strawberryJAMM's Security and User Experience WebLog

The delicate balancing act between intuitive user experience and secure software systems

Browse by Tags

Related Posts
  • Blog Post: Digital Rights Management - A Product Customer’s don’t Want

    {This post is an expansion of a small section out of a longer, non-technical, post at my “personal” blog at strawberryjamm.blogspot.com . This should be it for the reposts.} The quoted text and link below is from a transcript of an excellent talk about digital rights management (DRM) given by Cory...
  • Blog Post: Least-Privileged Users, Add/Remove Programs and System Management Server

    I just found out something very interesting related to Least-Privileged User Accounts and software installations that are pushed out to enterprise employees using Systems Management Server (SMS) , where they show up in the "Add New Programs" view of the Add/Remove Programs (ARP) control panel applet...
  • Blog Post: "Using a Least-Privileged User Account" OR "Woohoo, I've been published on microsoft.com!"

    Well, not to toot my own horn too loudly, but I've had my first external facing document, Using a Least-Privileged User Account (LUA), published on TechNet as part of the monthly Microsoft Security Newsletter for January 2005 . This newsletter is considered the authoritative information source for understanding...
  • Blog Post: The Perception of System Security

    Valery Pryamikov has posted an excellent little article discussing how the perception of system security has changed across the software industry over the years. The article focuses on Microsoft's perceptions and behaviour, but other software vendors and OS flavours are also mentioned here and there...
  • Blog Post: Usable Security - a new Usability and Security blog

    Well, I'm a bit late to the party but that doesn't mean I can't still welcome Ping and his Usable Security blog to the intersection of User Experience Ave. and Security St. ;-) It's nice to see someone else blogging in this area. I look forward to reading through (and commenting on!)the posts and...
  • Blog Post: strawberryJAMM moves to Blogs @ TechNet

    So, the proverbial cat is out of the bag - Microsoft has opened up blogs.technet.com , giving Microsoftie bloggers with more of an IT Pro focus than a Developer focus a place to call their own. Since I tend towards the former more than the latter, my blog is now over on TechNet, effective immediately...
  • Blog Post: Browsing the Web and Reading E-mail Safely as an Administrator, Part 2

    Michael Howard has written a follow up to an earlier article where he outlined how to programatically make web browsing and reading e-mail safer for administrators . In this latest article, he provides instructions on how to do the same thing using SAFER (also known as Software Restriction Policies ...
  • Blog Post: Fear and Loathing in Las Seguridades (Security)

    Fear. Anger. Distrust. These will motiviate users to change their behaviour when it comes to securing their computers At least that's the way Frank Hayes sees it in his article "Fear, Anger, Distrust" . Hayes discusses two surveys that came out last week: The Pew Internet & American Life...
  • Blog Post: More Tips and Tricks for the LUA User

    Aaron Margosis has just posted four more columns with LUA Tips and Tricks on his "Non-Admin Blog": Managing Power Options as a Non-Administrator Remembering Calculator and Character Map Settings Ctrl-C Doesn't Work in RUNAS or MakeMeAdmin Command Shells Changing the System Date, Time and/or Time Zone...
  • Blog Post: Customer Feedback Wicki for Windows Security Access Control

    Hi folks. My current possition at Microsoft is as a Program Manager (PM) on the Security User Experience team in the Windows Security Access Control (WSAC) group. I'm just posting this to mention a new set of Wiki pages at Channel9 that have been put in place. WSAC is looking for customer feedback on...
  • Blog Post: Safe Web Browsing and E-mail for the Administrator

    This is a useful article by Michael Howard, the biggest big-wig Security dude on the MSFT campus… <quote who="Michael Howard" where=" Browsing_the_Web_and_Reading_E-mail_Safely_as_an_Administrator "> Summary : Michael Howard discusses how you can run as an administrator and access Internet data...
  • Blog Post: A New Wiki for the LUA / Non-Admin community

    Well, isn't this nice. The "least-privileged user" concept with Windows is slowly picking up speed and getting ready to take off - come check out the new Non-Admin Wiki that was just launched by Jonathan Hardwick . (Wiki's are great - now those of us who champion the principle of Least-Privlege on Windows...
  • Blog Post: Windows Security Logging and Other Esoterica

    Today I discovered that at least one of my team colleagues - Eric Fitzgerald, the "Windows Auditing"[1] expert (he is the "Windows Auditing Team") - is also blogging. If you're interested in reading explanations for differnt security event numbers and some tid-bits on planned Windows Auditing fixes and...
  • Blog Post: All you need is LUA

    I was thinking about LUA (Least-privileged User Accounts) and had this little burst of silly creativity that I felt compelled to share on my blog... ☺ Jenni --=+=-- To the Tune of "All you Need is Love" (With my deepest apologies to John Lennon and Paul McCartney) All you need is LUA By Jenni Merrifield...
  • Blog Post: LUA in the News

    There's an article at infoworld talking about LUA in Longhorn - check it out: http://www.infoworld.com/article/05/04/06/HNfewerpermissions_1.html
  • Blog Post: Internet Explorer 7

    Today, in his keynote for the 2005 RSA conference , Bill Gates announced, among other things, that Microsoft would be releasing a new version of Internet Explorer for the XP SP2 platform. Internet Explorer 7 (IE7) is expected to continue with advancements already in Windows XP SP2 by adding additional...
  • Blog Post: Adobe Photoshop CS activation doesn't play well with LUA

    Arrggggg!!! The longer I run as LUA, the more and more I feel the pain. I'm so glad we're working to improve this situation in Longhorn. Last weekend I upgraded from Adobe Photoshop 6 to Photoshop CS . With Photoshop CS you are now required to "activate" the product within 30 days. Since this was...