I just got back from Tech Ed/ITForum in Barcelona.  I love events like Tech Ed/IT Forum because it really gives me a chance to talk with the people out there working to secure their networks and trying to use our products in more secure ways.  There was a lot of excitement about Vista over there, although I got a universal chewing out regarding the misinterpretation of Jim Allchin's comments regarding AV.  While the general opinion of AV out there seemed to be low, a ton of people were firmly of the position it's a nessesary evil and since not enough people run it already, we shouldn't recommend to anyone that they should not run AV.  As I mentioned before, our general guidance is certainly to still run AV.  But I also think Jim Allchin was right that there can be scenarios where you can re-evaluate if you need it or not.  (This is actually true of many security features when you stop and get past the emotional part of the argument. Would you insist to someone that a machine sitting in a corner not connected to a network MUST have a firewall?)

 

Interestingly, Betanews.com steps up and asks "What if Allchin was right?"

 

If you couldn't make it to beautiful Barcelona for the event, we got you covered. The on-site team created a series of online web content live from the event called "The Virtual Side" The content is great, interviews and excerpts from key notes.  People like Mark Russinovich, Steve Riley, Bob Muglia, David Lowe, and others are interviewed on various topics and items they were presenting about at the event. I have a short segment where I discuss Kernel Patch Protection here. (also on Kernel Patch Protection, Dennis Fisher has written an article on it over at SearchSecurity.  I agree with his conclusion completely.  It's up to us to make sure we live up to our promises. The good news is that things are progressing just fine so far with the API discussions.  It's amazing what you can get done when you just get the engineers together on a problem)

 

Another interesting post this week was over at emergent chaos where Adam Shostack applies some game theory to the reporting of the first Windows Vista vulnerability. 

 

We talked this over as a group at the Vista release party.  We certainly know that given the fact no one can get the code 100% right for any software product in existance, there will be vulns reported against the product. That's not news.  But how does it get reported and whether it's done responsibly or not is an interesting exercise in prediction.  Will it come now? in the window before it's widely available?  Will it come later, from someone who found something during the beta but didnt report it in the hopes we might miss it and they could post a splashy entry on Slashdot for noteriety on the day of release?  Who knows. 

 

I'm very proud of the work we've done in Windows Vista.  I'm especially proud of the fact we knew going into it that as hard as we worked to reduce vulnerabilities in the code, we designed the product under the assumption that someone might find one, and created multiple layers of defense to try and prevent them from being able to take actions with the same impact that they could take on older platforms.

 

Now that Vista is out the door it's down time for Stepto.  I'm out of office until December 13th on vacation.  It's time to play some Gears of War and Call of Duty 3.  I'll jot down some impressions of both games soon, as well as some interesting side topics unrelated to security, like my first foray into iTunes to download TV shows for my recent trip.