Contents:

Executive summary In a nutshell The Ovum view Key messages Internet threats jeopardise the Microsoft brand The IT security industry depends on Microsoft A mainstream security vendor Emerging from its proprietary cocoon Security delivery is disjointed The security sector faces market disruption A holistic view of security Microsoft’s response to security threats The overall security strategy Delivering secure products ‘Defense in Depth’ Law enforcement Delivering security products The burden of leadership Dominance brings de facto obligations Keeping abreast of the attackers Working with national security agencies Protecting critical national infrastructure Treading the fine line around monopolistic practices Security, identity, access and privacy Recognising the synergies Security Identity The purpose of the ‘Laws of Identity’ Claims-based identity and access control Legal liability Privacy Collaboration with other vendors Microsoft collaborates at the process level SafeCode ICASI MSRC Exploitability Index MAPP Gathering security information Product partnerships Open source projects in identity interoperability From Trustworthy Computing to security vendor The role of Trustworthy Computing in Microsoft Patching and vulnerability remediation Patching is here to stay Establishing order out of patching chaos Deploying patches Applications are becoming more vulnerable than the operating system Windows Server 2008 R2 Additional 64-bit protection Windows 7 Identity and access product strategy Forefront Identity Manager (FIM) 2010 Microsoft Identity Integration Server Intelligent Application Gateway Extending Active Directory Federation Services The identity meta-system Federated identity Extending identity federation to B2C environments CardSpace Corporate identity OpenID Security products Forefront Forefront Protection Manager Free software Microsoft Security Essentials List of Figures Figure 1: Computers cleaned per 1,000 examined in 2H08, for each operating system