Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

Browse by Tags

  • Blog Post: #TBT : Be Safer–Run as Standard User

    For #ThrowBackThursday, I thought it would be good to pull out an old but goodie. The original post is from back before the blog evolved into the Microsoft Security Blog and was still called “Jeff Jones Security Blog”. I’m including the full original text below, but this guidance...
  • Blog Post: Austria - Lessons from Some of the Least Malware Infected Countries in the World – Part 2

    Austria - Lessons from Some of the Least Malware Infected Countries in the World – Part 2 In my last post on this topic, I mentioned providing a series of posts focused on the threat landscape in locations that consistently have low malware infection rates in the hopes of uncovering insights...
  • Blog Post: Novell Removes /truth and Security from Linux Site

    Provocative, but technically true. You may or may not recall that Novell published www.novell.com/linux/truth in response to Microsoft's www.microsoft.com/getthefacts site. I browsed out there yesterday to see the current truth for myself and was redirected to http://www.novell.com/whynovell/ . You can...
  • Blog Post: Playing Better Defense: Protecting Against Cyber Threats

    I’m happy today to introduce a guest blog post by Matt Thomlinson, the General Manager of Trustworthy Computing Security at Microsoft, who leads the Microsoft Security Engineering Center (MSEC), the Microsoft Security Response Center (MSRC), and Global Security Strategy & Diplomacy (GSSD)....
  • Blog Post: Trust in Computing Research : 3 : Computing and the Internet (Geographic breakdown)

    In the first part of the series , we looked specifically at the general use of Computing and the Internet, with the second part focusing on the audience breakdown for these questions. While some of the findings are as we had anticipated, we found several interesting results: Over 95 percent of...
  • Blog Post: Windows Vista vs Windows XP SP2 Vulnerability Report 2007

    In the wake of my Windows Vista One Year Vulnerability Report , I have received many questions regarding the current vulnerability record of Windows Vista as compares with Windows XP SP2. This short paper is a compilation of vulnerability data for Microsoft Windows Vista and Microsoft Windows XP SP2...
  • Blog Post: Mozilla Chief Security Something-or-Other

    Well, I've had a busy couple of weeks, including selling a house, buying a house and moving - which didn't leave much free time for blogging, so I am a bit behind on current events. So, let me start the catch-up with a human interest post. Window Snyder, a former colleague and all around great security...
  • Blog Post: The Threat Landscape in India – More Active Than First Thought

    The threat landscape in India has turned out to be more active than initially suspected. India has had a relatively low malware infection rate for some time, which seemed subdued for a region that has such a large high tech industry. But with the new data we recently released in the latest Microsoft...
  • Blog Post: Trust in Computing Research: 1 : Computing and the Internet

    As you may have read in the introduction Jeff Jones posted recently, we undertook the Trust in Computing Research after coming up with more questions than answers during a project called TwC Next which marked the milestone of 10 years of Microsoft Trustworthy Computing. The questions arose during interesting...
  • Blog Post: The Threat Landscape in Asia & Oceania – Part 1: Vietnam and India

    Recently I wrote about the threat landscape in the European Union ( part 1 , 2 , 3 ) and Africa . This series of articles is focused on threats in select locations in Asia (Vietnam, India, Korea, Malaysia, Singapore, and Japan) and Oceania (Australia and New Zealand). I am focusing on these locations...
  • Blog Post: The Threat Landscape Shifts Significantly in the European Union - Part 1

    Recently I spoke at the Microsoft EU Cybersecurity & Digital Crimes Forum 2012 in Brussels. I provided an in-depth briefing on some of the significant shifts in threat landscape in the EU during the second half of 2011. I will be sharing some of the key findings of this analysis in a short series...
  • Blog Post: Profiles in Security - David B. Cross

    I met David for the first time a couple of years ago when I was excited about Certificate Auto-Enrollment and tracked him down as someone who could give me for of the nitty-gritty details. We've had many conversations since then and I continue to enjoy the opportunity to work with him. I remember...
  • Blog Post: Windows 98 - the End is Nigh and a Look Back

    What OS were you using in 1998? Windows 98? Red Hat 5.1? Something else? The MSRC blog recently re-iterated the upcoming end of life for Windows 98 , Window 98SE and Windows ME, indicating that there will be no support after the July 11th patch Tuesday. (There’s more detail about this and other Support...
  • Blog Post: The Threat Landscape Shifts Significantly in the European Union - Part 2

    In part 1 of this series on the threat landscape in the European Union in the second half of 2011, I examined the threats in the location with the highest malware infection rate, Romania. In this segment of the series I will examine what is happening in the EU member states that have seen the biggest...
  • Blog Post: Windows vs Linux (Red Hat) - Workstation - 1st Half 2006

    NOTE: I am not asserting that my vulnerability analysis demonstrates that Windows is more secure. Rather, I frequently hear and read Linux advocates making unsupported assertions to the opposite that Linux is inherently more secure than Windows. The "unsupported" part of that bothers me, so I check for...
  • Blog Post: Mac OS X Security - Reality Check #2

    First, let me express a caveat. I don't really care for "hack the box" contests. If a machine doesn't get hacked, it does not mean it isn't breakable. If it does get hacked, it just shows us what we already know - any machine can be broken under the right circumstances. So, don't read too much into the...
  • Blog Post: CIO.COM: Mozilla and “Counting Still Easy…”

    [DISCLOSURE for those who don’t read about boxes: I work for Microsoft.] I admit that I enjoy discussing issues and digging into claims to see if I can find fractures or flaws in logic. When I ran product management teams for companies in previous roles, I would always review our draft product glossies...
  • Blog Post: What if We Had Vuln-Free Software?

    I was in a meeting with a large group of security professional today talking about SDL, reducing vulnerabilities, metrics, and so on - my normal topics - and we got into a really interesting discussion about which areas of focus can get the best practical results for operational IT security. How would...
  • Blog Post: On Disingenuous Analysis and Transparency

    So, I am perusing security blogs this weekend and I read this interesting entry by Mark Cox of Red Hat about transparency where he says "...the Microsoft PR engine has been churning out disingenuous articles and doing demonstrations based on vulnerability count comparisons." In general, I think...
  • Blog Post: Microsoft Free Anti-Malware (Morro/Microsoft Security Essentials) Released as Beta

    Though I have not been directly involved with Morro (or any other anti-malware products), I am excited to see Morro ( Microsoft Security Essentials , http://www.microsoft.com/security_essentials/ ) reach the next stage of development by releasing as a Beta package. I personally think that Microsoft Security...
  • Blog Post: Microsoft’s Perspective on Creating a Framework to Reduce Cyber Risk to Critical Infrastructure

    Cybersecurity continues to be a hot topic around the world, particularly as governments develop policies to improve cybersecurity in critical infrastructure. In the U.S., the White House released an Executive Order entitled Improving Critical Infrastructure Cybersecurity to drive a concerted effort across...
  • Blog Post: Weekly Roundup : Sep 2, 2011 : DigiNotar and Fraudulent Google Cert

    Trending Security News The big security news this week focused on the security breach of Dutch certificate authority DigiNotar, a subsidiary of Chicago-based Vasco Data Security. This significance of the event was underscored when it was announced that one of the certificates affected by the breach was...
  • Blog Post: Microsoft Security Intelligence Report - 1st Half 2007

    The third volume of the Microsoft Security Intelligence Report (SIR) is now available for download at: www.microsoft.com/sir - this link will take you to a summary portal that has links to the downloadable document, upcoming webcasts about the SIR results, and so on. As one of the primary authors for...
  • Blog Post: January 2007 - Vuln Scorecard

    I just posted my January 2007 - Operating System Vulnerability Scorecard over on CSOOnline, which includes charts comparing the vulnerabilities in Windows, Red Hat Linux, Ubuntu, Sun, and Mac OS X, broken down by server and workstation. I do include the first 2 months of Windows Vista as well, which...
  • Blog Post: The Threat Landscape in Africa & the Internet Governance Forum

    The sixth annual United Nations Internet Governance Conference (UN-IGF) meeting is being held this week (September 27-30, 2011) at the U.N. Office in Nairobi, Kenya (UNON). The main theme of this meeting is “Internet as a catalyst for change: access, development, freedoms and innovation.” Representatives...