On the effectiveness of DEP and ASLR

Our Security Research and Defense team published a blog post, which is really interesting to read to understand how to protect Windows Vista and Windows 7: On the effectiveness of DEP and ASLR. There is a lot of information on how both raise the bar for attackers. These are the key take away: DEP and…

Mitigating the use of Local Admin

We recently had internal discussions on the use of local admin and how to mitigate it. During this, Richard Diver, a Premier Field Engineer in APAC, wrote a great article how to do it. I wanted to make sure, you can see this as well. So, this is a guest blog. General Goals of Strategic…


Behind the Curtain of Second Tuesdays: Challenges in Software Security Response

You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microsoft Security Response Center. Dustin (the presenter) blogged on it Behind the Curtain of Second Tuesdays: Challenges in Software…

Information Security Management System for Microsoft Cloud Infrastructure

Just a quick one. Our Global Foundation Services organization (the ones who run our datacenters) just published a new whitepaper: Information Security Management System for Microsoft Cloud Infrastructure This paper describes the Information Security Management System program for Microsoft’s Cloud Infrastructure, as well as some of the processes and benefits realized from operating this model….

Hotmail now with full-session SSL

If you use Hotmail, you should enable full session SSL in my opinion. Additionally we use SSL for additional services like Skydrive etc. However, there are some caveats. Read the blog post on that: Hotmail security improves with full-session HTTPS encryption Roger

Move to latest versions – for security reasons

We all know that Windows XP is rock-solid but not capable anymore to defend against today’s attacks and the same is true for IE6. Having been great products, when they were launched, the threat landscape changed significantly since then. Windows 7 has a great potential to help customers now move away from Windows XP and…


Time to sell your iPhone

I guess you do not know the problem: My kids come home from school and want an iPod – I want them to use a Zune as I am convinced that iTunes is one of the worst software I have ever seen (besides RealPlayer), I hate the lock-in into the store and the iPod user…


Worldwide Chief Security Advisor Meeting

I know that I have been very, very quiet over the last two weeks. The reason was, that the worldwide Chief Security Advisors met at our HQ in Redmond for four days to discuss community related questions as well as the future of certain selected products and share the worldwide experience with our product manager….

Windows Phone 7 Reviews

I just got a mail that my Windows Phone 7 is ready for pick-up. Unfortunately I am in Redmond at the moment and my Windows Phone 7 is in Switzerland. The poor device will have to wait for me for another week (or is it the other way around – poor Roger has to wait…


Ray Ozzie’s Blog is Back

As I am still oof, another short one: Ray Ozzie’s blog is back: http://ozzie.net/ Ray is definitely one of the driving persons behind our overall vision and architecture. So, it is worth keeping him on your RSS feed. Roger