Jesper's Blog

Obligatory file photo: I am a Senior Security Strategist in the Security Technology Unit at Microsoft. My job is to explain to our customers how to run Microsoft products securely, and to the extent that it is needed, help the product groups figu

September, 2005

  • ISV support of patches

    Yesterday during a discussion I was having with some customers in Taiwan another chat I had with an MVP a month or so ago came back to mind. The question asked was about Independent Software Vendor (ISV, i.e. "not Microsoft") support of Microsoft patches for the OS. Specifically, how long is it reasonable to take an ISV to fully support their product on an OS patched with a particular patch, or rather, update, or a particular service pack?
  • Disable that Pesky Built-in Administrator Account!

    I'm working on an FAQ for passwords right now. Look for it in the Security Newsletter next month ( ). However, one thing that has come up more than a few times in the recent past is what...
  • Curious about SMB message signing?

    Or just want to know how to shoot yourself in the foot? SMB Message Signing is one of Microsoft's top support call generators, and for good reason. It mitigates valid security threats, but is very complicated to use and can have far-reaching implications...
  • Security sins in computer products

    So I got the Belkin Pre-N router today (it is a F5D8230-4) and was absolutely appalled at the way they have treated security in the thing. Now, this is not unique at all. I have tried Linksys, NetGear, and D-Link as well, and they all sin in about the same ways. Frankly, I have yet to find a wireless product that does security as well as the venerable Microsoft MN-500 802.11b router. Of course, it only does WEP, which is pretty much equivalent to no security at all these days, but when it came o