Session 2 – Security and Application Compatibility

NameTitleCompanyYour CityMVP – Product Arreahttp://blogaddress

2 2

Investments in Security Development Lifecycle paying results

Windows XP SP2 Windows Vista

66

119157

242

400

Fewer High Security Vulnerabilities in Year

1

60% Fewer Malware Infections Than Windows

XP SP2

Mac OS X 10.4

Ubuntu 6.06 LTS

Red HatEL4WS

Reduced

Windows Vista Security

3

Deployment Investments For Windows Vista Carry Forward

Application and device compatibility core tenets are unchanged between Windows Vista and Windows 7

System image management tools and processes

are consistent for both operating systems

Deployment tools developed for Windows Vista will carry forward to Windows 7 with incremental updates

Post-deployment desktop management leverages the same tools and processes for both operating systems

4

Enhance Security & Control

Protect Users & Infrastructure

AppLocker™ (Windows 7 Enterprise) controls what applications runInternet Explorer 8 helps keep users safe online

Protect Data on PCs & Devices

BitLocker To Go™ (Windows 7 Enterprise) protects data on removable drivesBitLocker™ simplifies encryptions and key management for all drives

Build on Windows Vista Security Foundation User Account Control prompts

lessSecurity Development Lifecycle for defense in depth 4

5

Situation Today

Data ProtectionEnhance Security & Control

Protect data on internal and removable drivesMandate the use of encryption with Group PoliciesStore recovery information in Active Directory for manageability Simplify BitLocker setup and configuration of primary hard drive

BitLocker To Go™ (Windows 7 Enterprise)

+

2007 2008 2009 2010 20110

200400600800

10001200 Removable Solid-

State Storage Shipments

PCShipments

Worldwide Shipments (000s)

• Gartner “Forecast: USB Flash Drives, Worldwide, 2001-2011” 24 September 2007, Joseph Unsworth

• Gartner “Dataquest Insight: PC Forecast Analysis, Worldwide, 1H08” 18 April 2008, Mikako Kitagawa, George Shiffler III

Windows 7 Solution

5

6

Security

Security Improvement of PCs and Confidential Data

Windows Vista has proven to be more secure than any other OS including previous version of Windows.

Product CapabilitiesRemove Unnecessary Administrator Privileges: UAC, IE Protected Mode.Protect data on lost or stolen PCs: BitLocker Drive Encryption.

Evidence62% less vulnerabilities than our closest competitor (H1 2008)

Windows Vista had 20% less vulnerabilities than XP SP2 since Launch.

56% less malware than Windows XP SP2.

Vista XP

Vulnerabilities 66 82

Critical Vulnerabilities 29 50

“We don’t ship computers to our users with full administrative privileges anymore,” says Douglas Kotulski, network services and support manager for Trek Bicycle.“The operating system has all kinds of new options for data encryption and protection of USB ports, to help us safeguard patient data on employee laptop computers,” say Eric Walraven, IT Manager at Vanboeijen.

Customer Example

Microsoft

Ubuntu

Red Hat

Apple

Vulnerabilities 58 153 292 222

7

Windows 7 Builds On Windows Vista Tools To Resolve Issues Quicker

Keep Users Productive Richer support tools

Reliability MonitorReliability data is exposed via APIs for remote collectionIntegration of Reliability Monitor and Problem Reports and Solutions to better correlate system changes and events

Resource MonitorSysInternals Process Explorer features integrated into Resource Monitor for clearer identification of process issues

Windows Recovery EnvironmentWindows Recovery Environment (WinRE) easily deployed via normal setup on all PCs Restore to OEM or IT image without data loss or reimage with recent system backup

System Restore Users will now be able to view the list of software changes before rolling their PC back Restore points will be available from system backups allowing users to roll-back to a point further back in time

Problem Steps RecorderUsers can record steps taken when an issue occurs, giving help desk screen shots and comments to help resolve issues

8

Windows 7 Solution

Application ControlSituation Today

Eliminate unwanted/unknown applications in your networkEnforce application standardization within your organizationEasily create and manage flexible rules using Group Policy

AppLockerTM

Users can install and run non-standard applicationsEven standard users can install some types of softwareUnauthorized applications may:

Introduce malwareIncrease helpdesk callsReduce user productivityUndermine compliance efforts

9

Application Compatibility Toolkit and Security Demos

Windows Vista to Windows 7

demo

10

AppLockerTM

Technical Details

Simple Rule Structure: Allow, Exception & DenyPublisher Rules

Product Publisher, Name, Filename & VersionMultiple Policies

Executables, installers, scripts & DLLsRule creation tools & wizardAudit only mode

AppLockerTM – EnterpriseLegacy SRP – Business & Enterprise

11

Policy Versus Preference

POLICIES

Restrict users from changing

Highest precedence

Specific registry locations

PREFERENCES

User may change

No need to be policy-aware

No tattooing!

IMAGING

Deployment Image Servicing

and Management

Add/Remove Drivers and Packages

WIM and VHD Image Management

MIGRATION

User State Migration Tool

Hardlink Migration

Offline File Gather

Improved user file detection

SOLUTIONS

Microsoft Deployment Toolkit

Application Compatibility Toolkit

Microsoft Assessment and Planning

DELIVERY

Windows Deployment Services

Multicast

Multiple Stream Transfer

Dynamic Driver Provisioning

Conclusion

13

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED

OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.