Networks wormsNetworks worms

Denial of ServiceDenial of Service

Phishing / Social Phishing / Social EngineeringEngineering

BotnetsBotnets

RootkitsRootkits

Technically-oriented Technically-oriented social engineering social engineering attacksattacks

Cross-device attacksCross-device attacks

Financially Financially motivated motivated

attacksattacks

Specific Specific target attackstarget attacks

Broadcast attacksBroadcast attacks

Service Pack 2

More than 260 million copies distributed; Enterprise More than 260 million copies distributed; Enterprise deployment at 61%deployment at 61%15 times less likely to be infected by malware15 times less likely to be infected by malwareSignificantly fewer important & critical vulnerabilitiesSignificantly fewer important & critical vulnerabilities

Malicious Software Removal Tool

2B total executions; 200M per month2B total executions; 200M per monthFocus on most prevalent malwareFocus on most prevalent malwareDramatically reduced the # of Bot infectionsDramatically reduced the # of Bot infections

Most popular download in Microsoft historyMost popular download in Microsoft historyHelps protect more than 25 million customersHelps protect more than 25 million customersGreat feedback from SpyNet participantsGreat feedback from SpyNet participants

As of February 2006As of February 2006

Security configuration wizardSecurity configuration wizardMore secure by design; more secure by defaultMore secure by design; more secure by defaultMore than 4.7 million downloadsMore than 4.7 million downloadsService Pack 1

Trust EcosystemTrust Ecosystem

EngineeringEngineeringfor Securityfor Security

SimplicitySimplicity

FundamentallyFundamentallySecure PlatformsSecure Platforms

IndirectionIndirectionServicesServices

IdentityIdentityServicesServices

ReputationReputationServicesServices

Threat modelingThreat modelingCode inspectionCode inspectionPenetration testingPenetration testing

Unused features off by Unused features off by defaultdefaultReduce attack surface areaReduce attack surface areaLeast PrivilegeLeast Privilege

Prescriptive guidancePrescriptive guidanceSecurity tools Security tools Enterprise managementEnterprise management

Security that Security that just worksjust works

Make it easier to Make it easier to write secure codewrite secure code

Simplify Simplify enterprise enterprise security security

managementmanagementVisibility, control Visibility, control and contextand context

Consistent and Consistent and integrated integrated managementmanagement

Common APIsCommon APIsTools and servicesTools and services

Unified Audit across applicationsUnified Audit across applications

Policy-based access controlPolicy-based access control

Trust-based multi-factor authenticationTrust-based multi-factor authentication

Protection technologies that enable isolationProtection technologies that enable isolation

WS-* Web WS-* Web ServicesServicesArchitecturArchitecturee

Anti-spam and anti-phishingAnti-spam and anti-phishingAnti-malware and anti-spywareAnti-malware and anti-spywareIdentity MetasystemIdentity Metasystem

Broad partnershipsBroad partnershipsPublic policy Public policy Industry standardsIndustry standards

Technology InnovationsTechnology Innovations

Industry CollaborationIndustry Collaboration

Stay Safe OnlineStay Safe Online

64-Bit Driver Signing64-Bit Driver SigningWindows DefenderWindows Defender

Info CardInfo CardPlug and Play Plug and Play SmartcardsSmartcardsCertificate Lifecycle Certificate Lifecycle ManagerManager

High Assurance High Assurance SSL CertificatesSSL CertificatesAnti PhishingAnti PhishingAnti SpamAnti Spam

Network Access Network Access ProtectionProtectionIPSecIPSec

Dynamic protection against fraudulent WebsitesDynamic protection against fraudulent Websites

33 “checks” to protect users from phishing scams “checks” to protect users from phishing scams Compares web site with local list of known legitimate sitesCompares web site with local list of known legitimate sites

Scans the web site for characteristics common to phishing sites Scans the web site for characteristics common to phishing sites

Double checks site with online Microsoft service of reported Double checks site with online Microsoft service of reported phishing sites phishing sites updated several times every hourupdated several times every hour

Level 1: Warn Suspicious Website

Signaled

Level 2: Block Confirmed Phishing Site

Signaled and Blocked

Two Levels of Warning Two Levels of Warning and Protection in IE7 and Protection in IE7

Security Status Bar and Security Status Bar and MSN Search ToolbarMSN Search Toolbar

Microsoft’s Security Development LifecycleMicrosoft’s Security Development LifecycleUpdated periodicallyUpdated periodicallyEvangelized internally through trainingEvangelized internally through trainingVerified through pre-ship accountabilityVerified through pre-ship accountability

Shared with ISV and IT development partnersShared with ISV and IT development partnersDocumentation and training Documentation and training Learning Paths for SecurityLearning Paths for SecurityActive community involvementActive community involvement

Automated with tools in VS 2005Automated with tools in VS 2005PREfastPREfastFxCop FxCop

Code Quality (Quality Gates)

Banned API Removal & SAL Annotations

Weak Crypto Removal

Giblets Initiative

Threat Model Reviews

Featu

re R

evie

ws

Pen

etra

tion T

estin

g

Specia

l Pro

jects

Security that Security that just worksjust works

Make it easier to Make it easier to write secure codewrite secure code

Simplify Simplify enterprise enterprise security security

managementmanagement

Windows Vista Windows Vista Security CenterSecurity CenterWindows Windows OneCare LiveOneCare LiveInfo CardInfo Card

Active Directory Active Directory IntegrationIntegrationWindows Server Windows Server Updates ServicesUpdates ServicesMicrosoft Microsoft Client ProtectionClient Protection

Visual Studio 2005Visual Studio 2005SDLSDLPublishing Publishing best practicesbest practices

Prioritizes data Prioritizes data to help focus to help focus

resources on the resources on the right issuesright issues

Maximizes the Maximizes the value of value of existing existing

investments investments

Guards against Guards against current and current and emerging emerging

malware threatsmalware threats

Provides businesses the control they need to protect Provides businesses the control they need to protect against current and emerging malware threatsagainst current and emerging malware threats

Tools facilitate creating secure applicationsTools facilitate creating secure applications

Static AnalysisStatic Analysis

Scan your code for Scan your code for security vulnerabilitiessecurity vulnerabilities

Seamlessly create Seamlessly create applications for a applications for a

custom zonecustom zone

Create non-admin appsCreate non-admin apps Secure by DefaultSecure by Default

Use features like Use features like the /GS switch and the /GS switch and

SafeCRT libraries to SafeCRT libraries to create secure appscreate secure apps

Protect Data from Protect Data from Unauthorized Unauthorized

ViewingViewing

Enable Secure Enable Secure Access to Access to

InformationInformation

Protect Against Protect Against Malware and Malware and

IntrusionsIntrusions

BitLocker Drive EncryptionBitLocker Drive EncryptionEFS Smartcard key storageEFS Smartcard key storageRights Management clientRights Management client

IE Protected ModeIE Protected ModeWindows DefenderWindows DefenderService HardeningService Hardening

User Account ControlUser Account ControlImproved Smartcard supportImproved Smartcard supportPervasive KerberosPervasive Kerberos

Protected ModeProtected Mode reduces severity of threats reduces severity of threatsEliminates silent malware installEliminates silent malware installIE process ‘sandboxed’ to protect OSIE process ‘sandboxed’ to protect OSDesigned for security Designed for security andand compatibility compatibility

Protected ModeProtected Mode

UserUser

ActioActionn

IEIECacheCache My Computer (C:)My Computer (C:)

BrokerBrokerProcessProcess

Low RightsLow Rights

Windows DefenderWindows Defender provides ongoing provides ongoingmalware protection malware protection

Detection, removal, and real-time blocking of spyware Detection, removal, and real-time blocking of spyware and other potentially unwanted softwareand other potentially unwanted softwareProtection of OS extensibility pointsProtection of OS extensibility points

Windows Service Hardening Windows Service Hardening reduces attack surface areareduces attack surface area

Runs services with reduced privilegesRuns services with reduced privileges

Services have profiles for allowed file system, registry, and Services have profiles for allowed file system, registry, and network activities that are enforced by the firewall and ACLsnetwork activities that are enforced by the firewall and ACLs

User Account ControlUser Account Control

Goal: allow businesses to move to a better-managed Goal: allow businesses to move to a better-managed desktop and consumers to use parental controlsdesktop and consumers to use parental controls

Make the system work well for standard usersMake the system work well for standard usersAllow standard users to change time zone and power management Allow standard users to change time zone and power management settings, add printers, and connect to secure wireless networkssettings, add printers, and connect to secure wireless networksHigh application compatibilityHigh application compatibilityMake it clear when elevation to admin Make it clear when elevation to admin is required and allow that to happen is required and allow that to happen in-place without logging offin-place without logging offHigh application compatibility with High application compatibility with file/registry virtualizationfile/registry virtualization

Administrators use full Administrators use full privilege only for administrative privilege only for administrative tasks or applicationstasks or applicationsUser provides explicit consent User provides explicit consent before using elevated privilegebefore using elevated privilege

ScenarioScenario RMSRMS EFSEFS BitLockerBitLocker

Protect my information outside my direct Protect my information outside my direct controlcontrol

Set fine-grained usage policy on my Set fine-grained usage policy on my informationinformation

Collaborate with others on protected Collaborate with others on protected informationinformation

Protect my information to my smartcardProtect my information to my smartcard

Untrusted admin of a file shareUntrusted admin of a file share

Protect my information from other users Protect my information from other users on a shared machineon a shared machine

Lost or stolen laptopLost or stolen laptop

Physically insecure branch office serverPhysically insecure branch office server

Local single-user file & folder protectionLocal single-user file & folder protection

Jen FieldJen FieldSenior Product ManagerSenior Product ManagerSecurity ProductsSecurity Products

Windows Vista SecurityWindows Vista Security

RoadmapRoadmapS

ervi

ces

Ser

vice

sP

latf

orm

Pla

tfor

mP

rodu

cts

Pro

duct

s

Frontbridge Frontbridge Federation ServicesFederation ServicesCertificate ServicesCertificate Services

ISA Server 2004ISA Server 2004Sybari AntigenSybari AntigenActive Directory with Group Active Directory with Group PolicyPolicyWindows Rights Management Windows Rights Management ServicesServicesMicrosoft Identity Integration Microsoft Identity Integration Server 2003Server 2003Data Protection Manager 2006Data Protection Manager 2006

Windows XPSP2Windows XPSP2Windows Server 2003 SP1Windows Server 2003 SP1Anti-malware toolsAnti-malware toolsMicrosoft UpdateMicrosoft UpdateWindows Server Windows Server Update ServicesUpdate ServicesSmartcard SupportSmartcard SupportEncrypted File SystemEncrypted File SystemVPN AccessVPN Access

Windows OneCare LiveWindows OneCare Live

Microsoft Client Microsoft Client ProtectionProtectionMicrosoft Antigen Anti-Microsoft Antigen Anti-virus and Anti-spam for virus and Anti-spam for messaging and messaging and collaboration serverscollaboration serversISA Server 2006ISA Server 2006WinFXWinFX

Windows VistaWindows VistaWindows DefenderWindows DefenderWindows Presentation Windows Presentation Foundation “XPS”Foundation “XPS”Authorization Manager Authorization Manager EnhancementsEnhancementsWindows Communication Windows Communication FoundationFoundationImproved Smartcard supportImproved Smartcard supportInfo CardInfo Card

Next generation of services Next generation of services

Microsoft Identity Integration Microsoft Identity Integration Services “Gemini”Services “Gemini”Microsoft Certificate Lifecycle Microsoft Certificate Lifecycle ManagerManagerActive Directory Rights Active Directory Rights Management ServicesManagement ServicesContent filtering servicesContent filtering servicesNext generation Active DirectoryNext generation Active DirectoryNext generation security products Next generation security products

Windows “Longhorn” Server Windows “Longhorn” Server Network Access ProtectionNetwork Access ProtectionIPSec EnhancementsIPSec EnhancementsAudit Collection ServicesAudit Collection Services

Support the Trust Support the Trust Ecosystem through Ecosystem through

accountable identitiesaccountable identities

Embrace secure Embrace secure coding practicescoding practices Drive for SimplicityDrive for Simplicity

Develop products, services, Develop products, services,

and platforms using and platforms using standards and standards and best practices best practices

© 2006 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.