[LINK] Visiting Microsoft HQ to talk security: what should I ask?
dlochrin at d2.net.au
Wed May 5 14:23:53 AEST 2010
On Wednesday 05 May 2010 12:57, Stilgherrian wrote:
> There's a lot to cover here, so what should I be looking at, do
> you think? The security of Windows Server, or Windows 7, or of
> Microsoft's cloud services? Privacy issues? The fight against
> foreign governments, criminals and child abusers? Viruses and
> malware? Identity and authentication? What? You tell me!
It would be interesting to get some insights into their architectural approach to security which might survive the next update of Windows, as distinct from the low level bits&bytes issues.
- Are there different design approaches to different types of security issues? I have in mind network-level security, application-level security (e.g. the all too common buffer-overflow problem), and user-level security (e.g. the "social engineering" problem)? Where do the tradeoffs occur?
For example, there's a tradeoff between network security, application flexibility, and configuration complexity, especially given that most users do not have the expertise to configure a firewall.
And there's another tradeoff between tight user-level security, personal user responsibility, and user education.
- How do Microsoft approach security vis-a-vis privacy? An O/S which offers high network security but also incorporates unstated backdoor access and phone-home reporting for certain organisations should not be considered "secure". It isn't secure from the view of the user.
Just my 2c...
More information about the Link