Teching It Easy: Windows Vista: Security

Security Updates for Windows Vista

Thu, 28 Jun 2007 18:23:07 GMT

Microsoft released nine important security updates for Vista yesterday. Here is a list of whats included:

Update for Windows Vista (KB931836)
February 2007 cumulative time zone update for Microsoft Windows operating systems
>> Download: x86, x64

Update for Windows Vista (KB932406)
The Windows desktop may stop updating correctly after a Windows Vista-based computer has been running for an extended period of time
>> Download: x86, x64

Update for Windows Vista (KB935652)
June 2007 Cumulative Update for Media Center for Windows Vista
>> Download: x86, x64

Update for Windows Vista (KB937077)
A high definition audio device may no longer work after you resume Windows Vista from hibernation or from sleep
>> Download: x86, x64

Update for Windows Vista (KB937123)
When running Windows Vista, the 802.1X network authentication times out, fails and network connectivity can not be established.
>> Download: x86, x64

Update for Windows Vista (KB938637)
In Internet Explorer 7 on a Windows Vista-based computer, you cannot enter user-defined words that are added to the Microsoft IME user dictionary
>> Download: x86, x64

Update for Windows Vista (KB929824)
Windows Vista cannot connect to any off-link addresses when the default gateway is configured to be the same as the client IP address
>> Download: x86, x64

Update for Windows Vista (KB930627)
The private data of the DEVMODE data structure may be corrupted when you use raw mode to print a document in a 32-bit application on a computer that is running a 64-bit version of Windows
>> Download: x64

Update for Windows Vista (KB935855)
Error message when you try to start Internet Explorer 7 in Windows Vista: "You must be an administrator to open Internet Explorer on this desktop"
>> Download: x86, x64

Technorati tags: Security, Windows Update, x86, x64, 32-bit, 64-bit, Vista, Operating Systems, Internet Explorer

Security Tips for June 2007

Wed, 13 Jun 2007 11:25:08 GMT

These security tips and solutions are adapted from this months Microsoft Newsletter: Security for home computer users.

Volume 4, Number 6 - June 12, 2007.

How to recognize "spoofed" Web sites

According to the May 29 issue of Computerworld, the number of spoofed Web sites--fake Web sites that look like legitimate sites but are designed to steal your personal information--nearly tripled between March and April. The best way to help protect yourself? Verify that the site you're visiting is secure and authentic using these techniques.

Security updates

Security updates for June 12, 2007
The bulletin for June includes six updates: four critical updates for the Windows operating system and Internet Explorer, one important update for Microsoft Office and Microsoft Visio, and one moderate update for Windows.

For people with personal computers:
Get updates automatically from Microsoft Update
See a summary of the June updates
Frequently asked questions about security updates

For technical details or for IT professionals:
Go to the Security Bulletin Summary on TechNet

For all others: If you work in a connected office environment, your IT department will keep your computer up to date.

Protect your computer

Signs of spyware: Are you being watched?

Are you seeing pop-up ads, strange settings, or unfamiliar downloads on your computer? Know the symptoms of spyware and make sure that you're not being watched.

Does your operating system have protection built in?

Many fundamental computer security features are integrated in the latest versions of Windows. Here's how to find out if your operating system has protection built in.

Protect yourself

Help! A spammer has hijacked my e-mail address

Have you received spam that appears to come from your own e-mail address? Here's how to prevent spammers from hijacking your e-mail address, starting by using the built-in spam filtering tools in all Microsoft e-mail programs.

How to prevent Trojans from taking over your computer

With new malicious Trojan-horse programs appearing on the Internet all the time, it's important to follow these best practices to help keep your computer safe.

Protect your family

Help protect yourself when downloading music

A recent study found that online music sites pose the biggest security threat to computers. If you or your kids visit such sites, take these steps before you download anything.

Set time limits on your kids' computer use

Learn how Parental Controls in the Windows Vista operating system help you control how long your kids can use the computer.

Security resources

• Security At Home site

• Security Tips & Talk blog

• RSS feed: Get new security information delivered to you

• Security video tutorials

• Support for your home computer security issues

• Worldwide computer security information

Technorati tags: Security, Microsoft, Windows Vista, Vista, Operating Systems, Spam, Antivirus, Spyware, AntiSpyware, Windows Defender, Windows Live OneCare, Parental Controls

Updates for Windows Vista

Wed, 28 Mar 2007 17:59:40 GMT

From ActiveWin

Quote:

Install this update to resolve an issue where an error message is received when placing a Windows Vista system into a sleep state while a PPP connection is active. After you install this item, you may have to restart your computer.

This update is provided to you and licensed under the Windows Vista License Terms.

Also available:

Update for Windows Vista for x64-based Systems (KB931671)
Update for Windows Mail Junk E-mail Filter [March 2007] (KB905866)
Update for Windows Mail Junk E-mail Filter for x64-based Systems [March 2007] (KB905866)
Install this update for Windows Mail to revise the definition files used to detect e-mail messages that should be considered junk e-mail or that may contain phishing content.
Update for Windows Vista (KB931174)
Update for Windows Vista for x64-based Systems (KB931174)
This update configures the Windows Customer Experience Improvement Program to improve the quality of software information sent to Microsoft.
Update for Windows Vista (KB932649)
Update for Windows Vista for x64-based Systems (KB932649)
Install this update to resolve an issue where poor video quality may be experienced when configuring video to interlaced mode on a system running Windows Vista.
Update for Windows Vista (KB933824)
Update for Windows Vista for x64-based Systems (KB933824)
Install this update to resolve an issue where an Apple iPod may be corrupted by using the Safely Remove Hardware feature on a system running Windows Vista.
Update for Windows Vista (KB932988)
Update for Windows Vista for x64-based Systems (KB932988)
Install this update to resolve an issue where when adding metadata to RAW images from Canon EOS-1D or EOS-1Ds cameras, the file is truncated and the image is permanently lost.

Thanks to Jonathan Tigner

Technorati tags: Windows Vista, x86, x64, Vista, Windows Mail, Junk E-mail, RAW, Canon, Windows Customer Experience Improvement Program, Apple iPod

How to Ease Your Daylight Savings Time Transition

Fri, 09 Mar 2007 04:25:09 GMT

From Microsoft TechNET

Quote

What time will your organization's computers think it is on Sunday? Or, more important, will everyone's Outlook calendars be in sync on Monday morning? The United States Energy Policy Act of 2005 goes into effect on March 11 and unless certain updates are applied, the time zone settings for your computers' and handheld devices' system clocks may be incorrect during the four-week period affected by the change. To get the updates and learn how to apply them, the Microsoft Daylight Saving Time Help and Support Center is the place to start. There you can find a rundown of all products affected by DST. You can also participate in webcasts and technical chats geared to help you apply the updates. These updates have been released through a combination of channels including Microsoft Customer Support Services (CSS), hot fixes incorporated in Knowledge Base articles, Windows Update, Microsoft Update, Windows Server Update Services (WSUS), and the Microsoft Download Center. Also check out Microsoft IT Deployment Guidance to learn about the Microsoft internal best practices on easing the DST transition.

Available DST updates for Windows:

Support and Troubleshooting

Support News

•Daylight Saving Time Help and Support Center

How-to Articles

•How to address daylight saving time by using the Exchange Calendar Update Tool

•How to prepare SQL Server 2005 and SQL Server 2000 for changes to daylight saving time in 2007

Knowledge Base Articles

•Update for daylight saving time changes in 2007 for Exchange 2003 Service Pack 1

•February 2007 cumulative time zone update for Microsoft Windows operating systems

•Preparing for Daylight Saving Time changes in 2007

Update your Windows Mobile powered device now

You can't deny it-spring is on the way! And this year, along with the sunshine and warmer weather, comes Daylight Saving Time. Due to Congress's Energy Policy Act, you'll need to remind your Windows Mobile® powered device that clocks will be set forward sooner than usual this year. Make sure your device doesn't fall behind by updating its software now.
To ensure your device is on time, visit http://www.windowsmobile.com/daylightsaving/ and download the necessary updates.

Technorati tags: Daylight Saving Time, DST, Windows Update, Cumulative Time Zone Update, Windows Mobile, Exchange Server, SQL Server, Office Outlook.

Windows Live OneCare Not Living up to its name

Tue, 06 Feb 2007 20:16:23 GMT

From News.com

Quote:

"Microsoft's own antivirus software, Live OneCare, is unable to fully protect Vista users against viruses, and one of security firm McAfee's antivirus software packages also fails to protect users, according to independent research released Friday.

Security news Web site Virus Bulletin, backed by a team of security researchers based in Oxfordshire, U.K., tested 15 antivirus software packages used by businesses and designed specifically for Vista, Microsoft's newest operating system. The packages were released to businesses two months ago."

Read the rest here

I am afraid I have to agree, OneCare is just not ready for prime time. In fact, I had to uninstall OneCare just to save my XP computer from certain damnation. So I installed the latest Norton 360 beta on Vista x86 and scanned my XP partition, which removed numerous Viruses and Spyware programs from the system. Malicous software which Live OneCare failed to find, regardless it's a suite of AV, AntiSpyware and backup, it just did not offer the level of security I was anticipating. I would preferrably stick with well known and well tested solutions from third party vendors such as Symantec and McAfee.

Technorati tags: Antivirus, AntiSpyware, Virus, Spyware, Windows Live OneCare, Windows Vista, Windows XP, Norton 360 Beta, McAfee, Symantec, eTrust

Norton 360 Beta with Windows Vista RTM Support

Thu, 04 Jan 2007 04:43:09 GMT

Overview

Norton 360 is a comprehensive consumer security solution that offers a full circle of protection and eliminates the need to purchase and manage multiple products.

Defends your PC against a broad range of threats
Safeguards against online identity theft
Protects important files from loss
Keeps your PC tuned up for peak performance
Provides a hassle-free user experience
Protects against the latest online threats

Norton 360 System Requirements

Operating System: Windows® XP Home/XP Pro/XP Media 2005 +, Vista Home Basic/Home Premium/Business/Ultimate Build 6000 and later (Not compatible with Vista RC1/RC2)
Phishing Protection feature requires Microsoft® Internet Explorer v6.0 or higher
Online backup feature requires high-speed Internet connection
Email scanning supported for POP3-compatible email clients

Minimum Hardware Requirements

300MHz or higher processor
256MB of RAM minimum
300MB of free hard disk space

REQUIRED FOR ALL INSTALLATIONS

Standard Web browser
Internet connection (high-speed connection required for Online Backup)

Important: Norton Ghost and Norton Save and Restore can coexist with Norton 360. However, if you have any other existing Norton products running, such as Norton Internet Security or Norton AntiVirus, you'll need to uninstall those products to participate in the beta. After the beta test period, be sure to reinstall your Norton products so you'll continue to have Norton's award-winning protection.

Learn more at: http://www.symantec.com/norton360beta

Resources:
Day 2 - A Look at Security in the Windows Vista world
Testing Symantec's Norton Antivirus 2007 on Vista at MSTechToday

Technorati tags: Windows Security, PC Protection, Internet Threats, Windows Vista, Security, Norton, Symantec, Norton 360

Gates sees end to passwords in sight

Tue, 14 Feb 2006 18:57:53 GMT

From News.com

Quote:

"SAN JOSE, Calif.--For years, Microsoft Chairman Bill Gates has had his sights set on the password as the weak link in the computer security chain.

Now, with Windows Vista, Gates feels he finally has the right weapons to supplant the password as a means of verifying who is who on computers and over the Internet.

The new operating system, due later this year, introduces a concept called InfoCards that gives users a better way to manage the plethora of Internet login names and passwords as well as lets third parties help in the verification process. Vista will also make it easier to log on to PCs using something stronger than a password alone, such as a smart card."

Read the rest here

Security Update for Windows Vista December CTP (KB912919)

Sun, 15 Jan 2006 19:30:21 GMT

From Microsoft Downloads

Quote:

Brief Description
A remote code execution security issue has been identified in the Graphics Rendering Engine that could allow an attacker to remotely compromise your Windows-based system and gain control over it.

Overview
A remote code execution security issue has been identified in the Graphics Rendering Engine that could allow an attacker to remotely compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.

Please download the patch here

WMF: Microsoft Security Bulletin Advance Notification

Thu, 05 Jan 2006 22:07:46 GMT

From Microsoft Technet

Qoute:

Important Information for Thursday 5 January 2006

Microsoft announced that it would release a security update to help protect customers from exploitations of a vulnerability in the Windows Meta File (WMF) area of code in the Windows operating system on Tuesday, January 2, 2006, in response to malicious and criminal attacks on computer users that were discovered last week.

Microsoft will release the update today on Thursday, January 5, 2006, earlier than planned.

Microsoft originally planned to release the update on Tuesday, January 10, 2006 as part of its regular monthly release of security bulletins, once testing for quality and application compatibility was complete. However, testing has been completed earlier than anticipated and the update is ready for release.

In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible.

Microsoft’s monitoring of attack data continues to indicate that the attacks are limited and are being mitigated both by Microsoft’s efforts to shut down malicious Web sites and with up-to-date signatures form anti-virus companies.

The security update will be available at 2:00 pm PT as MS06-001.

More information here

Security Updates for Windows Vista and Internet Explorer 7

Wed, 09 Nov 2005 15:20:34 GMT

From Microsoft Connect

Microsoft Internet Explorer 7 BETA 1

https://connect.microsoft.com/downloads/downloadDetails.aspx?siteid=4&downloadid=285

Microsoft Windows Vista BETA 1

https://connect.microsoft.com/downloads/downloadDetails.aspx?siteid=4&downloadid=286

I am not sure, but you might not be able to access these updates unless you are a Windows Vista BETA Technical Tester or MSDN Subscriber.

Update: These security updates apply only to the official Internet Explorer 7 Beta 1 and Windows Vista Beta 1 builds (build version 5112 for each). You do not need to install this update if you have already installed one of the more recent Windows Vista builds that are available from the Windows Vista/IE 7 beta downloads page on the Connect site (the latest is build 5231). More specific details on the issue and fix, as well as detailed installation instructions, can be found in the release notes that are included in the downloads for these security updates.

From Neowin

New name flap for Microsoft -- but this time its legal right is clear

Wed, 09 Nov 2005 15:06:19 GMT

From Seattle PI

Qoute:

"Microsoft Corp. has a new name for its anti-spyware program, and unlike some of its choices for other products, there's no question this time about whether it has the right to use the moniker.

But the software developer who signed over that right isn't happy about the way Microsoft secured it.

Late last week, the company announced that it would begin using the name "Windows Defender" for the anti-spyware program that it plans to offer as part of its flagship PC operating system.

That was a surprise to Adam Lyttle, a 22-year-old developer from Adelaide, Australia, who developed a program of the same name for preventing online sites from making unwanted changes in a computer's settings.

Read the rest here

I guess this is the part where you say "all your bases belong to me!"

FAQ: Inside Microsoft's Client Protection

Fri, 07 Oct 2005 15:32:11 GMT

From CNET

Qoute:

Thursday's announcement of Microsoft's Client Protection software marks the company's long-anticipated entry into the market for desktop security products for businesses.

Microsoft faces a tough battle as it competes with established players, including Symantec, McAfee and Trend Micro.

Analysts have criticized Microsoft for being vague about its security product plans. The software maker said Thursday that over the past couple years, it has focused on securing its existing products and improving patching for customers. "Now the effort is shifting to deliver a new generation of security products," said Debby Fry Wilson, director of security engineering and communications.

So what is Client Protection? We'll try to tackle that question below.

What is Microsoft's new security software?
Microsoft Client Protection is software for business PCs and file servers that's designed to offer, in one application, protection against spyware, viruses and root kits. The company says its software will offer IT administrators central management capabilities and that it'll work with the company's Active Directory and Windows Server Updates Services patch management tool.

Read the other questions and answers here

Microsoft Enterprise Anti-Spyware Plans Take Shape

Thu, 06 Oct 2005 14:44:32 GMT

From eWeek

Qoute:

"Microsoft moved a step closer to becoming a key player in the Internet security business with the announcement Thursday of a new enterprise-class anti-spyware product featuring technology to thwart viruses, worms and kernel rootkits.

The new offering, dubbed Microsoft Client Protection, will go into limited beta before year-end with a full rollout expected in 2006.

Details on pricing and licensing are being kept under wraps.

The announcement, which came during a meeting between chief executive Steve Ballmer and business partners in Munich, Germany, is the culmination of a year-long push by the world's largest software maker to take on entrenched security vendors in the anti-virus/anti-spyware business.

Check out the Microsoft Presspass interview with Mike Nash about Client Protection here

Microsoft Launches OneCare Beta

Thu, 21 Jul 2005 15:58:58 GMT

From WinInformant

Quote

"This week, Microsoft began sending out beta invites for its upcoming Windows OneCare Live product, an MSN service that will provide Windows XP users with managed antivirus, antispyware, a two-way firewall, data backup and restore capabilities, and other services. According to Microsoft representatives I spoke with last week, Windows OneCare is an extension of Windows that breaks beyond the boundaries of today's PC security products.

"Windows OneCare is a subscription service that guarantees that customers will stay protected online," Dennis Bonsall, the Group Product Manager of the Microsoft Technology Care and Safety Group told me recently. "It automatically fixes the things that most often detract from user satisfaction when using Windows: Security, data protection, and PC performance."

Read the rest here

This is one beta I would have loved to test, too bad its currently for US Residents only. I'm currently running the Window AntiSpyware public beta and its going very well. Maybe Microsoft will change their minds and up this up to the rest of world sooner, rather than later. Well, it won't be finalized until Q1 of 2006, so there is still plenty of time.

Microsoft Downgrades Claria Adware Detections

Thu, 07 Jul 2005 16:36:47 GMT

From eWeek

Microsoft's Windows AntiSpyware application is no longer flagging adware products from Claria Corp. as a threat to PC users.

Less than a week after published reports of acquisition talks between Microsoft Corp. and the Redwood City, Calif.-based distributor of the controversial Gator ad-serving software, security researchers have discovered that Microsoft has quietly downgraded its Claria detections.

Anti-spyware activist Eric L. Howes, who serves as a consultant to Sunbelt Software, discovered the default changes during a recent test that included four Claria applications: Dashbar, Gator, PrecisionTime and Weatherscope.

According to the results published by Howes, four different builds of the Windows AntiSpyware beta detected the Claria products, but the default recommendation was "ignore."

Prior to the recent tests, Microsoft's AntiSpyware tool detected Claria's products and presented users with a recommended action of "Quarantine."

Although the default has been changed to "ignore," users can still change the action to "Quarantine" or "Remove" via a drop-down menu.

Read the rest here

I have to say, I'm not comfortable with this decision by Microsoft, Claria has been nothing more than pestilence for me and I saw Microsoft AntiSpyware as one of the best solutions for keeping it off my PC. Now it looks like I have keep the following installed as well to ensure that Claria does not get anywhere near my PC.
Ad-Aware - www.lavasoftusa.com
Spybot - http://www.safer-networking.org/
CWShredder - http://www.intermute.com/products/cwshredder.html
Spy Sweeper - http://www.webroot.com
Ccleaner - http://www.ccleaner.com

Talking about Windows Malicious Software Removal Tool 1.3

Mon, 18 Apr 2005 23:15:39 GMT

Some great info here from CanadianHawk about WMSRT 1.3.

Quote

Windows Malicious Software Removal Tool 1.3

Here's the virus detection list from version 1.3 of the Windows Malicious Software Removal Tool

Quote

http://www.microsoft.com/security/malwareremove/default.mspx#run

Win32/Bagle, Win32/Berbew, Win32/Bropia, Win32/Doomjuice, Win32/Gaobot, Win32/Goweh, Win32/Hackdef, Win32/Korgo, Win32/Mimail, Win32/Msblast, Win32/Mydoom, Win32/Nachi, Win32/Netsky, Win32/Randex, Win32/Rbot, Win32/Sasser, Win32/Sober, Win32/Sobig, Win32/Zafi, Win32/Zindos

Microsoft Security Bulletin Re-Releases, April 2005

Sun, 17 Apr 2005 18:40:38 GMT

The following bulletins have undergone a major revision increment. MS05-002 MS05-009

* MS05-002 - http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx

- Reason for re-release: After the release of the MS05-002 security bulletin, Microsoft became aware of an issue affecting customers deploying the Windows 98, 98SE and ME security update.

In most cases, the issue caused machines to unexpectedly restart. Microsoft has investigated this issue and has made available revised security updates for these platforms. These revised security updates are available from Windows Update and the Microsoft Download Center. Customers who have not yet applied the original version of these updates should visit Windows Update to receive the revised updates. Customers who have already applied the original Windows 98, 98SE and ME security update are advised to install the current revision of the update from Windows Update.

- Originally posted: January 11, 2005- Updated: April 12, 2005- Bulletin Severity Rating: Critical - Version: 2.0

* MS05-009- http://www.microsoft.com/technet/security/bulletin/MS05-009.mspx

- Reason for re-release: Subsequent to the release of this bulletin, it was determined that the update for Windows Messenger version 4.7.0.2009 (when running on Windows XP Service Pack 1) was failing to install when distributed via SMS or AutoUpdate. The updated package corrects this behavior.

- Originally posted: February 8,2005 - Updated: April 12, 2005 - Bulletin Severity Rating: Critical - Version: 2.0 The following bulletins have undergone a minor revision increment.

MS05-010 - http://www.microsoft.com/technet/security/bulletin/MS05-010.mspx

- Reason for revision: Bulletin updated to reflect a revised "Mitigating Factors" section for Windows 2000 Server Service Pack 4. This update documents a known issue with a mitigating factor and the availability of Microsoft Knowledge Base Article 896589.

- Originally posted: February 8,2005 - Updated: April 12, 2005 - Bulletin Severity Rating: Critical - Version: 1.2

Via Bink

Security Bulletins

Fri, 15 Apr 2005 16:01:09 GMT

The following bulletins have undergone a minor revision increment: * MS05-017 * MS05-021 * MS05-023

* MS05-017 - http://www.microsoft.com/technet/security/bulletin/MS05-017.mspx

- Reason for revision: Bulletin updated to reflect an updated "Registry Key Verification" section for the Windows XP Service Pack 1 security update

- Originally posted: April 12, 2005 - Updated: April 14, 2005 - Bulletin Severity Rating: Important

- Version: 1.1

* MS05-021 - http://www.microsoft.com/technet/security/bulletin/MS05-021.mspx

- Reason for revision: Bulletin updated to point to the correct Exchange 2000 Server Post-Service Pack 3 (SP3) Update Rollup and to advise on the scope and caveats of workaround "Unregister xlsasink.dll and fallback to Active Directory for distribution of route information".

- Originally posted: April 12, 2005 - Updated: April 14, 2005 - Bulletin Severity Rating: Critical - Version: 1.1

* MS05-023 - http://www.microsoft.com/technet/security/bulletin/MS05-023.mspx

- Reason for revision: Bulletin updated to reflect a revised "Security Update Information" section for the Word 2003 security update

- Originally posted: April 12, 2005 - Updated: April 14, 2005 - Bulletin Severity Rating: Critical - Version: 1.1

Patches for April

Wed, 13 Apr 2005 22:20:33 GMT

Bulletin Summary: http://www.microsoft.com/technet/security/Bulletin/ms05-apr.mspx

Critical Bulletins:
Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066) http://www.microsoft.com/technet/security/Bulletin/ms05-019.mspx

Cumulative Security Update for Internet Explorer (890923) http://www.microsoft.com/technet/security/Bulletin/ms05-020.mspx

Vulnerability in Exchange Server Could Allow Remote Code Execution(894549)http://www.microsoft.com/technet/security/Bulletin/ms05-021.mspx

Vulnerability in MSN Messenger Could Lead to Remote Code Execution (896597)http://www.microsoft.com/technet/security/Bulletin/ms05-022.mspx

Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)http://www.microsoft.com/technet/security/Bulletin/ms05-023.mspx

Important Bulletins:

Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086)http://www.microsoft.com/technet/security/Bulletin/ms05-016.mspx

Vulnerability in Message Queuing Could Allow Code Execution (892944) http://www.microsoft.com/technet/security/Bulletin/ms05-017.mspx

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859) http://www.microsoft.com/technet/security/Bulletin/ms05-018.mspx

Microsoft Windows Malicious Software Removal Tool [version 1.3]

Tue, 12 Apr 2005 18:33:31 GMT

Microsoft has released the Microsoft Windows Malicious Software Removal Tool to help remove specific, prevalent malicious software from computers that are running Microsoft Windows Server 2003, Microsoft Windows XP, or Microsoft Windows 2000. The Malicious Software Removal Tool supersedes all virus-cleaner tools that were previously released by Microsoft. You can download the Malicious Software Removal Tool from the Microsoft Download Center. You can also run an online version of the tool from the Malicious Software Removal Tool Web site on Microsoft.com. To run the Malicious Software Removal Tool from either location, you must log on to your computer with an account that is a member of the Administrators group. If you are running Windows XP, you can also run the Malicious Software Removal Tool from the Windows Update Web site or by using Automatic Updates.

Download here

Microsoft Patch Day: Critical Bulletins Expected [April 12]

Fri, 08 Apr 2005 20:19:19 GMT

Microsoft Corp. on Thursday announced plans to release eight security bulletins on April 12, including "critical" fixes for flaws in several widely deployed applications.

As part of its advance notice mechanism, the software giant said five high-priority patches would deal only with flaws in the Windows operating system.

Three more bulletins with a maximum severity rating of "critical" will include fixes for the Microsoft Office suite, the MSN Messenger chat program, and Microsoft Exchange, which is widely used in large corporations using Microsoft infrastructure solutions.

Redmond notified enterprise administrators that some of the Windows, Office and Exchange updates will require a restart and will be detectable using the MBSA (Microsoft Baseline Security Analyzer).

The Microsoft Office and Exchange patches can also be detected with the MSBA.

The MSN Messenger update may also require a restart and can be detected with Microsoft's EST (Enterprise Scanning Tool).

On April 12, the company will also roll out two non-security high-priority updates for Windows on the Windows Update side.

"These will be distributed to Software Update Services and are not required to install the security updates," according to the advance notice bulletin.

The monthly update of Microsoft's worm removal tool will also be pushed out on Windows Update and the Download Center, but Microsoft stressed that the tool will not be distributed using SUS (Software Update Services).

While Microsoft is withholding technical details on the patches until April 12, there is a growing list of known, unpatched vulnerabilities in Microsoft products.

Read the rest here

I think this article is mistaking Windows Messenger with MSN Messenger, version 7 of MSN Messenger was released just yesterday, so I am very surprised that it would already need a patch.

Push Is Coming to Shove for XP SP2 Deployment

Thu, 07 Apr 2005 20:26:47 GMT

Affecting all the XP users who have been avoiding or procrastinating about installing the Windows XP Service Pack 2 upgrade, Microsoft is about to make the decision for them.

On April 12, Microsoft Corp. is scheduled to turn on its Automatic Update service, which will deploy the XP Service Pack 2 to all PCs connected to the Internet regardless of whether corporate IT departments or individual PC users have prepared for it.

SP2, developed to fix critical security holes and deploy performance enhancements, was originally released in September 2004. But in response to customer complaints, Microsoft suspended the automatic deployment for eight months to give users time to prepare for the upgrade.

With the upgrade deadline looming, one study shows that the vast majority of companies running XP have actively avoided the upgrade or simply ignored the problem.

The study, by AssetMetrix Research Labs of Ottawa, Canada, showed that only 24 percent of Windows XP PCs have been upgraded to SP2.

"This whole thing reminds of those days back in college when you asked for a two-week extension on the due date for a midterm paper," said Steve O'Halloran, managing director of AssetMetrix Research Labs. "But the weekend before the paper is finally due, you still haven't done any work," he said.

Read the rest here

Resources: Download Windows XP Service Pack 2 here

Two offices running Windows XP next door to me don't even have SP1 installed, I think I better burn a copy for them right now. Shame on me!

Talking about Phishing - What you need to Know

Sat, 05 Mar 2005 19:24:14 GMT

From the Celtic Warrior

Quote

Phishing - What you need to Know

Phishing is a type of deception designed to steal your identity.
In phishing scams, scam artists try to get you to disclose valuable personal data—like credit card numbers, passwords, account data, or other information—by convincing you to provide it under false pretenses. Phishing schemes can be carried out in person or over the phone, and are delivered online through spam e-mail or pop-up windows.
This is becoming an ever increasing problem on the Internet.
For additional information, please see the following Links:
Anti-Phishing Working Group
Help prevent identity theft from phishing scams
Microsoft's Anti-Spam and Anti-Phishing Technology Vision: The Three P's for Spam and Phishing Containment

Windows Media Player Update Fails Spyware Infection Test

Tue, 01 Mar 2005 19:34:23 GMT

Nearly two months after promising to update its media player software to block the threat of malware infection, Microsoft Corp. on Tuesday admitted that users of its Windows Media Player 9 Series remain at risk.

Redmond has hemmed and hawed on its response to the threat and the circumstances of the latest admission isn't sitting well with security researchers.

When the first red flag was raised in early January, Microsoft made it clear that the use of rigged .wmv files to exploit the DRM (digital rights management) mechanism was not a software flaw.

A week later, the company reversed course and promised new versions of WMP within 30 days. "While this issue is not the result of any exploit of Windows Media DRM, we do recognize it may cause problems for some of our customers," the company said in a statement. To help mitigate these problems, Microsoft said the software would be tweaked to "allow the end-user more control over when and how any pop-ups display in the license acquisition process."

On February 15, Microsoft rolled out two WMP updates which, according to officials, covered the malware infection scenario. Even the language in Microsoft's update pointed to the addition of "integrity checks to the DRM system."

However, security researchers quickly discovered that the WMP update did not solve the problem. Harvard University researcher Ben Edelman told eWEEK.com he tested the updated WMP9 on Windows XP SP2 (Service Pack 2) and found that the spyware infection threat remained. "Regrettably, and quite surprisingly, the update does not seem to solve the problem," Edelman said.

Ed Bott, a best-selling author who has written extensively on the Microsoft Windows platform, confirmed Edelman's findings and said the absence of documentation with the Microsoft updates caused even more confusion.

On Monday, a spokesman for Microsoft first claimed the Edelman and Bott were testing the wrong WMP update and pointed eWEEK.com to a separate February 15 update to the WMP 10 software.

The problem with that, as explained by Edelman and Bott, is that WMP 10 is only available as an optional update for users of the Windows XP operating system. "It's quite clear that there is major confusion at their [Microsoft's] end," Bott said. "To suggest that the WMP 10 update fixes this problem is obviously inaccurate."

"The problem, prior to installing the patch, was that users were still receiving a pop-up inviting them to install [malicious] software, without requiring users first to affirmatively request the installation by clicking in an Information Bar style of display. In my testing, that problem remains in effect," Edelman added.

Read the rest here

Now this is really sad.

Future of Windows Security

Mon, 28 Feb 2005 17:25:28 GMT

Microsoft recently announced its plans to buy the anti-virus software maker Sybari Software to beef up security features in its Windows operating system. This is the third major security-related acquisition by Microsoft in the last few years and has sent jitters to anti-virus software vendors such as McAfee and Symantec. This move by Microsoft also indicates bundling of security features in all its future products including Longhorn to be released in 2006.

Microsoft Windows has always been the victim of virus and security attacks. Notable ones being Code Red worm released on July 19, 2001 which exploited vulnerability in Microsoft Internet Information Server, affecting more than 250,000 computer systems in less than nine hours. Released on January 25, 2003, Slammer exploiting vulnerability in Microsoft SQL Server 2000, spread with astonishing speed, infecting 90% of all vulnerable computers on the Internet within 10 minutes. Similarly W32/Blaster worm exploited Windows vulnerability and attacked more than 7,000 computers in minutes of its release on black Monday, August 11, 2003.

In its recent security bulletin, Microsoft warned computer users of eight new critical-rated flaws in its Windows, Office and other software products. By giving priority to ease of use in its Windows operating system, Microsoft has left security holes in its operating systems through sloppy code. As soon as a security attack is detected, Microsoft normally issues patches that plug the vulnerability. However, it has realised that the attackers soon discover other vulnerabilities and exploit them.

In its bid to bolster the security features of its operating systems, Microsoft has released a built-in Firewall in its Windows XP service pack 2. Typically Firewall, which consists of a set of hardware, software and security policies that determine which traffic should be allowed or disallowed, is deployed at the perimeter of the organisations’ network. With built-in Firewall, Microsoft is moving the Firewall from the network to the desktop computer. Configuring the Firewall with policies is technology intensive. Normally the network administrators do this job on the network Firewall. Very few of us know how to configure the Firewall on our desktop computer running Windows XP.

With the recent acquisitions, day is not far off when Windows XP service pack 3 will be released which includes even anti-virus software! Normally anti-virus software, much like a Firewall, is installed on the network and is managed by network administrators. With all the security features bundled in to desktop operating system, Windows is becoming bigger and resource hungry! Soon you will find your Pentium 4 becoming sluggish to even run the operating system, forget about other applications! While it is impossible to produce software which is one hundred percent error free and reliable, poor software engineering practices and the pressure to release code on time due to market pressures have resulted in this alarming situation faced by Microsoft.

Read the rest here

I agree, eventually the bundling of technologies such as AntiVirus and AntiSpyware into the operating system will eventually bog down your system, in which case the operating system of course will be optimized to run on new hardware, just like how todays Windows is optimized to run on todays hardware, its all elementary. Can you run Windows XP smoothly on a computer purchased in 1998 or even 2000? I don't think so. Even if you can, I don't think the experience will be a good one.

2 CommentsCritical Update for XP and 2003 on Windows Update

Wed, 23 Feb 2005 19:28:19 GMT

Via Bink

No not a security patch, but a critical update.

You receive the Stop error "Stop 0x05 (INVALID_PROCESS_ATTACH_ATTEMPT)" in Windows XP Service Pack 2 or Windows Server 2003

http://support.microsoft.com/default.aspx/kb/887742

patch has been available since nov 2004, but is now available on windowsupdate and autoupdate.

There is no hotfix or update currently available to resolve this problem in Windows Server 2003

Microsoft settles with Dutch site over AntiSpyware row

Wed, 23 Feb 2005 19:25:51 GMT

FEBRUARY 23, 2005 (IDG NEWS SERVICE) - A Dutch Web site claimed victory in a David-and-Goliath battle against Microsoft Corp. this week after the software vendor's AntiSpyware program flagged the Dutch company's home page as malicious content.

Microsoft has agreed to compensate and apologize to the operator of Dutch directory site Startpagina.nl for designating the site as a "browser hijacker" in the beta version of its free AntiSpyware software, according to Startpagina.nl director Bert Wiggers. The amount of the compensation isn't being disclosed, but the apology is public. Microsoft agreed to keep an acknowledgment of the error on its Dutch Web property for four weeks, according to Wiggers.

"The apology is what matters the most to me because, as far as I know, Microsoft has never done that before," Wiggers said today.

The row began shortly after Microsoft first launched its AntiSpyware beta in early January. The free program is intended to block malicious programs that secretly snoop on people as they surf the Web. Soon after the software was launched, Startpagina began receiving complaints from a handful of users who said that the Microsoft program was blocking the site as malicious content and directing them to a Microsoft start page, according to Wiggers.

Read the rest here

We must realize that this is a program that is still in beta. No, gurantees!

IE 7: No Phishing Allowed - RSA Summary

Tue, 22 Feb 2005 00:41:06 GMT

Much of this information has been announced, but its a good overview of the future technologies Microsoft has in store.

Bill Gates used his opening keynote speech at the RSA Conference here Tuesday to preview the next version of Internet Explorer, which has lost a sizable chunk of its market share of late to open-source challenger Firefox.

The announcement was a bit unexpected, given that Microsoft Corp. has done little in the way of development or marketing for IE in recent years. Microsoft will release a beta of the new browser this summer, but that version will be compatible only with Windows XP Service Pack 2.

The full version of IE 7.0 will be included in "Longhorn," which is due next year. Gates said the new version will include significant security upgrades, namely technologies to help prevent URL spoofing in phishing attacks.

"Browsing is definitely a point of vulnerability," said Gates, chairman and chief software architect at Microsoft, based in Redmond, Wash.

It's unclear exactly what kind of phishing protection Microsoft plans to offer, but it will likely include technology to detect spoofed Web sites, a key to phishing attacks.

Read the rest here

RootKits - The Future of Spyware

Sat, 19 Feb 2005 18:53:08 GMT

FEBRUARY 17, 2005 (IDG NEWS SERVICE) - Microsoft Corp. security researchers are warning about a new generation of powerful system-monitoring programs, or "rootkits," that are almost impossible to detect using current security products and could pose a serious risk to corporations and individuals.

The researchers discussed the growing threat posed by kernel rootkits at a session at the RSA Security Conference in San Francisco this week. The malicious snooping programs are becoming more common and could soon be used to create a new generation of mass-distributed spyware and worms.

With names like "Hacker Defender," "FU" and "Vanquish," the programs are the latest generation of remote system-monitoring software that has been around for years, according to Mike Danseglio and Kurt Dillard, both of Microsoft's Security Solutions Group.

The programs are used by malicious hackers to control, attack or ferret information from systems on which the software has been installed, typically without the owner's knowledge, either by a virus or after a successful hack of the computer's defenses, they said. Once installed, many rootkits run quietly in the background but can easily be spotted by looking for memory processes that are running on the infected system, monitoring outbound communications from the machine, or checking for newly installed programs.

However, kernel rootkits that modify the kernel component of an operating system are becoming more common. Rootkit authors are also making huge strides in their ability to hide their creations, said Danseglio.

In particular, some newer rootkits are able to intercept queries or "system calls" that are passed to the kernel and filter out queries generated by the rootkit software. The result is that typical signs that a program is running, such as an executable file name, a named process that uses some of the computer's memory, or configuration settings in the operating system's registry, are invisible to administrators and to detection tools, said Danseglio.

Read the rest here
Additional Resources here

Really interesting information here, I think products like Antivirus and AntiSpyware solutions will eventually have to become part of the OS by default.

OS News security guide for XP Desktops.

Wed, 16 Feb 2005 17:14:27 GMT

This guide found exclusively at OSNews.com (in PDF format) is mostly focused on creating a decently secure installation of Windows XP Professional for an end-user. While the vast majority can be applied to Windows XP Home, and OEM Restore Disk Sets, there are a few instances where these two media will need to be setup in a different manner.

Click here to read the Security PDF for Windows XP.

Security Targetted Update for Windows Media Player 10

Wed, 16 Feb 2005 16:31:32 GMT

Microsoft has released a new build of Windows Player with some security enhancements.

Download here

Windows AntiSpyware will be FREE!

Tue, 15 Feb 2005 22:24:29 GMT

SAN FRANCISCO--Ending speculation about whether it was shifting to a paid model, Microsoft said on Tuesday that it will provide customers with its new anti-spyware software for free.

The pledge, made by Microsoft Chairman Bill Gates during his keynote speech kicking off the RSA Conference 2005 here, comes after the company had been testing its AntiSpyware application--technology it acquired with its purchase of security software maker Giant Software.

"Just as spyware is something that we have to nip down today, we have decided that all licensed Windows users should have that protection at no charge," Gates said.

The initiative is part of Microsoft's efforts to strengthen security for home and business users of its Windows desktop software. Consumers are not always aware of the dangers of such threats as spyware, viruses and "phishing." A study published last October found that more than 80 percent of consumers had been infected by spyware.

Read the rest here

Wow, Microsoft is really doing an amazing job here on the security front, new IE, free Spyware software! I think we are in heaven, good move Microsoft, you are definitely listening to customers!

Will Microsoft 'Mako' Take a Bite Out of Windows Security Problems?

Sat, 12 Feb 2005 20:24:34 GMT

A year ago at the RSA Security conference, Microsoft mapped out its Windows security roadmap. Some company watchers are speculating Microsoft will use next week's RSA confab provide an update on its progress, and, specifically, to detail its behavioral-blocking technology, code-named "Mako."

Microsoft officials at RSA 2004 said that the company was planning to deliver a family of "Active Protection" technologies to complement the Windows XP Service Pack 2 Windows release, which Microsoft rolled out in August 2004.

Originally, Microsoft planned to roll the three groups of Active Protection technologies into its Longhorn Windows client, which is slated for delivery in 2006.

But a few months after the RSA security show, Microsoft's Security and Technology Business Unit Corporate Vice President Mike Nash acknowledged that his team wasn't waiting for Longhorn, and, instead, would roll out each group of Active Protection solutions as soon as it was ready.

The first of the Active Protection technologies likely to go live, Nash told Microsoft Watch last spring, was behavioral blocking.

Security sources close to Microsoft said that Microsoft is using the "Mako" code name to refer to these behavioral-blocking technologies.

It's not yet clear how Microsoft will make the Mako technology available in advance of Longhorn. If Microsoft follows past patterns, the company would likely release the Mako code first as a Web download, and then later as an integrated part of Windows XP Service Pack 3. Microsoft officials have not said yet when the company plans to deliver a third service pack for XP.

Read the rest here

Very interesting and positive to see the direction Microsoft is taking to bring security to all fronts. From Free to Enterprise, Microsoft is providing a defensive backbone for all its products and I think it should be a success in the short term. They are also investing in the existing user base, so even after Longhorn is released, Windows XP users should see significant improvements in terms security for future Service Packs.