The Australian Defense Signals Directorate maintains a list of the Top 35 Mitigation Strategies against targeted intrusions. This is just a reference to the top strategies: Patch Applications Patch the Operating System Minimize the use of local admin Application whitelisting … Looking at these 35 strategies...

If you are a regular reader of my blog, you should know the Security Compliance Manager (if you are not, you should become a regular reader of my blog ). Version 2 of the Microsoft Security Compliance Manager (SCM 2) is now available for download. If you do not know it, this is the way our Solution Accelerator...

The Enhanced Mitigation Experience Toolkit  is definitely not new but I recently realized that not too many people know about it – and they should. EMET helps you to raise your shields against zero-days and any exploit in the wild. I do not say that it is a silver bullet but it is definitely going...

A few years ago I posted on DaRT after having seen it: Microsoft Diagnostics and Recovery Toolset . It is a really good an interesting tool for a lot of problems, one of them being incident response. I just stumbled across one article describing this: Using the Microsoft Diagnostics and Recovery Toolset...

A very good overview over the way we run Microsoft’s Cloud. The interesting thing is – if you look at the video – that most customers are still running their datacenters on generation 1-2, which means that the efficiency (labor as well as energy) we can deliver is significantly higher – not talking of...

You heard about the launch of Office365 recently and I hope you read the blog post on the application of the Cloud Computing Security Considerations to the private. cloud. If not, here it is: Security Considerations in a Private Cloud To complete the series now, we released an additional paper on how...

Actually, there is not much to say about this. It is a blog post by CanegieMellon called A Security Comparison: Microsoft Office vs. Oracle Openoffice and just does what it says. However, I do not particularly like the security comparison of products built solely on vulnerabilities as this shows only...

That’s really interesting: Impressive! Roger

Forbes posted: The World's Most Ethical Companies . I quote: The Ethisphere Institute, a New York City think tank, has just announced its fifth annual list of the World's Most Ethical Companies. The selection, open to every company in every industry around the globe, gives its winners an opportunity...

It is kind of a tradition that Scott Charney, our Corporate Vice President for Trustworthy Computing, is speaking at RSA . If you look back, he always showed the evolution of Trustworthy Computing and spoke about e.g. End to End Trust and other concepts we use to envision the future of the security ecosystem...

Our Security Research and Defense team published a blog post, which is really interesting to read to understand how to protect Windows Vista and Windows 7: On the effectiveness of DEP and ASLR . There is a lot of information on how both raise the bar for attackers. These are the key take away: DEP and...

We recently had internal discussions on the use of local admin and how to mitigate it. During this, Richard Diver, a Premier Field Engineer in APAC, wrote a great article how to do it. I wanted to make sure, you can see this as well. So, this is a guest blog. General Goals of Strategic Desktop Deployment...

You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microsoft Security Response Center. Dustin (the presenter) blogged on it Behind the Curtain of...

Just a quick one. Our Global Foundation Services organization (the ones who run our datacenters) just published a new whitepaper: Information Security Management System for Microsoft Cloud Infrastructure This paper describes the Information Security Management System program for Microsoft's Cloud Infrastructure...

If you use Hotmail, you should enable full session SSL in my opinion. Additionally we use SSL for additional services like Skydrive etc. However, there are some caveats. Read the blog post on that: Hotmail security improves with full-session HTTPS encryption Roger

We all know that Windows XP is rock-solid but not capable anymore to defend against today’s attacks and the same is true for IE6. Having been great products, when they were launched, the threat landscape changed significantly since then. Windows 7 has a great potential to help customers now...

I guess you do not know the problem: My kids come home from school and want an iPod – I want them to use a Zune as I am convinced that iTunes is one of the worst software I have ever seen (besides RealPlayer), I hate the lock-in into the store and the iPod user interface sucks. As I say – that’s my personal...

I know that I have been very, very quiet over the last two weeks. The reason was, that the worldwide Chief Security Advisors met at our HQ in Redmond for four days to discuss community related questions as well as the future of certain selected products and share the worldwide experience with our product...

I just got a mail that my Windows Phone 7 is ready for pick-up. Unfortunately I am in Redmond at the moment and my Windows Phone 7 is in Switzerland. The poor device will have to wait for me for another week (or is it the other way around – poor Roger has to wait for the phone another week?). In the...

As I am still oof, another short one: Ray Ozzie’s blog is back: http://ozzie.net/ Ray is definitely one of the driving persons behind our overall vision and architecture. So, it is worth keeping him on your RSS feed. Roger

I started with Off to See the World , where I announced that we grow the community. And then I had the pleasure to tell you the we have a new Chief Security Advisor for EMEA – Monika Josi. Now, my team is complete – at least on time zone level: It is a pleasure for me to welcome Freddy Kasprzykowski...

An year ago we launched Microsoft Security Essentials . I remember the day as I was looking at the Twitter stream to see the overall reactions and they were simply great! Further on, when I travelled, the main complaint I heard in some countries was: “Why do we not have it?” and it is a fair question...

I am using it since the Beta and it is really cool. I am using Messenger (with the integration to Facebook etc.) as well as the Windows Live Writer to blog. It rocks: Windows Live Essentials 2011 available for download now Download and install! Roger

I know that this is “old news” but I wanted to make sure that everybody has seen that: We will make Microsoft Security Essentials available for small business for free. Small businesses are up to 10 PCs. This is great news as a lot of small businesses do not use Anti-Malware Software and do not need...

If you follow my blog you saw recently that there are two themes constantly popping up: One is everything about a government’s Cybersecurity Agenda (or the lack thereof) and the second one is the Cloud. Let me briefly line them out: When I talk to governments I often feel that there is a lack of internal...