China lacks safety mitigation technology. Windows XP has a high exposure rate of

More than 200 government officials, academics, security experts and software developers come together to discuss information security issues. John Lambert, general manager of Microsoft Trustworthy Computing Division, encourages Chinese software companies use industry-leading development tools and practices to improve product safety and enhance their competitiveness in the global marketplace.

The 2012 Information Security Forum and Technology Show was jointly hosted by the Computer Security Professional Committee of the Chinese Computer Society and Microsoft Corporation. The conference included key presentations, roundtable discussions and live demonstrations of security enhancement technologies.

Tim Cranton, Chief Legal Counsel, Microsoft Greater China

Lambert focused on China's specific security trends in his keynote speech, emphasizing the urgent need for software developers to take advantage of security mitigations that enable defense in depth. technology.

According to Net Applications, almost 24% of Internet users in China are using IE 6, accounting for more than half of the world's IE 6 users. In addition, most of these computers are running Windows XP or earlier platforms. Lambert stressed that this statistic is worrying because Windows XP Service Pack 3 is six times more likely to be infected with malware than Windows 7 according to the Microsoft Security Report Volume 11.

Lambert said, “local security companies, software companies and search service providers are competing in the Chinese market. Many of these companies are running various versions of Windows operating systems, IE and other Trident-based browsing. Device. ”

Executive Deputy Director of the Computer Security Committee Yan Ming

& ldquo;We analyzed the security technology of this market, the analysis result is that among these suppliers Many still do not take advantage of Windows' built-in security mitigation techniques such as Address Space Randomization (ASLR) and Data Execution Prevention (DEP). ”

To help IT professionals and software developers take advantage of the latest innovations in security technology resources and best practices, Microsoft demonstrated four security development tools demonstrated at the event:

Enhanced Mitigation Experience Toolkit (EMET) - Helps users mitigate threats like zero-day threats without security updates;

John Lambert, General Manager, Trustworthy Computing, Microsoft

Attack Attack Surface Analyzer - This tool takes a snapshot of the system state before and after installing the product, showing changes to several key factors on the Windows attack surface;

Threat Modeling Tool - Help engineers analyze system threats and identify and resolve design issues early in the software lifecycle;

BinScope Tools - Verify that security mitigation techniques such as ASLR or DEP are being used correctly.

As the security community becomes more aware of the use of free security mitigation technologies and tools, it will be imperative to improve the quality of software security. This will foster a safer global computing ecosystem that will help protect Windows and Internet Explorer users in the world's largest software market.

The Security Engineering Center (MSEC), managed by Microsoft's Trustworthy Computing Group, is working in security technology under the leadership of Lambert. The purpose of security technology is to identify emerging security vulnerabilities and threat categories and to develop proactive defense against these new categories. Microsoft uses security technology to develop advanced tools and technologies that make attacking software difficult to succeed.

At the end of the presentation, Lambert provided specific guidance to users and IT professionals to help them protect against attacks. He encourages users to use new products, get their systems up to date with the latest security updates, and use reliable anti-malware from a source. Microsoft also encourages IT professionals to think about whether the software they are using or considering is implementing SDL-like security processes to minimize software vulnerabilities and whether to use attack mitigation techniques.