Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts by Oliver Friedrichs remove filter
Cybercrime and the Electoral System
Oliver Friedrichs | 07 Oct 2007 | 0 comments

Last Friday I had the opportunity tomoderate a panel - Political Phishing – A Threat to the 2008 Campaign?- held as part of the Anti-Phishing Working Group eCrime Researchers Summit hosted by Carnegie Mellon CyLabin Pittsburgh, PA. Our panelists were Rachna Dhamija from HarvardUniversity, Chris Soghoian from Indiana University , and Pat Clarke ofJackson/Clark Partners. We had some great discussion on the potentialimpact of Internet-borne threats to the upcoming US PresidentialElection. The timing could not have been more appropriate. As theprimaries get closer, and the Internet continues play a central role infundraising and communication, the likelihood of Internet-borne threatsimpacting the election increases.

It also happens that this subject is one that I had myself beenresearching as part of another effort – a soon to...

Read more
Vista Research Overview
Oliver Friedrichs | 28 Feb 2007 | 0 comments

Last July, I discussed how Windows Vista™ was one of the mostimportant technologies that we would see in 2007. Last year, SymantecAdvanced Threat Research released four research papers on the then betaversion of Windows Vista. These papers provided a security analysis ofthe new Windows Vista network stack, user-mode security defenses,kernel-mode security technologies, and the Teredo protocol—a key IPv6over IPv4 transition technology in Vista. Being one of the firstthird-party assessments on the progression of Windows Vista security,these papers were extremely well received in the technology industry.

Fast forward to today, and Windows Vista has now been released tobusinesses and consumers alike. Throughout its release, Symantec hastracked the evolution of Vista very closely and continued to assess itspotential in defeating today’s attackers. We’ve documented our findingsin a series of six research papers that are being released in thecourse of the next week. The goal of this...

Read more
Vista Research Overview
Oliver Friedrichs | 28 Feb 2007 | 0 comments

Last July, I discussed how Windows Vista™ was one of the mostimportant technologies that we would see in 2007. Last year, SymantecAdvanced Threat Research released four research papers on the then betaversion of Windows Vista. These papers provided a security analysis ofthe new Windows Vista network stack, user-mode security defenses,kernel-mode security technologies, and the Teredo protocol—a key IPv6over IPv4 transition technology in Vista. Being one of the firstthird-party assessments on the progression of Windows Vista security,these papers were extremely well received in the technology industry.

Fast forward to today, and Windows Vista has now been released tobusinesses and consumers alike. Throughout its release, Symantec hastracked the evolution of Vista very closely and continued to assess itspotential in defeating today’s attackers. We’ve documented our findingsin a series of six research papers that are being released in thecourse of the next week. The goal of this...

Read more
A Reality Check on PatchGuard
Oliver Friedrichs | 11 Oct 2006 | 0 comments

I have to say that it is not surprising to see that Microsoft is countering the claims (that Symantec, McAfee, and others are making) that Windows Vista will hinder innovation, while putting consumers at risk. In fact, I think that it is to be expected. Some of the arguments that are being put forth in their favor are rather uninformed, exceptionally broad, and disingenuous. They have been presented in such a way as to position security vendors as though we have for decades preyed on the weak and stolen from the poor and with the emergence of Windows Vista, freedom from this tyranny is in sight. The reality is, we offer a real service—protection from real threats that will otherwise result in real losses—and this is by no means a protection racket. In any case, it’s not my intent to try and dissuade that part of the population that really thinks this; but, I will try to offer some insight to those who would consider themselves technologists.

It is important to remember that...

Read more
Assessment of Vista Kernel Mode Security
Oliver Friedrichs | 08 Aug 2006 | 0 comments

The Windows Vista operating system launches one of the most aggressive assaults on kernel mode security threats seen to date; even when compared to those capabilities seen in Mac OS X, Linux, and many UNIX variants. Microsoft is using a number of new security technologies in order to accomplish this:

• Driver signing (mandating digital signatures on all drivers)
• PatchGuard (protecting key kernel data structures – on 64-bit Windows)
• Kernel-mode code integrity checks (validating kernel component hashes)
• Optional support for Secure Bootup using a TPM hardware chip
• Access to \Device\PhysicalMemory blocked from user-mode

Our new paper, Windows Vista Kernel Mode Security takes a detailed look at the Vista boot process and these new security technologies. It also discusses techniques by which driver signing and...

Read more
Windows Vista: Security Model Analysis
Oliver Friedrichs | 31 Jul 2006 | 0 comments

Following closely on the heels of the release of our first publicly available research paper, I am very pleased to present our second paper: Windows Vista Security Model Analysis. In this paper, we have taken a detailed look at the new user account protection (UAP) and user interface privilege isolation (UIPI) capabilities that form the basis of Vista’s new security model.

From our research paper's abstract:

This paper provides an in-depth technical assessment of the security improvements implemented in Windows Vista, focusing primarily on User Account Protection and User Interface Privilege Isolation. This paper discusses these features and touches on several of their shortcomings. It then demonstrates how it is...

Read more
Windows Vista: Network Attack Surface Analysis
Oliver Friedrichs | 17 Jul 2006 | 0 comments

I think that it goes without saying that Windows Vista is one of the most important technologies that we will see in the next year. With current versions of Windows appearing on well over 90% of desktop systems, Vista will undoubtedly become the dominant operating system within a few years. The appearance of Windows Vista gives Symantec an interesting opportunity to both perform new research, and to publish the findings of that research. First of all, Vista is a beta operating system, meaning that it is changing at an extremely rapid pace; bugs are getting fixed, and in some cases new ones are introduced. Second, there is more freedom to discuss it because it is being made available explicitly for this purpose (to undergo testing and scrutiny).

With that said, I am very happy to present the Symantec Advanced Threat Research team’s first publicly available research paper: Windows...

Read more
The Symantec Advanced Threat Research Team
Oliver Friedrichs | 16 Jul 2006 | 0 comments

Since this is my first Symantec blog entry, I’d like to start things off by giving you some insight into our Advanced Threat Research team, which is a part of the Security Response group here at Symantec. We are responsible for generating all of Symantec’s protection content, which includes antivirus definitions, intrusion detection signatures, spam analysis, phishing site analysis, DeepSight early warning, and vulnerability alerts. Any content that is delivered through LiveUpdate or that drives the protection of Symantec products is delivered by Security Response.

The Advanced Threat Research team has the sole responsibility of researching new and emerging technologies and identifying how those technologies can be attacked. Our goal is fairly simple: to identify areas where attackers will strike next. There is no shortage of things to research, but we are interested specifically in those technologies and threats that will make the most impact within the...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,791