I have heard a couple of times from enterprises that Windows 8 looks great but that it is a consumer product and that adoption in the enterprise does not seem to bring an obvious advantage as most users work on a laptop and desktop and don’t need a metro surface. While I understand this initial reaction I see a large benefit for business to use Windows 8.
The way people work has changed and more work is done mobile. Until now the challenge was to still have the reliability, productivity and security a business needs. This is one of the strong advantages of Windows 8. It integrates seamlessly into the IT infrastructure and provides enterprise class security. And this even in multiple ways. Windows 8 provides an innovative and fun way to work on a slate or tablet in addition to more traditional laptops and desktop PCs. In addition there is the possibility to have Windows 8 on a USB stick with Windows To Go – a fully managed corporate Windows 8 desktop. Travelling light has never been that easy.
Picking some elements to talk about is not easy as the new functionalities are significant but looking at today’s cybersecurity threats I very much like the improvements that were made with the secure foundation. Trusted Boot is a key element. It validates the integrity of the entire boot process – from hardware, boot loader, kernel, boot-related system files to drivers. With antimalware loaded before all non-critical Windows components we achieve a better protection from rootkits. This in combination with Measured Boot Process, BitLocker Drive Encryption, AppLocker, and claim-based access control delivers end-to-end security like never before.
This is only a short overview on some of the Windows 8 features for business. A deeper and broader description was posted today in the Windows Team Blog here. It is worthwhile reading it.
Also check out the short video for an overview of some central aspects of Windows 8:
One of the discussions that I often have with senior IT decision makers is the overall security architecture and how the different layers of security mechanisms work together. In these talks I often see that security in enterprises is approached as a layered approach where, on purpose, security elements and products of different software vendors are used. I call this the best of breed approach as for each security function one can pick the top performer on the market. The main motivation behind this is that if there would be a weakness in a product from one vendor that the same problem will then not be found in the underlaying security layer as it is not from the same origin.
Sounds great? Adds clearly more security? Well yes in theory but maybe no in practice. The reality is that with the financial pressure that is common on todays system’s integrators, operations resources (financial, people and know-how) are sparse and the nicely designed layered approach has suddenly gaps as the complexity is just too high to have it properly handled. This then leaves gaps in the defense. In addition, the interaction of different products is often not well known. What hurts in that regard is that applying security patches can only be done once a thorough testing has occurred – which in turn takes time and resources and means that crucial patches are applied later and the window of opportunity for an attack is open longer.
With this now comes the question. What in practice brings you more security. The best of breed approach that is seldom fully implemented or the end-to-end security stack where your dependence on one supplier is increasing? How much of the dependence do you have already anyway? I observe a move to the second approach – mostly out of lack of operational resources – also in large enterprises with a quite a high security level. I see this even more accelerating in the future when we have more and more security solutions that are offered as cloud or hybrid services where platform compatibility will be a large factor. Does that mean we are having a sort of consumerization of IT also for security?
Did you notice that you got fewer spam e-mails today? All in all there were about 3.8 Billion fewer spam mails sent out. Why? Because there is one less Botnet in operation. Today Microsoft annaounced that we have taken down the Kelihos botnet in an action codenamed “Operation b79”. This is the third botnet takedown in Microsoft’s Project MARS (Microsoft Active Response for Security), a program driven by the Microsoft Digital Crimes Unit in close collaboration with the Microsoft Malware Protection Center (MMPC) and the Trustworthy Computing team to annihilate botnets and advance the security of the Internet for everyone. Why does it matter? Because it is one step further in making cybercrime more expensive and it is the first time Microsoft has named a defendant in its fight against botnets making suddenly cybercrime much less anonymous.
Microsoft has a very interesting unit in the fight against Cybercrime – the Digital Crimes Unit. I had the opportunity to spend last week at their premise in Redmond, to have interesting discussions and get our efforts in regard to child abuse and digital crimes aligned. With our ever increased dependance on our computers, smartphones and networks at home, on the road and at work, it becomes more and more crucial to keep this infrastructure safe, secure and private. To achieve this we are working in close cooperation with local law enforcement agencies, government CERTs, Internet Providers and other organizations and agencies. From a personal perspective it is highly interesting to have the opportunity to work at national level as a facilitator and sponsor between these Swiss entities and the different units of Microsoft Redmond and to be able to participate in the fight against child abuse and cybercrime.
The fight against botnets will continue. There are still tens of thousands of computers infected that regularely try to connect to the three botnets Microsoft took down. The following video gives an impression of the state of two botnets as of 21. September 2011.
What now needs to be done is to clean up the infected computers. To aid in this I started working together with Government, Internet Service Providers and Community Emergency Response Teams so that we can also take advantage in Switzerland of the work that is done in Redmond. More on that in a later post once the initiative has advanced and all partners are on board. In the meantime – please keep your computers safe and private. With that you are participate in the global fight against cybercrime and you keep your privacy protected. You can find information on “how-to” in this earlier blogpost.
Interested to know more about the botnet takedown? Read here the official Microsoft Blog.
I often get asked how Microsoft provides over 200 cloud services and what security measures are in place. There is a good video available that addresses how Microsoft delivers cloud services to more than a billion customers and 20 million businesses in over 70 countries. It is also a fascinating view onto the evolution of modern datacenters and their energy efficiency.
Here it goes:
I just read an article in the New York times on Suspected Hackers, a Sense of Social Protest. It made me think of the often quoted ”One man’s terrorist is another man’s freedom fighter“.
For me the facts are clear. Nobody should attack the infrastructure or privacy of somebody else. Full stop. I cannot see that attacks can lead to anything positive and we have had plenty of examples showing that peaceful protest in the end works best to initiate change. However, other people see it different. They see it as a kind of social protest if they direct attacks at targets that they see as “evil”. Might these targets be individuals, corporations or governments. And then there are the ones that don’t think at all. That just follow a “cool” call for action. Have you ever seen the youtube video where an anonymous branch calls for attacking Telefonica? Pretty cool I must say. If I would be bored that weekend and looking for something to do – anything really – to fit into a group…. I can see why kids are tempted to point their Low Orbit Ion Cannons pretty much anywhere.
The part that worries me is not so much the individual person that might or might not participate in an attack. What worries me is that we as a society don’t have an understanding what is acceptable behaviour and what not. Sure – we might have a legal definition in some countries – but then does that help much? What we need to come to is a social value of what is acceptable and what not. What is a terrorist – and what is a freedom fighter. What differentiates them from eachother. Only then we can sit down and talk to our kids, our friends, our employees about values. Only then we can blog about it – about making people think about what they are doing. Make them aware of the line that they are crossing when they tinker with other people’s privacy and with intellectual property of enterprises, governments etc.
I don’t have the answer. But I am putting this out as a starting point to talk about it. Do the first step, take this and start talking about it and hopefully make some people think about values. Talk to somebody and lets start a snowball effect. Lets take this as a start to accept other’s privacy and values and use our right of free speech and social protest where we have them – and with that help others to achieve what we already have . Freedom of expression. But it comes with a price – and the price is responsibility and values – and we need to get better in accepting our responsibility.
We are receiving currently increased feedback from Microsoft customers about calls they receive from - supposedly - Microsoft support. The callers claims to be a Microsoft representative or working for a Microsoft partner. The usual call goes about the following:
A while ago I wrote about that small and medium businesses have become the new primary target for cybercrime and how to secure your PC in a second post. Today I want to combine the two and share some thoughts on how today the cloud helps in securing your desktops.
When this blog is going live, Microsoft will have the beta of the next release of Windows Intune announced. More information on that is available on the Windows for your Business Blog. In short, the next release of Windows Intune has features specifically requested by partners to better serve their customers. This release is in response to the need for the ability to distribute software – with this beta, administrators can deploy updates or software to PCs that can be located virtually anywhere without server infrastructure or physically touching each PC to install the software or update.
Intune shows the trend to move security capabilities into the cloud. To have a central administration possibility used to involve a fair amount of resources and was felt beyond the possibilities of many small and medium businesses. Not any more. With solutions like Windows Intune every business – as small as it might be – can centrally administrate the PC’s, patch and update them, install software, check the health of the virusscanners etc from an easy web-based interface. You pay for as many PC’s as you are administrating. Not more – not less. In addition to significantly increasing the security of the network it might also save money and reduce the dependence on external IT support if you have outsourced the administration of your endpoints so far.
With this we see another answer to the question if the cloud is safe and if security is possible in the cloud. It is a great example that security is made possibly by the cloud reducing the investment needed to provide security services. A development I like a lot.
Obviously I am a strong advocate of keeping computers up to date and especially on installing security updates. However, it is normally pretty hard to measure the effects on such activities. And now that we have an example where we can see very directly the effect of a security update I would like to share that with you.
Maybe you are aware of Windows XP and Vista’s autorun feature. Basically very convenient but also unfortunately widely exploited. On 8. February Microsoft started the release of updates for Win XP and Vista to prevent AutoPlay from being enabled automatically except in combination with CD’s and DVD’s. Effectively locking down this feature more. With this we can now look at infection rate before and after this update and measure the effect. You can read the whole thread in our threat research and response blog.
In a nutshell – the effect was pretty substantial. The infection rates for Win XP and Vista went significantly down. XP’s infections on scanned computers were reduced by 59% and the ones of Vista by 74% while Win 7 stayed basically the same as it had this feature already enabled. An additonal interesting point is that the infection rate didn’t change significantly with Win XP SP2 as it is out of support and therefore didn’t get the update.
Another interesting aspect was that the overall infection rates changed also significantly. By May of 2011 the number of infections found by the Microsoft Malicious Software Removal Tool was reduced by 68%. Which means that by making even just one section of a computer “population” more secure it can have a significant residual effect with the rest of the computers.
My conclusion? This is a good example to show the effectiveness of security updates. So my recommendations is to let the update feature install them automatically as soon as they get available and to make sure that your operating system is still receiving the updates and is not out of support. So if you still run XP SP2 please make sure to update as quickly as possible to XP SP3.
This morning the microsoft trustworthy computing team released the new Security Incident Report (SIR). The report provides in-depth perspectives on software vulnerabilities, software vulnerability exploits, malicious and potentially unwanted software, and security breaches in both Microsoft and third party software.
And why is this relevant? While reading a crime novel has certainly more entertainment value, the report gives an impression on where cybercrime is heading and how the threats are evolving. This has relevance for security experts, government officials but also for everybody using the internet. Here are some information that I found especially interesting:
The security incident report is special insofar, that it contains the most comprehensive data coverage of any report in the industry. It includes over 600 million data samples, executing millions of malware removals annually, scanning billions of e-mails, over 280 million active Hotmail accounts, and billions of pages scanned by Bing each day. The data collection is actually quite impressive. The data included is gathered from a wide range of Microsoft products and services globally, including: Bing, Windows Live Hotmail, Forefront Online Protection for Exchange, Windows Defender, the Malicious Software Removal Tool (MSRT), Microsoft Forefront Client Security, Windows Live OneCare, Microsoft Security Essentials and the Phishing Filter in Internet Explorer.
You can read and download the report at www.microsoft.com/sir. Maybe not something to put on your bedside table as it will probably keep you awake at night!
“Der Bund” – a Swiss newspaper has an article about a Verizon study that should be published today. The study analyzed 1700 cases of data/identity theft and came to the conclusion that small and medium businesses are the new prime target for cybercrime. That lead me to think about how to change this and one solution – and in my view the most sustainable one – is to delegate the defense of your digital information to a professional organization. Too expensive you think? On the contrary - my guess would be that IT cost will actually be (much) lower than running systems yourself and it will even have a positive impact on the environment. How? The answer to this is to move your IT to the cloud.
The cloud to improve security – but… Yes – this then leads to the question that I am probably asked most in my job. How is security and privacy is in the cloud? There are lengthy answers for that but for many organizations the answer can be quite simple. How is your security today and is it better or worse if a professional enterprise takes care of it? While cases for identiy and data theft are abundent – have you ever heard that (for example) Microsoft’s system have been breached? Looking behind the scenes (perks of my job) I see huge efforts going into security that someone that focuses on running a business and uses IT to enable it has probably not the resources to do. That is the difference. For Microsoft running IT services is the core business process while for a customer IT is (most of the time) a supporting process and therefore resources are allocated different.
With that – the newspaper article coincides with Microsoft’s announcement of the public beta for Office365. With this you can sign up and test the mail/calendar/online Office/collaboration etc with a guaranteed uptime of 99.9%. It comes in an edition for small and medium businesses and one for large enterprises. Why not see for yourself?