Windows Vista Security – A Bigger Picture

re: Windows Vista Security – A Bigger Picture

bob hir — Tue, 13 Jun 2006 00:54:00 GMT

Thanks for the above, very informative...I have one question though wouldn't the Stack randomization and ASLR work counter to caching techniques involving caching what is requested and more of what is nearby with the expectation that the "more" will be called into play shortly also..

I'm not a programmer, and approaching this from a level of someone whom reads alot about windows and processor internals type stuff, and may very well not be understanding all this correctly..

tuxedo-es.org » Microsoft Windows Vista beta-2build 5384: Vista-Probe 0.1 results

Tue, 13 Jun 2006 06:28:12 GMT

PingBack from http://www.tuxedo-es.org/blog/2006/06/13/microsoft-windows-vista-beta-2build-5384-vista-probe-01-results/

re: Windows Vista Security – A Bigger Picture

Vasu — Tue, 13 Jun 2006 15:49:49 GMT

Michael;
Regarding your statement;
"I want to make one thing really clear; in my opinion, the overall effect of these defenses is greater than the sum of the parts."
Uh.. that is hard to believe if you state like that (or coming from a Microsoft guy :) ). It should be more like
"According to mathematics (which is the universal truth), the the overall effect of these defenses is greater than the sum of the parts"
In math it is called Bayes' Theorem.
Very nice summary of the important security features. Thanks :)

--Vasu.

Windows Vista : Threat-driven Design combined with Security Quality Process

Think Security - Jeff Jones Security Blog — Thu, 15 Jun 2006 19:58:34 GMT

What is the difference between foundational security and security features?
Name 3 security companies.&nbsp;...

Defense In Depth: The Bigger Picture of Windows Vista Security

Robert McLaws: FunWithCoding.NET - Windows Vista Edition — Thu, 15 Jun 2006 21:38:52 GMT

Microsoft Security Expert Michael Howard provides a very technical explanation of the security strategies...

Italia SW » Archivio » Windows Vista News della Settimana

Italia SW » Archivio » Windows Vista News della Settimana — Thu, 15 Jun 2006 23:11:43 GMT

PingBack from http://www.italiasw.com/windows-vista-news-della-settimana/

re: Windows Vista Security – A Bigger Picture

Kannan — Fri, 16 Jun 2006 16:47:23 GMT

I have a question on /GS , was windows xp sp2 compiled with this option ?

re: Windows Vista Security – A Bigger Picture

michael_HOWARD — Fri, 16 Jun 2006 19:11:21 GMT

Kannan, yes it was. But we have tweaked /GS again for Windows Vista :)

re: Windows Vista Security – A Bigger Picture

bartosz — Sun, 18 Jun 2006 22:03:43 GMT

hi michael, what flag in PE header will ensure random image base?

The Windows Vista Technician | Help & Information » Windows Vista Security - Technical Explanation

Mon, 19 Jun 2006 04:51:34 GMT

PingBack from http://www.vistatechnician.com/38/windows-vista-security-technical-explanation/

Cl??rigo » Blog Archive » (In)Seguridad en Vista

Cl??rigo » Blog Archive » (In)Seguridad en Vista — Wed, 12 Jul 2006 19:28:10 GMT

PingBack from http://clerigo.alucardx.net/index.php/2006/07/12/inseguridad-en-vista/

Symantec: Crying Wolf on Windows Vista

Robert McLaws: FunWithCoding.NET - Windows Vista Edition — Tue, 25 Jul 2006 22:24:48 GMT

Symantec is so pissed at Microsoft for competing against it with OneCare, and for reducing the need for...

Windows Vista x64 Security - Pt 1

Think Security - Jeff Jones Security Blog — Thu, 03 Aug 2006 02:52:51 GMT

I recently took home a build of Windows Vista for my home machine, which happens to be a dual processor...

Windows Vista Download - » Blog Archive » Symantec: Crying Wolf on Windows Vista

Thu, 03 Aug 2006 15:35:18 GMT

PingBack from http://www.windowsvistadownload.co.uk/?p=38

Finala WESC 2006 minus zero

La treaba! v3 — Tue, 10 Oct 2006 12:31:00 GMT

Ca observator cel mai bine realizezi cât de mult s-a lucrat la un proiect în seara/noaptea

Symantec's "The Mac OS X Threat Landscape: An Overview"

Michael Howard's Web Log — Wed, 15 Nov 2006 19:35:32 GMT

This is probably the most in-depth analysis of Mac OS X security I've ever read. It's a worthwhile read.

Lessons Learned from MS07-029: The DNS RPC Interface Buffer Overrun

The Security Development Lifecycle — Thu, 28 Jun 2007 20:34:17 GMT

Hi, Michael Howard here (again). Before I get started on this post, I want to set some expectations.