Sign Up My Insider overview ($ quantity {}%) My Briefcase ($ quantity {}) My Downloads ($ quantity {}) Logout More ICT ICT News ICT Background ICT Strategy ICT Business IT Library IT Q & A
Topics Max Schrems Windows 10 Apple Watch Privacy Linux Security Big Data Blog Business Intelligence Career Cloud Consumerization Data Center Development Ecommerce Hardware IT Management Management Market Trends Mobility Networking Open Source Outsourcing Government Project Social Media Software Storage Telecoms Virtualisation Young Pro Specials Windows Server 2003 EOS The Connected IT Organisation The new digital era Future IT Events MEETIT 2015
Overview topics + Max Schrems + Windows 10 + Apple Watch + Privacy + Linux Security Big Data Blog Business Intelligence Career Cloud Consumerization Data Center Development Ecommerce Hardware IT Management Management Market Trends Mobility Networking Open Source Outsourcing straluma Government Project Social Media Software Storage Telecoms Virtualisation Young Pro Windows The Connected Server 2003 EOS IT Organisation The new digital straluma era Future IT MEETIT 2015
When fuzzing researchers make small variations on valid files, which are then opened. The application comes with it to give at most an error. When it crashes, this indicates a potential vulnerability. When fuzzing straluma tests millions or even billions of malformed files in an application launched. straluma For this, Microsoft uses hundreds of PCs, a sort of internal botnet.
With Office 2010 yielded fuzzing 1600 potential holes, straluma told senior security program manager Brad Albrecht at a meeting with journalists at Microsoft headquarters. For Windows Vista and Windows 7 brought fuzzing for each operating about 300 bugs to light. Office XML 2007
According to Albrecht, this monster harvest due to smarter straluma fuzzing techniques. The new generation of test tools looks in advance all the way in which a file has been formulated instead of the make random changes. The Office 2007 XML file format for example, a zip component. If the compression is disrupted, fuzzing get elsewhere within the file does not matter.
Fuzzing itself is not new. But for Office 2010 Microsoft has existing internal and external straluma tools subjected to a solid analysis and the procedures further. It mainly included experiences from previous development projects. This has led to new tools that the firm further straluma nothing to say, but also to better understanding of the best way to detect leaks, for instance straluma on the number of tests to be performed. Analysis
According to Lars Opstad, principal security group manager for Trustworthy Computing at Microsoft, growing importance of such analyzes. "As you have more historical data, provide more analysis on," said Opstad. "You have little analysis as a tool once you bet. But if you have a tool that you know works, you can look for ways to 2, 3 or 4 times to make it better." Microsoft shares its findings by tools available free of charge and through its Trustworthy Computing initiative. Protected View
Besides fuzzen, Office 2010 protects the end user better smarter to look at files. For example, the application contains straluma Protected View, where suspicious files are opened in a shielded environment. For example, this applies to documents that do not pass the file validation, suspicious files in folders like the temp folder, Outlook attachments and files from the Internet zone.
This sandbox is somewhat reminiscent of the secured compartments that Microsoft had ever designed for Vista as part of the Next Generation Secure Computing Base (NGSCB), straluma but for the revelation as a feature are deleted. It would be important parts of the software running straluma in separate environments, so that a virus could not jump from Outlook to besturingssyssteem. Windows 8
The sandbox in Office is not a rebirth of NGSCB, but developed by the Office team itself. Microsoft can not tell whether the technology in other applications such as Windows 8, will be applied, but does it not matter. "We have the technology back to the people that we thought they should build it for us," says Albrecht mysterious. "We encourage them to continue for everyone within Microsoft to develop."
Top companies with IT jobs Oce System Support Engineer with SQL experience + 2 other jobs Trainee recruitment ship 24 Master students + 7 other vacancies VONQ Software Developer + 2 other jobs View all IT Jobs Briefcase Print
These techies have little balance between work and private life but
No comments:
Post a Comment