:00 GMT

Blimey... An interesting move from EMC - I think I can understand why they're doing it, so that they can offer additional capabilities for securing the storage which they supply. It'll be quite interesting to see what (if any - purely speculating!) impact this may have on Microsoft. I've done some work with RSA in the past in the UK, and always found them great to work with. Not that that will neccesarily change, but I haven't had any engagement with EMC in the UK at all. So it will be interesting to see how it all pans out.

http://www.theregister.co.uk/2006/06/29/emc_buys_rsa/

IE 7 Beta 3 now available

DaveSayers — Fri, 30 Jun 2006 12:36:00 GMT

In case you haven't seen this yet, Beta 3 of IE7 has become available - get it here.. http://www.microsoft.com/windows/ie/default.mspx Haven't had a chance to download it yet myself, but that's what I'm off to do next. Once I've had a cup of coffee.

By the way, not security related whatsoever, but I absolutely love Media Player 11 - the album covers are much easier to use, as is the search facility. I've heard a few people say that it slows their machine down. but I've not experienced that at all - and I've copied pretty much all my music now and made it available through WMP11 - about 27GB in all. And yes, Westy, before you say anything, most of it is indeed 80s cheese.

Virtualisation PTS-TV Clip

DaveSayers — Tue, 13 Jun 2006 15:11:00 GMT

We've just uploaded another PTS-TV clip - this time it's me talking about virtualisation. You can watch it from here - http://www.microsoft.com/uk/partner/blog/pts-tv/

Virtualisation is becoming a key part of our infrastructure strategy, especially with our addition of a Hypervisor layer into Longhorn Server. You can learn more about virtualisation very shortly at my colleague Matt McSpirit's blog - at http://blogs.technet.com/mattmcspirit.

And yes, my shirt is totally oversized. I accidentally bought the wrong size but wore it anyway.

Upcoming Security Event - with Special Guest!

DaveSayers — Mon, 12 Jun 2006 18:45:00 GMT

I wanted to let you know about an upcoming security event that's happening in London. It's on the 5th of July and hosted by the lovely people at Technet. We've got some great speakers lined up including Ed Gibson, Steve Lamb and Jason Langridge, and it covers Identity, Vista Security and securing Mobile Devices.

The special guest is a chap called Kim Cameron. If you've never heard of Kim, he's basically credited as being the "Godfather of the metadirectory" - he has been instrumental in promoting the importance of identity to businesses, and is working on some very exciting new things at Microsoft around Digital Identity. His presentations at the security event will cover Digital Identity, funnily enough. I am really really looking forward to seeing him speak.

So now your appetite has been well and truly whet, you can sign up for the event here.... http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032298182&Culture=en-GB - see you there!

Introducing Microsoft Forefront!

DaveSayers — Mon, 12 Jun 2006 13:28:00 GMT

Hot off the press, I wanted to let you know that we are branding our business security products as Microsoft Forefront.

There are three main pillars to this - Comprehensive, Integrated and Simplified. You can get more detail on these here - http://www.microsoft.com/forefront/default.mspx. I think this is a really good idea, as it really differentiates the security products and solutions for business from those designed for consumer (such as OneCare, Windows Defender and the built-in firewalls).

The products which Forefront comprises of is as follows :

•	Microsoft Forefront Client Security (formerly called Microsoft Client Protection)
•	Microsoft Forefront Security for Exchange Server (currently called Microsoft Antigen for Exchange)
•	Microsoft Forefront Security for SharePoint (currently called Microsoft Antigen for SharePoint)
•	Microsoft Antigen for Instant Messaging
•	Microsoft Internet Security and Acceleration (ISA) Server 2006

And no, I don't know why Antigen for IM and ISA haven't currently got the word Forefront in their title either :-) Apparently they "may or may not" start to take the rebranding onboard soon. There's plenty of information on the website, and we're also hoping to get a PTS-TV session recorded on this as soon as possible - keep your eyes peeled!

Great News

DaveSayers — Fri, 09 Jun 2006 17:23:00 GMT

Some good news if you fancy being an early adopter - and I'd recommend getting an early look at these definitely - you can now grab Beta 2 of Vista and Office 2007 from the Microsoft site.

Also, there are more PTS-TV snippets available now. My colleague, David Overton, is up talking about Vista. Definitely worth a listen, and David Overton (or "The Beast" as we affectionately know him) certainly knows his onions around small business (despite him referring to me as 'an alright guy most of the time'. I'm hoping that that means the rest of the time I am much better than just alright, but I doubt it ;-) - anyway, that's probably accurate anyway!

Get to it here :

http://www.microsoft.com/uk/partner/blog/pts-tv/

And yes, it does look like their knees are touching...

Viruses spread their wings :-(

DaveSayers — Wed, 07 Jun 2006 15:59:00 GMT

A really bad piece of news this, really. Kaspersky lab researchers have found what they believe to be the first virus for StarOffice and Open Office. It's called Stardust, and is macro based. You can find more information on it here - http://www.scmagazine.com/uk/news/article/562424/macro+virus+suns+staroffice+found/. I am quite often surprised by some of the conversations I have with people about this type of thing - many times they expect us to be pleased, or gloating. The reality is that I and many other people at Microsoft just think it's really sad. Sad that more and more applications, platforms and types of device are being targetted by malicious people (I got my first PocketPC with anti-virus preinstalled the other day), and actually affecting more and more users and making life difficult for them. Contrary to popular belief, most of us here at Microsoft don't want other vendors to have to go to the pain that Microsoft has had to go through. What we would probably all like is for these sorts of attacks to stop. About as likely as world peace though it seems.

Take away all my power!

DaveSayers — Thu, 01 Jun 2006 13:59:00 GMT

Interesting article here... http://www.webpronews.com/topnews/topnews/wpn-60-20060525MicrosoftMayLimitEmployeesAdminRights.html which talks about how with some of the security features in Vista us Microsofties might not be allowed to have Admin privileges on our work machines. It's quite interesting - I can never work out if the Microsoft way of letting everyone be a local admin is something which other large organisations do - either through choice or through something that they are compelled to do through what they see as certain limitations in the product that force them to.

It is quite interesting to be put into the position of many of our users, with what they see as power being taken away from them - maybe desktops being locked down more in a normal environment. And after the initial shock, it has to be said that it is a good thing. The important way to think about things is what do I actually NEED to be able to do that will require admin privileges in Vista? It's just the principle of least privilege being pointed right back at us! And ultimately, my laptop is the property of Microsoft, and we talk loads about how important security policies are, rather than just technology solutions, so if the security policy at Microsoft says that I can't run as admin, then I need to accept that if I want to use their equipment.

But just wait until I can't install that game ;-) Oh wait, it's Microsoft's laptop :-))

Security Assesment Tool

DaveSayers — Thu, 18 May 2006 20:55:00 GMT

I wanted to draw your wandering attention to the wonderful (aka free) tool called the Microsoft Security Assesment Tool (MSAT). It basically walks you through a questionnaire that will result in and assess your business's general level of risk from a security perspective - in over 60 detailed categories! :-) Definitely well worth a look.

You can get it here... http://microsoftsecurityassessment.com/