The January issue of TechNet Magazine has an article I wrote about how to hack a system using autoplaying USB flash drives. While it is not possible to stop all attacks from USB tokens, Vista does include some interesting protective measures. However, the autoplay decision flow in Vista is quite convoluted...
Rarely (if ever- I’ll have to do some research and find out) does Microsoft have 2 back-to-back months of Security Bulletin floods. This month was no exception. In August, Microsoft released 9 Security Bulletins, 6 of which were deemed Critical. For September though, Microsoft was kind and there...
In Vista, Internet Explorer gets the benefit of some added security. Using WIC (Windows Integrity Control), Vista treats files and processes associated with Internet Explorer as Low integrity as long as it is running in Protected Mode. Internet Explorer Protected Mode is enabled by default and ensures...
Posted to
Tony Bradley, Microsoft MVP
(Weblog)
by
tonybradley
on
02-06-2007
Filed under: internet, windows vista, security, internet explorer, ie7, protected mode, object, mandatory integrity control, trust, windows integrity control
With Vista, Microsoft introduced a new security concept to help protect your computer. Rather than relying on discretionary controls, like NTFS file and folder permissions which users can assign and change, Vista also has new mandatory controls. WIC, or Windows Integrity Control (also referred to as...
Posted to
Tony Bradley, Microsoft MVP
(Weblog)
by
tonybradley
on
02-05-2007
Filed under: internet, windows vista, microsoft, security, user, internet explorer, ie7, web, protected mode, wic, object, mandatory integrity control, trust, windows integrity control, mic
With Windows Vista set to be unleashed on the consumer market in about a week, there is going to be a need for security and antivirus products. Although Vista is the most secure version of the Windows operating system yet, that doesn't mean it is impenetrable. Users still need to take basic security...
Posted to
Tony Bradley, Microsoft MVP
(Weblog)
by
tonybradley
on
01-24-2007
Filed under: windows vista, microsoft, security, firewall, antivirus, virus, f-secure, worm, ca, mcafee, trend micro, beta, windows live onecare
In recent months I have been contacted more frequently by the media, mostly as a result of marketing efforts for my latest book, Essential Computer Security . I was invited to guest on the IMI-TechTalk radio show at the end of November, and this past week I was invited to guest on the local Detroit Fox...
Posted to
Tony Bradley, Microsoft MVP
(Weblog)
by
tonybradley
on
01-14-2007
Filed under: home computer, windows vista, windows xp, security, user, essential computer security, imi-techtalk, tv, radio, fox news, Tom D'Auria, interview, alan lee
If you wanted to test the security of your headquarters housed in a volcanic crater on a remote island, who better to check it out than James Bond? Microsoft apparently used similar logic to validate and test the security measures built in to the new Vista operating system. According to a report at the...
Companies understand the importance of data. Hardware and software can be replaced, but lost data can't. Those companies that don't truly understand the value of consistently backing up critical data are probably mandated to do so anyway by one of the various regulatory requirements such as Sarbanes...
Less than a month from its official release to corporate customers, a vulnerability was already discovered that affects Vista. According to Microsoft and others, the vulnerability can only be exploited if an attacker already has access to the system, meaning they would need to be physically sitting in...
Posted to
Tony Bradley, Microsoft MVP
(Weblog)
by
tonybradley
on
01-03-2007
Filed under: internet, windows vista, microsoft, security, flaw, vulnerability, patch, hyponnen, f-secure, worm, hack
Microsoft continues to make security a priority and a primary development focus, but being a priority focus is not a guarantee of perfection. Windows Vista is still in Beta testing, but it was found that two of the patches released with the August Security Bulletins also affect Vista. Microsoft created...