Steve Riley on Security

Formerly of Microsoft's Trustworthy Computing Group.

Browse by Tags

Related Posts
  • Blog Post: Mandatory integrity control in Windows Vista

    One of my favorite new security features in Windows Vista is Mandatory Integrity Control (MIC). It’s a classical computer science concept from the 1970s that’s finally getting its first commercial implementation—and of this I’m quite proud. While discretionary access control lists (DACLs) are useful...
  • Blog Post: The bad guys will use BitLocker, too

    Got an email today from a customer asking about how BitLocker will affect the ability of law enforcement to conduct forensic analysis of a protected hard drive. Specifically, the person was asking about any back doors that law enforcement could use to bypass the encryption. The answer is very simple...
  • Blog Post: Must be a slow news day: reporter writes 100% crap

    Imagine my surprise to read that Microsoft is removing NAP from Windows Vista ! Does this guy actually get paid money to write this drivel? The particular folks quoted in the article all have their own agendas, of course. News flash: we aren't dropping NAP. It's in the product now, we're actually...
  • Blog Post: Security in Windows Vista 64-bit

    By now, many of you have heard us speak about or have read our writings on the improved security capabilities of Windows Vista. As I've said at a number of events now, the research I've done into these capabilities has convinced me that enterprises should seriously consider Vista upgrades. This OS is...
  • Blog Post: Changing the SSL cipher order in Internet Explorer 7 on Windows Vista

    Recently, the question of using AES for SSL has come up in the newsgroups and at some conferences. When IE makes an HTTPS connection to a web server, it offers a list of cipher supported cipher suites. The server then selects the first one from the list that it can match. The default order that IE follows...
  • Blog Post: Ah, the joys of speaking about pre-release software!

    Two weeks ago I delivered my Windows Vista System Integrity presentation at the TechEds in New Zealand (Auckland) and Australia (Sydney). It was largely the same as the presention at TechEds in America and India, but updated to reflect changes made in the product between the time I wrote the presentation...
  • Blog Post: TechNet: Exploring the Windows Vista Firewall

    New article up... Back in the days of the paleocomputing era, no one ever thought about installing firewalls on individual computers. Who needed to? Hardly anyone had heard of the Internet, TCP/IP was nowhere in sight, and LAN protocols didn’t route beyond your building or campus. Important data lived...
  • Blog Post: Curious about the ways Windows talks to the Internet? Here's your answer.

    I was browsing through the Microsoft download pages today -- yeah, even we employees occasionally find little nuggets interspersed among the usual updates and such. I noticed a pair of whitepapers that will answer a common question I hear from many of you in emails and at conferences. You'll want to...
  • Blog Post: Directly connect to your corpnet with IPsec and IPv6

    Contrary to popular belief, the rumors of my demise have been greatly exaggerated. Well, ok, no actual rumors, but hey, one can dream, huh? My spring calendar was full of events in Asia and Australia, then TechEd US seemed to suddenly appear out of nowhere! So I've been kinda swamped. I've missed writing...
  • Blog Post: BitLocker command line interface

    Last week at TechEd Europe I showed the BitLocker command-line interface. At other TechEds I've mentioned it but didn't show it. The CLI provides full control over BitLocker, including enabling it on any NTFS volume on the system (the Control Panel UI displays only the volume containing the operating...
  • Blog Post: Windows Integrity Mechanism: more than you ever wanted to know

    A while back, the technology in Vista called mandatory integrity control got a new name: Windows integrity mechanism. Recently the folks responsible for developing the technology have posted a good amount of documentation on it. Read the Windows Vista Integrity Mechanism Technical Reference for all the...
  • Blog Post: Plan now to eliminate "power users" from your domains

    I've seen some conversations lately about the Power Users group -- how powerful is it, really, and why did we remove the group from Windows Vista? That group had rights install software and drivers. And if you can install software and drivers, then you can elevate yourself to Administrator or SYSTEM...