// archives

Security

This tag is associated with 13 posts

Windows 8 – why it matters for business

By March 6, 2012 Post a comment

I have heard a couple of times from enterprises that Windows 8 looks great but that it is a consumer product and that adoption in the enterprise does not seem to bring an obvious advantage as most users work on a laptop and desktop and don’t need a metro surface. While I understand this initial reaction I see a large benefit for business to use Windows 8.

The way people work has changed and more work is done mobile. Until now the challenge was to still have the reliability, productivity and security a business needs. This is one of the strong advantages of Windows 8. It integrates seamlessly into the IT infrastructure and provides enterprise class security. And this even in multiple ways. Windows 8 provides an innovative and fun way to work on a slate or tablet in addition to more traditional laptops and desktop PCs. In addition there is the possibility to have Windows 8 on a USB stick with Windows To Go – a fully managed corporate Windows 8 desktop. Travelling light has never been that easy.

Picking some elements to talk about is not easy as the new functionalities are significant but looking at today’s cybersecurity threats I very much like the improvements that were made with the secure foundation. Trusted Boot is a key element. It validates the integrity of the entire boot process – from hardware, boot loader, kernel, boot-related system files to drivers. With antimalware loaded before all non-critical Windows components we achieve a better protection from rootkits. This in combination with Measured Boot Process, BitLocker Drive Encryption, AppLocker, and claim-based access control delivers end-to-end security like never before.

This is only a short overview on some of the Windows 8 features for business. A deeper and broader description was posted today in the Windows Team Blog here. It is worthwhile reading it.

Also check out the short video for an overview of  some central aspects of Windows 8:

 

 

Best of breed or end-to-end security stack

By February 5, 2012 Post a comment

One of the discussions that I often have with senior IT decision makers is the overall security architecture and how the different layers of security mechanisms work together. In these talks I often see that security in enterprises is approached as a layered approach where, on purpose, security elements and products of different software vendors are used. I call this the best of breed approach as for each security function one can pick the top performer on the market. The main motivation behind this is that if there would be a weakness in a product from one vendor that the same problem will then not be found in the underlaying security layer as it is not from the same origin.

Sounds great? Adds clearly more security? Well yes in theory but maybe no in practice. The reality is that with the financial pressure that is common on todays system’s integrators, operations resources (financial, people and know-how) are sparse and the nicely designed layered approach has suddenly gaps as the complexity is just too high to have it properly handled. This then leaves gaps in the defense. In addition, the interaction of different products is often not well known. What hurts in that regard is that applying security patches can only be done once a thorough testing has occurred – which in turn takes time and resources and means that crucial patches are applied later and the window of opportunity for an attack is open longer.

With this now comes the question. What in practice brings you more security. The best of breed approach that is seldom fully implemented or the end-to-end security stack where your dependence on one supplier is increasing? How much of the dependence do you have already anyway? I observe a move to the second approach – mostly out of lack of operational resources – also in large enterprises with a quite a high security level. I see this even more accelerating in the future when we have more and more security solutions that are offered as cloud or hybrid services where platform compatibility will be a large factor. Does that mean we are having a sort of consumerization of IT also for security?

Less Spam today? Good news – I will tell you why

By September 27, 2011 Post a comment

Microsoft Digital Crimes Unit

Did you notice that you got fewer spam e-mails today? All in all there were about 3.8 Billion fewer spam mails sent out. Why? Because there is one less Botnet in operation. Today Microsoft annaounced that we have taken down the Kelihos botnet in an action codenamed “Operation b79”.  This is the third botnet takedown in Microsoft’s Project MARS (Microsoft Active Response for Security), a program driven by the Microsoft Digital Crimes Unit in close collaboration with the Microsoft Malware Protection Center (MMPC) and the Trustworthy Computing team to annihilate botnets and advance the security of the Internet for everyone. Why does it matter? Because it is one step further in making cybercrime more expensive and it is the first time Microsoft has named a defendant in its fight against botnets making suddenly cybercrime much less anonymous.

Microsoft has a very interesting unit in the fight against Cybercrime – the Digital Crimes Unit. I had the opportunity to spend last week at their premise in Redmond, to have interesting discussions and get our efforts in regard to child abuse and digital crimes aligned. With our ever increased dependance on our computers, smartphones and networks at home, on the road and at work, it becomes more and more crucial to keep this infrastructure safe, secure and private. To achieve this we are working in close cooperation with local law enforcement agencies, government CERTs, Internet Providers and other organizations and agencies. From a personal perspective it is highly interesting to have the opportunity to work at national level as a facilitator and sponsor between these Swiss entities and the different units of Microsoft Redmond and to be able to participate in the fight against child abuse and cybercrime.

The fight against botnets will continue. There are still tens of thousands of computers infected that regularely try to connect to the three botnets Microsoft took down. The following video gives an impression of the state of two botnets as of 21. September 2011.

What now needs to be done is to clean up the infected computers. To aid in this I started working together with Government, Internet Service Providers and Community Emergency Response Teams so that we can also take advantage in Switzerland of the work that is done in Redmond. More on that in a later post once the initiative has advanced and all partners are on board. In the meantime – please keep your computers safe and private. With that you are participate in the global fight against cybercrime and you keep your privacy protected. You can find information on “how-to” in this earlier blogpost.

Interested to know more about the botnet takedown? Read here the official Microsoft Blog.

Follow the Microsoft Digital Crimes Unit on Facebook and Twitter.

 

Evolution of Datacenters – Secure, Scalable and Reliable Cloud Services

By August 24, 2011 Post a comment

I often get asked how Microsoft provides over 200 cloud services and what security measures are in place. There is a good video available that addresses how Microsoft delivers cloud services to more than a billion customers and 20 million businesses in over 70 countries. It is also a fascinating view onto the evolution of modern datacenters and their energy efficiency.

Here it goes:

One man’s terrorist is another man’s freedom fighter – Is it?

By July 26, 2011 Post a comment

I just read an article in the New York times on Suspected Hackers, a Sense of Social Protest. It made me think of the often quoted ”One man’s terrorist is another man’s freedom fighter“.

For me the facts are clear. Nobody should attack the infrastructure or privacy of somebody else. Full stop. I cannot see that attacks can lead to anything positive and we have had plenty of examples showing that peaceful protest in the end works best to initiate change. However, other people see it different. They see it as a kind of social protest if they direct attacks at targets that they see as “evil”. Might these targets be individuals, corporations or governments. And then there are the ones that don’t think at all. That just follow a “cool” call for action. Have you ever seen the youtube video where an anonymous branch calls for attacking Telefonica? Pretty cool I must say. If I would be bored that weekend and looking for something to do – anything really – to fit into a group…. I can see why kids are tempted to point their Low Orbit Ion Cannons pretty much anywhere.

The part that worries me is not so much the individual person that might or might not participate in an attack. What worries me is that we as a society don’t have an understanding what is acceptable behaviour and what not. Sure – we might have a legal definition in some countries – but then does that help much? What we need to come to is a social value of what is acceptable and what not. What is a terrorist – and what is a freedom fighter. What differentiates them from eachother. Only then we can sit down and talk to our kids, our friends, our employees about values. Only then we can blog about it – about making people think about what they are doing. Make them aware of the line that they are crossing when they tinker with other people’s privacy and with intellectual property of enterprises, governments etc.

I don’t have the answer. But I am putting this out as a starting point to talk about it. Do the first step, take this and start talking about it and hopefully make some people think about values. Talk to somebody and lets start a snowball effect. Lets take this as a start to accept other’s privacy and values and use our right of free speech and social protest where we have them – and with that help others to achieve what we already have . Freedom of expression. But it comes with a price – and the price is responsibility and values – and we need to get better in accepting our responsibility.

Microsoft support does not call you – fraud alert!

By July 21, 2011 74 comments

We are receiving currently increased feedback from Microsoft customers about calls they receive from - supposedly - Microsoft support. The callers claims to be a Microsoft representative or working for a Microsoft partner. The usual call goes about the following:

  • The caller calls from either the UK or the US and informs the Microsoft customer that there is supposedly a problem with some software on the computer or that they have indications that the customer has had recently some security problems.
  • The caller claims to be from either a Microsoft Partner or a “Windows Service Center”.
  • The caller speaks English but often with an accent.
  • The caller will try to gain remote access to the computer e.g. by asking the customer to go to a – fraudulent – support website and download software or then send something by e-mail.
  • Usually, if the customer is suspicious and starts asking questions, the caller hangs up.
You might guess already – the person calling is neither from a Microsoft Partner nor from a Microsoft Service Center. The trick is old but still widely in use and currently there seems to be an increase in these calls. They go to private numbers as well as business numbers.
I recommend that if you receive such a call that you just hang up and if a notice arrives by e-mail to immediately delete it. The following points may help you determining if you are talking to a real Microsoft representative or not and cover some additional aspects in addition to fraudulent support calls:
  • Microsoft does not send unsolicited e-mail or make unsolicited phone calls to request personal or financial information.
  • Microsoft does not make unsolicited phone calls to help you fix your computer.
  • Communications claiming that you have won the “Microsoft Lottery” are fraudulent because there is no Microsoft Lottery.
  • Microsoft does not request credit card information to validate your copy of Windows, Office etc.
  • Microsoft does not send unsolicited communication about security updates.
I hope that this information helps you in avoiding being a target in one of these scams. If you are no concerned that your computer was actually victim of a security incident you can read my blog post on securing your computer.
Update: I also added some recommendations on what actions I advice if somebody has had access to your computer (in german).

Beta for next version of Windows Intune

By July 11, 2011 Post a comment

A while ago I wrote about that small and medium businesses have become the new primary target for cybercrime and how to secure your PC in a second post. Today I want to combine the two and share some thoughts on how today the cloud helps in securing your desktops.

When this blog is going live, Microsoft will have the beta of the next release of Windows Intune announced. More information on that is available on the Windows for your Business Blog. In short, the next release of Windows Intune has features specifically requested by partners to better serve their customers. This release is in response to the need for the ability to distribute software – with this beta, administrators can deploy updates or software to PCs that can be located virtually anywhere without server infrastructure or physically touching each PC to install the software or update.

Intune shows the trend to move security capabilities into the cloud. To have a central administration possibility used to involve a fair amount of resources and was felt beyond the possibilities of many small and medium businesses. Not any more. With solutions like Windows Intune every business – as small as it might be – can centrally administrate the PC’s, patch and update them, install software, check the health of the virusscanners etc from an easy web-based interface. You pay for as many PC’s as you are administrating. Not more – not less. In addition to significantly increasing the security of the network it might also save money and reduce the dependence on external IT support if you have outsourced the administration of your endpoints so far.

With this we see another answer to the question if the cloud is safe and if security is possible in the cloud. It is a great example that security is made possibly by the cloud reducing the investment needed to provide security services. A development I like a lot.

Security updates – measuring effect (Autorun Abuse)

By June 20, 2011 Post a comment

Obviously I am a strong advocate of keeping computers up to date and especially on installing security updates. However, it is normally pretty hard to measure the effects on such activities. And now that we have an example where we can see very directly the effect of a security update I would like to share that with you.

Maybe you are aware of Windows XP and Vista’s autorun feature. Basically very convenient but also unfortunately widely exploited. On 8. February Microsoft started the release of updates for Win XP and Vista to prevent AutoPlay from being enabled automatically except in combination with CD’s and DVD’s. Effectively locking down this feature more. With this we can now look at infection rate before and after this update and measure the effect. You can read the whole thread in our threat research and response blog.

In a nutshell – the effect was pretty substantial. The infection rates for Win XP and Vista went significantly down. XP’s infections on scanned computers were reduced by 59% and the ones of Vista by 74% while Win 7 stayed basically the same as it had this feature already enabled. An additonal interesting point is that the infection rate didn’t change significantly with Win XP SP2 as it is out of support and therefore didn’t get the update.

Chart showing effect of autorun update. Source: Microsoft

 

 

 

 

 

 

 

Another interesting aspect was that the overall infection rates changed also significantly. By May of 2011 the number of infections found by the Microsoft Malicious Software Removal Tool was reduced by 68%. Which means that by making even just one section of a computer “population” more secure it can have a significant residual effect with the rest of the computers.

My conclusion? This is a good example to show the effectiveness of security updates. So my recommendations is to let the update feature install them automatically as soon as they get available and to make sure that your operating system is still receiving the updates and is not out of support. So if you still run XP SP2 please make sure to update as quickly as possible to XP SP3.

New Microsoft Security Incident Report – current and emerging threats

By May 12, 2011 Post a comment

 

This morning the microsoft trustworthy computing team released the new Security Incident Report (SIR). The report provides in-depth perspectives on software vulnerabilities, software vulnerability exploits, malicious and potentially unwanted software, and security breaches in both Microsoft and third party software.

And why is this relevant? While reading a crime novel has certainly more entertainment value, the report gives an impression on where cybercrime is heading and how the threats are evolving. This has relevance for security experts, government officials but also for everybody using the internet. Here are some information that I found especially interesting:

  • Cybercriminals continue in deceiving customers through “marketing-like” campains and fake product promotions.
  • Pornpop is an adware family that attempts to display adult advertising. In the 4th quarter of 2010 it was the most prevalent malware worldwide and was cleaned from nearly 4 million systems by Microsoft’s anti malware desktop products. Cybercrime has definitely moved to becoming a business.
  • Phishing attacks to social networking sites jump 8.3% to 84.5% which shows that criminals have seen success with social engineering based approaches especially on social networking sites.
  • Specifically to Switzerland. The MSRT detected malware on 4.1 of every 1’000 computers scanned in Switzerland in 4Q10. This compares to an average worldwide of 8.7 of every 1’000.

The security incident report is special insofar, that it contains the most comprehensive data coverage of any report in the industry. It includes over 600 million data samples, executing millions of malware removals annually, scanning billions of e-mails, over 280 million active Hotmail accounts, and billions of pages scanned by Bing each day. The data collection is actually quite impressive. The data included is gathered from a wide range of Microsoft products and services globally, including: Bing, Windows Live Hotmail, Forefront Online Protection for Exchange, Windows Defender, the Malicious Software Removal Tool (MSRT), Microsoft Forefront Client Security, Windows Live OneCare, Microsoft Security Essentials and the Phishing Filter in Internet Explorer.

You can read and download the report at www.microsoft.com/sir. Maybe not something to put on your bedside table as it will probably keep you awake at night!

New prime cybercrime target – small and medium businesses (KMU)

By April 20, 2011 Post a comment

“Der Bund” – a Swiss newspaper has an article about a Verizon study that should be published today. The study analyzed 1700 cases of data/identity theft and came to the conclusion that small and medium businesses are the new prime target for cybercrime. That lead me to think about how to change this and one solution – and in my view the most sustainable one – is to delegate the defense of your digital information to a professional organization. Too expensive you think? On the contrary - my guess would be that IT cost will actually be (much) lower than running systems yourself and it will even have a positive impact on the environment. How? The answer to this is to move your IT to the cloud.

The cloud to improve security – but…  Yes – this then leads to the question that I am probably asked most in my job. How is security and privacy is in the cloud? There are lengthy answers for that but for many organizations the answer can be quite simple. How is your security today and is it better or worse if a professional enterprise takes care of it? While cases for identiy and data theft are abundent – have you ever heard that (for example) Microsoft’s system have been breached? Looking behind the scenes (perks of my job) I see huge efforts going into security that someone that focuses on running a business and uses IT to enable it has probably not the resources to do. That is the difference. For Microsoft running IT services is the core business process while for a customer IT is (most of the time) a supporting process and therefore resources are allocated different.

With that – the newspaper article coincides with Microsoft’s announcement of the public beta for Office365. With this you can sign up and test the mail/calendar/online Office/collaboration etc with a guaranteed uptime of 99.9%. It comes in an edition for small and medium businesses and one for large enterprises. Why not see for yourself?

«Previous

About the Author

I am Microsoft's Chief Security Advisor for Switzerland and have over 15 years work experience in an information security and risk focused IT environment as program manager, technical director and CIO.

more about me and contact info

Translate

Chinese (Simplified)EnglishFrenchGermanItalianPortugueseRussianSpanish