Microsoft unveils Microsoft Security Copilot agents and new protections for AI
Learn about the upcoming availability of Microsoft Security Copilot agents and other new offerings for a more secure AI future.
Latest posts
The Trouble with Threat Modeling
Adam Shostack here. I said recently that I wanted to talk more about what I do. The core of what I do is help Microsoft’s product teams analyze the security of their designs by threat modeling. So I’m very concerned about how well we threat model, and how to help folks I work […]
Is it safe to install ActiveX controls on my computer?
A lot of you have recently asked us about ActiveX controls. Here’s an example of a message you might have seen: What are ActiveX controls? ActiveX controls are small programs, sometimes also called “add-ons,” used on the Internet. They can make browsing more enjoyable by allowing animation or they can help with tasks such as […]
STRIDE chart
There are good reasons to optimize for different points on that spectrum (of better/faster/cheaper) at different times in different products.
How to tell if Windows Defender is installed on your computer
Windows Defender is an antispyware program from Microsoft that helps protect you from spyware, pop-up windows, and other unwanted software. It’s free to download for Windows XP users and it comes with Windows Vista. To check whether Windows Defender is already installed on your computer: 1. Click Start and then click All Programs. 2. Look […]
Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
Windows Defender for Windows Vista
Some of you have been asking about whether or not you should download Windows Defender. Here’s the short answer: Windows Defender comes with Windows Vista. If you use Windows Vista, do not download Windows Defender. What is Windows Defender? Windows Defender is a free program from Microsoft that helps protect your computer against pop-ups, slow […]
Testing in the SDL
“You can’t test quality in.” It’s a truism coined long ago and an accepted fact of software development. Yet, for security, testing is arguably the most talked about aspect of the Security Development Lifecycle (SDL). When we get security wrong, the first criticism we almost always hear is, “Didn’t you guys test this thing?” It […]
What is a cookie?
Cookies are small files that Web sites put on your computer hard disk drive when you first visit. Think of a cookie as an identification card that’s uniquely yours. Its job is to notify the site when you’ve returned. Cookies should not be confused with viruses. While it is possible to misuse a cookie in cases where […]
Common Objections – Comparing Linux Distros with Windows
Once again, my effort to explore common misperceptions (more recently exploring unpatched statistics) has brought out some of the common objections from those that don’t necessarily like the results. Very rarely do I get comments that can find a substantive problem with the analysis – instead the arguments tend to be detailed variations of “your comparison […]
Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
Linus’s Law aka “Many Eyes Make All Bugs Shallow”
How many of you have heard “many eyes make all bugs shallow”? My guess is that many of you have and that it may have been in conjunction with an argument supporting why Linux and Open Source products have better security. For example, Red Hat publishes a document at www.redhat.com/whitepapers/services/Open_Source_Security5.pdf, which they commissioned from TruSecure […]
The Importance of the “Evaluated Configuration” in Common Criteria Evaluations
How many of you have heard of the Common Criteria ? If you’ve ever done security work with government, you probably have. If not, then possibly not. Either way, read on and I’ll give you my own view, including some of the barnacles clinging to the hull of the general program. Common Criteria Background Way […]
Washington Post – A Time to Patch III: Apple
You’ve probably already read Brian Krebs article A Time to Patch III: Apple, but if you haven’t, I encourage you to read it and read the various responses he received – the responses run the gamut of Linux advocates (“You do understand that Mac OS X is not a version of Linux, and is not […]