Over the past few weeks, I've been putting together test hacking scenarios for a customer. They wanted to see copies of the RSA attack, the Google attack, advanced persistent threat (APT) simulations, social engineered Trojans, worms, remote buffer overflows, and more. The objective: to test what they could do to prevent all of those assaults on their predominately Microsoft Windows environment.
I put the customer's environment through its paces, and as expected, it was great fun. It certainly beats filling out paperwork and reading security policies. But something unexpected happened along the way, although I shouldn't have been surprised as I am a full-time principal security architect at Microsoft: I found that Windows 7 and other Microsoft programs were significantly harder to hack than most anyone would believe. It was difficult to perform almost any hack without disabling multiple default defenses and ignoring one or more additional warnings.

The link for this article located at InfoWorld is no longer available.