First look at Windows Vista: Secure at last?
At the MVP global summit in Redmond, Wash., I had the opportunity to hear from a number of Microsoft insiders, the guys who actually wrote the code, about their goals and philosophy in creating the new operating system and included components such as Internet Explorer 7.0.
I was encouraged by what I heard. Defense in depth was a concept that kept coming up over and over again. Multilayered security is the only way to provide real protection, and Microsoft's commitment to making fundamental changes in the architecture to support that type of protection will give Vista a big security edge over older Windows operating systems.
Another philosophical position we're hearing a lot out of Microsoft employees has to do with "integration of the edge," or the idea that the Internet is the network. This goes along with the well-publicized "death of the DMZ" concept promulgated by Steve Riley, one of the senior program managers in Microsoft's Security Business Unit (you can download Steve's presentation on this topic from his Web site). This theme, in one form or another, ran throughout a number of the Microsoft presentations.
Taken together, these philosophies indicate a whole new way of looking at security, which incorporates strategies such as server and domain isolation and network access protection (NAP) enforcement. Another big focus is on identity authentication and management. We see this everywhere, from proposed antispam technologies such as Sender ID to enterprise/federation level products like MIIS. We also see it in Vista's improvements to such technologies as IPsec and better smart-card support.