Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

June, 2006

  • Linus’s Law aka "Many Eyes Make All Bugs Shallow"

    How many of you have heard “many eyes make all bugs shallow”? My guess is that many of you have and that it may have been in conjunction with an argument supporting why Linux and Open Source products have better security. For example, Red Hat publishes a document at www.redhat.com/whitepapers/services/Open_Source_Security5.pdf , which they commissioned from TruSecure ( www.trusecure.com ) which has a whole section called “Strength in Numbers: The Security of “Many Eyeballs” and says: The security...
  • A (Not Always Funny) History and Analysis of Web-Based Antivirus and Security Products

    When I first read (in 2006) about the “new category for security products” represented by Microsoft OneCare Live, Symantec Genesis and McAfee Falcon, I must admit to a small chuckle. In my AV days, I saw a few of these web security products launched, each of which did a big belly flop. Maybe it will be different this time, we’ll have to wait and see. DISCLOSURE : Before we go further, I should confess that I ran product management for McAfee corporate antivirus products from 1998 to...
  • Trend Micro CTO hints that Trend will Open Source Code

    In a stunning revelation in Trend Micro: Open source is more secure , Trend CTO Raimund Genes hints that Trend may release their code as an open source project! Though Genes stopped short of actually saying that Trend would be releasing their code and joining the Free Software movement, there are only two possible obvious conclusions from his statements made to CNET: "Open source is more secure. Period," Raimund Genes, chief technical officer for anti-malware at Trend, said. "More people...
  • Web-based Security Deja-Vu: Microsoft OneCare Live, Symantec Genesis and McAfee Falcon

    Windows Live OneCare has made it's debut , among various comments about this being a new category of security product and apparently it is a hot new category to judge from the established antivirus vendors and the press activity. Symantec announced in February that it will have a competitive product, code-named Genesis, and McAfee announced this past week it's own product, code-named Falcon in the same space. As always, exciting exciting stuff going on in the land of security. New product categories...
  • Windows Vista : Threat-driven Design combined with Security Quality Process

    What is the difference between foundational security and security features? Name 3 security companies. Who did you name? Symantec? Checkpoint? RSA? ISS? These companies all offer products that provide security features or capabilities. What if Microsoft had no firewall? What if we had no PKI and certificate services? What if we had no plans for Forefront Security products? Would those of in the Security Technology Unit (STU) be out of work? No. Many of us are not focused on products and...
  • Bill Gates & Steve Ballmer Email to Employees - Retirement Plans

    I'm sitting here having security discussions with some of our top customers and I just received the emails from Steve and Bill announcing Bill's plan to depart in two years. Bill's success story has been historical in scope and this change is not doubt a historical event for Microsoft as well. Here is a transcript of Steve and Bill remarks: Written Transcript, Steve Ballmer and Bill Gates Remarks This link ( presspass ) has the press release and a bunch of other links there too. Best regards...
  • A (Not Always Funny) History and Analysis of Web-Based Antivirus and Security Products

    When I first read (in 2006) about the “new category for security products” represented by Microsoft OneCare Live, Symantec Genesis and McAfee Falcon, I must admit to a small chuckle. In my AV days, I saw a few of these web security products launched, each of which did a big belly flop. Maybe it will be different this time, we’ll have to wait and see. DISCLOSURE : Before we go further, I should confess that I ran product management for McAfee corporate antivirus products from 1998 to...
  • Windows Vista User Account Control (UAC)

    Jesper apparently stirred up things a bit with his latest post, Please don't disable security features, at least while we are testing them , asking folks to recognize that a Beta is not a final product and that you should wait to see the final before making hasty decisions like disabling a security feature. The UAC development team endorse what Jesper says as well. I've been running Windows Vista Beta2, so I've experienced the same user experience as all those who've made comments about UAC pop...
  • Artima: Microsoft Under Attack

    A new article called Microsoft Under Attack summarizes itself by saying: Not by angry customers suing for damages after security breaches, or by governments breaking up monopolies, but by open source developers and security professionals accusing them of being obsessed by security. The content goes on to chronicle a panel discussion moderated by the author "Should companies be emulating Microsoft’s Security Development Lifecycle?" at the OWASP Europe conference in Leuven. Reading through...