Ruud de Jonge

Wired : Ray Ozzie Wants to Push Microsoft Back Into Startup Mode

The keynote speaker at this past summer's TechReady conference—a gathering of 6,000 or so Microsoft engineers from around the world—was the company's chief software architect, Ray Ozzie. This was not a routine appearance. Ozzie arrived at Microsoft in 2005, and the following year he inherited the title of CSA directly from Bill Gates. He was now the microprocessor of the Microsoft machine. But he had never addressed the semiannual conclave. His explanation? He wanted to wait until he had something big to show the troops.

Continued here.

Check out www.DotNetskool.nl

DotNetSkool is een initiatief van 3 studenten. Na een zoekactie kwamen wij tot de conclusie dat er eigenlijk geen goede Nederlandstalige community is voor studenten die geinteresseerd zijn in het .NET Framework en gerelateerde Microsoft technlogieen. Om dit gat te vullen zijn we begonnen met het ontwikkelen van DotNetSkool.

Het idee achter deze website is het samenbrengen van studenten waarbij het uitwisselen van kennis centraal staat. Ben je beginnende programmeur, of lijkt het je leuk iets met technologie te doen of ben je juist al geavanceerd en druk in de weer met complexe zaken, of zit jij hier ergens tussenin qua kennisniveau, dan ben je hier aan het juiste adres.

Wat je binnen niet al te lange tijd op deze site zult gaan vinden zijn artikelen die dieper ingaan op verschillende onderdelen, van hoe installeer ik visual studio en hoe richt ik mijn ontwikkelomgeving in, tot wat is software architectuur, en hoe ontwikkel ik enterprise level systemen en alles wat daar tussenin zit.

Naast technische artikelen gaan we ook schrijven over evenementen die we ofwel zelf organiseren ofwel bezoeken. Dus wil je ons in het echt ontmoeten, kom dan naar een van de aangekondigde evenementen en stel jezelf voor! Van deze evenementen zal overigens ook foto en soms ook video materiaal ter beschikking komen, zodat ook als je er niet bij bent geweest je alsnog kunt zien hoe het geweest is.

Een ander belangrijk onderdeel van DotNetSkool is het forum. Hier is ruimte voor discussies, vragen en andere algemene opmerkingen omtrent technologieen of andere zaken. Ben je het ergens niet mee eens of heb je vragen dan is dit de plek waar je zijn moet!

Hopelijk geeft dit je een beeld van wat DotNetSkool is en ben je meteen enthousiast geworden om deel te nemen aan de discussies. Namens het DotNetSkool bestuur heel veel plezier toegewenst op onze site!

LEAP on LinkedIn!

LEAP has become a community! One of the LEAP attendees has started a group on LinkedIn. Currently we have 45 members in this group. Program Info at : http://www.microsoft.com/netherlands/architecture/leap.aspx

Wall-E checks out Microsoft's telescope

Wow :-) Zie het volledige artikel op www.news.com.

Microsoft Announces Plans for No-Cost Consumer Security Offering

New anti-malware solution will broaden PC protection and help improve Windows experience.

REDMOND, Wash. — Nov. 18, 2008 — To address the growing need for a PC security solution tailored to the demands of emerging markets, smaller PC form factors and rapid increases in the incidence of malware, Microsoft Corp. plans to offer a new consumer security offering focused on core anti-malware protection.

Code-named “Morro,” this streamlined solution will be available in the second half of 2009 and will provide comprehensive protection from malware including viruses, spyware, rootkits and trojans. This new solution, to be offered at no charge to consumers, will be architected for a smaller footprint that will use fewer computing resources, making it ideal for low-bandwidth scenarios or less powerful PCs. As part of Microsoft’s move to focus on this simplified offering, the company also announced today that it will discontinue retail sales of its Windows Live OneCare subscription service effective June 30, 2009.

“Customers around the world have told us that they need comprehensive, ongoing protection from new and existing threats, and we take that concern seriously,” said Amy Barzdukas, senior director of product management for the Online Services and Windows Division at Microsoft. “This new, no-cost offering will give us the ability to protect an even greater number of consumers, especially in markets where the growth of new PC purchases is outpaced only by the growth of malware.”

Built on Microsoft’s award-winning malware protection engine, “Morro” will take advantage of the same core anti-malware technology that fuels the company’s current line of security products, which have received the VB100 award from Virus Bulletin, Checkmark Certification from West Coast Labs and certification from the International Computer Security Association Labs. The new solution will deliver the same core protection against malware as that offered through Microsoft’s enterprise solutions, but will not include many of the additional non-security features found in many consumer security suites.

Windows Live OneCare, one of the first all-in-one suites to be launched in the consumer market, includes a number of non-security features, such as printer sharing and automated PC tune-up. By shifting to focus on the core anti-malware features that most consumers still don’t keep up to date, “Morro” will be able to provide the essential protections that consumers need without overusing system resources, and will help more consumers have better protection against online threats.

“Because uptake of standard anti-malware is low around the world, particularly in developing nations, the availability of basic protection for anyone who wants it is all the more important,” said Roger Kay, founder and president of Endpoint Technologies Associates. “By offering such basic protection at no charge to the consumer, Microsoft is promoting a safer environment for PCs, service providers and e-commerce itself, since it is through unprotected PCs that the worst threats are introduced to the system as a whole.”

“Morro” will be available as a stand-alone download and offer malware protection for the Windows XP, Windows Vista and Windows 7 operating systems. When used in conjunction with the ongoing security and privacy enhancements of Windows and Internet Explorer, this new solution will offer consumers a robust, no-cost security solution to help protect against the majority of online threats.

Windows Live OneCare will continue to be sold for Windows XP and Windows Vista at retail through June 30, 2009. Direct sales of OneCare will be gradually phased out when “Morro” becomes available. Regardless of their method of purchase, Microsoft will ensure that all current customers remain protected through the life of their subscriptions.

BizSpark helpt technostarters eerste drie jaar op weg

Microsoft Security Development Lifecycle

Microsoft SDL Pro Network

With attacks moving up the stack and into the application layer, it has become more critical that software developers protect their customers by embedding security and privacy into their software. To address this challenge, Microsoft Corp. created the SDL Pro Network, which combines guidance and Security Development Lifecycle (SDL) best practices with the expertise of other service providers. The program is part of Microsoft’s commitment to enable organizations outside the company to develop more secure applications through SDL technologies, prescriptive guidance and industry partnerships.

SDL Pro Network Objectives

The primary focus area for all members, both now and in the future, will be to deliver on the program’s commitment to make the SDL available outside Microsoft, specifically focusing on these issues:

§  Protecting the customer. Helping customers adopt the SDL or general secure coding practices.

§  Improving the SDL. Leveraging member knowledge to understand how the SDL is used by customers, what needs to be modified and what customer needs must be met in the future.

Member Criteria

The SDL Pro Network is a network of nine consultancies that specialize in application security and can guide and support organizations in implementing the SDL in their environments.

§  Services. Service providers will guide and support organizations in implementing the SDL into their environments.

§  Members. The pilot phase commenced in November, 2008 and includes nine industry leading consultancies.

The SDL Pro Network member companies are composed of industry-leading security consultants and trainers from around the world, including these:

§  Cigital Inc., Dulles, Va.

§  IOActive Inc., Seattle

§  iSEC Partners Inc., San Rafael, Calif.

§  Leviathan Security Group Inc., Westminster, Colo.

§  Next Generation Security Software Ltd. (NGS), Sutton, United Kingdom

§  n.runs AG, Oberursel, Germany

§  Security Innovation Inc., Wilmington, Mass.

§  Security University Inc., Stamford, Conn.

§  Verizon Business, Basking Ridge, N.J.

 Services Provided

The services offered by SDL Pro Network members are available to companies of all sizes. Closely following the SDL, these services are designed to span the entire lifecycle and make security and privacy an integral part of how software is developed. Specific offerings fall into the following capability areas:

§  Training, policy and organizational capabilities, including security training and general counsel on how to implement the SDL

§  Requirement and design, including risk analysis, functional requirements and threat modeling

§  Implementation, including use of safe APIs, code analysis and code review

§ 

§ 

Expanding the SDL Pro Network

Because the SDL Pro Network recently began its pilot year, membership is limited. Over the next year, Microsoft and the other member companies will evaluate how to best expand the program to others in the industry.

 Find Out More

More information about the Microsoft SDL Pro Network is available through the SDL portal, http://www.microsoft.com/sdl.

Part of Microsoft’s Trustworthy Computing tenet, the Security Development Lifecycle (SDL) is the process Microsoft developed to provide customers with high-quality, meticulously engineered and rigorously tested software that helps withstand malicious attacks.

MIX09 : The Next Web Now

The Web Belongs to You.

Explore the future of the Web with fellow developers and designers at MIX09, March 18 - 20, 2009 at The Venetian Hotel in Las Vegas.

Now in its fourth year, MIX is a unique technology conference that connects web professionals with industry thought leaders to explore the future of the Web together. It’s true – your Web needs you, and MIX is where you’ll get access to the tools, knowledge, and vision to create the next generation of UX, applications, and web design.

What’s New for MIX09?

· Learn from and connect with more external speakers than ever before. View latest speaker list. More speakers and sessions to be announced in December.

· Register for pre-event workshops designed to provide in-depth focus on practical skills and topics for both developer and designer professionals.

· MIX09 sessions will focus on key topics for web professionals ranging from user experience design methodologies and standards-based web development techniques to creating rich internet and client applications. More sessions and speakers to be announced in December.

· Compete in the inaugural MIX10K or Restyle challenges and win a trip to MIX09 on us! For the first time in MIX history, the community will help select winners. Contest details to be announced in November.

· Learn about the future of Microsoft’s web platform and tools, including Silverlight™, Internet Explorer®, Expression®, ASP.NET and others.

Space is even more limited this year at MIX, so register early to secure your spot. You’ll receive $200 off the conference price when you register by January 15.

MIX09 Dates and Location

WHEN:
March 18 - 20, 2009
Pre-Event Workshops: March 17

WHERE:
The Venetian Hotel (http://www.venetian.com/), Las Vegas, NV

REGISTER NOW (http://2009.visitmix.com/Registration/)

"Geneva" Simplifies User Access to Applications and Services

On behalf of Identity and Security team, I would like to announce that this week at PDC 2008, Microsoft announced and  released the public beta of code name “Geneva” claims based access platform.  This release consists of three components:  Geneva Framework for .NET developers, Geneva Server for IT Pros, and Windows CardSpace Geneva for users.  These beta releases and additional information can be accessed on the Microsoft Connect site . To support the launch announcement blogs have been posted through Kim Cameron’s blog, supported by communication on Vittorio Bertocci’s blog.

User Access Challenges Today

Identity is hard for developers today who must choose among many different identity technologies that commit an application to a narrow purpose.  This takes time away from core development work and makes applications inflexible.  IT must then manage numerous applications that exist in disparate identity silos, making management of user access complex and expensive.  The advent to SOA and cloud services is likely to amplify these challenges. 

“Geneva” Simplifies User Access

With the announcement of “Geneva”, we’re on the road to simplifying user access to applications for developers and IT with a single identity model that externalizes authentication from applications with claims.  The model works in the enterprise, federations, and the consumer Web for both on-premises and cloud applications.  Microsoft’s single identity model consists of several new software components including developer frameworks, servers, clients, and cloud services.  Together, these components form a flexible system for developers to harness to make any connected application easier to build, more secure, and less expensive for your customers to own.  Microsoft’s single identity model based on claims delivers significant benefits:   

· Enhances developer productivity by providing a single simplified model for user access

· Flexibility by offering choice of components to adopt for your particular needs

· A platform that is based on open standards for interoperability

“Geneva” Includes Three Components

· Geneva Framework, which helps developers build claims-aware applications and services that externalize user authentication from the application

· Geneva Server, a security token service (STS) that issues and transforms claims, manages user access, and enables automated federation

· Windows CardSpace Geneva, which helps users navigate access decisions between multiple identities and control how personal information is used

“Geneva” supports the shared industry vision of an Identity Metasystem, which creates a single-user access model for any application or service and enables security-enhanced collaboration. “Geneva” allows developers to use pre-built identity logic that supports industry standards including WS-* and SAML Protocols, and enables seamless interoperability between claims-based and non-claims systems.  In the cloud, Microsoft Services Connector and .NET Access Control Service, both announced at PDC as well,  are built on “Geneva” technology and share the same claims architecture. 

More Information

Link to the beta:  http://go.microsoft.com/fwlink/?LinkId=122266

Single stop resource on Geneva:  http://www.microsoft.com/geneva

Security Intelligence Report verschenen

Today Microsoft released the fifth volume of its Microsoft Security Intelligence Report (SIRv5) at Tech-Ed EMEA: IT Professionals in Barcelona, Spain. The report uses data derived from hundreds of millions of computers worldwide to provide extensive analysis and prescriptive guidance on emerging security and privacy threats, including software vulnerabilities and exploits, malicious software, potentially unwanted software, spam, phishing and security and privacy breach trends.

The key findings from the SIRv5 show that Microsoft and the industry have made progress toward protecting customers from Internet-based threats. However, it also shows that threats continue to evolve, as evidenced by the company’s findings on both malware and potentially unwanted software and a continued increase in attacks on the application layer. Additionally, the report contains previously unreleased data on browser-based exploits, new information on privacy breaches and the creation and distribution of malware through “botnets.”

For more information on the Microsoft Security Intelligence Report volume five and Tech-Ed EMEA: IT Professionals, please visit www.microsoft.com/presspass/teched. A copy of the full report and key findings can be found at http://www.microsoft.com/sir.

Key Findings

· Organized crime on the Internet continues to grow and is getting more sophisticated, as evidenced by continuing increases in trojan downloaders and droppers. In addition, the prevalence of specific categories of threats originating in developing countries supports the notion that attackers’ motives are financial.

· Microsoft is making significant progress in more secure software development. The fifth volume of the Security Intelligence Report showed that vulnerability disclosures in Microsoft software continued a multiperiod downward trend in the first half of 2008, both in terms of all disclosures and relative to total industry disclosures.

· The total number of unique vulnerability disclosures across the industry continued to decrease in the first half of 2008, with new vulnerability disclosures declining by 4 percent from the second half of 2007 and by 19 percent from the first half of 2007.

· Following the trend of attacks moving up the stack from operating systems to applications, the proportion of vulnerabilities disclosed in operating systems continued to decline during the first half of 2008. More than 90 percent of vulnerabilities disclosed from Jan. 1, 2008, through June 30, 2008, affected applications.

Additional Findings

Industry Software Vulnerabilities

· The first half of 2008 marked a 13 percent increase in the disclosure of high-severity vulnerabilities over the second half of 2007. However, this is still a 28 percent decline from the first half of 2007.

· Vulnerabilities requiring a low level of complexity to exploit increased in the first half of 2008, compounding the seriousness of the high-severity vulnerabilities. However, only 10.4 percent of those vulnerabilities had publicly available exploit code that could consistently exploit the vulnerability; the rest were either unreliable or ineffective.

Browser-Based Exploits

· During the first half of 2008, Chinese was the most common system locale for victims of browser-based exploits, accounting for 47 percent of all incidents, followed by U.S. English with 23 percent of incidents.

· For browser-based attacks on Microsoft Windows XP-based machines, Microsoft vulnerabilities accounted for 42 percent of the total Microsoft vulnerabilities, while third-party vulnerabilities made up 58 percent of total vulnerabilities.

· However, on Windows Vista-based machines, the proportion of vulnerabilities attacked in Microsoft software was much smaller, accounting for just 6 percent of the total, while third-party vulnerabilities made up 94 percent of total vulnerabilities. This demonstrates how the latest Microsoft products and technologies appear to be at less risk from publicly available exploit code than earlier products.

· Furthermore, during the first half of 2008, Microsoft software accounted for five of the top 10 browser-based vulnerabilities attacked on computers running Windows XP, compared with zero of the top 10 browser-based vulnerabilities attacked on computers running Windows Vista.

Security Breaches

· Stolen and lost equipment accounted for nearly half of all security breaches in the first half of 2008. Stolen equipment continued to be the top reason reported for data loss, at 37.2 percent, followed by lost equipment at 10.3 percent.

· Although showing a slight increase over the second half of 2007, less than 23 percent of reported security breaches in the first half of 2008 resulted from incidents stemming from malicious software.

Malicious Software

· In the first half of 2008, the total amount of malware and potentially unwanted software removed from computers worldwide by the Microsoft Malicious Software Removal Tool (MSRT) increased more than 43 percent compared with the second half of 2007.

· Trojan downloaders and droppers remained the most prevalent category of threat during the first half of 2008, due in large part to the fact that some of the trojan families use a variety of social engineering techniques to spread. Two such families, Win32/Zlob and Win32/Renos, were responsible for more than 96 percent of all computers cleaned by the MSRT in this category.

· As a general rule, infection rates tend to be higher in developing countries or regions than in developed countries or regions, as reported by the MSRT.

E-Mail Threats

· Microsoft Exchange Hosted Services (EHS) blocked more than 90 percent of messages received, similar to the trend observed in the first half of 2007. In addition, HTML/IframeRef was the threat most often blocked by EHS in the first half of 2008.

· Advertisements for pharmaceutical products accounted for 51.5 percent of the spam messages blocked by EHS from January 2008 through June 2008, with advertisements mentioning products, such as Viagra and Cialis, accounting for 30.6 percent of the overall total. Nonpharmaceutical product advertisements accounted for another 19.9 percent of the total.

· During the first half of 2008, phishing attacks accounted for 2.5 percent of the total number of e-mail messages blocked. In addition, the total number of active phishing pages at any one time remained roughly consistent throughout the first half of 2008.

· Though U.S.-based financial institutions remain the most frequent target for phishing attempts, Microsoft phishing researchers have seen a gradual move toward targets located in other English-speaking countries, notably the United Kingdom and India.

Call to Action

Threats to businesses and consumers continue to evolve, evidenced by Microsoft’s analysis of the threat landscape. Microsoft recommends that customers use data, insights and guidance offered in the Microsoft Security Intelligence Report to assess and improve their security posture given the ever-changing threat landscape. The full report offers strategies, mitigations and countermeasures based on the key findings within each section, which include the following:

· Check for and apply software updates on an ongoing basis, including updates provided for third-party applications. Customers of Windows Vista, Windows Server 2008, Windows XP and Windows 2000 can enable Automatic Updates to help ensure their computers stay up to date with critical Microsoft security updates.

· Enable a firewall, such as the Windows Firewall in Windows Vista or Windows XP Service Pack 2.

· Install and maintain up-to-date anti-virus and anti-spyware programs that provide increased protection from malicious and potentially unwanted software. Microsoft offers Windows Live OneCare for individuals and Microsoft Forefront Client Security for businesses. Other anti-virus and anti-spyware products are available at http://www.microsoft.com/athome/security/viruses/wsc/en-us/flist.mspx.

· Uninstall software you don’t actively use. Malicious code can exploit vulnerabilities in software whether you use it or not.

· Avoid browsing to sites that you do not trust.

· To avoid attacks that rely on administrative user rights, enable User Account Control in Windows Vista, or log in with a user account that does not have administrative user rights.

· Read e-mail messages in plain text format to help protect yourself from the HTML e-mail attack vector.