Neil MacDonald

In my previous post, I stated this:
One important note: Because many of the more popular security features such as BitLocker, BitLocker To Go, AppLocker, DirectAccess and so on require EA/SA, the cost of EA/SA must be factored into any cost-benefit analysis of migration. If you don’t already have EA/SA, this can be a significant expense.
Since [...]

[Read more →]

I haven’t posted in a while – I was preparing for and attending Gartner’s US Fall Symposium conference in Orlando which wrapped up yesterday. Coincidentally, yesterday was also the official launch of Windows 7.
As I talked about here, there are things that organizations can do today to improve the security of their endpoints that don’t [...]

[Read more →]

I’m working on a detailed research note providing clients specific guidance on planning and deploying the 15 or so security features of Windows 7.
Two things you can do now to improve Windows security (regardless of your deployment timeframes for Windows 7):
1) Get off of IE6. I don’t care if you go to IE7, IE8, Firefox, [...]

[Read more →]

In a previous post, I discussed VMware’s differentiated message of choice in Cloud-computing infrastructure. That post talked primarily about enabling infrastructure as a Service (IaaS) providers (using the same technology VMware delivers for enterprises) to build and deliver flexible infrastructure services with scalable networking, storage and compute underneath.
But what about the ability to support newly [...]

[Read more →]

Mostly for legacy reasons, many of us continue to run users with administrative privileges on their Windows workstations.
Running as standard user reduces exposure to malware by preventing users from updating protected parts of the file system and registry or accessing sensitive Windows operations. An analysis by BeyondTrust showed that 92% of the critical Windows vulnerabilities [...]

[Read more →]

After the latest financial results were announced by Microsoft (including the first year over year revenue decline in its history), I heard an increase in the comments from press and some analysts along the lines of ‘Microsoft has hit its peak’.
Don’t underestimate Microsoft.
Microsoft is at its best when it is threatened. Time and time again, [...]

[Read more →]

I’m just back from a vacation after the Gartner Information Security Summit. More on that later.
While on the trip, twice I had a better experience with Microsoft’s Bing search than with Google search. Both times, I has a specific goal in mind: find a hotel for the family (with three children!) with an indoor [...]

[Read more →]

I saw today on this website that Microsoft has released the beta offering of its free consumer-oriented antivirus/antispyware protection solution called Microsoft Security Essentials (MSE – previously code-named “Morro”). The offering is available to the first 75,000 visitors to the site starting today. Gartner’s full analysis and advice for clients will be available shortly, but [...]

[Read more →]

What seems like a yes or no question is not quite so straightforward. There are at least 5 levels to this discussion.
1. Secure coding. Yup. No doubt, Microsoft should produce secure code. We should demand this from all of our software providers.
2. Security functionality in the platform at no cost. Yup. Absolutely. We should [...]

[Read more →]

In a previous post, I discussed that many people I talk with about virtualization and security are skeptical that the threat against hypervisors and virtual machine monitors is real. They point to the lack of a publicly disclosed breach that was caused by an attack on the virtualization layer as evidence that such attacks are [...]

[Read more →]