Author Archives: ericlaw

Fiddler – My Mistakes

On a flight back from Redmond last week, I finally read Linus Torvalds’ 2002 memoir “Just For Fun.” I really enjoyed its picture of Linux (and Torvalds) early in its success, with different chapters varyingly swooning that Linux had 12 or 25 million users. But more than that, I enjoyed some of the “behind theContinue reading “Fiddler – My Mistakes”

Parallel Downloading

I’ve written about File Downloads quite a bit, and early this year, I delivered a full tech talk on the topic. From my very first days online (a local BBS via 14.4 modem, circa 1994), I spent decades longing for faster downloads. Nowadays, I have gigabit fiber at the house, so it’s basically never myContinue reading “Parallel Downloading”

Security Software – An Overview

I’ve spent nearly my entire professional career in software security: designing software to prevent abuse by bad actors. I’ve been battling the bad guys for over two decades now, from hunting security bugs in Microsoft Office (I once won an Xbox for finding a vulnerability that allowed malicious clipart take over your computer) to designingContinue reading “Security Software – An Overview”

Best Practices for SmartScreen AppRep

Last year, I wrote about how Windows integrates SmartScreen Application Reputation to help ensure users have a secure and smooth experience when running downloaded software. tl;dr: When a user runs a downloaded program, a call to SmartScreen’s web-based reputation service is made, and four possible outcomes can occur: As a software developer, it’s natural thatContinue reading “Best Practices for SmartScreen AppRep”

Defensive Technology: Controlled Folder Access

Most client software’s threat models (e.g. Edge, Chrome) explicitly exclude threats where the local computer was compromised by malware. That’s because, without a trusted computing base, it’s basically impossible to be secure against attackers. This concept was immortalized decades ago in the Ten Immutable Laws of Security: In the intervening years, new technologies (like SecureContinue reading “Defensive Technology: Controlled Folder Access”