Eileen Brown's WebLog

Do you want to work at Microsoft?

Gretchen has a really neat idea if you're the creative type and you want to work at Microsoft.  Would certainly get you noticed anyway.  It wouldn't work though if you wanted to come and work in my team - all I'd want is for you to really impress me with the depth of your techy skills, your presentation style and your writing ability - and make me giggle.

Easy really...

posted by Eileen_Brown with 0 Comments

Exchange database limit increase

Damn... I was going to post about the massive increase to the Exchange database today after my roadshow presentation, but the Exchange team and KC beat me to it.  Then Ewan beat me to it with a comment on my blog entry too. Appears to be good news too judging by the comments...

Aah - the challenges of time zones eh?  I was in the bar when the post came out...

So I'll console myself with pointing you to all the links that I talked about during my presentation on Exchange and the AD instead.  Not quite as exciting as TechEd Orlando - but I'll see you all in TechEd Europe as I've managed to persuade Betsy to come over and talk about blogging with me in Amsterdam....

Watch this space.    

Detecting Stealth Software

My blog content mole pointed me to this report which has just been released .

Detecting Stealth Software with Strider GhostBuster
Yi-Min Wang; Doug Beck; Binh Vo; Roussi Roussev; Chad Verbowski
February 2005

Stealth malware programs that silently infect enterprise and consumer machines are becoming a major threat to the future of the Internet. Resource hiding is a powerful stealth technique commonly used by malware to evade detection by computer users and anti-malware scanners. In this paper, we focus on a subclass of malware, termed “ghostware”, which hide files, configuration settings, processes, and loaded modules from the operating system’s query and enumeration Application Programming Interfaces (APIs). Instead of targeting individual stealth implementations, we describe a systematic framework for detecting multiple types of hidden resources by leveraging the hiding behavior as a detection mechanism. Specifically, we adopt a cross-view diff-based approach to ghostware detection by comparing a high-level infected scan with a low-level clean scan and alternatively comparing an inside-the-box infected scan with an outside-the-box clean scan. We describe the design and implementation of the Strider GhostBuster tool and demonstrate its efficiency and effectiveness in detecting resources hidden by real-world malware such as rootkits, Trojans, and key-loggers.

There are some evocative ghostware names arent there? Urbin, Mersting, Vanquish, Hacker (original eh?) Aphex, Defender and ProbotSE, Darkside and Synapsis (for UNIX and Linux) but it's nice that AskStrider can sort out these guys hiding inside your machine.  Mind you, I've always known that there were scary things hiding in here, moving my files when I wanted them and making the PC misbehave.  I always thought that they were just gremlins - but GhostBuster (who ya gonna call?) gets rid of those too.

Have a read of the document - it's interesting although a little bit intimidating, and it makes you realize how scarily clever these guys at Microsoft research are...

TechNet Radio broadcasts

I noticed that TechNet radio is delivering an audio broadcast of the Security features of XPSP2 delivered by security wiz Steve Riley.  You can listen to it anywhere.

Aha... That means it's a podcast doesn't it?

But there isn't an RSS feed on the page, so now I agree with Mr Scoble about this... So how can I find out about the new stuff on this site without an RSS feed?  These buttons are my little orange pills that I subscribe to that make my life so much easier...

It's a good broadcast though....

Insiders forums

Steve Lamb blogged about creating a Security Insiders forum and so far has received very positive feedback about the need for this type of community.  I'm thinking about following his lead and creating 3 different types of Insiders forums:

Messaging Insiders

Real Time Communication Insiders

Windows Management Insiders

I wanted to include Insiders who didn't specifically use Exchange for messaging, or MOM for managing the Windows environment, to encourage sharing of industry wide best practices and to encourage debate.  I'm also looking for presenters / technical writers etc.

If you're interested please let me know, if this is a good idea or not, either by adding to this post by posting a comment, or by using the contact link on the blog.  I'd be interested in your thoughts. 

User Forums - is online really better than face to face ?

I spent the whole of yesterday, with the UK based MVP community who were at campus in Reading, and I was keen to know their views on how they feel about how Microsoft interacts with the IT Pro's, and to capture some of their thoughts.  Most of the MVP's I spoke to seemed to be happy with their involvement through newsgroups and other online user forums, but none of them interacted with their contacts in a face to face user group or forum environment.  So this got me thinking.  Are user groups happy to interact with each other primarily through the newsgroups, or do they feel that there is benefit from regular face to face meetings?  I had a quick search on the web for some UK centric User Groups or Forums in the messaging or management technologies areas and found very few IT specific user groups for platform people (as opposed to developers who seem to have lots).

Why is this?  Don't the IT Pro's have the same sort of challenges as developers?  Don't we need to have user groups in the UK?  Or are we happier in front of our PC's with blogs and newsgroups?  Is this a UK specific issue, or is it just down to the good old UK weather?...