Microsoft and Vista

I like Microsoft. There you go, cards on the table. Let me be more specific: I think that the Trustworthy Computing initiative is simply the most important and valuable security resource that Microsoft have invested energies in over the past few years. Earlier in the year I had the privilege to be at a presentation at Microsoft HQ in Redmond where I met Aaron Turner from the MS Security Centre. Aaron put together this useful resource: Five Lessons From The Microsoft Security Center of Excellence. He was candid in his honesty around the fact that MS had made a few security faux pas over the years but were now putting their shop in order. What impresses me more than anything is the fact there is no hard sell of new software to solve the problems but instead a committed push of freely available documentation and tools such as the excellent Threat Modelling Tool, FXCop for testing source code, and the Patterns & Practices manuals that can be downloaded. Now, I don’t want this to look like a Microsoft sponsored blog and this is all my own biased opinion but, regardless of what platforms and languages you are developing in, I urge you to check out these resources and take full advantage….before they attract a price tag!

Anyway, on to the point of todays blog entry. As David Lacey mentions today is Windows Vista release day. I’ve had the pleasure of reading the Vista security guide which includes such bold statements as it being the “most secure operating system that Microsoft has produced” that to some observers is probably an oxymoron. Turn, however, to chapter 3 of the guide: “Protect Sensitive Data”. This is where I think we will get a good deal of value out of Vista particularly with Bitlocker Drive Encryption. Recent incidents reported in the press of laptops containing confidential data being misplaced and stolen demonstrate a need for a simple, built in and secure mechanism that can be centrally managed through a group policy within an organisation. Bitlocker appears to be a good solution but we’ll wait to see how it performs in the real-world before making a final judgement.