Michael Howard's Web Log

Jim Allchin has a great blog post about some of the design issues we went through and tradeoffs we made in Windows Vista around DEP, UAC, IE and so on. It's a long, but worthwhile read .

Jeff has an uncanny ability to dig into details that most folks gloss over: Exposed? : Examining Secunia Unpatched Warnings - Part 3 I have to concur with Kai: People like this just frost me: Security considered a burden for users

This blog post outlines a bug in the macworld.com web site that allowed the blogger to get a Platinum Pass into MacWorld to see the Jobs' keynote. I'm assuming the story is true! If it's not, it is still a fascinating read about insecure code.

MS07-004 does not affect Windows Vista, even though the coding bug is there. Why? The bug is an integer overflow calling C++ operator::new, but the affected component vgx.dll is compiled with the C++ compiler available in Visual Studio 2005 that automatically...

This is great news. OneCare is one of my all-time-fave products. I love it because it was built knowing that the target user is no security expert. It wasn't built by geeks for geeks. Everyone in my immediate family uses OneCare because (to quote my...

Over the last couple of days, many people have asked for my take on the fact that Visual Studio 2005 SP1 requires admin privileges to run on Windows Vista, and pops up a dialog saying so when it starts up. So, here’s my take, and I don't work for...

From the blurb: During the development of Windows Vista, several key investments were made to vastly improve overall quality, security, and reliability from previous versions of Windows. While we have made tremendous investments in Windows Vista...

First, a very Happy New Year to you all...! Second, due to incredibly popular demand, I managed to find the eXPired poster. I have added it as an attachment at the end of this blog post. Enjoy.