Windows Vista security guide released by Microsoft

Windows Vista security guide

Microsoft published its Windows Vista Security Guide this week. The move is aimed to help Corporations and professionals to lockdown and strengthen the security of their Computers running on Windows Vista.

In addition to the solutions that the Windows Vista Security Guide prescribes, the guide includes tools, step-by-step procedures, recommendations, and processes that significantly streamline the deployment process. Not only does the guide provide you with effective security setting guidance, it also provides a reproducible method that you can use to apply the guidance to both test and production environments.

The security recommendations in the Windows Vista Security Guide have been validated through extensive testing, and the GPO Accelerator tool that accompanies the guidance helps you automatically deploy the security settings in minutes instead of hours.

You can find Windows Vista Security Guide on Microsoft Technet.

Piracy protection measures in Vista, Longhorn

Vista, Longhorn get new antipiracy measures

Microsoft's new antipiracy system will force unauthorized or unregistered versions of Windows into a limited-functionality mode. Microsoft will introduce a new system for fighting software piracy with its upcoming Windows Vista and Windows Longhorn Server operating systems, the company said.

Called the Microsoft Software Protection Platform, it's a collection of technologies that aims to do better at detecting pirated versions of Windows, and will also force unauthorized versions of its software into a limited-functionality mode, encouraging users to obtain a legal copy.

People using unlicensed copies of Vista will be blocked from accessing certain features, including a new interface design called Windows Aero, and software for fighting pop-up advertisements called Windows Defender, Microsoft said. The company has already used a reduced functionality mode with Windows XP.

Users with an unlicensed versions of Windows will also see a persistent reminder message in the corner of their screen, reading "This copy of Windows is not genuine."

Read complete article here

Virus using Antivirus engine

Virus installs and uses Kaspersky AV engine to protect itself:

Interesting example of an advanced spambot.

Joe Stewart at SecureWorks analyzed and reported on a spambot that uses Kaspersky antivirus to protect itself. Not only that, but it also:

-Command and control bot with multiple server ports
-Uses AES encryption to protect itself.
-Adds random pixels to the end of the spam gif it uses to fool anti-spam software looking for static images.
-Very modular
-Uses a custom, binary, P2P network.

by Roger Grimes Infoworld

Second Firefox 2.0 bug

Mozilla pledges to fix Firefox 2.0 bug

Minor bug found in browser shouldn't cause many problems in meantime, Mozilla says.

A second minor bug found in the Firefox 2.0 Web browser will be fixed, but users shouldn't encounter much of a problem in the mean time, a Mozilla official said Thursday.

The browser will crash if it visits a Web page that been intentionally coded with JavaScript in such a way as to target the bug, said Tristan Nitot, director of European operations for Mozilla.

"It's very unlikely that anyone would have put a similar page on any ordinary Web page," so users shouldn't be affected, Nitot said.

The problem can't be used to steal data from a computer, he added.

Read more here

Antiphishing fighters take on malware

Crack down on Malware by PIRT

Volunteers will publish reports on malicious software identified by users and share findings with authorities and security companies. The volunteers behind the Phishing Incident Reporting and Termination Squad (PIRT) have started a new project to crack down on malware.

Called the Malware Incident Reporting and Termination Squad (MIRT), the effort was launched earlier this week, according to Paul Laudanski, owner of Computer Cops LLC and the leader of the project.

MIRT works in much the same way as PIRT, an antiphishing project launched in March of this year. It invites users to submit samples of potentially malicious code to a database of "unknown files," which are then analyzed and reverse-engineered by MIRT's team of volunteers. MIRT then will publish reports on the malicious software and make its findings known to authorities and security companies, Laudanski said.

This same approach has worked pretty well for PIRT. To date, PIRT has received 80,000 submissions from volunteers, and it has handed the U.S. Federal Bureau of Investigation details on about 300 e-mail "drop accounts" where information was being delivered after successful phishing attacks.

Laudanski believes that MIRT's volunteer approach will allow the project to pick up information that the big antivirus companies may be missing. "There are a lot of places that we can tap into that give us a grassroots look at the malware that the antivirus vendors don't get," he said.

There is no shortage of malicious software to be scrutinized. Symantec Corp. said recently that it counted 6,784 new worms and viruses in the first six months of 2006.

by Robert McMillan, IDG News Service

The Future of Internet Security Tools

Network Catches Online Threats Earlier than Yesterday’s Software:

by CyberDefender News

Envision a vast worldwide seamless, adaptive network that catches today’s online threats earlier, protecting users against Internet Identity theft and more. The revolutionary earlyNETWORK protects uses from new attacks about an hour after discovery.

What does Internet security mean today? Fifty years ago families in neighborhoods rarely locked their doors. Today, that’s not the case, and in the last century, with expanded use of computers and the worldwide Web and a dramatic increase in credit card and ATM use, an individual’s security and personal identity is even more at risk because of the business of hacking.

Read complete Article here

Windows Firewall Attacked Again

Windows Firewall Susceptible to New Attack:

Hackers have published code that could let an attacker disable the Microsoft Windows Firewall on certain Windows XP machines.

The code, which was posted on the Internet early Sunday morning, could be used to disable the Windows Firewall on a fully patched Windows XP PC that was running Windows’ Internet Connection Service (ICS). This service allows Windows users to essentially turn their PC into a router and share their Internet connection with other computers on the local area network (LAN). It is typically used by home and small-business users.

The attacker could send a malicious data packet to another PC using ICS that would cause the service to terminate. Because this service is connected to the Windows firewall, this packet would also cause the firewall to stop working, said Tyler Reguly, a research engineer at nCircle Network Security, who has blogged about the issue.

"Once the firewall is down, where’s your line of defense?" he said Monday in an interview.

By knocking off the Windows Firewall, a criminal could open the door to new types of attacks, but a number of factors make such an attack scenario unlikely, Reguly said.

For example, the attacker would have to be within the LAN in order to make the attack work, and of course it would work only on systems using ICS, which is disabled by default. Furthermore, the attack would have no effect on any third-party firewall being used by the PC, Reguly said.

Users can avoid the attack by disabling ICS, Reguly said. But this will also kill the shared Internet connection.

An easier solution may be for ICS users to simply move their networks onto a router or network address translation device, said Stefano Zanero, chief technology officer with Secure Network SRL. "They are so cheap right now, and in many cases they offer better protection and an easier administration of your LAN," he said via instant message.

Windows XP appears to be the only platform affected by this attack, which has not been successfully reproduced on Windows Server 2003, Reguly said.

Microsoft’s initial investigation into the matter "has concluded that the issue only impacts users of Windows XP," the company’s public relations agency said Monday in a statement. "Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time."

By Robert McMillan, IDG News Service (San Francisco Bureau)