Good morning everyone,

I wanted to share with you a few reports that I have been reading about how Microsoft is fairing the security world.  When you look at the world we live in today is dramatically and constantly changing on how we , as a industry, look at security.  Historically this is an area where we as company has had serious challenges and we are improving.  While we are not there yet as a company, the progress and changes we have made as a company amazes me, and the industry is taking notice.  With security features like UAC helping carve a new path, we as a company/industry are improving.  Even though UAC is sometimes an annoyance, in this IT Pro's opinion it is a 1 click annoyance that is worth every penny!  My friend Kai Axford, and Microsoft Security GURU, has an interesting perspective on UAC: 

People like this just frost me: Security considered a burden for users

Speaking of User Account Control (UAC), there is a absolutely SUPER-FANTASTIC RESOURCE on User Account Control in Windows Vista:

Understanding and Configuring User Account Control in Windows Vista 

This Article is an absolute treasure trove of UAC knowledge and management, and I will probably post more on UAC.  When we ask the question about why we need UAC, I think this line from the article, really puts it all in perspective:

Until the development of Windows Vista, there was no built-in method within the Windows operating system for a user to “elevate” in flow from a standard user account to an administrator account without logging off, switching users, or using Run as. As a result, most people continue to browse the Web and read e-mail as an administrator.

The reports I read are from several different resources and I have listed a few that caught my eye.  However, I highly recommend if you are interested in a lot of the security information regarding Microsoft products I highly recommend that you subscribe to Jeff Jones' and Kai's blogs:

1.) This article from CSOonline.com, gives a brief summary of the chart below and our 6 month report (that is Windows Vista on the far left of the chart, yes the one with the smallest bar.  :-) ): Windows Vista - 6 Month Vulnerability Report 

6mo-reduced-high

For the full details, or to print the report, you can download the report in PDF.

2.) This interesting article from internetnews.com is brief summary of Symantec's 11th Internet Security Threat Report. It talks about the challenges on how manufactures and different operating systems (Vista, HP-UX, Red Hat) are working to meet those challenges head on.  Report Says Windows Gets The Fastest Repairs

From the article:

"Analyst Charles King with Pund-IT said Microsoft has had to be aggressive about dealing with security issues because it's such a big target. In that regard, the company has met the challenge"

3.) This is a good article from Network Computing,  discussing some of the improvements in Windows Server 2008.  This articles is a good glimpse into some of the new security features that are being built into Windows Server 2008:  Longhorn: Long on Security? . 

 From the article:

"After weeks of hammering, picking and probing, we walked away impressed. As Microsoft promised, Longhorn offers significant security improvements in the areas of setup and configuration, OS modularity and client health detection, plus an enhanced firewall and a new IP stack."

Let me know what you think of this post and did you find it interesting?