Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
What is the difference between foundational security and security features?
Name 3 security companies. Who did you name? Symantec? Checkpoint? RSA? ISS? These companies all offer products that provide security features or capabilities.
What if Microsoft had no firewall? What if we had no PKI and certificate services? What if we had no plans for Forefront Security products? Would those of in the Security Technology Unit (STU) be out of work?
No. Many of us are not focused on products and features, we're focused on security that is more foundational and inherent to all software, not just security features or capabilities. We want to (a) reduce security flaws in software, (b) reduce exploitability of flaws that aren't found before ship, and (c) make it easier to mitigate.
So, I think of securty in Windows Vista, I think about design changes driven by Threat modeling such as ASLR , /GS, NX flag, attack surface reduction, /SafeSEH and service hardening.
For an excellent description of how this applies to Windows Vista, read Mike Howard's latest blog post that describes the bigger picture of Windows Vista security.