Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Chief Security Advisor
Critical Infrastructure Protection
Freedom of Speech
Securing My Infrastructure
Security Intelligence Report
Browse by Tags
Roger's Security Blog
Tagged Content List
Implementing the Top 4 Defense Strategies
The Australian Defense Signals Directorate maintains a list of the Top 35 Mitigation Strategies against targeted intrusions. This is just a reference to the top strategies: Patch Applications Patch the Operating System Minimize the use of local admin Application whitelisting … Looking at these 35 strategies...
13 Dec 2011
Microsoft Security Compliance Manager 2 ready for download
If you are a regular reader of my blog, you should know the Security Compliance Manager (if you are not, you should become a regular reader of my blog ). Version 2 of the Microsoft Security Compliance Manager (SCM 2) is now available for download. If you do not know it, this is the way our Solution Accelerator...
25 Oct 2011
EMET–Protection Against Zero-Days
The Enhanced Mitigation Experience Toolkit is definitely not new but I recently realized that not too many people know about it – and they should. EMET helps you to raise your shields against zero-days and any exploit in the wild. I do not say that it is a silver bullet but it is definitely going...
23 Oct 2011
Using the Microsoft Diagnostics and Recovery Toolset (DaRT) for Incident Response
A few years ago I posted on DaRT after having seen it: Microsoft Diagnostics and Recovery Toolset . It is a really good an interesting tool for a lot of problems, one of them being incident response. I just stumbled across one article describing this: Using the Microsoft Diagnostics and Recovery Toolset...
19 Oct 2011
Video on Microsoft’s Datacenter
A very good overview over the way we run Microsoft’s Cloud. The interesting thing is – if you look at the video – that most customers are still running their datacenters on generation 1-2, which means that the efficiency (labor as well as energy) we can deliver is significantly higher – not talking of...
29 Jul 2011
Cloud Security in Office365
You heard about the launch of Office365 recently and I hope you read the blog post on the application of the Cloud Computing Security Considerations to the private. cloud. If not, here it is: Security Considerations in a Private Cloud To complete the series now, we released an additional paper on how...
15 Jul 2011
A Security Comparison: Microsoft Office vs. Oracle Openoffice
Actually, there is not much to say about this. It is a blog post by CanegieMellon called A Security Comparison: Microsoft Office vs. Oracle Openoffice and just does what it says. However, I do not particularly like the security comparison of products built solely on vulnerabilities as this shows only...
19 Apr 2011
Kinect Sensor For Autonomous Flight
That’s really interesting: Impressive! Roger
31 Mar 2011
Ethisphere Institute: Microsoft amongst the world’s most ethical companies
Forbes posted: The World's Most Ethical Companies . I quote: The Ethisphere Institute, a New York City think tank, has just announced its fifth annual list of the World's Most Ethical Companies. The selection, open to every company in every industry around the globe, gives its winners an opportunity...
23 Mar 2011
Scott Charney at RSA this year
It is kind of a tradition that Scott Charney, our Corporate Vice President for Trustworthy Computing, is speaking at RSA . If you look back, he always showed the evolution of Trustworthy Computing and spoke about e.g. End to End Trust and other concepts we use to envision the future of the security ecosystem...
12 Feb 2011
On the effectiveness of DEP and ASLR
Our Security Research and Defense team published a blog post, which is really interesting to read to understand how to protect Windows Vista and Windows 7: On the effectiveness of DEP and ASLR . There is a lot of information on how both raise the bar for attackers. These are the key take away: DEP and...
9 Dec 2010
Mitigating the use of Local Admin
We recently had internal discussions on the use of local admin and how to mitigate it. During this, Richard Diver, a Premier Field Engineer in APAC, wrote a great article how to do it. I wanted to make sure, you can see this as well. So, this is a guest blog. General Goals of Strategic Desktop Deployment...
5 Dec 2010
Behind the Curtain of Second Tuesdays: Challenges in Software Security Response
You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microsoft Security Response Center. Dustin (the presenter) blogged on it Behind the Curtain of...
2 Dec 2010
Information Security Management System for Microsoft Cloud Infrastructure
Just a quick one. Our Global Foundation Services organization (the ones who run our datacenters) just published a new whitepaper: Information Security Management System for Microsoft Cloud Infrastructure This paper describes the Information Security Management System program for Microsoft's Cloud Infrastructure...
19 Nov 2010
Hotmail now with full-session SSL
If you use Hotmail, you should enable full session SSL in my opinion. Additionally we use SSL for additional services like Skydrive etc. However, there are some caveats. Read the blog post on that: Hotmail security improves with full-session HTTPS encryption Roger
11 Nov 2010
Move to latest versions - for security reasons
We all know that Windows XP is rock-solid but not capable anymore to defend against today’s attacks and the same is true for IE6. Having been great products, when they were launched, the threat landscape changed significantly since then. Windows 7 has a great potential to help customers now...
2 Nov 2010
Time to sell your iPhone
I guess you do not know the problem: My kids come home from school and want an iPod – I want them to use a Zune as I am convinced that iTunes is one of the worst software I have ever seen (besides RealPlayer), I hate the lock-in into the store and the iPod user interface sucks. As I say – that’s my personal...
2 Nov 2010
Worldwide Chief Security Advisor Meeting
I know that I have been very, very quiet over the last two weeks. The reason was, that the worldwide Chief Security Advisors met at our HQ in Redmond for four days to discuss community related questions as well as the future of certain selected products and share the worldwide experience with our product...
1 Nov 2010
Windows Phone 7 Reviews
I just got a mail that my Windows Phone 7 is ready for pick-up. Unfortunately I am in Redmond at the moment and my Windows Phone 7 is in Switzerland. The poor device will have to wait for me for another week (or is it the other way around – poor Roger has to wait for the phone another week?). In the...
22 Oct 2010
Ray Ozzie’s Blog is Back
As I am still oof, another short one: Ray Ozzie’s blog is back: http://ozzie.net/ Ray is definitely one of the driving persons behind our overall vision and architecture. So, it is worth keeping him on your RSS feed. Roger
17 Oct 2010
The Worldwide Team is Complete
I started with Off to See the World , where I announced that we grow the community. And then I had the pleasure to tell you the we have a new Chief Security Advisor for EMEA – Monika Josi. Now, my team is complete – at least on time zone level: It is a pleasure for me to welcome Freddy Kasprzykowski...
4 Oct 2010
One year free anti-malware and what we learned
An year ago we launched Microsoft Security Essentials . I remember the day as I was looking at the Twitter stream to see the overall reactions and they were simply great! Further on, when I travelled, the main complaint I heard in some countries was: “Why do we not have it?” and it is a fair question...
1 Oct 2010
Windows Live Essentials 2011 available for download now
I am using it since the Beta and it is really cool. I am using Messenger (with the integration to Facebook etc.) as well as the Windows Live Writer to blog. It rocks: Windows Live Essentials 2011 available for download now Download and install! Roger
30 Sep 2010
Microsoft Security Essentials free for small businesses
I know that this is “old news” but I wanted to make sure that everybody has seen that: We will make Microsoft Security Essentials available for small business for free. Small businesses are up to 10 PCs. This is great news as a lot of small businesses do not use Anti-Malware Software and do not need...
23 Sep 2010
Off to See the World
If you follow my blog you saw recently that there are two themes constantly popping up: One is everything about a government’s Cybersecurity Agenda (or the lack thereof) and the second one is the Cloud. Let me briefly line them out: When I talk to governments I often feel that there is a lack of internal...
9 Jul 2010
Page 1 of 6 (133 items)
© 2013 Microsoft Corporation.
Privacy & Cookies