Comments for Roger Halbheer on Security http://www.halbheer.ch/security Information Security Discussion by Microsoft's Worldwide Chief Security Advisor. Fri, 10 Feb 2012 20:09:47 +0000 hourly 1 Comment on Internet Explorer aces security test as Google faces accusations by Freddy_G http://www.halbheer.ch/security/2012/02/10/internet-explorer-aces-security-test-as-google-faces-accusations/comment-page-1/#comment-1763 Freddy_G Fri, 10 Feb 2012 20:09:47 +0000 http://www.halbheer.ch/security/?p=2610#comment-1763 Hi Roger, I couldn't agree more with you. We had always complaints, especially before IE 9 was available, that our ERP guys need Firefox because IE performs horrible with some of their Java applications. To be honest, at this time Firefox was ~10 times faster dealing with the Java sites. So for this case we granted a strict exception for the users to use it only for that purpose and without support. (We all know Firefox has no enterprise capabilities at all, nothing comparable to the nice GP integration with IE x) When IE 9 became available, we found out that the Java performance is not as good as Firefoxe's but it was more than acceptable. Next step, as you mentioned risk assessment, was using Applocker to get rid of all the other browser out there. We did do this mainly because we think we have a great patch management and we use much of GPP to apply settings, which is seamless with IE and no other browser in an AD environment. And according to http://www.ie6countdown.com/ people start to be aware that old browser shouldn't be used anymore ;-) Hi Roger,

I couldn’t agree more with you. We had always complaints, especially before IE 9 was available, that our ERP guys need Firefox because IE performs horrible with some of their Java applications. To be honest, at this time Firefox was ~10 times faster dealing with the Java sites.

So for this case we granted a strict exception for the users to use it only for that purpose and without support. (We all know Firefox has no enterprise capabilities at all, nothing comparable to the nice GP integration with IE x)

When IE 9 became available, we found out that the Java performance is not as good as Firefoxe’s but it was more than acceptable. Next step, as you mentioned risk assessment, was using Applocker to get rid of all the other browser out there. We did do this mainly because we think we have a great patch management and we use much of GPP to apply settings, which is seamless with IE and no other browser in an AD environment.

And according to http://www.ie6countdown.com/ people start to be aware that old browser shouldn’t be used anymore ;-)

]]> Comment on Council of Europe Octopus Conference- Some Thoughts by cybercrime expert http://www.halbheer.ch/security/2011/11/23/council-of-europe-octopus-conference-some-thoughts-2/comment-page-1/#comment-1758 cybercrime expert Mon, 23 Jan 2012 23:34:32 +0000 http://www.halbheer.ch/security/2011/11/23/council-of-europe-octopus-conference-some-thoughts-2/#comment-1758 I've been exploring for a little for any high quality articles or blog posts on this sort of space . Exploring in Yahoo I finally stumbled upon this website. Reading this information So i'm satisfied to exhibit that I have a very excellent uncanny feeling I came upon just what I needed. I most indisputably will make sure to do not overlook this site and give it a look regularly. I’ve been exploring for a little for any high quality articles or blog posts on this sort of space . Exploring in Yahoo I finally stumbled upon this website. Reading this information So i’m satisfied to exhibit that I have a very excellent uncanny feeling I came upon just what I needed. I most indisputably will make sure to do not overlook this site and give it a look regularly.

]]> Comment on 10 Years of Trustworthy Computing at Microsoft by Q http://www.halbheer.ch/security/2012/01/12/10-years-of-trustworthy-computing-at-microsoft/comment-page-1/#comment-1754 Q Fri, 13 Jan 2012 12:56:18 +0000 http://www.halbheer.ch/security/?p=2598#comment-1754 A visit of http://bit.ly/fqxwuala might be interesting in this context. On this link you will find a system which supports information-theoretic + computational symmetric and computational asymmetric security (and optional privacy) on Windows (like Windows-XP and Windows-7) using true (quantum) randomness. Free demonstration software can be downloaded. A visit of http://bit.ly/fqxwuala might be interesting in this context. On this link you will find a system which supports information-theoretic + computational symmetric and computational asymmetric security (and optional privacy) on Windows (like Windows-XP and Windows-7) using true (quantum) randomness. Free demonstration software can be downloaded.

]]> Comment on Cybersecurity–More than a good headline by Ralph Randles Stewart http://www.halbheer.ch/security/2011/10/27/cybersecuritymore-than-a-good-headline/comment-page-1/#comment-1752 Ralph Randles Stewart Thu, 12 Jan 2012 17:42:43 +0000 http://www.halbheer.ch/security/2011/10/27/cybersecuritymore-than-a-good-headline/#comment-1752 Hope! of all ills that men endure, The only cheap and universal cure. Hope! of all ills that men endure, The only cheap and universal cure.

]]> Comment on Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and Security by Bringing It All Together In The Cloud and Excel - Atlas Analytics Inc. http://www.halbheer.ch/security/2011/12/16/office-365-becomes-first-and-only-major-cloud-productivity-service-to-comply-with-leading-eu-and-u-s-standards-for-data-protection-and-security/comment-page-1/#comment-1710 Bringing It All Together In The Cloud and Excel - Atlas Analytics Inc. Sun, 18 Dec 2011 07:45:38 +0000 http://www.halbheer.ch/security/?p=2585#comment-1710 [...] announced Office 365 compliance with leading EU and US standards for data protection and security, which [...] [...] announced Office 365 compliance with leading EU and US standards for data protection and security, which [...]

]]> Comment on Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and Security by Bringing It All Together In The Cloud and Excel « Chris Webb's BI Blog http://www.halbheer.ch/security/2011/12/16/office-365-becomes-first-and-only-major-cloud-productivity-service-to-comply-with-leading-eu-and-u-s-standards-for-data-protection-and-security/comment-page-1/#comment-1708 Bringing It All Together In The Cloud and Excel « Chris Webb's BI Blog Fri, 16 Dec 2011 21:56:05 +0000 http://www.halbheer.ch/security/?p=2585#comment-1708 [...] announced Office 365 compliance with leading EU and US standards for data protection and security, which [...] [...] announced Office 365 compliance with leading EU and US standards for data protection and security, which [...]

]]> Comment on Council of Europe Octopus Conference- Some Thoughts by Wout de Natris http://www.halbheer.ch/security/2011/11/23/council-of-europe-octopus-conference-some-thoughts-2/comment-page-1/#comment-1669 Wout de Natris Wed, 23 Nov 2011 14:08:59 +0000 http://www.halbheer.ch/security/2011/11/23/council-of-europe-octopus-conference-some-thoughts-2/#comment-1669 Roger, Unfortunately I could not attend the Octopus this year. The questions you ask are very complex. Though I have thoughts on them, it is not something that I would prefer to share in depth here. It probably has to do with privacy issues, different interests within one company, company philosophy, fear of reputation loss, but maybe also that not all governments, even within the EU, are on one line concerning cyber crime, etc. This can be altered, but takes time and dedication. The way forward is something that I would like to discuss with you. I'm on Skype so look forward talking to you. Regards, Wout Roger,

Unfortunately I could not attend the Octopus this year.

The questions you ask are very complex. Though I have thoughts on them, it is not something that I would prefer to share in depth here. It probably has to do with privacy issues, different interests within one company, company philosophy, fear of reputation loss, but maybe also that not all governments, even within the EU, are on one line concerning cyber crime, etc.

This can be altered, but takes time and dedication. The way forward is something that I would like to discuss with you. I’m on Skype so look forward talking to you.

Regards,

Wout

]]> Comment on Time to sell your iPhone by Roger Halbheer http://www.halbheer.ch/security/2010/11/02/time-to-sell-your-iphone/comment-page-1/#comment-1660 Roger Halbheer Mon, 21 Nov 2011 22:27:47 +0000 http://www.halbheer.info/security/2010/11/02/time-to-sell-your-iphone#comment-1660 Convincing Cormac might be a fairly challenging task in this respect - Personally I agree definitely!! Convincing Cormac might be a fairly challenging task in this respect – Personally I agree definitely!!

]]> Comment on Time to sell your iPhone by Anita http://www.halbheer.ch/security/2010/11/02/time-to-sell-your-iphone/comment-page-1/#comment-1658 Anita Mon, 21 Nov 2011 18:19:52 +0000 http://www.halbheer.info/security/2010/11/02/time-to-sell-your-iphone#comment-1658 I sure wish that Cormac could use a Windows Phone for a while to see how truly integrated it is. I can't imagine going back to an icon-based interface. My Pictures hub pulls down thumbnails from all of my collections on the web and saves the storage space on my phone. My friends' facebook updates just show up and I can check their walls from my people hub. If I get stuck in traffic, I can tell the people waiting for me by talking to my phone. I can update my status and/or check in from my Me tile. Oh - and where apps are concerned, I've found everything I want except one that plays bird calls. I sure wish that Cormac could use a Windows Phone for a while to see how truly integrated it is. I can’t imagine going back to an icon-based interface. My Pictures hub pulls down thumbnails from all of my collections on the web and saves the storage space on my phone. My friends’ facebook updates just show up and I can check their walls from my people hub. If I get stuck in traffic, I can tell the people waiting for me by talking to my phone. I can update my status and/or check in from my Me tile. Oh – and where apps are concerned, I’ve found everything I want except one that plays bird calls.

]]> Comment on How to manage “Bring your own device” by Roger Halbheer http://www.halbheer.ch/security/2011/11/10/how-to-manage-bring-your-own-device/comment-page-1/#comment-1592 Roger Halbheer Fri, 11 Nov 2011 07:19:00 +0000 http://www.halbheer.ch/security/2011/11/10/how-to-manage-bring-your-own-device/#comment-1592 Hi Freddy, thanks for your insights and comments. I am not sure whether we need to look at this trend being negative. I am convinced that it offers a lot of great opportunities for businesses to streamline what they do and get more efficient. So, the consumerization is something which can help us to drive motivation (I love my slate – do I absolutely need it to do my business? Well, I can justify it as I want to show the coolness of our technology…). Having cool products is a must these days (even though I would challenge the coolness of the iProducts but I am biased there ) Therefore let’s accept the fact that this is going to happen and start to work on integrating it. Therefore I would like to understand what is really needed from a risk management perspective. To me, RMS is one of the key technologies in there as I can persistently protect the information. However, the management will want to access this information from any mobile/private/consumer device as well. Thus the second piece (again from my point of view) has to be policy compliance. It would kind of be cool if I could use RMS not only with the user (who has access and can do what with which information) but to extend that to the device (… and only if the device fulfills these policies). That’s where we need to get to. If I look at Microsoft IT, we build most of our defenses around the machines being domain joined. As long as you do that you can do more or less everything as Microsoft IT can enforce the policies and this works really well. When it comes to the phones, we need to enforce some policies and then technically we allow iPads and iPhones – politically this is a different discussion (I do not have an iPad or iPhone). BTW, Windows Phone 7 supports all Exchange Active Sync policies, except device encryption - obviously. Persistent protection of information and policy compliance are the two key ingredients from what I see (including the identity/authentication piece). And interestingly, both would make our trip to the Cloud easier as well as we would finally understand the sensitivity of the data as it is classified (and protected) by RMS. Roger Hi Freddy,
thanks for your insights and comments. I am not sure whether we need to look at this trend being negative. I am convinced that it offers a lot of great opportunities for businesses to streamline what they do and get more efficient. So, the consumerization is something which can help us to drive motivation (I love my slate – do I absolutely need it to do my business? Well, I can justify it as I want to show the coolness of our technology…). Having cool products is a must these days (even though I would challenge the coolness of the iProducts but I am biased there )
Therefore let’s accept the fact that this is going to happen and start to work on integrating it. Therefore I would like to understand what is really needed from a risk management perspective.
To me, RMS is one of the key technologies in there as I can persistently protect the information. However, the management will want to access this information from any mobile/private/consumer device as well.
Thus the second piece (again from my point of view) has to be policy compliance. It would kind of be cool if I could use RMS not only with the user (who has access and can do what with which information) but to extend that to the device (… and only if the device fulfills these policies). That’s where we need to get to.
If I look at Microsoft IT, we build most of our defenses around the machines being domain joined. As long as you do that you can do more or less everything as Microsoft IT can enforce the policies and this works really well. When it comes to the phones, we need to enforce some policies and then technically we allow iPads and iPhones – politically this is a different discussion (I do not have an iPad or iPhone). BTW, Windows Phone 7 supports all Exchange Active Sync policies, except device encryption – obviously.
Persistent protection of information and policy compliance are the two key ingredients from what I see (including the identity/authentication piece). And interestingly, both would make our trip to the Cloud easier as well as we would finally understand the sensitivity of the data as it is classified (and protected) by RMS.
Roger

]]>