A Flaw in Microsoft's Security Rating System

The brilliant Matthew Murphy finds that Microsoft's severity rating system is rather flawed. In this analysis of the MS06-006 vulnerability rated "important" by Microsoft, Murphy posts a proof of concept to prove how serious -- and easy to exploit -- the bug really is.

Security Bulletin Facelift

Joris Evers is reporting that Microsoft plans to give its Security Bulletins Web page a facelift to make it easier for technology professionals to read the bulletins

Bill G, Security Influencer

My colleague Dennis Fisher picks Bill Gates among the top three people who have helped shape the future of the IT security industry.

Vista Would Have Been...

Microsoft chairman Bill Gates: "Believe me, Vista would have been out nine months ago if we hadn’t had to do all the security design reviews and put the security features in."

In Support of Rootkits

Greg Hoglund, one of the guys who (literally) wrote the book on rootkits, makes the argument that it's OK to use rootkits in commercial software:

If you want my opinion, my opinion is this: Let Symantec, Kaspersky, F-Secure, and all the others use rootkit technology, it only makes their anti virus products more effective. Let anti-spyware companies like Sunbelt use rootkits against rootkits. Use fire against fire. I don't agree w/ people who say such approaches take away an administrators capability to administer a box. To solve the administrator problem, you only have to do one thing: Treat your rootkit features as a black box and uninstall them with the rest of your product. If an administrator doesn't want your product, then he can uninstall it. You aren't taking anything away.

Gone and Back in 60 Seconds

David LeBlanc, the former security architect in Microsoft's Office division who quit Redmond to go sweeping for spyware at Webroot, is now back at Microsoft in his old chair. So says an excited Michael Howard.