Dec 25, 2015
Networks wormsNetworks worms
Denial of ServiceDenial of Service
Phishing / Social Phishing / Social EngineeringEngineering
BotnetsBotnets
RootkitsRootkits
Technically-oriented Technically-oriented social engineering social engineering attacksattacks
Cross-device attacksCross-device attacks
Financially Financially motivated motivated
attacksattacks
Specific Specific target attackstarget attacks
Broadcast attacksBroadcast attacks
Service Pack 2
More than 260 million copies distributed; Enterprise More than 260 million copies distributed; Enterprise deployment at 61%deployment at 61%15 times less likely to be infected by malware15 times less likely to be infected by malwareSignificantly fewer important & critical vulnerabilitiesSignificantly fewer important & critical vulnerabilities
Malicious Software Removal Tool
2B total executions; 200M per month2B total executions; 200M per monthFocus on most prevalent malwareFocus on most prevalent malwareDramatically reduced the # of Bot infectionsDramatically reduced the # of Bot infections
Most popular download in Microsoft historyMost popular download in Microsoft historyHelps protect more than 25 million customersHelps protect more than 25 million customersGreat feedback from SpyNet participantsGreat feedback from SpyNet participants
As of February 2006As of February 2006
Security configuration wizardSecurity configuration wizardMore secure by design; more secure by defaultMore secure by design; more secure by defaultMore than 4.7 million downloadsMore than 4.7 million downloadsService Pack 1
Trust EcosystemTrust Ecosystem
EngineeringEngineeringfor Securityfor Security
SimplicitySimplicity
FundamentallyFundamentallySecure PlatformsSecure Platforms
IndirectionIndirectionServicesServices
IdentityIdentityServicesServices
ReputationReputationServicesServices
Threat modelingThreat modelingCode inspectionCode inspectionPenetration testingPenetration testing
Unused features off by Unused features off by defaultdefaultReduce attack surface areaReduce attack surface areaLeast PrivilegeLeast Privilege
Prescriptive guidancePrescriptive guidanceSecurity tools Security tools Enterprise managementEnterprise management
Security that Security that just worksjust works
Make it easier to Make it easier to write secure codewrite secure code
Simplify Simplify enterprise enterprise security security
managementmanagementVisibility, control Visibility, control and contextand context
Consistent and Consistent and integrated integrated managementmanagement
Common APIsCommon APIsTools and servicesTools and services
Unified Audit across applicationsUnified Audit across applications
Policy-based access controlPolicy-based access control
Trust-based multi-factor authenticationTrust-based multi-factor authentication
Protection technologies that enable isolationProtection technologies that enable isolation
WS-* Web WS-* Web ServicesServicesArchitecturArchitecturee
Anti-spam and anti-phishingAnti-spam and anti-phishingAnti-malware and anti-spywareAnti-malware and anti-spywareIdentity MetasystemIdentity Metasystem
Broad partnershipsBroad partnershipsPublic policy Public policy Industry standardsIndustry standards
Technology InnovationsTechnology Innovations
Industry CollaborationIndustry Collaboration
64-Bit Driver Signing64-Bit Driver SigningWindows DefenderWindows Defender
Info CardInfo CardPlug and Play Plug and Play SmartcardsSmartcardsCertificate Lifecycle Certificate Lifecycle ManagerManager
High Assurance High Assurance SSL CertificatesSSL CertificatesAnti PhishingAnti PhishingAnti SpamAnti Spam
Network Access Network Access ProtectionProtectionIPSecIPSec
Dynamic protection against fraudulent WebsitesDynamic protection against fraudulent Websites
33 “checks” to protect users from phishing scams “checks” to protect users from phishing scams Compares web site with local list of known legitimate sitesCompares web site with local list of known legitimate sites
Scans the web site for characteristics common to phishing sites Scans the web site for characteristics common to phishing sites
Double checks site with online Microsoft service of reported Double checks site with online Microsoft service of reported phishing sites phishing sites updated several times every hourupdated several times every hour
Level 1: Warn Suspicious Website
Signaled
Level 2: Block Confirmed Phishing Site
Signaled and Blocked
Two Levels of Warning Two Levels of Warning and Protection in IE7 and Protection in IE7
Security Status Bar and Security Status Bar and MSN Search ToolbarMSN Search Toolbar
Microsoft’s Security Development LifecycleMicrosoft’s Security Development LifecycleUpdated periodicallyUpdated periodicallyEvangelized internally through trainingEvangelized internally through trainingVerified through pre-ship accountabilityVerified through pre-ship accountability
Shared with ISV and IT development partnersShared with ISV and IT development partnersDocumentation and training Documentation and training Learning Paths for SecurityLearning Paths for SecurityActive community involvementActive community involvement
Automated with tools in VS 2005Automated with tools in VS 2005PREfastPREfastFxCop FxCop
Code Quality (Quality Gates)
Banned API Removal & SAL Annotations
Weak Crypto Removal
Giblets Initiative
Threat Model Reviews
Featu
re R
evie
ws
Pen
etra
tion T
estin
g
Specia
l Pro
jects
Security that Security that just worksjust works
Make it easier to Make it easier to write secure codewrite secure code
Simplify Simplify enterprise enterprise security security
managementmanagement
Windows Vista Windows Vista Security CenterSecurity CenterWindows Windows OneCare LiveOneCare LiveInfo CardInfo Card
Active Directory Active Directory IntegrationIntegrationWindows Server Windows Server Updates ServicesUpdates ServicesMicrosoft Microsoft Client ProtectionClient Protection
Visual Studio 2005Visual Studio 2005SDLSDLPublishing Publishing best practicesbest practices
Prioritizes data Prioritizes data to help focus to help focus
resources on the resources on the right issuesright issues
Maximizes the Maximizes the value of value of existing existing
investments investments
Guards against Guards against current and current and emerging emerging
malware threatsmalware threats
Provides businesses the control they need to protect Provides businesses the control they need to protect against current and emerging malware threatsagainst current and emerging malware threats
Tools facilitate creating secure applicationsTools facilitate creating secure applications
Static AnalysisStatic Analysis
Scan your code for Scan your code for security vulnerabilitiessecurity vulnerabilities
Seamlessly create Seamlessly create applications for a applications for a
custom zonecustom zone
Create non-admin appsCreate non-admin apps Secure by DefaultSecure by Default
Use features like Use features like the /GS switch and the /GS switch and
SafeCRT libraries to SafeCRT libraries to create secure appscreate secure apps
Protect Data from Protect Data from Unauthorized Unauthorized
ViewingViewing
Enable Secure Enable Secure Access to Access to
InformationInformation
Protect Against Protect Against Malware and Malware and
IntrusionsIntrusions
BitLocker Drive EncryptionBitLocker Drive EncryptionEFS Smartcard key storageEFS Smartcard key storageRights Management clientRights Management client
IE Protected ModeIE Protected ModeWindows DefenderWindows DefenderService HardeningService Hardening
User Account ControlUser Account ControlImproved Smartcard supportImproved Smartcard supportPervasive KerberosPervasive Kerberos
Protected ModeProtected Mode reduces severity of threats reduces severity of threatsEliminates silent malware installEliminates silent malware installIE process ‘sandboxed’ to protect OSIE process ‘sandboxed’ to protect OSDesigned for security Designed for security andand compatibility compatibility
Protected ModeProtected Mode
UserUser
ActioActionn
IEIECacheCache My Computer (C:)My Computer (C:)
BrokerBrokerProcessProcess
Low RightsLow Rights
Windows DefenderWindows Defender provides ongoing provides ongoingmalware protection malware protection
Detection, removal, and real-time blocking of spyware Detection, removal, and real-time blocking of spyware and other potentially unwanted softwareand other potentially unwanted softwareProtection of OS extensibility pointsProtection of OS extensibility points
Windows Service Hardening Windows Service Hardening reduces attack surface areareduces attack surface area
Runs services with reduced privilegesRuns services with reduced privileges
Services have profiles for allowed file system, registry, and Services have profiles for allowed file system, registry, and network activities that are enforced by the firewall and ACLsnetwork activities that are enforced by the firewall and ACLs
User Account ControlUser Account Control
Goal: allow businesses to move to a better-managed Goal: allow businesses to move to a better-managed desktop and consumers to use parental controlsdesktop and consumers to use parental controls
Make the system work well for standard usersMake the system work well for standard usersAllow standard users to change time zone and power management Allow standard users to change time zone and power management settings, add printers, and connect to secure wireless networkssettings, add printers, and connect to secure wireless networksHigh application compatibilityHigh application compatibilityMake it clear when elevation to admin Make it clear when elevation to admin is required and allow that to happen is required and allow that to happen in-place without logging offin-place without logging offHigh application compatibility with High application compatibility with file/registry virtualizationfile/registry virtualization
Administrators use full Administrators use full privilege only for administrative privilege only for administrative tasks or applicationstasks or applicationsUser provides explicit consent User provides explicit consent before using elevated privilegebefore using elevated privilege
ScenarioScenario RMSRMS EFSEFS BitLockerBitLocker
Protect my information outside my direct Protect my information outside my direct controlcontrol
Set fine-grained usage policy on my Set fine-grained usage policy on my informationinformation
Collaborate with others on protected Collaborate with others on protected informationinformation
Protect my information to my smartcardProtect my information to my smartcard
Untrusted admin of a file shareUntrusted admin of a file share
Protect my information from other users Protect my information from other users on a shared machineon a shared machine
Lost or stolen laptopLost or stolen laptop
Physically insecure branch office serverPhysically insecure branch office server
Local single-user file & folder protectionLocal single-user file & folder protection
Jen FieldJen FieldSenior Product ManagerSenior Product ManagerSecurity ProductsSecurity Products
Windows Vista SecurityWindows Vista Security
RoadmapRoadmapS
ervi
ces
Ser
vice
sP
latf
orm
Pla
tfor
mP
rodu
cts
Pro
duct
s
Frontbridge Frontbridge Federation ServicesFederation ServicesCertificate ServicesCertificate Services
ISA Server 2004ISA Server 2004Sybari AntigenSybari AntigenActive Directory with Group Active Directory with Group PolicyPolicyWindows Rights Management Windows Rights Management ServicesServicesMicrosoft Identity Integration Microsoft Identity Integration Server 2003Server 2003Data Protection Manager 2006Data Protection Manager 2006
Windows XPSP2Windows XPSP2Windows Server 2003 SP1Windows Server 2003 SP1Anti-malware toolsAnti-malware toolsMicrosoft UpdateMicrosoft UpdateWindows Server Windows Server Update ServicesUpdate ServicesSmartcard SupportSmartcard SupportEncrypted File SystemEncrypted File SystemVPN AccessVPN Access
Windows OneCare LiveWindows OneCare Live
Microsoft Client Microsoft Client ProtectionProtectionMicrosoft Antigen Anti-Microsoft Antigen Anti-virus and Anti-spam for virus and Anti-spam for messaging and messaging and collaboration serverscollaboration serversISA Server 2006ISA Server 2006WinFXWinFX
Windows VistaWindows VistaWindows DefenderWindows DefenderWindows Presentation Windows Presentation Foundation “XPS”Foundation “XPS”Authorization Manager Authorization Manager EnhancementsEnhancementsWindows Communication Windows Communication FoundationFoundationImproved Smartcard supportImproved Smartcard supportInfo CardInfo Card
Next generation of services Next generation of services
Microsoft Identity Integration Microsoft Identity Integration Services “Gemini”Services “Gemini”Microsoft Certificate Lifecycle Microsoft Certificate Lifecycle ManagerManagerActive Directory Rights Active Directory Rights Management ServicesManagement ServicesContent filtering servicesContent filtering servicesNext generation Active DirectoryNext generation Active DirectoryNext generation security products Next generation security products
Windows “Longhorn” Server Windows “Longhorn” Server Network Access ProtectionNetwork Access ProtectionIPSec EnhancementsIPSec EnhancementsAudit Collection ServicesAudit Collection Services
Support the Trust Support the Trust Ecosystem through Ecosystem through
accountable identitiesaccountable identities
Embrace secure Embrace secure coding practicescoding practices Drive for SimplicityDrive for Simplicity
Develop products, services, Develop products, services,
and platforms using and platforms using standards and standards and best practices best practices