Networks worms Denial of Service Phishing / Social Engineering BotnetsRootkits Technically-oriented social engineering attacks Cross-device attacks Evolving Landscape Financially motivated attacks Specific target attacks Broadcast attacks

Service Pack 2 More than 260 million copies distributed; Enterprise deployment at 61% 15 times less likely to be infected by malware Significantly fewer important & critical vulnerabilities Malicious Software Removal Tool 2B total executions; 200M per month Focus on most prevalent malware Dramatically reduced the # of Bot infections Most popular download in Microsoft history Helps protect more than 25 million customers Great feedback from SpyNet participants As of February 2006 Security configuration wizard More secure by design; more secure by default More than 4.7 million downloads Service Pack 1

Security as an Enabler

Aspirations for the Industry Trust Ecosystem Engineering for Security Simplicity Fundamentally Secure Platforms

Trust Ecosystem IndirectionServices IdentityServices ReputationServices

Engineering for Security Threat modeling Code inspection Penetration testing Unused features off by default Reduce attack surface area Least Privilege Prescriptive guidance Security tools Enterprise management

Security that just works Make it easier to write secure code Simplify enterprise security management Visibility, control and context Consistent and integrated management Common APIs Tools and services Simplicity

Fundamentally Secure Platforms Unified Audit across applications Policy-based access control Trust-based multi-factor authentication Protection technologies that enable isolation

Microsoft Leadership WS-* Web Services Architecture Anti-spam and anti-phishing Anti-malware and anti-spyware Identity Metasystem Broad partnerships Public policy Industry standards Technology Innovations Industry Collaboration

Stay Safe Online

Trust Ecosystem 64-Bit Driver Signing Windows Defender Info Card Plug and Play Smartcards Certificate Lifecycle Manager High Assurance SSL Certificates Anti Phishing Anti Spam Network Access Protection IPSec

Phishing Filter Dynamic protection against fraudulent Websites 3 “checks” to protect users from phishing scams Compares web site with local list of known legitimate sites Compares web site with local list of known legitimate sites Scans the web site for characteristics common to phishing sites Scans the web site for characteristics common to phishing sites Double checks site with online Microsoft service of reported phishing sites updated several times every hour Double checks site with online Microsoft service of reported phishing sites updated several times every hour Level 1: Warn Suspicious Website Signaled Level 2: Block Confirmed Phishing Site Signaled and Blocked Two Levels of Warning and Protection in IE7 Security Status Bar and MSN Search Toolbar

Engineering For Security Microsoft’s Security Development Lifecycle Updated periodically Evangelized internally through training Verified through pre-ship accountability Shared with ISV and IT development partners Documentation and training Learning Paths for Security Active community involvement Automated with tools in VS 2005 PREfastFxCop

SDL in Vista Code Quality (Quality Gates) Banned API Removal & SAL Annotations Weak Crypto Removal Giblets Initiative Threat Model Reviews Feature Reviews Penetration Testing Special Projects

Simplicity Security that just works Make it easier to write secure code Simplify enterprise security management Windows Vista Security Center Windows OneCare Live Info Card Active Directory Integration Windows Server Updates Services Microsoft Client Protection Visual Studio 2005 SDL Publishing best practices

Windows One Care Live

Prioritizes data to help focus resources on the right issues Maximizes the value of existing investments Guards against current and emerging malware threats Provides businesses the control they need to protect against current and emerging malware threats

Tools facilitate creating secure applications New Security Tools In Visual Studio Static Analysis Scan your code for security vulnerabilities Seamlessly create applications for a custom zone Create non-admin apps Secure by Default Use features like the /GS switch and SafeCRT libraries to create secure apps

Protect Data from Unauthorized Viewing Enable Secure Access to Information Protect Against Malware and Intrusions Fundamentally Secure Platform BitLocker Drive Encryption EFS Smartcard key storage Rights Management client IE Protected Mode Windows Defender Service Hardening User Account Control Improved Smartcard support Pervasive Kerberos

Malware Protection Defending systems from malicious attacks Protected Mode reduces severity of threats Eliminates silent malware install IE process ‘sandboxed’ to protect OS Designed for security and compatibility Protected Mode User Actio n IE Cache My Computer (C:) Broker Process Low Rights Windows Defender provides ongoing malware protection Detection, removal, and real-time blocking of spyware and other potentially unwanted software Protection of OS extensibility points Windows Service Hardening reduces attack surface area Runs services with reduced privileges Services have profiles for allowed file system, registry, and network activities that are enforced by the firewall and ACLs

User Account Control Goal: allow businesses to move to a better-managed desktop and consumers to use parental controls Make the system work well for standard users Allow standard users to change time zone and power management settings, add printers, and connect to secure wireless networks High application compatibility Make it clear when elevation to admin is required and allow that to happen in-place without logging off High application compatibility with file/registry virtualization Administrators use full privilege only for administrative tasks or applications User provides explicit consent before using elevated privilege

Data Protection in Vista Scenario RMSEFSBitLocker Protect my information outside my direct control Set fine-grained usage policy on my information Collaborate with others on protected information Protect my information to my smartcard Untrusted admin of a file share Protect my information from other users on a shared machine Lost or stolen laptop Physically insecure branch office server Local single-user file & folder protection

Windows Vista Security Jen Field Senior Product Manager Security Products Windows Vista Security

Roadmap Services Platform Products Frontbridge Federation Services Certificate Services ISA Server 2004 Sybari Antigen Active Directory with Group Policy Windows Rights Management Services Microsoft Identity Integration Server 2003 Data Protection Manager 2006 Windows XPSP2 Windows Server 2003 SP1 Anti-malware tools Microsoft Update Windows Server Update Services Smartcard Support Encrypted File System VPN Access Windows OneCare Live Microsoft Client Protection Microsoft Antigen Anti- virus and Anti-spam for messaging and collaboration servers ISA Server 2006 WinFX Windows Vista Windows Defender Windows Presentation Foundation “XPS” Authorization Manager Enhancements Windows Communication Foundation Improved Smartcard support Info Card Next generation of services Microsoft Identity Integration Services “Gemini” Microsoft Certificate Lifecycle Manager Active Directory Rights Management Services Content filtering services Next generation Active Directory Next generation security products Windows “Longhorn” Server Network Access Protection IPSec Enhancements Audit Collection Services

Support the Trust Ecosystem through accountable identities Embrace secure coding practices Drive for Simplicity Moving Ahead Together Develop products, services, and platforms using standards and best practices

© 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.