One of Windows Vista’s central tenets is to enhance Windows security to such a degree that both power users and novices alike can access networks and information in a secure, protected manner and without worry. Security has been such an obsessive focus and underpins so many parts of the new OS that it’s arguably been the key driver behind our desire to release a new version of Windows. It affects us all to some degree and is something about which pretty much everyone has an opinion, yet in Windows Vista, it’s a poorly understood subject by and large. My sense is that while features such as User Account Control have gotten their fair share of attention (and possibly more), others such as outbound application filtering by the Windows Vista Firewall are still unfamiliar to many readers.
The Windows Vista Security Blog was launched with that in mind. In fact, the first post was drafted by Ben Fathi, our VP of the Security Technology Unit, and makes reference to a number of other security-related blogs, documents and sites that you might check out as well. Ben also mentions that topics previously covered on other blogs will now be covered in more depth on the new security blog, which should make it easier to find more security-related content in a single place and also provide the entire team with feedback in the bargain.
For example, one topic Ben mentions is Address Space Layout Randomization — which, combined with Data Execution Protection, are two aspects of security that’re not necessarily well–known, let alone well understood. These two innovations represent an ingenious way of preventing malware access to mapped memory locations wherein they could otherwise create buffer overruns and allow the execution of malicious data. ASLR+NX represents one of the myriad ways that we’ve incorporated security measures into Windows Vista, and it’s worth learning about that from the very people who designed and built the product. Now you can via this new blog.
Security encompasses a multitude of topics and often gets attention only when it’s a problem — which is too bad, because it’s a fascinating element of Windows Vista. I’m happy to see this new blog and look forward to sharing highlights and insights from it with you in the future.