Thursday, May 21, 2009
Wanna test Windows 7 RC?
I can BURN it onto DVD disk, and post it to you for USD$15. yeah the cost of postage and stuff. ANYWHERE IN THE WORLD.
Sorry cant send it to outer space.
My PAYPAL registered email is: firstname.lastname@example.org
Windows 7 Security Enhancements
Security Viewpoint – March 2009
See other Security Viewpoint columns
By Paul Cooke, Director, Windows Client Enterprise Security, Microsoft Corporation
Security is still a top concern for IT professionals; now that Windows® 7 Beta is available, questions regarding what Microsoft has done with the Windows 7 operating system abound. There is a lot of ground to cover—more than we can in a brief article— but there are three primary topics that merit our focus here.
* Windows 7 is built upon the security foundations of the Windows Vista® operating system while improving auditing and the User Account Control (UAC) experience.
* Windows 7 helps IT control what software can run in their environment with AppLocker™.
* Windows 7 enhances the core features of BitLocker™ Drive Encryption with the introduction of BitLocker To Go™ for removable storage devices.
Let’s take a look at each of these in a little more detail.
Fundamentally Secure Environment
Windows 7 builds upon the strong security lineage of Windows Vista and retains and builds upon the development processes and technologies that have made Windows Vista the most secure version of the Windows client to date. Fundamental security features such as Kernel Patch Protection, Service Hardening, Data Execution Prevention, Address Space Layout Randomization, and Mandatory Integrity Levels continue to provide enhanced protection against malware and attacks. Windows 7 has been designed and developed using the Microsoft Security Development Lifecycle (SDL), and it is engineered to support Common Criteria requirements to achieve Evaluation Assurance Level 4 certification and meet Federal Information Processing Standard 140-2.
Windows 7 provides enhanced audit capabilities to make it easier for an organization to meet its regulatory and business compliance requirements. Audit enhancements start with a simplified management approach for audit configurations and end with greater visibility into what occurs in your organization. For example, Windows 7 provides greater insight into understanding exactly why someone has received or been denied access to specific information, as well as visibility into the changes made by specific people or groups.
Streamlined User Account Control
User Account Control (UAC) was introduced in Windows Vista to help legacy applications run with standard user rights and help ISVs adapt their software to work well with standard user rights. Windows 7 continues the investment in UAC with specific changes to enhance the user experience. These changes include reducing the number of operating system applications and tasks that require administrative privileges and providing a flexible consent prompt behavior for users who continue to run with administrative privileges. As a result, standard users can do even more than ever before and all users will see fewer prompts.
Windows 7 re-energizes application control policies with AppLocker, which is a flexible, easy-to-administer mechanism that allows IT to specify exactly what is allowed to run in the desktop infrastructure and gives users the ability to run applications, installation programs, and scripts that they require to be productive. As a result, IT can enforce application standardization within their organization while providing security, operational, and compliance benefits.
AppLocker provides a simple and powerful structure through three rule types: “allow,” “deny,” and “exception.” Allow rules limit the execution of applications to "known good" applications and block everything else. Deny rules take the opposite approach and allow the execution of any application except those on a list of “known bad” applications. While many enterprises will likely use a combination of allow rules and deny rules, the ideal AppLocker deployment would use allow rules with built-in exceptions. Exception rules exclude files from an allow/deny rule that would normally be included. Using exceptions, you can, for example, create a rule to “allow everything in the Windows operating system to run, except the built-in games.” Using allow rules with exceptions provides a robust way to build a “known good list” of applications without having to create an inordinate number of rules.
AppLocker introduces publisher rules that are based upon application digital signatures. Publisher rules make it possible to build rules that survive application updates because you can specify attributes such as the version of an application. For example, an organization can create a rule to “allow all versions higher than 9.0 of the program Acrobat Reader to run if it is signed by the software publisher Adobe.” Now when Adobe updates Acrobat, you can safely push out the application update without having to build another rule for the new version of the application.
AppLocker rules also can be associated with a specific user or group within an organization. This provides granular controls that allow you to support compliance requirements by validating and enforcing which users can run specific applications. For example, you can create a rule to “allow people in the Finance Department to run the Finance line of business applications.” This blocks everyone who is not in your Finance Department from running your finance applications (including administrators), but still provides access for those that have a business need to run the applications.
AppLocker provides a robust experience for IT administrators through new rule creation tools and wizards. Using a step-by-step approach and fully integrated Help, creating new rules, automatically generating rules, and importing / exporting rules is intuitive and maintenance is easy. For example, IT administrators can automatically generate rules using a test reference machine and then import the rules into a production environment for widespread deployment. The IT administrator can also export policy to provide a backup of your production configuration or to provide documentation for compliance purposes.
BitLocker and BitLocker To Go
Each year, hundreds of thousands of computers without appropriate safeguards are lost, stolen, or decommissioned. However, the loss or theft of data is not just a physical computer issue. USB flash drives, e-mail, leaked documentation, etc. all provide additional avenues through which data can fall into the wrong hands. Windows 7 addresses the continued threat of data leakage with manageability and deployment updates to BitLocker Drive Encryption and the introduction of BitLocker To Go, which provides enhanced protection against data theft and exposure by extending BitLocker support to removable storage devices.
BitLocker Drive Encryption (BitLocker for short) helps prevent a thief who boots another operating system or runs a software hacking tool from breaking Windows 7 file and system protections or performing offline viewing of the files stored on the safeguarded drive. Windows 7 BitLocker shares the same core benefits of Windows Vista BitLocker; however, the core functionality in Windows 7 BitLocker has been enhanced to provide a better experience for IT professionals and end users. For customers who did not deploy Windows Vista with the BitLocker-required two-partition disk configuration, repartitioning the drive to enable BitLocker was more cumbersome than it needed to be. Windows 7 automatically creates the necessary disk partitions during installation to greatly simplify BitLocker deployments. Another change in Windows 7 BitLocker is the ability to right-click on a drive to enable BitLocker protection.
Windows 7 BitLocker adds Data Recovery Agent (DRA) support for all protected volumes. A big ask from customers, DRA support allows IT to dictate that all BitLocker protected volumes (the operating system, fixed volumes, and the new portable volumes) are encrypted with an appropriate DRA. The DRA is a new key protector that is written to each data volume so that authorized IT administrators will always have access to BitLocker protected volumes.
BitLocker To Go extends BitLocker support to removable storage devices, including USB flash drives and portable disk drives. BitLocker To Go also gives administrators control over how removable storage devices can be utilized within their environment and the strength of protection that they require. Administrators can require data protection for any removable storage device on which users want to write data while still allowing unprotected storage devices to be utilized in a read-only mode. Policies are also available to require appropriate passwords, smart card, or domain user credentials to utilize a protected removable storage device.
BitLocker To Go can be utilized on its own, without requiring that the system partition be protected with the traditional BitLocker feature. Finally, BitLocker To Go provides read-only support for removable devices on older versions of the Windows operating system, which allows users to more securely share files with those who are still running Windows Vista and Windows XP with the BitLocker To Go Reader.
Whether traveling with your laptop, sharing large files with a trusted partner, or taking work home, BitLocker and BitLocker To Go help ensure that only authorized users can read the data, even if the media is lost, stolen, or otherwise misused.
Built upon the security foundation of Windows Vista, Windows 7 introduces a number of security enhancements to give users the confidence that Microsoft is continuing to find better ways to safeguard users’ IT investments as well as data. Businesses will benefit from enhancements that help protect company sensitive information, that provide stronger protections against malware, and that help secure access to corporate resources and data. End users can enjoy the benefits of computers and the Internet knowing that Windows 7 is using new technologies and features to safeguard privacy and personal information. Finally, all users will benefit from the flexible security configuration options in Windows 7—options that will help users achieve the unique balance of security and usability to meet their specific needs.
Heres what you need to have to run Windows 7:
* Internet access (to download Windows 7 RC and get updates)
* A PC with these minimum recommended specifications:
- 1 GHz 32-bit or 64-bit processor or higher
- 1 GB of system memory or more
- 16 GB of available disk space
- Support for DirectX 9 graphics with 128 MB memory (to enable the Aero theme)
- DVD-R/W Drive
Please note these specifications could change. And, some product features of Windows 7, such as the ability to watch and record live TV or navigation through the use of "touch," may require advanced or additional hardware.
Monday, August 27, 2007
A couple of weeks ago Debbie told me that her friend want a computer, and she was willing to pay it off at $10 a week. with $50 as deposit. So one Thursday afternoon I deliver the computer to Bridget's place. Bridget neighbour, Mel, come over and said she also want a computer. She gave me $50 as deposit there and then.
I told Mel that I dont have much time, can only deliver the next week.
So here she is, in front of the computer with her kids.
The day after, she rang me up saying that the CDROM drive doesnt work. I asked her what kind of disk was it? She said PC-CDROM. When I came over that night, I put in the CD and can install it perfectly. (It was a PC game.)
Heck, she doesnt know how to install a program..So I showed her how to install a program from disk.
Amazing how a simple computer can change people's lives.
You too can be part of this. You can contribute to this fund that I am working on, helping people to own computer... like Mel.
My Paypal email: email@example.com
Sunday, August 26, 2007
She is the first recipient of Computer in Homes Scheme. In my previous posting I explained the system, ie buy a secondhand computer for someone who would not be able to afford a computer, and let him/her pay it off at $10 per week.
Well, Debbie has been hankering for a computer ages ago. she couldnt afford to pay it cash, and hire purchase at Harvey Norman is impossible, given her credit rating and her low income.
So I let her pay it off at $10 per week.
So now she can use it to sell stuff on trademe, surf the net, and chat with friends. Her children benefit too. In fact that is the reason that she should qualify for this scheme, so that her children can be more confident with computer, and hopefully do better in school.
You can contribute too.
Just send some money into my paypal account: firstname.lastname@example.org
So that I can expand this scheme further, ie buy more computer, to sell to some other families and let them pay it off at $10 a week.
computer in homes
Saturday, August 25, 2007
Their children are behind in school because they cant do homework using computer at home.
For the past few months I have been assembling and put together second hand computer for a few people. And let them pay off at $10 week. A secondhand computer system might cost $300 to assemble, with keyboard, monitor and stuff ready to use.
So with limited amount that I have, I cannot afford to help many people. Cashflow and working capital problem. I had to wait for those whom I help to get computer to pay off before I can buy another computer.
Ideally this scheme that I am thinking off is self financing.
Let say that a computer system cost $400 each. So we sell this computer to Family A, and let them pay it off at $10 a week. It will take Family A 40 weeks to pay it off before we can get our initial capital to buy another computer to help Family B.
So here we go.
I am asking you, yes you the readers to donate some money, so that I can use the money to help others.
In the next few days I will post the pictures and families who has been benefiting from this scheme.
You can pay to my paypal account: email@example.com
I was thinking of setting up a trust account, but I do not know the intricacies. May be if someone help..
Tuesday, January 16, 2007
Is a community-driven, Debian-based Linux distribution.
Is always made available for free use, distribution and modification, now and forever.
Is available in two versions:
The regular, complete version includes legally-licensed, 3rd party codecs, drivers and software, to offer better hardware, file type, and multimedia support. Freespire includes turn-key, out-of-the-box support for MP3, Windows Media, QuickTime, Java, Flash, Real, ATI drivers, nVidia drivers, proprietary WiFi drivers, modem drivers, fonts, and so on.
The OSS Edition uses only open source software.
Is powerful enough for the most sophisticated Linux user or developer, yet easy enough for someone completely new to Linux.
Provides free access to the entire Freespire open source application pool using apt-get.
Offers optional use of the Linspire CNR (click and run) Service. (The CNR Client is open source.)
Includes a total development environment, which can be easily expanded using apt-get or CNR.
Provides easy-to-use yet advanced installation and configuration options.
Is secure with non-root Admin login features and strict firewall.
Utilizes the community IRMA project to provide Freespire in dozens of different languages.
Is community supported at no charge, with optional enhanced support available.
Sunday, January 14, 2007
Why Ubuntu? Well, its simple, dependable and it has all you need!
This Ubuntu Operating system is all you need to run your computer. I sell it at the cheapest possible price. Just to cover cost of burning onto CDR. Plus postage to anywhere in the world. (sorry, no outer space orders please)
Postage: USD3 anywhere in the world.
Payment method: http://www.paymate.co.nz/
my username: firstname.lastname@example.org
please dont forget to include your name and address, as well as your order quantities.
Saturday, January 13, 2007
Why pay extortionate price to enrich your big brother?
This Xubuntu Operating system is all you need to run your computer. I sell it at the cheapest possible price. Just to cover cost of burning onto CDR. Plus postage to anywhere in the world. (sorry, no outer space orders please)
Postage: USD3 anywhere in the world.
Payment method: www.paymate.co.nz
my username: email@example.com
please dont forget to include your name and address, as well as your order quantities.