Ben Fathi: looking beyond Vista

Free Newsletters

Log-in | Register

Ben Fathi: looking beyond Vista Virtualization, application security high on post-Vista agenda
By InfoWorld Staff September 25, 2006			E-mail Printer Friendly Reprints Slashdot It!

It’s not easy being Ben Fathi. As corporate vice president of Microsoft’s Security Technology Unit, Fathi took the place of longtime STU leader Mike Nash in March amid a larger management shake-up just days after Microsoft announced that the shipment date for Vista was slipping yet again. After Nash’s high-profile tenure, Fathi’s charge is more subtle: building what he calls a “trust ecosystem” around Vista and its new security features and promoting the company’s secure development practices. But first he must help get Vista out the door. Fathi sat down to talk with InfoWorld Senior Editor Paul Roberts at the recent Security Standard Conference in Boston about Vista’s progress, and the world after Vista.

Free IT resource

Open Source Business Conference (OSBC) May 22-23, 2007

Sponsored by Microsoft

InfoWorld: Recently there’s been some back and forth with Symantec about issues such as Vista’s Kernel Patch Protection feature for 64-bit systems, as well as some public criticism of Vista code for having security holes. What should enterprise folks make of that?

Ben Fathi: First, on the paper Symantec published: We thank them for their input. I think it’s unusual for a partner to go public with a paper like this on a beta product, but they did identify a few issues. To the best of my knowledge, all those were already fixed in more recent beta releases. We love to hear feedback on beta products. That’s why we’re in beta. It’s a test. We’ll fix them as long as they report them to us.

As for the kernel patching, we fundamentally believe that the current model of kernel patching is broken and not sustainable. We never recommended it or supported it on any version of our operating systems. As we’ve been telling our vendor partners, this is the only chance we have, as 64-bit computing becomes available, to start with a clean architecture and build on top of that. We want to work with you to find ways to extend the kernel functionality by having a clean architecture, APIs, and filters. … instead of patching instructions and data structures in the kernel. In the long term, what we want to do is move a lot of these functionalities to a hypervisor that sits under the kernel to make the kernel even smaller and the trusted computing base even more secure. We still have a window of opportunity here. … and we’re working with two or three vendors in the space to come up with that kind of architecture.

One of the other comments that’s been made is that [Kernel Patch Protection] is anti-trust. That we’ll go back in with our own products and get around it. That’s absolutely not true. We’d never do that.

IW: You recently patched a beta version of Vista. Is it a bad sign that you’re patching beta Vista?

BF: I believe that Vista is significantly more secure than any version of XP or anything else we’ve shipped in the past. Just SDL (secure development lifecycle) in general and the process of penetration testing and hardening kernel services. These all created a stronger, defense in depth strategy. What I would say is, Yeah, there will be patches and vulnerabilities as we move forward. What we’re hoping is that by creating these layers of defense, we’re giving customers, especially enterprise customers, a longer time to test and make sure things are not broken.

IW: Do you see your job description and responsibilities changing after Vista?

BF: There are six different areas that we call “Big Bets” that have been identified in my division. I will mention two. The first, Application ID, is a way to identify an application that includes an executable, the library it uses, configuration files, registry settings, any patches that are applied to it. So you’ll have a cryptographically signed version of the application, and you’ll be able to identify that and whitelist or blacklist that.

When we talk about a trust ecosystem today, the ability to trust people based on an ID and trust machines based on an ID, we can’t do that with applications. If it’s called powerpoint.exe, we go and run it. So having strong IDs based on the application and [making] sure they haven’t been tampered with after download is an important investment for us.

The second area is isolation. Creating guest operating systems that sit on top of hypervisors allow us to create better isolation mechanisms so that even if malware comes in, it only affects one subset of the machine and not everything else. We’ve done some great work on server hypervisors and server virtualization. We need to extend that to the client. We’re seeing partners do that already, and so we’re going to invest in that space.

E-mail

Printer Friendly

Reprints

Slashdot It!

TOP NEWS:

» Four quick tips for choosing an IM security product
71 percent of businesses will invest in real-time messaging this year. If you're one of them, be sure to protect your enterprise

» Forrester analysts ID hot IT jobs
Research group finds 16 IT roles with a promising future

» Nvidia claims 10 hours of HD video on Tegra chip
The Tegra 600 and 650 can be used with hard disk drives and are designed partly for mobile Internet devices

» Database vendors add Google's MapReduce
Greenplum and Aster Data Systems will support Google's programming technique, developed for parallel processing of large data sets across commodity hardware

» Network management: Tips for managing costs
New technologies, changing requirements, and ongoing equipment maintenance and upgrades cost money, but there are ways to manage expenses

» EMC targets SMBs, branch offices with new low-end storage
Celerra NX4 highlights include thin provisioning, snapshot technology for data recovery and backups, and Web-based console for management of storage volumes

SLM AND BSM: THE FUTURE OF IT MANAGEMENT. ARE YOU READY?
Driven by globalization and competition, businesses increasingly look to IT to enable them to quickly adapt to changing business conditions, speed the delivery of products and services, and automate processes, all at lower costs. Additionally, service quality and positive customer experiences are also top priorities. The only way to meet these expectations is to cohesively manage IT-across the enterprise-from a business service point-of-view.

» Click here to view this Webcast

Virtualization Solutions Guide
This comprehensive IT Strategy Guide covers Virtualization and puts you at the forefront of the discussion. You'll learn all you need to know from the cost of virtualization, how to implement it for your business, how to back it up safely and which products are best. Sponsored by Riverbed

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

The Enterprise Mobile Messaging Benchmark Report - In this report Aberdeen takes an in-depth look at how best-in-class organizations are using mobile messaging to improve ...
Choosing the Right CMDB: Smart Considerations for Strategic Decision Makers - Drawing on industry-leading research, this white paper discusses: -The strengths and limitations of CMDBs based on relational...
Increasing ROI and Reducing the Risks of Your Application Portfolio - APM solutions help IT executives evaluate the benefits, costs, and risks associated with each application while maximizing...
The Future of IT in a Flat World: CMDBs, Automation, and the IT Value Chain - In coming years, as IT becomes more closely aligned with business, IT will be expected to change its products and services...
A New Breed of Data Warehouse - This white paper looks at some of the key challenges organizations face in getting the most out of their enterprise data...
A Board Room View: Understanding Your CMDB Project's ROI - Targeted at IT executives responsible for both the financial and ultimate project oversight of an enterprise CMDB initiative...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

FIND PRODUCTS AND COMPANIES

» COMPLETE PRODUCT GUIDE

TECHNOLOGY INDEX

• Applications
• Application Development
• Security
• Networking
• Wireless
• Platforms
• Hardware
• Data Management
• Storage
• Web Services
• Business
• Telecom
• Professional Services
• Standards

TECH WATCH

What's the 411 on GOOG-411?
Just as Google has become synonymous with "performing a Web search," 411 is understood to mean "information" -- as in "what's the 411?" I was thus surprised to discover, from a billboard, no less, that the king of search is taking on the ...

Apple HTML source reveals 'iPhone Extreme'
"This one's a stretch..." reports AppleInsider. Um, yeah. Reporting on HTML code sightings of product names could be called a stretch, but iPhone Extreme has a ring to it. Now, that sounds like the product Apple should have released first, rather ...

COLUMNISTS

Unified under law

(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...

» MORE COLUMNISTS

MORE INFOWORLD BLOGS

Open Sources

Product Management
When I joined MySQL four years ago, there was quite a lot of debate about product management. We didn't actually have ...

Zero Day

Botnet herders tending smaller flocks
New research backs up the theory that botnet operators are keeping their networks smaller in a continued effort to keep ...

• Advice Line
• Database Underground
• The Deep End
• Enterprise Mac
• Geeks in Paradise
• Grid Meter
• The Gripe Line
• InfoWorld Daily
• Inside IT
• IT Troubleshooter
• ITXtreme
• Open Sources
• ProdBlog
• Real World SOA
• Reality Check
• Security Adviser
• SMB IT
• The Storage Network
• Tech Watch
• Virtualization Report
• Zero Day

RESOURCE CENTER	advertisement
Ads by techwords beta See your link here

GOVERNMENT IT & POLICY
•	'If you don't go after the network, you're never going to stop these guys. Never.'
•	From the State Department, All the News for Inquiring Minds
•	TechPresident, the Internet Citizenry's New Consensus Taker

Sponsored Technology Links
Oracle - Top 3 Ways to Cut Costs in 2009 with Oracle Content Management AMD - See the power of the new Quad-Core AMD Opteron(TM) processor ASG Software - Transform your IT Organization now! AT&T - The Top 10 Best Practices for Server Virtualization Planning ISC2 - Network Security Solutions Guide Infoblox - The Costs and Impacts of DNS and IP Address Management AMD - Learn how the new Quad-Core AMD Opteron(TM) processor improves performance Riverbed - Virtualization Solutions Guide Armstrong - Delivering Actionable Enterprise Architecture AT&T - AT&T Business Continuity Survey on Risk Management AT&T - New from AT&T: Discover Fixed-Mobile Convergence Now AT&T - AT&T Article: Reinventing the Telephone with VoIP HP - HP StorageWorks products-control, consolidation and confidence. Vision Solutions - Solving Downtime Challenges to Manufacturing and Supply Chain Operations Oracle - The Top Three Ways to Cut Costs in 2009 HP - Predict the future with HP Insight Power Manager Rackspace - The True Value of a Hosting Provider HP - Affordable technology-no compromise. HP server solutions. Motorola - The Enterprise Mobile Messaging Benchmark Report AT&T - Machines That Speak: The Machine-to-Machine Wireless Network Data Domain - IDC Workbook: Assess the Value of Deduplication for your Storage Consolidation Initiatives InterSystems - Development, integration, BPM, and BAM together in Ensemble AMD - The Future is Fusion. Only from AMD. Learn more. Vision Solutions - Real-Time, On-Demand Information for Business Intelligence and Data Integration (ISC)2 - I'm an SSCP Go-To Guy. See what I do. Click here! Villanova University - Increase Your Educational Bandwidth While Saving up to $945!		Zenprise - How to Manage BlackBerry on a Tight Budget Samsung Printing Solutions - control workflow, costs and operations Check Point - Check Point Endpoint Security White Paper Get to know - BlackBerry Professional Software-find out more Oracle - Oracle Universal Content Management Oracle - Information Workplace Platforms: Oracle vs. Microsoft Oracle - Performance Monitor: ERP at the Speed of Light Dell Equallogic - Comprehensive Data Protection and Disaster Recovery Sony - Discover the advantages of Sony LTO media at sony.com/lto. Sun - Virtual Machines: Sun's xVM Virtualization Portfolio Verisign - The Latest Advancements in SSL Technology CA - Plan IT better, Manage IT better. CA - Manage your IT more effectively. Intel - Processor-enabled Virtualization. That's IT as it should be. Microsoft - Get the virtualizing power of Windows Server 2008 with Hyper-V Microsoft - Microsoft SQL Server 2008. Read Case Studies & Try for Free Microsoft - Learn about the software-based VoIP solution from Microsoft. AT&T - Securing the Converged Enterprise I AT&T - Securing the Converged Enterprise II AT&T - An AT&T White Paper: Enterprise IPTV Solution AT&T - An AT&T Article: When Content is King AT&T - Maximizing Mobility in Communications AT&T - The Spirit of Innovation: 100 IT Leaders Speak Out Oracle - Nucleus Report: Who's ready for SMB? Adobe - Delivering On The Promise Of eLearning MKS - Get Power and Simplicity of UNIX while working in Windows Qwest - Learn how Qwest voice and data solutions can save you time.

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist