The Platform and the Hardman : Security

You received and Ecard!!!

Matthew Hardman — Tue, 13 Jan 2009 07:43:04 GMT

I am hoping most people have not been affected by these email spreading around. There is a proliferation of SPAM emails going around suggesting that you have received an Ecard from someone… DONT CLICK ON THE LINK.

The downside of a connected social experience is that as users we become a bit lax with regards to protecting ourselves against such devious attacks.

I love the concept of social networking, but just remember a few things…

1. Is the email from someone you know? Even if it is… I would be weary of it… if it says something like this…

Michelle has posted an e-card.

Visit the following web address to see it:

You can see your card at any time within 40 days

I guarantee you its a SPAM email trying to get you to head to a link to get infected.

2. If you dont know the person that is sending it to you, then they probably dont know you… they are phishing for you to get infected and further proliferate the virus.

So what should you do?

1. Have anti-malware software installed, you can get Windows Defender for free from here…

http://www.microsoft.com/windows/products/winfamily/defender/default.mspx

2. Ensure your anti-virus signatures are up to date.

Hopefully we can avoid the nefarious actions these emails are trying to get out there!!!

Microsoft to offer free consumer security suite | Security - CNET News

Matthew Hardman — Thu, 20 Nov 2008 11:26:33 GMT

I'm really excited about this announcement. This is a great step forward in making protection of your PC available for all. In the second half of 2009 we will be releasing code-name Morro that will protect customers from trojans, viruses, spyware, rootkits etc.

The big thing for people to realise that with technology it is always a two part problem, there is the technology and then there is the human element. Hackers etc. are using social engineering tactics to gain the trust of the user to perpetrate hacks and unauthorized access, so we need to also be self aware of this tactic.

However to make security protection free for all means there is no reason not to have the technical element of your software secure.

Microsoft to offer free consumer security suite | Security - CNET News

Jeff Jones Security Blog : Download: H1 2008 Desktop OS Vendor Report - Vulnerabilities and Days-of-Risk

Matthew Hardman — Mon, 27 Oct 2008 17:21:45 GMT

Jeff Jones has released his six monthly report on desktop OS security vulnerabilities and Days-Of-Risk.

One highlight was the pie chart on security vulnerabilities in the different OSes.

This certainly is in contrast to what a lot people are saying that Linux and Mac are more secure.

Jeff Jones Security Blog : Download: H1 2008 Desktop OS Vendor Report - Vulnerabilities and Days-of-Risk

Presenting the security of Windows Server 2008

Matthew Hardman — Fri, 20 Jun 2008 09:47:44 GMT

On Thursday night I had the privilege of presenting to the OWASP.org user group. Those who are unaware of this group, they are a passionate group of security experts in Singapore.

We had a 30-strong attendance from the group packed in to our Microsoft Innovation Center. My session was a very high-level overview about the security enhancements of Windows Server 2008, followed up by my colleague Dennis Chung, who gave an in depth session on Read Only Domain Controllers.

We had a lot of great questions and discussions, and both of us enjoyed it immensely.

I am placing my slides here if anyone wants them, as I said it was a very high overview, so there is not a lot of depth. I will try and get Dennis's presentation from him to add to the post as well.

Here is my session http://cid-9720229c26829d90.skydrive.live.com/self.aspx/Public/Windows%20Server%202008%20Security%20Overview.pptx

Server Core "Theoretically" reduces the number of Security Bulletins

Matthew Hardman — Tue, 17 Jun 2008 10:34:47 GMT

Just after publishing our video on Server Core, I visited Jeff Jones Security Blog, and found this post

http://blogs.technet.com/security/archive/2008/06/12/download-server-core-potential-security-benefit.aspx

on how having a server OS being installed in a "Core" installation mode, would have reduced security vulnerabilities for Windows Server 2003, if the option was available.

At the blog post there is a report you can read which goes through various benefits from a security point of view for installing Windows Server Core.

Making Security Better for the IT Pro

Matthew Hardman — Thu, 05 Jun 2008 10:29:52 GMT

I literally just stepped out of keynoting the latest Technet Security Event for Microsoft Singapore. The question I posed to the attendees at the event, "What things can Microsoft be doing better for IT Professionals in Singapore with regards to security."

The following were some of the responses

Free Security Exam Vouchers
2 Day Security Camp
Publicize Security Events better
Establishment of a forum for people to ask questions and get timely responses
Giving away Partner Action Packs or Technet Plus
Greater exposure to Microsoft Security Products and Technologies
Bring Tech Ed back to Singapore

There were lots of good suggestions, so while I go away and have a think about what we can do locally in Singapore, please let me know if you support any of the above suggestions or have suggestions of your own, then please feel free to comment.

Learning to Love UAC...

Matthew Hardman — Wed, 28 May 2008 05:45:16 GMT

I know a lot of people get annoyed by the UAC feature in Windows Vista, but here is a reason to inspire new love for this protective prompt.

" Love or hate its nagging prompts, Vista's Account Control feature (UAC) has a security feature that marks it out from any other type of Windows security programme -- it can spot rootkits before they install."

"The results for Vista products were harder to assess because only six rootkits could run on the OS, but the testers had to turn off UAC to get even this far. Vista's UAC itself spotted everything thrown in front of it."

PC World - Business Center: Vista's Despised UAC Nails Rootkits, Tests Find

Microsoft Malware Protection Center - Security Intelligence Report

Matthew Hardman — Wed, 07 May 2008 05:38:58 GMT

Microsoft recently released its Security Intelligence Report Version 4 on April 22 at the Infosecurity Europe event in London. This is no light reading folks, its a big report about 104 pages long, but there are some really interesting facts inside...

Malicious Software Removal Tool (MSRT) data shows that the infection rate for Windows Vista–based computers is
60.5 percent less than that of computers running Windows XP SP2, and 91.5 percent
less than the infection rate for Windows XP with no service packs installed.
Microsoft has filed nearly 250 legal actions worldwide against spammers, often working
with law enforcement officials in the United States, Europe, the Asia-Pacific region,
and South America.
Phishing is still predominantly an English-language phenomenon. Typically,
75–80 percent of the active phishing pages tracked by the Microsoft Phishing Filter
at a given moment in 2H07 were English-language pages.

There is also some interesting data on what sort of detections Windows Live Care came across on Software...

This is where you really need to be careful of pirate software. A report from IDC iterated the risks of pirate software in the enterprise, some of the points from that report highlight this;

25% of the Web sites we accessed offering counterfeit product keys, pirated
software, key generators or crack tools attempted to install either malicious or
potentially unwanted software. There are a significant number of sites that will
attempt to install malicious or unwanted code.
11% of the key generators and crack tools downloaded from Web sites and 59%
of the key generators and crack tools downloaded from peer-to-peer networks
contained either malicious or potentially unwanted software. There is a significant amount of malicious or unwanted code to be found in key generators
and crack tools.
The cost to organizations to recover from a single incident of malicious software
on a single workstation can run over a thousand dollars. The cost to
organizations from lost or compromised data can run into the tens of thousands
of dollars per incident. The "savings" of using pirated software can be wiped out
with a single security breach.

The IDC report can be found here.

To read more, click the link below and find out more about the research conducted between July 2007 to December 2007, and be aware of the security threats in our industry.

Microsoft Malware Protection Center - Security Intelligence Report

Report: Microsoft fastest to issue OS patches, Sun slowest

Matthew Hardman — Sat, 12 Apr 2008 21:22:35 GMT

Symantec have just released their malware report on security threats in the industry and it is great to see that results are in showing that Microsoft is the fastest in the industry to issue operating system patches to help protect customers from vulnerabilities.

You can get the report from the link below...

Report: Microsoft fastest to issue OS patches, Sun slowest

I think this goes a long way to demonstrating that the investment we have made in the trustworthy computing initiative is enabling us to ensure the protection of our customers is a key priority, and these investments have enabled us to be more agile when responding to threats on the Windows platform.

Jeff Jones Security Blog : Download: Windows Vista One Year Vulnerability Report

Matthew Hardman — Thu, 24 Jan 2008 08:53:56 GMT

Hey everyone,

Wanted to point you to a report produced by a colleague of mine about Vista vulnerabilities one year after release. It is an in-depth report that compares Windows Vista against Windows XP, Linux and other OS'es.

Good news is that our investments in security in our Software Development Lifecycle are really paying off and the outcome is software that has less vulnerabilities for people to take advantage of.

Check it out at the following link

Jeff Jones Security Blog : Download: Windows Vista One Year Vulnerability Report

Social Engineering

Matthew Hardman — Mon, 21 Jan 2008 06:16:21 GMT

Social engineering is a very real problem in today's enterprise world. To get an understanding of what Social Engineering is, check out the following video.

As they say the chain is only as strongest as the weakest link, so we can all do our part to ensure that we don't become the weakest link, and be mindful of these types of attacks.

For more information on Social Engineering click on the following link http://www.microsoft.com/protect/yourself/phishing/engineering.mspx

Thanks

Matty H

Top 5 security-menace predictions for 2008 - Network World

Matthew Hardman — Mon, 19 Nov 2007 13:34:59 GMT

Interesting article from Network World on the Top 5 security menace predictions of for 2008. In order

Bot Evolution
Web Threats (Aimed not only at unsuspecting visitors to social networking sites, such as MySpace, but any type of site or corporate web page)
Mobile Threats
Virtual Worlds (Think Second Life, World of Warcraft, Lineage etc....)
Upcoming US Presidential Election

Top 5 security-menace predictions for 2008 - Network World

Unfortunately the most secure computer in the world is one that is disconnected, un-powered and buried under 100 tonnes of concrete, so while we use computers for all sorts of activities in a connected environment we are always going to be at risk, so I think people should be thinking about security almost as a risk mitigation exercise.

If you are a consumer, always run anti-virus software, always have your firewall on, always run Spyware and Malware protection. As a consumer one of the things you can look at is Windows Live OneCare, which encompasses Antivirus, Anti-Phishing, Antispyware etc.. You can check it out here at http://onecare.live.com/standard/en-us/default.htm, and get a free 90 day trial.

Also check out the Microsoft Security at Home site to keep yourself up to date on how to protect your computer, yourself and your family http://www.microsoft.com/protect/default.mspx.

Sneak Peak - How to use Windows Server 2008 Core for PHP, MySQL

Matthew Hardman — Mon, 19 Nov 2007 10:16:48 GMT

I challenged Dennis Chung (my counterpart in the security bytes video, and one of the smartest guys I know when it comes to IT) recently to see what kind of usage scenarios we could use Windows Server 2008 Core. For those of you who are unaware of what Server Core is, it is an installation type for Windows Server 2008 that provides a minimal environment for running specific tasks. Having a minimal environment means a reduce maintenance, reduced management, reduced attack surface and less disk space required.

We decided to focus on the web app environment specifically looking at applications built using PHP and MySQL, so we picked on WordPress which is considered one of the more popular PHP applications. In case you weren't aware, Windows Server 2008 and 2003 (via a download) supports a technology called FastCGI the explanation can be found here http://www.iis.net/default.aspx?tabid=1000051, but essentially it enables application frameworks like PHP to be run on IIS in a performant and reliable way.

I wont run through the process of getting it setup, as Dennis is building an article on how to do that, but the cool thing was he was able to install Windows Server 2008 Core, set up the Web Server Role, install MySQL and PHP and get the application installed, configured and up and running in less that 30 minutes.

After we got things up and running we sat back and had a think about what was possible with this.

We could look at automating much of this process through the use of batch files, as its all done through command line. This has the benefit of you being able to configure the server inline with the regulations of your IT environment.
If we did what was in 1., we could essentially build a network location that stored a whole heap of these batch files, which would essentially enable servers on demand in your network.
As we did for our Windows Server Core, these could be provisioned and setup on demand in a virtualized environment, so as the load increases on your application, or your needs change, you could create, configure and get up and running servers in minimal time.

I am really excited about what Dennis has been able to do with this, and I hope you have a read of his blog (http://windowsmvp.spaces.live.com), I know its one of the largest post's he has done to date!!!

Security Bytes 02 - Automated Patch Management... FREE!!!

Matthew Hardman — Tue, 13 Nov 2007 11:21:23 GMT

Technorati Tags: Security,Security Bytes

As our IT environments continually grow in size both on the client and server side, patch management becomes a more complex task. While at Microsoft we try to ensure that we release patches on a predictable schedule so you can test for compatibility, the process of rolling out those patches can be a complex one.

This was echoed in the recent question sent in to us from a customer with a large number of desktops here in Singapore... so enjoy.

If you want to read up more on the technology discussed in this episode, then check out http://technet.microsoft.com/en-us/wsus/default.aspx.

Keep those questions coming in!!!

matthard@microsoft.com

Security Bytes 01 in Silverlight

Matthew Hardman — Fri, 26 Oct 2007 08:28:58 GMT

Technorati Tags: Security,Security Bytes

One of the pieces of advice I got from some people that had seen the video was to try out using Silverlight streaming. So after installing Expression Encoder I encoded the file, uploaded to the streaming service at http://streaming.live.com. I wont go through the process, you can check it out here at http://www.viawindowslive.com/Articles/SilverlightStreaming/YourvideotoSilverlightStreaming101.aspx

And here is the video...

Please let me know which format works better for you...

Matty H