What’s Next for Microsoft Security ?. Kai Axford, CISSP, MCSE-Security IT Pro Evangelist Microsoft Corporation firstname.lastname@example.org. Malicious Software Removal Tool. What’s Next for Security? Our Security Progress so far ….
Kai Axford, CISSP, MCSE-SecurityIT Pro Evangelist
What’s Next for Security?Our Security Progress so far…
More than 260 million copies distributed. Enterprise deployment at 61%
15 times less likely to be infected by malware
Significantly fewer important & critical vulnerabilities
Service Pack 2
Security Configuration Wizard
More secure by design; more secure by default
More than 4.7 million downloads
Service Pack 1
Most popular download in Microsoft history!!
Helps protect more than 25 million customers
Great feedback from SpyNet participants
2B total executions; 200M per month
Focus on most prevalent malware
Dramatically reduced the # of Bot infections
As of February 2006
Services run with reduced privilege compared to Windows XP
Designed to block attempts by malicious software to make a Windows service write to an area of the network, file system, or registry that isn’t part of that service’s profile
Windows VistaWindows Service Hardening: Defense in depth
Social Engineering Protections
Phishing Filter and Colored Address Bar
Dangerous Settings Notification
Secure defaults for International Domain Names (IDN)
Protection From Exploits
Unified URL Parsing
Code quality improvements (SDL)
Protected Mode to prevent malicious software
Designed specifically to prevent a thief who boots another Operating System or runs a hacking tool from breaking Windows file and system protections
Provides data protection on your Windows client systems, even when the system is in unauthorized hands or is running a different or exploiting Operating System
Uses a v1.2 TPM or USB flash drive for key storage
Windows VistaBitLocker™ Drive Encryption
What is Microsoft Certificate Lifecycle Manager?
Certificate Lifecycle ManagerArchitectural Overview
Server Side -
Authentication and Authorization
FrontBridge E-mail Filtering Services
Antigen for SMTP Gateways
Advanced Spam Manager
Antigen for Exchange
Microsoft Secure MessagingMulti-Layer Secure Messaging
FrontBridgeE-mail Complexity Requires Flexibility
Interception-based message archiving
Customized report generation for demonstrating compliance
Fully-indexed, searchable archive
Rapid deployment to meet deadlines or immediate needs
Full e-mail encryption
No public and private key management
Gateway, policy-based e-mail encryption
Uninterrupted e-mail accessibility
Rapid recovery from unplanned disasters and network outages
30-day historical e-mail store
Antigen for SMTP/Exchange
The MS Antivirus engine will be provided in the first Microsoft-branded version of Antigen
Sober.P Virus Detection TimeMay 2, 2005 (GMT)
January 2005 Updates
Time of DayHour : Minute
AV-Test.org Feb. 2005
Note: the chart (left) represents a single virus outbreak only. It does not represent average response times for the listed antivirus labs.
AV-Test.org May 2005
Exchange Site 1
Exchange Front End
Exchange Site 2
Exchange Public Folder Server
Exchange Mailbox Server
Microsoft AntigenAntigen for Exchange
Causing loss of productivity and financial loss
Virus entering the enterprise by:
Source: Virus Attack Costs are Rising –Again. Computer Economics, Inc. Sept 2003.
IT Administrators looking for tools to:
May I have a DHCP address?
May I have a health certificate? Here’s my SoH.
Here you go.
Issue health certificate.
Here’s your health certificate.
You don’t get a health certificate! Get updates!
I need updates.
Accessing the network
Here you go.
External Web Site
ISA 2006 Appliance
ISA Server 2006Web Access Protection
External Attack Resilience
Internal Attack Resilience
Over 1,500 IT Pro’s visited security content on Microsoft.com
250 customers downloaded Windows Server 2003 SP1
Over 50,000 users ran the Malicious Software Removal Tool
2 instances of the Sasser worm were removed
149 Bot infections were found and removed
Over 18,000 additional users installed Windows Defender
~7,500 pieces of spyware and other potentially unwanted software were removed
In the last 30 minutesDid you realize?