I mean, I obviously like this article: Internet Explorer aces security test as Google faces accusations as it has a nice quote to start with: Internet Explorer 9 should be the go-to browser for organizations concerned about protecting machines from malicious downloads, according to a new study from NSS...

I would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very...

The Australian Defense Signals Directorate maintains a list of the Top 35 Mitigation Strategies against targeted intrusions. This is just a reference to the top strategies: Patch Applications Patch the Operating System Minimize the use of local admin Application whitelisting … Looking at these 35 strategies...

If you are a regular reader of my blog, you should know the Security Compliance Manager (if you are not, you should become a regular reader of my blog ). Version 2 of the Microsoft Security Compliance Manager (SCM 2) is now available for download. If you do not know it, this is the way our Solution Accelerator...

The Enhanced Mitigation Experience Toolkit  is definitely not new but I recently realized that not too many people know about it – and they should. EMET helps you to raise your shields against zero-days and any exploit in the wild. I do not say that it is a silver bullet but it is definitely going...

I know, that’s the second time now I am doing this comparison thingy and I promise that I will stop again and deliver you a cool tool as the next post but I read this article: Why I’ve finally had it with my Linux server and I’m moving back to Windows – be sure that you read the comments. To me they...

Well, I have to admit – I am biased. I never used an iPhone in my life and based on my experience with my iPod, I hope I never have to, but who knows. I really do not like the UI which – to me – is everything but user friendly and the worst thing with iPhone is iTunes. Whenever iTunes starts to download...

A few years ago I posted on DaRT after having seen it: Microsoft Diagnostics and Recovery Toolset . It is a really good an interesting tool for a lot of problems, one of them being incident response. I just stumbled across one article describing this: Using the Microsoft Diagnostics and Recovery Toolset...

You heard about the launch of Office365 recently and I hope you read the blog post on the application of the Cloud Computing Security Considerations to the private. cloud. If not, here it is: Security Considerations in a Private Cloud To complete the series now, we released an additional paper on how...

Quite a while ago, I blogged about the File Classification Infrastructure in Windows Server 2008 R2: File Classification Infrastructure in Windows Server 2008 R2 File Classification Infrastructure:More content In my opinion, this is an interesting tool, built in to your server platform. Now, we just...

Actually, there is not much to say about this. It is a blog post by CanegieMellon called A Security Comparison: Microsoft Office vs. Oracle Openoffice and just does what it says. However, I do not particularly like the security comparison of products built solely on vulnerabilities as this shows only...

On March 24th, we got the certificate for the Common Criteria certification for Windows 7 and Windows Server 2008 on EAL 4+. Here are the certified products: http://www.commoncriteriaportal.org/products/ and here you find the certificate . A great job by the team – congratulations! Roger

That’s really interesting: Impressive! Roger

You know that we are trying to get rid of outdated versions of IE like IE6: IE6 Countdown–Migrate to IE8 (or IE9) – as we released IE9 to the web, it is not about moving to IE8 or IE9 but moving to Internet Explorer 9. If you want to know more about IE9 security, here you go: Security in Internet Explorer...

10 years ago a browser was born. Its name was Internet Explorer 6. Now that we’re in 2011, in an era of modern web standards, it’s time to say goodbye. We all know that Internet Explorer 6 is outdated and that you should move away from it to a newer browser immediately. For security...

You might have seen it: IE9 RC is now ready for download. I am using IE9 since quite a while and it really, really rocks. Install it from here . Roger

Our Security Research and Defense team published a blog post, which is really interesting to read to understand how to protect Windows Vista and Windows 7: On the effectiveness of DEP and ASLR . There is a lot of information on how both raise the bar for attackers. These are the key take away: DEP and...

We recently had internal discussions on the use of local admin and how to mitigate it. During this, Richard Diver, a Premier Field Engineer in APAC, wrote a great article how to do it. I wanted to make sure, you can see this as well. So, this is a guest blog. General Goals of Strategic Desktop Deployment...

Just a quick one. Our Global Foundation Services organization (the ones who run our datacenters) just published a new whitepaper: Information Security Management System for Microsoft Cloud Infrastructure This paper describes the Information Security Management System program for Microsoft's Cloud Infrastructure...

It is kind of strange, whenever I talk to governments and customers, everybody seems to agree that basic malware protection should be for free or even integrated into the OS. I am talking about malware, which is “installed” by the user as well… However, it seems that not everybody is happy… Security...

If you use Hotmail, you should enable full session SSL in my opinion. Additionally we use SSL for additional services like Skydrive etc. However, there are some caveats. Read the blog post on that: Hotmail security improves with full-session HTTPS encryption Roger

I actually wanted to show nPad to you as I loved it – it is a new hardware factor to what we did since years on the tablet. I like this new hardware (see below) and then read this article, showing that Apple got hit fairly hard this week by a vulnerability in iPad: Apple's Worst Security Breach...

Kim Cameron, one of our key identity architects had an interesting presentation on identity in the cloud and a corresponding interview. Both are worth looking at if you are planning to move into the direction of the cloud. Especially as it is definitely one of the key challenges: This is Kim's presentation...

Just an update on my recent post  on The “KHOBE – 8.0 earthquake” – What’s behind it . In the meantime we worked with Matousec and confirmed that neither Microsoft Security Essentials nor Forefront Client Security are affected by this “vulnerability”. So, to me it is as I stated above: Make noise...

The week before the last one, it happened to me – like it happened to thousand of other travelers all across the globe: I got stranded. Luckily for me I should have been flying out from home rather than flying home and being “stuck” home is much easier to handle :-) At least for me. I was actually to...