Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

March, 2012

  • Trust in Computing Research: 1 : Computing and the Internet

    As you may have read in the introduction Jeff Jones posted recently, we undertook the Trust in Computing Research after coming up with more questions than answers during a project called TwC Next which marked the milestone of 10 years of Microsoft Trustworthy Computing. The questions arose during interesting discussions about all of the computing and technology trends that society is currently experiencing and how they affect people’s trust in technology. This is the first part in the ongoing series...
  • Software Update Validation Program and Microsoft Malware Protection Center Establishment – TwC Interactive Timeline Part 4

    Continuing the Interactive Timeline series outlining some of the seminal events that have occurred over the last decade, this post looks at more of the key events that shaped the early Millennium, helping to create the perfect storm. Software Update Validation Program (SUVP) In January 2005, Microsoft developed the Software Update Validation Program (SUVP) to enable testing of application compatibility, stability and reliability in simulated production environments. The program provided a small number...
  • Trust in Computing Research : 0 : Introduction

    As you may be aware, we reached our 10 year milestone in January for Trustworthy Computing (TwC) and recently at RSA Conference 2012, the leader of our TwC group, Corporate Vice President Scott Charney delivered a keynote on how computing and society has changed over the past 10 years and also announced the new Trustworthy Computing Next white paper . As part of the preparation leading up to these activities, Bruce Cowper and I began having some interesting discussions about all of the computing...
  • Trustworthy Computing: Learning About Threats for Over 10 Years - Part 6

    In this series of articles, we have been looking at some of the ways that the threat landscape has evolved over the past decade. In this final article in the series I discuss software servicing, or the art and science of effectively and efficiently keeping software up to date. What File Versions are Running on the System? Ten years ago I was a Technical Lead on the Premier Networking support team at Microsoft. Our team helped Microsoft’s enterprise customers with TCP/IP and all the protocols and...
  • Common Criteria EAL4+ for Windows Server 2008 R2 Hyper-V

    Over on the Windows Server Blog today, the team shared the news that that Windows Server 2008 R2 Hyper-V has passed the Common Criteria Evaluation Assurance Level 4+ (EAL 4+).   As a reformed Orange Book evaluator, I know what a big project something like this is, so thought it would be interesting to share.  Here is what David B. Cross says about it: I am happy to announce that Windows Server 2008 R2 Hyper-V has passed the Common Criteria Evaluation Assurance Level 4+ (EAL 4+). Over...
  • U.S. ISPs Commit to Help Protect Consumers from Botnets

    Botnets and other malware continue to threaten the computing environment online that our society relies upon for communication, commerce and collaboration. In the past several years, we along with industry partners have made great strides toward containing and even pushing back against security threats and collaboration is essential to driving this change in the IT ecosystem. We continue to believe a coordinated approach among industry participants is needed to help protect consumers, businesses...
  • TwC Memo, SDL and XP SP2 – TwC Interactive Timeline Part 3

    Continuing the Interactive Timeline series outlining some of the seminal events that have occurred over the last decade, this post looks at more of the key events that shaped the early Millennium, helping to create the perfect storm. Trustworthy Computing Memo On Jan. 15, 2002, Bill Gates sent out a companywide email memo stating that Microsoft must make trustworthy computing the highest priority for the company and for the industry over the next decade. In the memo, he recognized that Microsoft...
  • Trustworthy Computing : Learning About Threats Over 10 Years–Part 5

    This post continue my analysis of industry vulnerability disclosures started in part 4 last week and is part of an ongoing series of posts based upon Tim Rains and my recent special edition Microsoft Security Intelligence Report (SIR) called “ The evolution of malware and the threat landscape – a ten year review, ” which we presented in a breakout session earlier this month at RSA Conference 2012. In the first three parts of this series ( part 1 , part 2 , part 3 ), Tim Rains explored some of the...
  • Microsoft PhotoDNA Technology Helping Law Enforcement Fight Child Pornography

    Having worked around Law Enforcement around the world for many years, there is always a huge demand for tools and resources to help investigations. One such tool is PhotoDNA , which essentially creates something like a fingerprint of an image which can be compared with the signatures of other images to find copies. The National Center for Missing & Exploited Children (NCMEC) and online service providers such as Microsoft and Facebook currently use PhotoDNA to help find, report and eliminate some...
  • Cybersecurity: Building Safer Computing Experiences in a Connected Society

    The Internet now reaches a global population of more than two billion people, and the foundations of modern society are becoming digital. Research shows over the next few years the world will see an unprecedented growth in Internet users, devices and data, which will create vast opportunities for communications and equally daunting security challenges for governments, organizations, and citizens around the world. Cyber threats today are anything but static. They are often characterized as technically...