Search
Sponsors
| 05 Jun '07 - 15:42 | | news source ~ In-House Teched 2007: Bloggers Breakfast
Techlog was invited to a Bloggers Breakfast this morning at Teched 2007. Just like the International Roundtable yesterday, there were no pre-defined subjects other then it should be security related. Vinny Gullotto, general manager of the Security research and response division at Microsoft, answered questions. There were two main themes; UAC and spam. Here is a short summary:User Account Control
The discussion went about the multiple prompting of UAC on Vista, the main reason why people disable it. Jeff from Windows Connected suggesting to tie in the Spynet features of Defender to reduce prompting. This way, a similar rating could be established for "known" apps, reducing the prompts.
Vinny commented that other ways could also help like digital signatures (checking hash signatures) and an agent to the box, allowing for updates. Vinny commented that there are internal investigations to those techniques, but no planning or decisions have been made. Microsoft told that the number of prompts will be reduced on Windows Server 2008, due to the fact that it would be unlikely that users are interactively working on servers.
Antispam
The second half of the hour went about spam and how to deal with that. Microsoft talked about the fact that this would really not be solvable with the current underlying outdated infrastructure of IPv4 and email. Moving to IPv6 or IPsec as transport, would help significantly. Jeff added to the conversation that Instant Messaging (IM) could also help. IM has a explicit level of trust, sender verification and adds message delivery status.
Companies could start using federated IM as a (partial) solution to the spam problem. Other bloggers suggested using mandatory filtering at ISP's or authenticating email. Vinny commented that the real shift in paradigm would come from an IPv4-IPv6 migration.