Skip Links

DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Data Center

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library.  Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Audio

Don't get 'Green Scammed'. Listen now!

Network World's Newsmaker of the Week

Cisco opens ISR routers to developers; SaaS providers cut costs with open source. Listen now!

Network World 360

Additional Resources

RSS

FEATURED WHITEPAPERS

Edison Group TCO White Paper HP

Edison analysts put the management software of an HP EVA system through a series of typical day-to-day storage management tasks. The same tasks were also evaluated on similar systems from NetApp and EMC. This study demonstrates how the superior user interface and virtualization offered by the HP EVA storage system can provide organizations with the benefits of higher administrative efficiency combined with the potential ability to utilize less expensive human resources.

RSS

FEATURED REPORTS

Executive Guide: Storage Heats Up HP

Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.

RSS

FEATURED WEBCASTS

Get Real-world Advice on how to Cost Effectively Consolidate your Data Center Novell

Discover the benefits of paravirtualization in this informative webcast today. This server virtualization-themed webcast not only explores how to improve virtualized server performance, but provides real-world user examples, explains how to optimize workloads and discusses the future of server virtualization. Focus on only the themes that interest you or watch all six consecutively for a full picture of how you can lower your costs significantly through consolidation and virtualization. Register below to learn more and be entered to win an Archos 605 Portable Media Player.

IT Buyer's Guides

View All Buyer's Guides

Free Newsletters

Sign up and receive the latest news, reviews and trends on your favorite technology topics

Save The Date!
What They Are Saying

You can find related project managemen articles in - Anonymous

Join the Discussion

Partner Content

Explore the Ultrium Edge

The powerful tape technology can address data security with tape encryption as well as long term data protection.

Find out more

Disk and Tape Square Off

Discover what disk and tape really cost -- and which solution provides lower total cost of ownership and optimizes energy use for your organization

Download the White Paper

Don't Fall For The Myths

The Clipper Group explores the truth behind the myths of tape, digging into the misconceptions in the disk vs. tape debate.

Download the White Paper

Will You Add Tape Too?

Over two thirds of disk-only users look to add tape back into storage infrastructure according to recent survey.

Download Survey Information

What spooks Microsoft's chief security advisor

Application exploits, virtualization security are big concerns
By Bob Brown , Network World , 03/26/2008
  • Social Web 
  • Email 
  • Feedback 
  • Close

BOSTON -- Microsoft's U.S. general manager/chief security advisor for its National Security Team thinks like a true security professional: In every bit of good news, Bret Arsenault wonders what bad news could be lurking behind it.

Speaking at the Boston SecureWorld conference Wednesday, the 19-year Microsoft veteran whose job includes protecting enterprises, developers and Microsoft itself said there actually is plenty of good news on the security front. For example, his outfit scans a half million devices (with customer permission) per month and in the first half of last year saw the first period-over-period decline in new vulnerabilities disclosed across Microsoft and non-Microsoft software since 2003.

However, 3,400 new vulnerabilities were discovered and “it’s still a big number,” Arsenault says. “So if vulnerability rates are down, where are they?”

One trend that pops out is that attackers are increasingly laying off operating systems and exploiting applications instead. One reason for this, Arsenault says, is that vendors like Microsoft, Apple and Red Hat have done a good job in recent years securing the IP stack and operating system.

Arsenault pointed out that the first operating system hardening guide Microsoft wrote for Windows 2000 came 18 months after shipment of the product; the next (for XP Service Pack 2) was within 90 days of product shipment. With Vista and other new products, Microsoft ships the hardening guide along with the product. “On the application side, on the other hand, we’re very far behind,” Arsenault said (though he said the Office 2007 hardening guide is very solid, even if it did take a year-plus to release it).

“You have your classic arms escalation race between the hackers and the people who are trying to protect [software], so [the hackers] go after the easiest target that’s least protected,” Arsenault said. “The application space is the next space in the model they’re going after,” and he sees this continuing to be the case for at least the next few years. And Arsenault is talking about Office as well as CRM, ERP and other programs that contain the sorts of data that financially motivated hackers crave.

1 | 2 | 3 | 4 |  Next >
Comments (3)
Login
Forgot your account info?

Let's get realBy Anonymous on March 27, 2008, 10:04 amThis group is suppose to protect Microsoft, ie, the end users. But with every new release, there seems to be more bugs/security risks. What is there process? release,...

Reply | Read entire comment

airbags?By Anonymous on March 27, 2008, 9:43 amHe's actually going to spend major bucks to put airbags in a 16 year old Toyota???

Reply | Read entire comment

Microsoft's chief security dude fears the new stuffBy Microsoft Subnet on March 26, 2008, 7:48 pmThe comment by Microsoft's Bret Arsenault is classic. He is concerned about security issues with Web 2.0, Web services and software as a service. “They all...

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.
First Name
Last Name
E-mail
Zip Code