session 2 – security and application compatibility nametitlecompany your city mvp – product...
TRANSCRIPT
Session 2 – Security and Application Compatibility
NameTitleCompanyYour CityMVP – Product Arreahttp://blogaddress
2 2
Investments in Security Development Lifecycle paying results
Windows XP SP2 Windows Vista
66
119157
242
400
Fewer High Security Vulnerabilities in Year
1
60% Fewer Malware Infections Than Windows
XP SP2
Mac OS X 10.4
Ubuntu 6.06 LTS
Red HatEL4WS
Reduced
Windows Vista Security
3
Deployment Investments For Windows Vista Carry Forward
Application and device compatibility core tenets are unchanged between Windows Vista and Windows 7
System image management tools and processes
are consistent for both operating systems
Deployment tools developed for Windows Vista will carry forward to Windows 7 with incremental updates
Post-deployment desktop management leverages the same tools and processes for both operating systems
4
Enhance Security & Control
Protect Users & Infrastructure
AppLocker™ (Windows 7 Enterprise) controls what applications runInternet Explorer 8 helps keep users safe online
Protect Data on PCs & Devices
BitLocker To Go™ (Windows 7 Enterprise) protects data on removable drivesBitLocker™ simplifies encryptions and key management for all drives
Build on Windows Vista Security Foundation User Account Control prompts
lessSecurity Development Lifecycle for defense in depth 4
5
Situation Today
Data ProtectionEnhance Security & Control
Protect data on internal and removable drivesMandate the use of encryption with Group PoliciesStore recovery information in Active Directory for manageability Simplify BitLocker setup and configuration of primary hard drive
BitLocker To Go™ (Windows 7 Enterprise)
+
2007 2008 2009 2010 20110
200400600800
10001200 Removable Solid-
State Storage Shipments
PCShipments
Worldwide Shipments (000s)
• Gartner “Forecast: USB Flash Drives, Worldwide, 2001-2011” 24 September 2007, Joseph Unsworth
• Gartner “Dataquest Insight: PC Forecast Analysis, Worldwide, 1H08” 18 April 2008, Mikako Kitagawa, George Shiffler III
Windows 7 Solution
5
6
Security
Security Improvement of PCs and Confidential Data
Windows Vista has proven to be more secure than any other OS including previous version of Windows.
Product CapabilitiesRemove Unnecessary Administrator Privileges: UAC, IE Protected Mode.Protect data on lost or stolen PCs: BitLocker Drive Encryption.
Evidence62% less vulnerabilities than our closest competitor (H1 2008)
Windows Vista had 20% less vulnerabilities than XP SP2 since Launch.
56% less malware than Windows XP SP2.
Vista XP
Vulnerabilities 66 82
Critical Vulnerabilities 29 50
“We don’t ship computers to our users with full administrative privileges anymore,” says Douglas Kotulski, network services and support manager for Trek Bicycle.“The operating system has all kinds of new options for data encryption and protection of USB ports, to help us safeguard patient data on employee laptop computers,” say Eric Walraven, IT Manager at Vanboeijen.
Customer Example
Microsoft
Ubuntu
Red Hat
Apple
Vulnerabilities 58 153 292 222
7
Windows 7 Builds On Windows Vista Tools To Resolve Issues Quicker
Keep Users Productive Richer support tools
Reliability MonitorReliability data is exposed via APIs for remote collectionIntegration of Reliability Monitor and Problem Reports and Solutions to better correlate system changes and events
Resource MonitorSysInternals Process Explorer features integrated into Resource Monitor for clearer identification of process issues
Windows Recovery EnvironmentWindows Recovery Environment (WinRE) easily deployed via normal setup on all PCs Restore to OEM or IT image without data loss or reimage with recent system backup
System Restore Users will now be able to view the list of software changes before rolling their PC back Restore points will be available from system backups allowing users to roll-back to a point further back in time
Problem Steps RecorderUsers can record steps taken when an issue occurs, giving help desk screen shots and comments to help resolve issues
8
Windows 7 Solution
Application ControlSituation Today
Eliminate unwanted/unknown applications in your networkEnforce application standardization within your organizationEasily create and manage flexible rules using Group Policy
AppLockerTM
Users can install and run non-standard applicationsEven standard users can install some types of softwareUnauthorized applications may:
Introduce malwareIncrease helpdesk callsReduce user productivityUndermine compliance efforts
10
AppLockerTM
Technical Details
Simple Rule Structure: Allow, Exception & DenyPublisher Rules
Product Publisher, Name, Filename & VersionMultiple Policies
Executables, installers, scripts & DLLsRule creation tools & wizardAudit only mode
AppLockerTM – EnterpriseLegacy SRP – Business & Enterprise
11
Policy Versus Preference
POLICIES
Restrict users from changing
Highest precedence
Specific registry locations
PREFERENCES
User may change
No need to be policy-aware
No tattooing!
IMAGING
Deployment Image Servicing
and Management
Add/Remove Drivers and Packages
WIM and VHD Image Management
MIGRATION
User State Migration Tool
Hardlink Migration
Offline File Gather
Improved user file detection
SOLUTIONS
Microsoft Deployment Toolkit
Application Compatibility Toolkit
Microsoft Assessment and Planning
DELIVERY
Windows Deployment Services
Multicast
Multiple Stream Transfer
Dynamic Driver Provisioning
Conclusion
13
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED
OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.