The US RSA conference is probably the world’s leading security conference with about 30’000 participants and took place last week in San Francisco. Scott Charney, Microsoft’s CVP Trustworthy Computing, gave a noteworthy keynote on Enhancing Cloud Trust that can be watched here. It is well worth the time.
The announcements made by us and the presence that Microsoft had at the conference was impressive. The main theme was very clearly that we truly live in a mobile first, cloud first world and that with the explosion of devices and apps come new challenges. Security has been a top priority for Microsoft for a long time already and Microsoft is committed to providing customers with transparency and control over their data in the cloud. Here are the highlights that we announced:
More information can be found on Scott Charney’s blog on “Enabling greater transparency and control” that also has further links to more in-detail information on the individual technologies mentioned above.
I wrote previously about how to secure your computer but last week Microsoft’s Malware Protection Center released a new tool against rootkits and other advanced malware that I would briefly like to review – the Windows Defender Offline.
Windows Defender Offline is scanning your PC to remove rootkits and other advanced malware that can’t always be detected by antimalware programs. If such a type of malware is detected on your PC you will be prompted by Microsoft Security Essentials to use Defender. However, it is good practice to run the Defender Offline on a regular basis as some advanced malware doesn’t necessarily get detected by any anti-virus program.
The main difference between Defender Offline and most other anit-malware tools is that it is run from a clean boot disk/CD/USB Stick and that way anti-malware that tries to use some cloaking technique will not have the possibility to hide.
For more information on what Windows Defender Offline does and what the system requirements are, please visit this website: http://windows.microsoft.com/
I have heard a couple of times from enterprises that Windows 8 looks great but that it is a consumer product and that adoption in the enterprise does not seem to bring an obvious advantage as most users work on a laptop and desktop and don’t need a metro surface. While I understand this initial reaction I see a large benefit for business to use Windows 8.
The way people work has changed and more work is done mobile. Until now the challenge was to still have the reliability, productivity and security a business needs. This is one of the strong advantages of Windows 8. It integrates seamlessly into the IT infrastructure and provides enterprise class security. And this even in multiple ways. Windows 8 provides an innovative and fun way to work on a slate or tablet in addition to more traditional laptops and desktop PCs. In addition there is the possibility to have Windows 8 on a USB stick with Windows To Go – a fully managed corporate Windows 8 desktop. Travelling light has never been that easy.
Picking some elements to talk about is not easy as the new functionalities are significant but looking at today’s cybersecurity threats I very much like the improvements that were made with the secure foundation. Trusted Boot is a key element. It validates the integrity of the entire boot process – from hardware, boot loader, kernel, boot-related system files to drivers. With antimalware loaded before all non-critical Windows components we achieve a better protection from rootkits. This in combination with Measured Boot Process, BitLocker Drive Encryption, AppLocker, and claim-based access control delivers end-to-end security like never before.
This is only a short overview on some of the Windows 8 features for business. A deeper and broader description was posted today in the Windows Team Blog here. It is worthwhile reading it.
Also check out the short video for an overview of some central aspects of Windows 8:
Did you notice that you got fewer spam e-mails today? All in all there were about 3.8 Billion fewer spam mails sent out. Why? Because there is one less Botnet in operation. Today Microsoft annaounced that we have taken down the Kelihos botnet in an action codenamed “Operation b79”. This is the third botnet takedown in Microsoft’s Project MARS (Microsoft Active Response for Security), a program driven by the Microsoft Digital Crimes Unit in close collaboration with the Microsoft Malware Protection Center (MMPC) and the Trustworthy Computing team to annihilate botnets and advance the security of the Internet for everyone. Why does it matter? Because it is one step further in making cybercrime more expensive and it is the first time Microsoft has named a defendant in its fight against botnets making suddenly cybercrime much less anonymous.
Microsoft has a very interesting unit in the fight against Cybercrime – the Digital Crimes Unit. I had the opportunity to spend last week at their premise in Redmond, to have interesting discussions and get our efforts in regard to child abuse and digital crimes aligned. With our ever increased dependance on our computers, smartphones and networks at home, on the road and at work, it becomes more and more crucial to keep this infrastructure safe, secure and private. To achieve this we are working in close cooperation with local law enforcement agencies, government CERTs, Internet Providers and other organizations and agencies. From a personal perspective it is highly interesting to have the opportunity to work at national level as a facilitator and sponsor between these Swiss entities and the different units of Microsoft Redmond and to be able to participate in the fight against child abuse and cybercrime.
The fight against botnets will continue. There are still tens of thousands of computers infected that regularely try to connect to the three botnets Microsoft took down. The following video gives an impression of the state of two botnets as of 21. September 2011.
What now needs to be done is to clean up the infected computers. To aid in this I started working together with Government, Internet Service Providers and Community Emergency Response Teams so that we can also take advantage in Switzerland of the work that is done in Redmond. More on that in a later post once the initiative has advanced and all partners are on board. In the meantime – please keep your computers safe and private. With that you are participate in the global fight against cybercrime and you keep your privacy protected. You can find information on “how-to” in this earlier blogpost.
Interested to know more about the botnet takedown? Read here the official Microsoft Blog.
I often get asked how Microsoft provides over 200 cloud services and what security measures are in place. There is a good video available that addresses how Microsoft delivers cloud services to more than a billion customers and 20 million businesses in over 70 countries. It is also a fascinating view onto the evolution of modern datacenters and their energy efficiency.
Here it goes:
I still hear frequently about calls people receive from – supposedly – Microsoft support and they have even called our house. The callers claims to be a Microsoft representative or working for a Microsoft partner. The usual call goes about the following:
A while ago I wrote about that small and medium businesses have become the new primary target for cybercrime and how to secure your PC in a second post. Today I want to combine the two and share some thoughts on how today the cloud helps in securing your desktops.
When this blog is going live, Microsoft will have the beta of the next release of Windows Intune announced. More information on that is available on the Windows for your Business Blog. In short, the next release of Windows Intune has features specifically requested by partners to better serve their customers. This release is in response to the need for the ability to distribute software – with this beta, administrators can deploy updates or software to PCs that can be located virtually anywhere without server infrastructure or physically touching each PC to install the software or update.
Intune shows the trend to move security capabilities into the cloud. To have a central administration possibility used to involve a fair amount of resources and was felt beyond the possibilities of many small and medium businesses. Not any more. With solutions like Windows Intune every business – as small as it might be – can centrally administrate the PC’s, patch and update them, install software, check the health of the virusscanners etc from an easy web-based interface. You pay for as many PC’s as you are administrating. Not more – not less. In addition to significantly increasing the security of the network it might also save money and reduce the dependence on external IT support if you have outsourced the administration of your endpoints so far.
With this we see another answer to the question if the cloud is safe and if security is possible in the cloud. It is a great example that security is made possibly by the cloud reducing the investment needed to provide security services. A development I like a lot.
Obviously I am a strong advocate of keeping computers up to date and especially on installing security updates. However, it is normally pretty hard to measure the effects on such activities. And now that we have an example where we can see very directly the effect of a security update I would like to share that with you.
Maybe you are aware of Windows XP and Vista’s autorun feature. Basically very convenient but also unfortunately widely exploited. On 8. February Microsoft started the release of updates for Win XP and Vista to prevent AutoPlay from being enabled automatically except in combination with CD’s and DVD’s. Effectively locking down this feature more. With this we can now look at infection rate before and after this update and measure the effect. You can read the whole thread in our threat research and response blog.
In a nutshell – the effect was pretty substantial. The infection rates for Win XP and Vista went significantly down. XP’s infections on scanned computers were reduced by 59% and the ones of Vista by 74% while Win 7 stayed basically the same as it had this feature already enabled. An additonal interesting point is that the infection rate didn’t change significantly with Win XP SP2 as it is out of support and therefore didn’t get the update.
Another interesting aspect was that the overall infection rates changed also significantly. By May of 2011 the number of infections found by the Microsoft Malicious Software Removal Tool was reduced by 68%. Which means that by making even just one section of a computer “population” more secure it can have a significant residual effect with the rest of the computers.
My conclusion? This is a good example to show the effectiveness of security updates. So my recommendations is to let the update feature install them automatically as soon as they get available and to make sure that your operating system is still receiving the updates and is not out of support. So if you still run XP SP2 please make sure to update as quickly as possible to XP SP3.
This morning the microsoft trustworthy computing team released the new Security Incident Report (SIR). The report provides in-depth perspectives on software vulnerabilities, software vulnerability exploits, malicious and potentially unwanted software, and security breaches in both Microsoft and third party software.
And why is this relevant? While reading a crime novel has certainly more entertainment value, the report gives an impression on where cybercrime is heading and how the threats are evolving. This has relevance for security experts, government officials but also for everybody using the internet. Here are some information that I found especially interesting:
The security incident report is special insofar, that it contains the most comprehensive data coverage of any report in the industry. It includes over 600 million data samples, executing millions of malware removals annually, scanning billions of e-mails, over 280 million active Hotmail accounts, and billions of pages scanned by Bing each day. The data collection is actually quite impressive. The data included is gathered from a wide range of Microsoft products and services globally, including: Bing, Windows Live Hotmail, Forefront Online Protection for Exchange, Windows Defender, the Malicious Software Removal Tool (MSRT), Microsoft Forefront Client Security, Windows Live OneCare, Microsoft Security Essentials and the Phishing Filter in Internet Explorer.
You can read and download the report at www.microsoft.com/sir. Maybe not something to put on your bedside table as it will probably keep you awake at night!
“Der Bund” – a Swiss newspaper has an article about a Verizon study that should be published today. The study analyzed 1700 cases of data/identity theft and came to the conclusion that small and medium businesses are the new prime target for cybercrime. That lead me to think about how to change this and one solution – and in my view the most sustainable one – is to delegate the defense of your digital information to a professional organization. Too expensive you think? On the contrary – my guess would be that IT cost will actually be (much) lower than running systems yourself and it will even have a positive impact on the environment. How? The answer to this is to move your IT to the cloud.
The cloud to improve security – but… Yes – this then leads to the question that I am probably asked most in my job. How is security and privacy is in the cloud? There are lengthy answers for that but for many organizations the answer can be quite simple. How is your security today and is it better or worse if a professional enterprise takes care of it? While cases for identiy and data theft are abundent – have you ever heard that (for example) Microsoft’s system have been breached? Looking behind the scenes (perks of my job) I see huge efforts going into security that someone that focuses on running a business and uses IT to enable it has probably not the resources to do. That is the difference. For Microsoft running IT services is the core business process while for a customer IT is (most of the time) a supporting process and therefore resources are allocated different.
With that – the newspaper article coincides with Microsoft’s announcement of the public beta for Office365. With this you can sign up and test the mail/calendar/online Office/collaboration etc with a guaranteed uptime of 99.9%. It comes in an edition for small and medium businesses and one for large enterprises. Why not see for yourself?