Disclaimer: For a number of years, I have been very critical of Microsoft’s relatively poor security posture. Nevertheless, I have applauded Microsoft when it took positive steps (like XP SP2). But since that time, I have joined Microsoft. That doesn’t mean that you should discount my commentary. Rather, you should accept it with a modicum of skepticism.
I have been with Microsoft for over two weeks. That’s insufficent time to render a judgement on the company’s actions. However, it is sufficent time to assess what I’ve seen.
1. Microsoft is taking code security very seriously. I spent almost ten hours in conference sessions devoted to the security aspects of our new product line. I have walked away with the knowledge that code will not be shipped if it does not meet minimum code standards.
2. Microsoft is engaging a much wider pre-availability audience. This includes public betas and wide technology previews. Some of this is to tantalize our customers with the new features of our products. But most of this effort is designed to leverage the “many eyes” concept to promote higher code quality.
3. Microsoft is dedicated to securing resources within the company. When I arrived on site, I was issued a smart card that is used to encrypt objects and data streams on my laptop. That doesn’t sound like much. But let me tell you that some corporations will not take these steps simply because they require an incrmental investment. And Microsoft is willing to make that investment rather than risk corporate assets. BTW, I have used a number of VPN and encryption products in the past. But the Microsoft deployment is incredibly simple.
4. During the TechReady conference, I spoke with members of the Vista development team. They highlighted the importance of the Trusted Platform Module (TPM) infrastructure. And Vista will take full advantage of the TPM 1.2 infrastructure. In the meantime, I’ve determined that my new tablet supports TPM 1.1. So I’ve enabled the TPM infrastructure on my system. And I’ve set aside a USB thumb drive for the storage of my H/W certificate. At the same time, I’ve installed the Toshiba TPM software so I can test the current (Windows XP) support. So far, I’m impressed with what Microsoft and the hardware vendors have come up with. I can encrypt columes and/or directories using hardware encryption. More importantly, the TPM sub system keeps trakc of the H/W and S/W platform. And the system will not boot if any tampering is detected. In short, the anti-theft measures are impressive. I can’t way to see how this is integrated into the core OS.
-CyclingRoo-
Tags: Windows Vista , trusted platform