An Interesting Comment
A little bit of information about me. My name is Ido (pronounced e-dough) Dubrawsky and I am the Security Advisor for Microsoft's Communication Sector North America group. My customers run the gamut from media and entertainment companies to print and publishing companies to wired and wireless telecommunications companies. I've been working at Microsoft for only 13 months (tomorrow is my 13 month anniversary) but I have to say I have never been more impresses by the people and dedication in a company as I have seen at Microsoft. My background include about 20 years of UNIX and Linux administration (as well as Microsoft Windows administration). I used to work in Cisco's SAFE Architecture group for 2 1/2 of the 4 1/2 odd years I was at Cisco. After I left Cisco I worked for SBC/AT&T for a year in their Callisma consulting subsidiary before I was offered this position at Microsoft But enough about me for now...we'll continue that story later. The reason why I wrote this particular post is because I was reading a recent article in Network World about a "Hack the Mac" contest that was held during the CanSecWest conference in Vancouver recently. What was most interesting is that one of the attendees managed to exploit a vulnerability in the Safari browser that provided access to the system -- complete access. One of the conference's principal organizers, Dragos Rui, made the comment:
"You see a lot of people running OS X saying it's so secure and frankly Microsoft is putting more work into security than Apple has"
This is amazing. This is, in my mind, independent acknowledgement and validation of the effort we are doing to improve the security of our software. Remember...I come many years of UNIX administration as well as security consulting. Whenever someone mentioned Microsoft and security in the same breath I used to snicker and laugh. But in my last two years at Cisco and especially in the year I worked at SBC/AT&T I began to notice that Microsoft's Windows platform security had dramatically improved...so much so that when we did a penetration test on customer's networks it was easier to gain the initial access through one of the UNIX systems rather than the Windows systems. This was an eye-opening experience for me and was one of the reasons why I was interested in this position. I hope to bring to light on this blog some of the amazing security efforts that we're doing with the Windows platform in the hopes that people we realize that we have a very good security story. When I read things like Dragos' comment above I feel that we are starting to get recognition for our efforts...now if Apple would just stop those silly ads ;-)
