• United States



Windows Server 2008 Launch Security Highlights

Feb 27, 20081 min
Business ContinuityData and Information SecurityIdentity Management Solutions


I want to briefly salute some of the security improvement represented by these products.  This is not a comprehensive list, and I will certainly dig into some of these in more detail later, but it should give you a good idea:

  • Windows Server 2008

    • Building on the solid WS2003 security record, which was a huge step forward from Windows 2000.  As a tribute to 2003, please check out, a fun site about the last WS2003 in use in the MSCOM server network.
    • Architectural and defense-in-depth protections similar to those lauded in Windows Vista, such as ASLR, Services hardening, and general benefit of the latest generation of the SDL.
    • Server Core
    • Network Access Protection.   Policy driven health checks of machines before they are granted full network access.
  • SQL Server 2008

    • Built upon the incredible security record of SQL Server 2005, which has had zero vulnerabilities in the database code since it launched over 2 years ago.
    • Transparent encryption and improved security policy management capability
  • Visual Studio 2008

    • Latest generation of security source code scanning tools
    • New T-SQL Static code analysis
    • Linq (nothing to do with security, but it rocks!)



Jeff Jones is a 24-year security industry professional that has spent the last several years at Microsoft helping drive security and privacy progress as part of the Trustworthy Computing group. In this role, Jeff draws upon his security experience to work with enterprise CSOs and Microsoft's internal security teams to drive practical and measurable security improvements into Microsoft process and products. Prior to Microsoft, Jeff was the vice president of product management for security products at Network Associates where his responsibilities included PGP, Gauntlet and Cybercop products, and several improvements in the McAfee product line. These latest positions cap a career focused on security, managing risk, building custom firewalls and being involved in Darpa security research projects while part of Trusted Information Systems. Jeff is a frequent global speaker and writer on security topics ranging from the very technical to more high level, CxO-focused topics such as Security TCO and metrics. Jeff is also a contributor the Microsoft Security Blog ( and writes on a wide range of personal interests (e.g. books, poker, gaming) at