Dave Sayers' Blog

Security blogger joins MS

Whether you're familiar with Adam or not, this is a really positive article about how Microsoft's attitude to security has really changed and why this member of the security community would now want to come and work with us...

http://www.emergentchaos.com/archives/2006/06/im_joining_microsoft.html

EMC to buy RSA..

Blimey...  An interesting move from EMC - I think I can understand why they're doing it, so that they can offer additional capabilities for securing the storage which they supply.  It'll be quite interesting to see what (if any - purely speculating!) impact this may have on Microsoft.  I've done some work with RSA in the past in the UK, and always found them great to work with.  Not that that will neccesarily change, but I haven't had any engagement with EMC in the UK at all.  So it will be interesting to see how it all pans out.

http://www.theregister.co.uk/2006/06/29/emc_buys_rsa/

IE 7 Beta 3 now available

In case you haven't seen this yet, Beta 3 of IE7 has become available - get it here.. http://www.microsoft.com/windows/ie/default.mspx  Haven't had a chance to download it yet myself, but that's what I'm off to do next.  Once I've had a cup of coffee. 

By the way, not security related whatsoever, but I absolutely love Media Player 11 - the album covers are much easier to use, as is the search facility.  I've heard a few people say that it slows their machine down. but I've not experienced that at all - and I've copied pretty much all my music now and made it available through WMP11 - about 27GB in all.  And yes, Westy, before you say anything, most of it is indeed 80s cheese.

Virtualisation PTS-TV Clip

We've just uploaded another PTS-TV clip - this time it's me talking about virtualisation.  You can watch it from here - http://www.microsoft.com/uk/partner/blog/pts-tv/

Virtualisation is becoming a key part of our infrastructure strategy, especially with our addition of a Hypervisor layer into Longhorn Server.  You can learn more about virtualisation very shortly at my colleague Matt McSpirit's blog - at http://blogs.technet.com/mattmcspirit.

And yes, my shirt is totally oversized.  I accidentally bought the wrong size but wore it anyway.

Upcoming Security Event - with Special Guest!

I wanted to let you know about an upcoming security event that's happening in London.  It's on the 5th of July and hosted by the lovely people at Technet.  We've got some great speakers lined up including Ed Gibson, Steve Lamb and Jason Langridge, and it covers Identity, Vista Security and securing Mobile Devices.

The special guest is a chap called Kim Cameron.  If you've never heard of Kim, he's basically credited as being the "Godfather of the metadirectory" - he has been instrumental in promoting the importance of identity to businesses, and is working on some very exciting new things at Microsoft around Digital Identity.  His presentations at the security event will cover Digital Identity, funnily enough.  I am really really looking forward to seeing him speak.

So now your appetite has been well and truly whet, you can sign up for the event here....  http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032298182&Culture=en-GB - see you there!

Introducing Microsoft Forefront!

Hot off the press, I wanted to let you know that we are branding our business security products as Microsoft Forefront.

There are three main pillars to this - Comprehensive, Integrated and Simplified.  You can get more detail on these here - http://www.microsoft.com/forefront/default.mspx.  I think this is a really good idea, as it really differentiates the security products and solutions for business from those designed for consumer (such as OneCare, Windows Defender and the built-in firewalls).

The products which Forefront comprises of is as follows :

And no, I don't know why Antigen for IM and ISA haven't currently got the word Forefront in their title either :-)  Apparently they "may or may not" start to take the rebranding onboard soon.  There's plenty of information on the website, and we're also hoping to get a PTS-TV session recorded on this as soon as possible - keep your eyes peeled!

Great News

Some good news if you fancy being an early adopter - and I'd recommend getting an early look at these definitely - you can now grab Beta 2 of Vista and Office 2007 from the Microsoft site. 

Also, there are more PTS-TV snippets available now.  My colleague, David Overton, is up talking about Vista.  Definitely worth a listen, and David Overton (or "The Beast" as we affectionately know him) certainly knows his onions around small business (despite him referring to me as 'an alright guy most of the time'.  I'm hoping that that means the rest of the time I am much better than just alright, but I doubt it ;-) - anyway, that's probably accurate anyway!

Get to it here :

http://www.microsoft.com/uk/partner/blog/pts-tv/

And yes, it does look like their knees are touching...

Viruses spread their wings :-(

A really bad piece of news this, really.  Kaspersky lab researchers have found what they believe to be the first virus for StarOffice and Open Office.  It's called Stardust, and is macro based.  You can find more information on it here - http://www.scmagazine.com/uk/news/article/562424/macro+virus+suns+staroffice+found/.  I am quite often surprised by some of the conversations I have with people about this type of thing - many times they expect us to be pleased, or gloating.  The reality is that I and many other people at Microsoft just think it's really sad.  Sad that more and more applications, platforms and types of device are being targetted by malicious people (I got my first PocketPC with anti-virus preinstalled the other day), and actually affecting more and more users and making life difficult for them.  Contrary to popular belief, most of us here at Microsoft don't want other vendors to have to go to the pain that Microsoft has had to go through.  What we would probably all like is for these sorts of attacks to stop.  About as likely as world peace though it seems.

Take away all my power!

Interesting article here...  http://www.webpronews.com/topnews/topnews/wpn-60-20060525MicrosoftMayLimitEmployeesAdminRights.html which talks about how with some of the security features in Vista us Microsofties might not be allowed to have Admin privileges on our work machines.  It's quite interesting - I can never work out if the Microsoft way of letting everyone be a local admin is something which other large organisations do - either through choice or through something that they are compelled to do through what they see as certain limitations in the product that force them to.

It is quite interesting to be put into the position of many of our users, with what they see as power being taken away from them - maybe desktops being locked down more in a normal environment.  And after the initial shock, it has to be said that it is a good thing.  The important way to think about things is what do I actually NEED to be able to do that will require admin privileges in Vista?    It's just the principle of least privilege being pointed right back at us!  And ultimately, my laptop is the property of Microsoft, and we talk loads about how important security policies are, rather than just technology solutions, so if the security policy at Microsoft says that I can't run as admin, then I need to accept that if I want to use their equipment. 

But just wait until I can't install that game ;-)  Oh wait, it's Microsoft's laptop :-)) 

Security Assesment Tool

I wanted to draw your wandering attention to the wonderful (aka free) tool called the Microsoft Security Assesment Tool (MSAT).  It basically walks you through a questionnaire that will result in and assess your business's general level of risk from a security perspective - in over 60 detailed categories! :-)  Definitely well worth a look.

You can get it here...  http://microsoftsecurityassessment.com/

Quick updates

Hi all

(Hopefully 'all' isn't one person.)  Just wanted to give you a few digestible chunks of information to while away the hours with over the weekend.  The first is that this blog isn't supposed to be a definitive list of tools and resources, and a great MSN Space is maintained by a Microsoft consultant with a list of links to the various Microsoft solutions for security protection.  Wittily entitled "The Road to Know Where", the URL is http://spaces.msn.com/bhandler/blog/cns!70F64BC910C9F7F3!910.entry.  An easy one stop shop for that.

The other is that our team (the UK PTS team) have recorded a series of videos called PTS-TV, interviewed by a very (well, sort of) famous UK TV star, Katie Ledger (not Katie Derwent which is who I initally thought it was going to be).  They are bite sized chunks of easily digestible information across all subject areas, and you can get to see that people at Microsoft really do exist and don't have two heads.  We're releasing them one at a time so keep checking back - and make sure you watch through to the end, to make sure you see the outtakes!  http://www.microsoft.com/uk/partner/blog/pts-tv/

Cheers

Dave

Security comes home

Although security is my job, the importance of it really hits home sometimes in a truly personal experience, and unfortunately that happened to me at the end of last week.  My car got broken into, and laptops stolen.  They also stole my USB backup drive.  The first thing is that no matter how hard you try, it seems like there are some things which it is extremely difficult to protect against.  The weak link in my car was obviously the window they smashed to gain entry.  I had taken all the precautions I could - the laptops were in the boot, out of sight, but I couldn't stop them from smashing the window and pulling down the back seats to gain entry.

I'm very fortunate in practicing what I preach (most of the time!), so although the removable hard drive was my main backup and that got stolen as well, I had made sure that I had a backup on another machine at home.  I had also encrypted the folders on the drive which contained sensitive data.  Although is seems a bit ironic that my previous posting had information on Bitlocker technology - that would have been an ideal solution for a situation like this.... 

Anyway, in summary, it's been a fairly traumatic time, and it does make you feel a bit helpless that there is something you can essentially do very little about to stop break-ins, but it's reminded me of the fact that although a laptop feels like a personal posession, that you can safely store all your data on, it is imnportant to protect it through encryption if any of that data is sensitive, and also that it is important to have offsite backups (and kept up to date).

Hopefully you'll never have to experience this, but at least I've been able to recover my data as quickly as possible.  The strong password and encryption basically means that they will only really have the hardware, none of the IP.

Keep up!

Well, so much happens in the fast-moving world of Security and Infrastructure that there are times when it is hard to keep up!  So expect a few blog posts over the next week or so.

First of all - just wanted to say what a good success I thought Infosec was.  It's always useful to take a break from the stand and have a walk around to see what else is going on in the hall.  And I have to say on a non-work related note, that the addition of girls walking around dressed as angels with wings and dancers being dropped from the ceiling is my idea of security. 

Anyway, it was good to see people on the stand, and we had some really good feedback that it was great that we had put technical people on the stand rather than sales people.  I guess that sometimes for us it is more about perception than generating sales.  And on that front, again we had some positive comments, about how some attendees thought we had finally turned the corner and were being taken more seriously in the industry for security.  That's really nice to hear.  And kudos to the guy who walked straight through our stand in his Firefox t-shirt and a Novell rucksack strapped to his back.  You should have stopped mate, we would genuinely have loved to talk to you ;-)

One of the things that was great for me was to see how far we have come with expanding our portfolio of security solutions.  If I look back to two years ago, it was really all about ISA Server; last year we had some new things such as the Giant Anti-Spyware solution but still no real full-blown AV for mail and so on.  This year it was great to see :

Antigen (for SMTP Gateways, Exchange, Sharepoint and Instant Messaging, and Advanced Spam Manager) - more information at http://www.microsoft.com/antigen/prodinfo/overview.mspx

Exchange Hosted Services (previously Frontbridge) if you want to have filtering, archiving, encryption and continuity hosted externally with just a change to your mail MX record.  More information at http://www.microsoft.com/exchange/services/services.mspx

ISA 2006 - more information at http://www.microsoft.com/isaserver/2006/default.mspx

Windows Defender

IE 7.0 (you can download a public beta here...  http://www.microsoft.com/windows/ie/downloads/default.mspx)

Windows Client Protection - http://www.microsoft.com/windowsserversystem/solutions/security/clientprotection/default.mspx

The new security features in Windows Vista (http://www.microsoft.com/windowsvista/)

Most of the time I was on the client stand, so as was expected, most of the interest that I saw was based around Vista and the new security features it has.  Actually, most of the interest was actually based around the Bitlocker technology which will be included with Vista which encrypts the entire hard disk.  So if you're interested in catching up on what seems like it will be the most popular technology in Vista, you can get some great technical information here...  http://www.microsoft.com/technet/windowsvista/security/bittech.mspx

Bye for now...!

InfoSec

As usual, Microsoft will be having a stand at InfoSec at Olympia this year.  The event runs from the 25th to the 27th of April, and you can get more information at http://www.infosec.co.uk/.  We will have some top people at the stand, and they're letting me go along too :-)  So come along, we'll have some beers, shoot the breeze about security, maybe go to a club. 

Although plans aren't totally finalised for the stand yet, you can expect to see information on ISA, Antigen (previously Sybari), Frontbridge, Security for client and Server and information for partners.  Every year is an interesting challenge - attendees seem to vary between those who are keen to come and chat to us and really talk to us about what we are doing around security and people who walk briskly past who don't want to be seen talking to us.  Put yourself in the former category, and come along and chat to us - we don't bite, honestly!  I've not seen this year's 'attire' yet but let's hope it's better than last year's!

A new addition to the family

Haven't posted in a while - been snowed under learning about an exciting new addition which is coming to the Windows Server family.  Later this year (subject to the usual Microsoft caveats abou release dates ;-)) we will be releasing Windows Server 2003 Compute Cluster Edition.  This new addition is designed to allow you to create a cluster of nodes which work together to perform complex computing tasks. 

When I first heard about this, my first thought was that we were going up againt Cray:-) but that isn't necessarily the case.  In 1991, a Cray Y-MP C16 had ~10Gflops computing power and cost $40,000,000.  By 1998, you could get that same 10 Gflops in 24 333MHz Ultrasparc II 24GB SBus machines.  And you'd only need a tidy little $1,000,000.  You'd only have to have scrimped and saved for 1/40th of what you needed for the Cray. 

Nowadays, you can get that same 10 Gflops performance in 4 2.2GHz Athlon 64s with 4GB RAM, Gigabit Ethernet and Windows Server 2003 SP1.  That'll cost you aound $4000, 1/250th of what the Cray would have cost.  So for under $5000 you can get the same computig power that fifteen years ago you needed a Cray for. Once you start to see the type of power which most businesses actually have available to them it all starts to make sense that they harness that in a way to let them potentially use these resources in parallel.  Many of the difficulties around High Performance Computing stem from HPC solutions usually being bespoke solutions, very difficult to set up and configure, difficult to add additional nodes, and extremely difficult to monitor and maintin.

So with Wndows Server 2003 CCE, we're bringing the ease of use of Windows, the monitoring capabilities and the automated deployment capabilities of RIS to HPC and potentially moving it to be something which can be deployed on a departmental basis, with a small number of nodes.

Anyway, that's just an intro to he product to let you know what's coming.  It's starting to take over my life, so expect some updates coming in the near future.  I'll leave you with the marketing tagline, which is a pretty good summary - "Windows Compute Cluster Server 2003 - HPC goes mainstream".

Bye for now....