Steve Lamb's Blog

Thanks to Hugh at GapingVoid for the following wonderful image:

Hugh's cartoons make me smile and I can highly recommend browsing the GapingVoid website.

James has published a post that gives a nice summary of the contents of the upcomming Microsoft Desktop Optimisation Pack. This pack will be available to software assurance customers using the Enterprise Edition of Windows Vista.

I'm particularly excited about the contents as Microsoft Softgrid can relieve you from "DLL Hell" and general application compatibility problems.

An extract from James' post explains the benefits of application virtualisation in a really nice way as follows:

"Microsoft SoftGrid, an application virtualization and streaming solution that can deliver applications to users in seconds, without being locally installed, on any PC they login to. Virtualization also resolves many application compatibility conflicts because each application can run with the version of a supporting file that it needs."

Softgrid gives the flexibility of locally installed applications including the facility to work offline together with the simplicity of Terminal Services. As an administrator you choose which applications can "see" each other by placing them in a "briefcase".

The Microsoft Desktop Optimisation Pack includes many other features such as Asset Inventory Services, further Group Policy Management features and Diagnostic/Recovery tools.

There's a wealth of information on this topic and many others at the Windows Vista Team Blog site.

Jesper Johansson's post Microsoft blog includes an nice concise explaination of WHAT PatchGuard does AND why it's important for Windows Vista (and Server 2003 SP1 on 64 bit) to prevent the kernel from being hooked.

Reading Jesper's post titled "Security Vendors: Microsoft is making Vista too secure" together with the vibrant debate in the comments should help you get a more rounded perspective.

Incidentally the published hacks for PatchGuard require the attacker to already have compromised the machine and have attained Administrative rights - in other words the game's already over!

Windows Vista's Gadgets provide a cool way to customise your desktop with handy tools and information feeds. I'm an enthusiastic Windsurfer so you can imagine my delight when I stumbled across WindGuru's windspeed gadget. It's cool because the gadget can be configured (via a pull down menu) to provide details for my local Windsurf spot.

The image below shows the gadget itself located at the top right of the sidebar, the Internet Explorer window depicts a web page containing many more gadgets :-)

Steve Riley's recent post links to a Myth Busters demonstration of three different techniques to beat an "Unbreakable" biometric door lock.

I presume that the best practise advice from the lock's manufacturer recommended including a form of authentication such as a PIN to compliment the biometric device.

The Mythbusters video itself is pretty compelling - the link's on Steve's post.

Even when used as a form of IDENTIFICATION it's necessary to ensure a controlled environment whereby the individual actually presents a valid identifier. With the exception of passport control it's unlikely to make sense for a human being to observe each use of the device to ensure people play by the rules. Human beings are fallable too but perhaps I should stop there...

There are a wealth of third party CD Burning utilities out there on the market though not everyone has one on their machine. Windows XP can natively burn files to CD without any additional software HOWEVER it can't create a bootable CD. I'm upgrading the BIOS on my machine to enable me to install Windows Vista.

The BIOS upgrade for my laptop requires me to create a bootable CD containing an ISO image. I visited the manufacturer's website and downloaded both the BIOS upgrade and installation instructions. All seemed well. My frustration came when I opened the documentation to find that it assumed I had a third party CD Burning utility to burn the ISO image onto a bootable CD.

Microsoft supply a handy utility named CDBurn for download free of charge from our website. The process is pretty straight forward as you need to download the Windows Server 2003 Resource Kit and install it on your PC - it works perfectly well on Windows XP.

Note: you need to be logged in with Administrator rights to install the resource kit.

Once you've installed the resource kit start a command shell by selecting "Run" from the Start menu and enter "cmd" into the "Open" dialog followed by "OK" (or hit the "enter" key). If you installed the resource kit in the default location then type "cd c:\Program Files\Windows Resource Kits\Tools" followed by Enter.

Type "cdburn" followed by Enter from the command prompt to run the utility - the instructions for CDburn will be displayed on the screen.

CDBurn itself is just a single file so if it makes life easier for you then you can copy it to the same directory as the target ISO file. For my system I entered the command "cdburn f: B170.iso" where my CD drive was assigned to letter "F" and the ISO file I wanted to burn was located in the same directory as the CDburn utility.

The ISO image burnt onto the CD in a couple of minutes as the BIOS upgrade was a very small file. You can use CDBurn to burn any ISO (bootable CD) and the majority of these are much larger than a BIOS upgrade so may take longer to burn.

The Business Technology Alliance User Group are a very active community based in Scotland. On the 29th November 2006 there will be an evening of technical discussion no doubt including intense technical debate at Microsoft's Offices in Edinburgh. The event is free for all to attend - all the User Group asks is that you email John Thomson to request a place.

Full details of the event including abstracts can be found here.

The evening will include two technical (no marketing!) talks detailed as follows:

TALK 1: How to stop Internet Nasties/Malware from taking over your machine.

ABSTRACT 1: The Internet provides many wonderful opportunities as well as plenty of malicious software including worms, viruses, spyware and rootkits. During this session Steve Lamb will take you on a technical journey examining the techniques malicious software uses to compromise machines and how to counter them. Adopting the principle of least privilege certainly protects you from many of the threats - the challenge being how to maintain business as usual. We'll take a look at how malicious software hides itself on compromised machines and consider the types of secondary attacks that take place using botnet machines.

TALK 2: What does Windows Vista Security have to offer me?
ABSTRACT 2: In a World where bolt-on security seems to be the accepted norm,Windows Vista faces an interesting challenge. It's the first operating system to go through the entire Microsoft Security Development Lifecycle (SDL) from design to implementation. Windows Vista has been designed with Information Security top of mind from the outset and is expected to significantly raise the bar for protecting users from external threats.
Join Steve Lamb from Microsoft for this talk to learn about both the design ethos, architecture and security features of Windows Vista right before the official product launch kicks off. We'll look into User Access Control, Mandatory Integrity Control, Internet Explorer's Protected mode and the way that operating system services restrict themselves from being compromised.

BitLocker provides the means to encrypt the entire filesystem and ensure
system integrity - we'll look at how Bitlocker works and which versions of
Windows Vista will support it. Finally we'll take a look at the brand new
firewall that includes built-in IPsec capabilities.

Join Alun and the folk from the NxtGenUG on Monday 30th October in Birmingham (England!) for a talk about how to deal with Viruses and Malware. Click here to read the details for yourself.

Last year's gathering was really good fun and included a technical debate where just about everyone there expressed an opinion or other - all propeller's were spinning.

Alun is the leader of the UK's IT Pro Security User Group which is an active technical security forum for those that have more sense than money - if you're interested in developing your information security skills or merely looking for help with a tricky problem then the User Group is an excellent place to go.

In addition (and by no means least) Police Inspector Martin Wright will talk about SME WARP which is part of the National Infrastructure Security Co-ordination Centre's information sharing strategy to help combat the increasing risk of electronic attack on our information systems.

I'm working at Microsoft Research (MSR) in Cambridge today and am staggered by the incredibly complicated formulae and associated calulations on the wall behind me. I studied Mathematics as part of my degree many years ago but I can't make any sense of what's written on the white board behind me. It's rather humbling. Perhaps I'm not a rocket scientist after all!

The work of Microsoft Research is truely amazing as they are able to get to the bottom of diverse technical matters and innovating possible solutions leading to future technologies and potentially contributing to products. Their website is a really interesting resource as it includes papers and online replays of lectures covering all kinds of areas of ongoing research.

One particularly interesting area of research for those interested in Information Security is their Strider HoneyMonkey project which can be used to root out malicious content on the Internet.

Incidentally I was once in a meeting of about twenty people which started with everyone in the room stating who they were and what they did to the group as is often the case. As we worked around the room the job titled seemed to get ever grander and I suspect some people were exaggerating their importance - so when I came to me I stated that I was a "rocket scientist" thinking that it was a deferential (self mocking) term. I found out later that the gentleman sat to my left had actually been a professional rocket scientist for many years prior to taking his current role!!!!

Bitlocker is the feature of Windows Vista that I'm asked about more than any other. There follows a list of links to an excellent series of resources covering BitLocker in technical detail. Before I get to the guides I'd also like to refer you to the BitLocker Team blog which is a great source of information in itself including details of the recent cosmetic changes to the interface in the BitLocker Makeover.

By far the most popular guide is the Windows BitLocker Drive Encryption Step-by-Step Guide

Windows Vista Trusted Platform Module Services Step by Step Guide  

BitLocker Executive Overview          

A Technical review of BitLocker Drive Encryption  

Best Practices for Trusted Platform Module Management

BitLocker and TPM Services – Glossary  

Windows Vista BitLocker Client Platform Requirements

BitLocker Drive Encryption Frequently Asked Questions  

BitLocker Drive Encryption: Value-Add Extensibility Options 

Hardware requirements for BitLocker Drive Encryption 

BitLocker Drive Encryption: Scenarios, User Experience, and Flow                          

BAES-CBC + Elephant diffuser A Disk Encryption Algorithm for Windows Vista 

GetSafeOnline is a partnership between Government, Law Enforcement and Commerce - in excess of fifty people have volunteered our time to get out on the road for a week. Our focus is to raise the security awareness of the UK consumers so if you have a friend / relative who would like practical advice then they're very welcome too. The website is an excellent resource as it provides unbiased guidance for non-technical (i.e. real) people for Microsoft Windows, Apple Mac and LINUX/UNIX systems. No one's pushing products or services and the site links to free anti-virus, anti-spyware, anti-anythingnasty software.

For those of you outside the UK the GetSafeOnline website should provide useful advice for the general public. If you know of similar sites in your geography then please comment on this post with the details as I'd like to share them.

We'll be in the following locations today in Newcastle and would welcome you to come over for a chat:

• MetroCentre all day (until 9pm)
• The Hadrian Square UK Online Centre for most of the day
• Age Concern @ Mea House at 11:30am

There's also a team in Cardiff who are doing much the same - they're the "b team!".

We're in Glasgow tomorrow - if you'd like to join us either today or tomorrow then please feel free to

call me on +44 7812 980 621.

In the run up to TechEd EMEA we're posting video interviews and other interesting information taking you behind the scenes. The site will also be a good resource for those of you who can't join us at the event itself as we'll be filming interviews with both speakers and people who attend the sessions.

There are two parts to the site - one for the TechEd Developer event and one for the TechEd ITForum event.

We will be adding new material on a weekly basis in the build-up to the event.

If there's someone in particular you'd like us to interview then please hit the comment button and let me know.

NxtGenUG and Dinis Cruz from IOActive have teamed up to run two 2 day "Advanced ASP.NET Exploits and Countermeasures" training courses. One will be held in London and one in Birmingham. The courses will be in-depth training on learning how sophisticated hackers can attack ASP.NET applications and how developers can defend against such attacks.

 
The exact details are being finalised at the moment. If you're interested in attending the training then now's a good time to start trying to find a way to raise the £900 you'll need to pay for the 2 days training. Requirements for participants are that you need to take your own laptop and you must have good experience of working commercially with .NET and be familiar with MSIL.

Browse to the NxtGen User Group's news page to find out more.

Eileen blogged about Live Writer back in August and together with James has been gently suggesting that I should give it a whirl (try it). It's a really nice way to write blog posts that lends itself to both online AND offline editing. Several times over the last couple of years I've lost posts due to an intermittent network connection when posting directly to the Internet - this is now a thing of the past.

I've used Microsoft Live Writer for the last few posts and have found it to be a delight to use.

The Windows Liver Writer blog gives a great introduction to this WYSIWYG blog editor.

Click here to download a free copy - it's a link to the Microsoft Installer Package hence those of you who are running their system with least privilege will need to save it and then use your administrative credentials to install it.

Eileen's watching the news feeds regarding the announcement that Goole intend to buy YouTube. As she asks I wonder whether Yahoo will follow suit and buy a high profile video media site to increase the attention their advertising stream receives.

The staggering growth in traffic to many of the video media sites is clearly appealing to those wishing to post adverts. I'm sure we'll find out soon enough if such a move takes place...