Data Privacy Day

As a security guy, I get all sorts of questions from people about privacy. A lot of folks really think about online privacy as the same thing as computer security. Others see it as a pure tradeoff between one or the other. I don’t necessarily think that giving up privacy results in greater security; nor do I believe that greater security requires a loss of privacy. No matter what your thoughts are on security and privacy, I hope there is one thing we can all agree on: both are important.

That’s why I’m glad to report that Microsoft, along with other key players in the safety ecosystem, is once again participating in today’s global event, Data Privacy Day. A lot of you have probably never heard of Data Privacy Day, so here’s the skinny: it is a day intended to increase awareness of privacy and data protection issues that we all face. I’m proud of Microsoft’s commitment to protecting consumer privacy, and on a personal level, I’m happy to have been involved in campaigns promoting child safety and preventing identity theft.

I’m also proud of our work on Windows Vista. It’s built and tested to allow users to connect to whomever and whatever they want while providing the confidence that personal information is safe. The Windows Security Center in Windows XP SP2 and Windows Vista is one of the innovative tools that helps protects users from security risks. The program informs users if key security capabilities are turned on and updated and if a problem is detected, customers receive a notification and are given recommended actions to help protect their information. IE Protected Mode in Windows Vista also helps protect users from attack by running the Internet Explorer process with greatly restricted privileges. Protected Mode significantly reduces the ability of an attack to write, alter, or destroy data on the user's machine or to install malicious code. These are just a few of the ways that Microsoft is working to keep its customers safe. We are also continuing our commitment to security in Windows 7 by building upon the strong foundation created in Windows Vista.

Like me, many of us at Microsoft are passionate about helping to ensure that you have the safest, most secure computing experience possible. If you’re passionate about online safety or if you just want to learn more about the topic, check out the Data Privacy Day 2009 website to see how we’re working to raise awareness about online privacy and safety issues.

Tags: ,

Comments

  1. gumper
    Posted on: January 28, 2009 at 2:23PM  

    Paul, The web link "Data Privacy Day 2009 website" is not working. Goes to a page that says "Select a Blog" but does nothing.

  2. The MAZZTer
    Posted on: January 28, 2009 at 2:36PM  

    The link should be microsoft.com/dataprivacyday

  3. Brandon LeBlanc
    Microsoft
    Posted on: January 28, 2009 at 3:47PM  

    Thanks The MAZZTer, I fixed the link.

  4. happyandyk
    Posted on: January 28, 2009 at 8:40PM  

    Thanks for the read. There's interesting stuff at blogs.technet.com/privacyimperative too, if anyone's interested.

  5. johnfranks999
    Posted on: January 29, 2009 at 1:18PM  

    Data Privacy requires a new business culture - and we should really peg this "Data Privacy Millennium."  Price Waterhouse Cooper and Carnegie-Mellon’s CyLab have recent surveys that show the senior executive class to be, basically, clueless regarding IT risk and its tie to overall enterprise (business) risk.  Data breaches and thefts are due to a lagging business culture – absent new eCulture, breaches will, and continue to, increase.  For example:  Microsoft patched for the worm affecting Heartland 4 months ago.   As CIO, I’m constantly seeking things that work, in hopes that good ideas make their way back to me - check your local library:  A book that is required reading is "I.T. WARS:  Managing the Business-Technology Weave in the New Millennium."  It also helps outside agencies understand your values and practices.

    The author, David Scott, has an interview that is a great exposure:  www.businessforum.com/DScott_02.html -  

    The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text.  It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.  

    In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a bad outcome – or propagate one.

  6. webDev_Indy
    Posted on: January 29, 2009 at 2:29PM  

    Microsoft has offered a lot of Security features that are high quality and work great. However, one piece of software that I don't understand Microsoft overlooking is Antivirus protection.

    Microsoft offers Windows Defender for spyware and that's great, but what about the Antivirus? Why hasn't MS announced any internal Antivirus programs to be released for Windows 7 and Vista?

    I think Symantec and AVG and Kaspersky do a great job with their products. However, I think we've come to a time when Antivirus is a required piece of software for people to feel protected in their computing experience. Antivirus should be a basic part of the Windows Operating System in this day and age.

    I'd really like to see Microsoft step up and make a move towards providing an included Antivirus software package for Windows.

  7. Custom Computers
    Posted on: January 29, 2009 at 5:07PM  

    Thank you for the great post Paul!

  8. wangjel
    Posted on: January 30, 2009 at 10:53AM  

    find it here

    www.crunchgear.com/.../hack-turns-off-windows-uac-forever-and-ever

    do you know about?

    "Attention morons who didn’t like UAC in Windows Vista, that thing that turns everything off whenever you make a change to Windows and asks for your password, Long Zheng would like to have a word with you. Because of a change in Windows 7, you can basically write a script that turns the function off completely, thereby creating gaping security holes similar to those found in every previous Microsoft product ever made.

    The threat is this: by running a simple program, you can turn off UAC, restart the computer, embed something at boot time, and take control of the computer. Bingo - instant admin access. According to Zheng this is a simple fix for Microsoft:

       This is the part where one would usually demand a large sum of money but since I’m feeling generous, there is a simple fix to this problem Microsoft can implement without sacrificing any of the benefits the new UAC model provides, and that is to force a UAC prompt in Secure Desktop mode whenever UAC is changed, regardless of its current state. This is not a fool-proof solution (users can still inadvertently click “yes”) but a simple one I would encourage Microsoft to implement seeing how they’re on a tight deadline to ship this.

    Generally, though, what we see here is Microsoft, in an effort to pander to those who know little to nothing about security, has essentially disabled one of the things that would keep our parents from installing WeatherBug inadvertently. Sure UAC is annoying, but isn’t spyware more annoying?"

  9. cek
    Posted on: February 15, 2009 at 3:07AM  

    security is great but I could use help. I've forgotten my laptop password but log on with fingerprint reader my son set up when we bought 2 laptops with vista business. as far as I can tell, and as far as tech support tells me, I am out of luck to reset my password. gone  forever. since i can logon with my finger, I should be able to reset pword. Vista guys, this is not a good system for those who aren't yet computer saavy. not user friendly or sensible. any help? i'm not dumb, just not computer literate and too many passwords. i really have no idea. sorry this is so below the level of this discussion. can anyone help with this? poor design if truly I am locked out forever except for fingerprint. thanks!

  10. axilmar@in.gr
    Posted on: March 08, 2009 at 6:43AM  

    This post is not relevant to Data Privacy Day, but I did not know where else to post it. It is relevant to security, and more specifically to UAC.

    Starting from the discussion on Slashdot about UAC (tech.slashdot.org/article.pl), I came up with an idea that perhaps makes UAC reduntant:

    The O/S should provide a unique view for each of its users, including system files. The user should be able to modify *anything* on the system, from registry settings to the Windows folder. Each user should modify its own copy of the system!

    The benefits of this approach are:

      1. no more UAC required. It's only when the kernel is hacked that control to other users' files is obtained. Other user files would not be accessible, they wouldn't even be visible, including the system files.

      2. better compatibility with older programs. Let programs write in c:\windows...they would simply write in the user's c:\windows version. The kernel's version of the folder would remain as is.

      3. easy restore. Did the user screw up its system? copy the system files from the kernel's account...and you are done.

      4. enhanced security. Do you want to run a dangerous program? code that you downloaded from the internet? no problem: create another account which inherits the current account, run the program in this other account, let the program screw that account up, delete the account. The other accounts will not be touched.

      5. file exchange between users can be done in various ways:

            1. using downloading (as if the two users were remote), but the download would take zero time, since the file would already be in the hard disk.

            2. using shared folders.

            3. using shared accounts.

      6. Easy to implement. Using copy-on-write, a file would be shared unless it is written.

      7. Minimum storage overhead. If a file is shared (i.e. not written yet), it occupies a single place in the filesystem. If many users use the file, the filesystem driver automatically duplicates it on first use. Disk storage is plenty these days.

      8. Minimum performance hit. The only time performance is hit is on the first copy of a file for a specific account. After that, there is no performance hit.

      9. very easy account inheritance through copy-on-write.

Trackbacks

  1. Posted by: Global Security Watch on January 29, 2009 at 8:27AM

    [Source: The Windows Blog] quoted: A lot of you have probably never heard of Data Privacy Day, so here’s the skinny: it is a day intended to increase awareness of privacy and data protection issues that we all face. I’m proud of Microsoft’s

  2. Posted by: Windows 7 News » Data Privacy Day on January 31, 2009 at 9:35AM

    Pingback from  Windows 7 News » Data Privacy Day

  3. Posted by: Windows 7 News » Data Privacy Day on January 31, 2009 at 9:35AM

    Pingback from  Windows 7 News » Data Privacy Day

  4. Posted by: Data Privacy Day on March 04, 2009 at 10:02AM

    Pingback from  Data Privacy Day

  5. Posted by: Blog: Windows Security Blog | Bscopes Feeds on March 12, 2009 at 7:46PM

    Pingback from  Blog: Windows Security Blog | Bscopes Feeds

Syndication

Recent Posts

Tags

View more

Archives

© Copyright 2009 Microsoft Corporation. All Rights Reserved.   |   Privacy Statement