by Neil MacDonald | April 8, 2011 | Comments Off
One of the top recommendations I made to increase your security “bang for the buck” in 2011 was to increase the percentage of users that run without administrative access. For clients, we’ve recently published a research note that details the best practices for removing administrator rights from Windows users. One of the best practices is [...]
Comments Off
Category: Microsoft Security Windows 7 Tags: Beyond Anti-Virus, Lockdown, Microsoft Security, Windows
by Neil MacDonald | March 22, 2011 | Comments Off
I’ve spent the past day and a half attending Microsoft’s Management Summit in Las Vegas. From my perspective the announcement that will affect the most enterprises from a security perspective was a change in licensing related to Forefront. Some history — in 2010, Microsoft reorganized the Server and Tools Business Unit placing the Forefront Endpoint [...]
Comments Off
Category: Cloud Cloud Security Endpoint Protection Platform Microsoft Microsoft Security Next-generation Data Center Virtualization Virtualization Security Tags: Cloud Security, Endpoint Protection Platform, Hyper-V, Microsoft, Microsoft Security, Next-generation Data Center, Virtualization, Virtualization Security, Windows
by Neil MacDonald | March 15, 2011 | Comments Off
The conventional wisdom is that a user who is configured with “standard user” privileges (the least possible in Windows 7) cannot install software (or malware for that matter). This is incorrect. Software that writes to the user’s data directory, and that doesn’t write to protected portions of the registry, can install correctly as a standard [...]
Comments Off
Category: Endpoint Protection Platform Microsoft Security Windows 7 Tags: Best Practices, Defense-in-Depth, Endpoint Protection Platform, Lockdown, Microsoft Security, Reducing Cost, Whitelisting, Windows
by Neil MacDonald | January 21, 2011 | Comments Off
In my kick off post for 2011, I talked about the need for IT to expand the depth and breadth of patching. In the follow-on post, I talked about the need to migrate more users to run with standard user (and not administrative level) privileges. One of the challenges to both of these actions is [...]
Comments Off
Category: Application Security Information Security Microsoft Microsoft Security Windows 7 Tags: Application Security, Best Practices, Browser Security, Information Security, Microsoft, Microsoft Security, Windows
by Neil MacDonald | November 15, 2010 | Comments Off
I’m here this week in San Diego at Gartner’s Identity and Access Management Summit. I’ve been associated with Gartner’s identity-related research from 1995 when I joined Gartner to cover Novell and directory services. I’ve atached identity change over the past 15 years. Directory services evolved into metadirectories which evolved into user provisioning which has evolved [...]
Comments Off
Category: Cloud Security Information Security Microsoft Security Virtualization Security Tags: Adaptive Security Infrastucture, Cloud Security, Information Security, Microsoft Security, Next-generation Security Infrastructure, Virtualization Security
by Neil MacDonald | November 9, 2010 | 5 Comments
I presented a session exploring this provocative point of view at Gartner’s US Fall Symposium titled “Why Cloud Computing Will be More Secure Than What You Have Today”. This Wednesday afternoon presentation was a part of Gartner’s “Maverick Track” where presentations that challenge conventional wisdom are provided for clients. If you attended Symposium and weren’t [...]
Category: Cloud Cloud Security Virtualization Security Tags: Cloud Security, Information Security, Microsoft Security, Next-generation Security Infrastructure, symposium, Virtualization Security, Windows
by Neil MacDonald | November 8, 2010 | 2 Comments
In this research note on deploying Windows 7 security features for clients, I explore in detail the security capabilities baked into Windows 7 – AppLocker, BitLocker, BitLocker To Go, the Windows Firewall, USB Port Control and so on. One question I get from clients is whether or not to use the built-in capabilities of Windows [...]
Category: Endpoint Protection Platform Virtualization Virtualization Security Windows 7 Tags: Endpoint Protection Platform, Microsoft Security, Next-generation Security Infrastructure, Virtualization Security, VMware, vSphere
by Neil MacDonald | September 24, 2010 | Comments Off
Microsoft Security Essentials (MSE) is a free consumer offering originally delivered to market in 2009 based on the same engine and anti-malware feeds that are used within Microsoft’s for-fee enterprise-oriented Forefront Endpoint Protection (FEP). I saw this announcement from Microsoft earlier in the week. From the announcement: For this reason, Microsoft is announcing that beginning [...]
Comments Off
Category: Endpoint Protection Platform Microsoft Microsoft Security Tags: Endpoint Protection Platform, Microsoft, Microsoft Security, Reducing Cost, Windows
by Neil MacDonald | September 22, 2010 | 11 Comments
Migrating from IE6 to IE8 is not easy because of legacy web-enabled applications that don’t render correctly on IE8 and vendors that are slow to officially support it. There are a variety of ways to virtualize IE6 to help with this issue, including using application virtualization tools. I originally wrote about the potential issues using [...]
Category: Microsoft Microsoft Security Virtualization Tags: Microsoft, Microsoft Security, Virtualization, Windows
by Neil MacDonald | August 3, 2010 | Comments Off
Last week, Microsoft held its annual financial analyst meeting. The materials presented are available at this link. There are the things you would expect – like Microsoft talking about the success of Windows 7 and IE8. There were a couple of areas that stood out: 1) Microsoft’s Chief Operating Officer, Kevin Turner, explained that Microsoft’s [...]
Comments Off
Category: Cloud General Technology Next-generation Data Center Windows 7 Tags: Cloud Security, Microsoft, Microsoft Security, Windows
