Review Category : security

As Microsoft announced last year, Microsoft is today expanding encryption across their services in an effort to reinforce legal protections for their customers’ data. All Outlook.com emails are now encrypted like how Office 365 e-mail works already. This will provide even greater protection for user’s data across all the great Microsoft services that you depend on every day. First, Outlook.com is now further protected by Transport Layer Security, or TLS, encryption for both outbound and inbound email. This means that when you send an email to someone, your email is encrypted and thus better protected as it travels between Microsoft and other email providers. Of course, this requires their email service provider to also have TLS support. Over the past six months, we have been working across the industry to further protect and help ensure your mail remains protected. This includes working closely with several international providers throughout our implementation, ...

Read More →

Microsoft usually alerts users to provide them with an overview of the new security bulletin(s) being released on each month via email. Security bulletins are released monthly to resolve critical problem vulnerabilities. Microsoft has recently sent an email to Security Bulletin subscribers that they are going to suspend the use of email notifications and recommends RSS feeds to users. Notice to IT professionals: As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce the following: Security bulletin advance notifications Security bulletin summaries New security advisories and bulletins Major and minor revisions to security advisories and bulletins In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website. For more information, or to sign up for an RSS feed, visit the Microsoft Technical Security Notifications ...

Read More →

Microsoft has released a tool called EMET which is a free tool available for Windows 8, Windows 7, Windows Vista, and Windows XP. The Enhanced Mitigation Experience Toolkit (EMET) is a utility designed to help users block hackers from gaining access to their systems through common attacks. EMET enables users to manage security mitigation technologies that help make it more difficult for attackers to exploit vulnerabilities in a given piece of software. EMET helps protect your computer from new or undiscovered threats until they can be addressed through formal security updates. Once installed, EMET works quietly in the background without interrupting your computer use. Like any security tool, EMET doesn’t guarantee that you’ll never have any problems, but it does make it much harder for an attacker to succeed. You can download EMET here. ...

Read More →

Microsoft released its own anti-virus program Security Essentials back in 2009 and it even started bundling with Windows. Since then, Microsoft is constantly updating the malware engine and the definitions. But some Anti-virus test results, case studies put Security Essentials to the bottom of the post. Holly Stewart, senior program manager of the Microsoft Malware Protection Center, told Dennis Technology Labs that Microsoft made a decision to switch to what it calls a “baseline strategy”. It started focusing on protecting their customers instead of making  Security Essentials score better in competitive tests. Microsoft is “doing everything we can to protect against real threats” and even passing their own data on threats to other antivirus vendors as well. She said that shouldn’t be seen as Microsoft leaving customers unprotected, claiming the company is merely focusing on the most serious threats. “Baseline does not equal bad,” she said. “We provide a high-quality, ...

Read More →

AV-Test regularly publishes independent tests of anti-virus software and awards “AV-Test Certified” status. AV-Test recently published the results of antimalware vendor testing, and they didn’t grant Microsoft Security Essentials and Microsoft Forefront Endpoint Protection their “AV-Test Certified” status. Microsoft today responded to AV-Test’s results and confirmed that both its security products are secure enough to protect most of the malware. This post reviews AV-Test’s results and their approach. In-depth details are provided below, but here are some key upfront data points to keep in mind: AV-Test reports on samples hit/missed by category. We report (and prioritize our work) based on customer impact. AV-Test’s test results indicate that our products detected 72 percent of all “0-day malware” using a sample size of 100 pieces of malware. We know from telemetry from hundreds of millions of systems around the world that 99.997 percent of our customers hit with any 0-day did not encounter ...

Read More →

Nicaraguan security researcher clrokr has managed to unlock the kernel setting which prevents Windows RT devices from running unsigned code as found on desktop applications. He exploited a security vulnerability which exists in Windows 8 and which was therefore also present in Windows RT, and also the fact that Microsoft allows Remote Debuggers to attach to user processes. He managed to find the bit in RAM which tells the OS whether they should run Unsigned(0) apps, Authenticode(4) signed apps, Microsoft(8) signed apps or Windows(12) signed apps. By default Windows RT will only run Microsoft signed apps. The hack will presumably not persist beyond a reboot, and enabling it does require a lot of expertise. clrokr argues that the discovery shows that there is no essential difference between Windows 8 and Windows RT, and that users should have the ability to run desktop apps. On the other hand he does not ...

Read More →

Microsoft Security Essentials, the free virus and malware protection software from Microsoft failed to pass the recent AV-TEST. In Windows 8, Microsoft has replaced the Security Essentials with Windows Defender which will be turned on by default for all the users. According to recent AV-Test,  the effectiveness of Security Essentials in finding zero-day malware attacks, viruses, worms, and Trojan horses dropped from 69% to 64%, compared to industry average of 89%. It also had a 90% detection rate for malware and it is also below the 97% for the industry average. In order to get “AV-Test Certified”, protection suite should pass 11 out of 18 available tests and in the Sep-Oct study Security Essentials failed to pass it. I hope Microsoft improves its security situation soon. via: Infoweek ...

Read More →

With a billion users security has been a top priority for Microsoft for some time now, as evidenced by Kaspersky’s Top 10 list of products with security vulnerabilities, which do not contain a single Microsoft product. In fact topping the list is Adobe’s Flash, which is rather worrying for an Internet facing application. Similarly Oracle’s Java also presents a significant risk to PCs, as the wave of cross-platform exploits this summer has shown. Next on the list is Apple, with another Internet facing application, Quicktime, which also presents a risk to Windows PCs. With the Windows OS layer now very well protected, it seems Windows users can protect themselves rather well by uninstalling apps like Flash, Java and Quicktime, a strategy which Microsoft itself promotes in the Metro side of Windows 8. See Kaspersky’s report “IT Threat Evolution Q3 2012” here. Via Hothardware.com ...

Read More →