Just started a brand new professional blog! Check it out: sJd UxD - http://sjd-uxd.blogspot.com/2009/09/hello-and-welcome.html

It's been a long time since I posted here, and that's because I left Microsoft back in November of 2005. As I was no longer working in Windows Security I no longer had anything to say on this subject and I didn't feel like this was the right place for...

Hi folks. My current possition at Microsoft is as a Program Manager (PM) on the Security User Experience team in the Windows Security Access Control (WSAC) group. I'm just posting this to mention a new set of Wiki pages at Channel9 that have been put...

Fear. Anger. Distrust. These will motiviate users to change their behaviour when it comes to securing their computers At least that's the way Frank Hayes sees it in his article "Fear, Anger, Distrust" . Hayes discusses two surveys that came out...

Well, I'm a bit late to the party but that doesn't mean I can't still welcome Ping and his Usable Security blog to the intersection of User Experience Ave. and Security St. ;-) It's nice to see someone else blogging in this area. I look forward to...

To anyone who follows my blog, my apologies for the three month-ish absence. Real life reared it's ugly head and various circumstances of health, happiness and quality of life collided, thereby requiring that I take a short leave of absence from work...

Discussion of the New York Times article "It's a Flat World, After All" by Thomas L. Friedman, author of "The World Is Flat: A Brief History of the Twenty-First Century"...

Check out an Infoworld article discussing LUA in Longhorn...

blogs.TechNet.com has officially gone live and "strawberryJAMM's Security and User Experience WebLog" has moved off blogs.MSDN.com...

The activation process in Adobe Photoshop CS doesn't work for LUA users because of the technique that was implemented to validate activation every time the program is launched. There are workarounds, but none are particularly ideal....

Today, in his keynote for the 2005 RSA conference, Bill Gates announced, among other things, that Microsoft would be releasing a new version of Internet Explorer (IE7) for the XP SP2 platform....

Aaron Margosis has posted four more columns with LUA Tips and Tricks on his "Non-Admin Blog"...

At BlogMap you enter information about your location (city, zip/postal code, country) and your blog feed URL and then you can use a simple URL to display or link to a map that shows your location. ...

The "least-privileged user" concept with Windows is slowly picking up speed and getting ready to take off - come check out the Non-Admin Wiki that was just launched. ...

Did you know that installations published to enterprise employees using Systems Management Server (SMS) can be successfully installed by a non-Admin user using the "Add New Programs" view of the Add/Remove Programs (ARP) control panel applet? ...

An article I wrote, "Using a Least-Privileged User Account (LUA)", was published on TechNet as part of the monthly Microsoft Security Newsletter for January 2005. It takes a brief look at a few of the key issues around the principle of "least-privilege" and running as LUA on the Windows OS. ...

Michael Howard has written a follow up to an earlier article where he outlined how to programatically make web browsing and reading e-mail safer for administrators. In this latest article, he provides instructions on how to do the same thing using SAFER (also known as Software Restriction Policies - SRP) with local or enterprise policy to reduce potential threats against these kinds of applications....

One of the colleagues on my team - Eric Fitzgerald, the "Windows Auditing" expert (he /is/ the Windows auditing team) - is also blogging. If you're interested in reading explanations about security event numbers and some tid-bits on planned Windows auditing fixes and improvements in W2K3 Server SP1 or Longhorn, check out his "Windows Security Logging and Other Esoterica" blog....

Something a little more refined than usual and a bit off topic: a list of "life time reading recommendations". It's a pretty long list, so if you want to be really "well read" you'd best think about getting started on it ASAP... ;-) ...

Valery Pryamikov has posted an excellent little article discussing how the perception of system security has changed across the software industry over the years. The article focuses on Microsoft's perceptions and behaviour, but other software vendors and OS flavours are also mentioned here and there....

A useful article by Michael Howard, discusses how you can run as an administrator and access Internet data safely by dropping unnecessary administrative privileges when using any tool to access the Internet....

An article at Cooper.com touches on the use of personas to aid the development of product documentation as well as product definition and design. Assuming that you already have personas available, this article makes a compelling case for leveraging personas in your technical writers' efforts....

An interesting article on NewsForge, "Open source usability is a technical problem we can solve on our own," talks about the problem of usability in Open Source Software (OSS). The thesis is that the OSS community continues to view the field of usabilty as some kind of mysterious voodoo magic that can only be unravelled by "others" outside the OSS community, when they should be looking at it as just another problem that can be solved in the same way they solve all other technical problems....

WARNING: Serious Silliness Ahead. This is a "Filk Song" about LUA (Least-privileged User Accounts) that I felt compelled to share on my blog....

I was recently involved in a conversation about what was wrong with the current version of the Windows Logo Program. The general consensus was that while it, in and of it self, was a good thing to have and promote, too many of the ISVs (Independent Software Vendors), especially the smaller ones who focus on specific niche markets, simply can’t afford certification, either due to the actual price of the evaluation (especially for server applications) or due to the resource and time cost to upgra...