Some say it is like MilitaryIntelligence, incompatible stuff smashed together. ---- InternetSecurityForMicrosoftUsers is a page focussed on improving security (allow legitimate access and reduce exposure to SocialEngineering and other scams). It concentrates on common situations faced by users of Microsoft client software (the majority). It includes the task of SecuringWindows and more. I believe the IT community is not immune to being victimized, as indicated by various reports in the press in the past (e.g. within Microsoft many employee SQLserver DB were affected by a worm, months after the patch was released). ---- '''Major risks and counter measures''' * ''Feb05 Internationalized Domain Names (IDN) made phishing easier in non MS browsers only'' see http://www.smh.com.au/news/Breaking/Firefox-Safari-open-to-spoofing-flaw/2005/02/08/1107625180535.html ** test tool from Secunia checks browser for vulnerability at http://secunia.com/multiple_browsers_idn_spoofing_test/ ** IDN use of Unicode is displaced by punnycode to reduce SocialEngineering exposure. See http://www.computerworld.com/securitytopics/security/story/0,10801,100066,00.html * ''Jan05 IFRAME exposure still lurking after Jan patches?'' see http://www.computerworld.com/securitytopics/security/holes/story/0,10801,98969,00.html * ''Jan05 MS beta tool to enhance BrowserSecurity, requires WindowsXp '' see http://www.microsoft.com/athome/security/spyware/software/default.mspx * ''Dec04 fix up Java Sandbox problem'' see http://www.pcmag.com/article2/0,1759,1733369,00.asp ** '''Must read'''. Previously I raised an alert in JavaLanguage and it got lost in subsequent edits. This is a very nasty bug and therefore I repost with similar info here. See GetItFirstFromHere to get to Suns site for fixes. * ''Sep04 JPEG exposure'' patch released Sep04 (number??) * ''Jan04 IE exposure to pfishing'' KB834489 risk addressed by patch MS04-004 There's not a lot of point in listing these here. It will just be out of date and incomplete. http://www.microsoft.com/security/bulletins/default.mspx covers the above and more. * ''Yes it is both incomplete and will be out-of-date.'' However as said in the beginning, lots of PC have not been patched months after exposure identified, so there is still value in listing the more serious (common and intense) exposures as these are identified and solutions found. But they're already listed on that site! Run WindowsUpdate! ---- '''SocialEngineering cases''' ''Media Player DRM'' reported in late 2004 about users of even WindowsXp SP2 getting spoofed into allowing the download of fake Digital Rights Management material, MS said in Jan05 that it will provide a patch. See http://www.eweek.com/print_article2/0,2533,a=142839,00.asp ---- '''InternetExplorer users, upgrade to WindowsXp SP2 or switch to FireFox''' This recommendation from a number of sites made after MS said no upgrades to IE available to users that do not use WindowsXp * example of MS statement on IE policy reported at http://addict3d.org/index.php?page=viewarticle&type=news&ID=3115 MozillaFirefox does not support ActivexTechnology, and is therefore touted as being more secure. It was claimed within a few days of FireFox 1.0 Nov2004 release, it has captured 3percent of browser market. MicrosoftInternetExplorer in SP2 release of WindowsXp has low level changes to security zone architecture, making it more difficult for MalWare to operate unchecked. This is the reason the IFRAME bug did not affect SP2 enabled machines. See http://www.windowsitpro.com/Windows/Article/ArticleID/44561/44561.html ---- '''Or consider MaxthonBrowser, if you want to stay with the IE engine''' ''Anyone have comments on using MaxthonBrowser as IE6 substitute for intranets, in terms of compatibility and other technical risks? '' ---- '''Technology components that seem to be frequently affected by security problems''' ''Server Message Block (SMB) for file sharing. Problems are just beginning? '' See http://secunia.com/advisories/11634/ which acknowledges MS05-011 that reported the problem area ''What is IFRAME'' See http://www.cs.tut.fi/~jkorpela/html/iframe.html ''Browser Helper Object(BHO) not all that bad'' See http://msmvps.com/harrywaldron/archive/2004/07/02/9418.aspx ---- '''Reading Material (list updated by better material as they become spotted)''' * ''Lock attackers out of your PC '' see http://www.briansbuzz.com/w/040603/ * '' site to check for spyware '' http://spywareremoval.ec-force.com ** sourced from http://www.emediawire.com/releases/2004/9/emw160008.htm * ''AdAware Personal Edition'' ** Free for personal use, has been around for years, has a good reputation. -- BevanArps ** http://www.download.com/3000-2144-10045910.html * ''SecurityManagement for corporate users at Technet'' see http://www.microsoft.com/technet/security/topics/architec/default.mspx * '' Increase confidence of new websites via intermediary'' http://news.zdnet.com/2110-3513_22-5367650.html ** wonder how quickly blacklist sites are maintained * ''MicrosoftSecurity as explained by a security products vendor'' http://www.softheap.com/internet/ ** got some interesting pages like description of origins and uses of SSPI protocol * ''Activex security tradeoffs (compared to Java)'' http://www.digicrime.com/activex/ ** article concluding remarks are additional usability not worth the risk * ''Sun Java VM problems only solved by patch '' http://techrepublic.com.com/5100-22_11-5465909.html ** it was said elsewhere that Microsoft Java can have similar problems * ''Security basics - e.g. use a FireWall '' http://members.citynet.net/stackpole/security.html ---- There exists a site that lists programs that might be running at startup, located at http://www.sysinfo.org. This can be used to identify programs, including MalWare, that are run on your own machine. ---- ''' from N''''''ewInternetSecurityPatch''' ''The latest seductive wrapper for a blatant virus. Another wrapper is pretending it's a bounce for an email you sent.'' ==== MS Customer this is the latest version of security update, the "September 2003, Worm.Automat.AHB" update which eliminates all known security options on your MS Windows platform. It turns your computer into an SMTP server, scans your memory and drives for e-mail addresses, and sends itself to all of them. Then it takes a whack at your IRC, Kaazen, and your shared network drives. It foils and mangles its headers each time to fool the less robust spam filters. Put another way, it installs a decade of spam technology to broadcast its malicious executable. If you are stupid enough to think that MS would e-mail security patches, then you will not suffer as much as your electronic contacts, whose mail boxes will fill up with 1-10 copies of the "security patch" per minute. 3 years after the "I love you" worm, MS's installed user base can ''still'' be relied upon to double-click anything in their mails that looks harmless or official. And MicroSoft can still be relied upon to never close the simple loopholes in their systems. ''Billy Gates why do you make this possible? Stop making money and fix your software!!'' ==== We could ask the big mail servers to start filtering this out instead of passing and wasting incredible amounts of bandwidth. ==== Thanks! I thought it was just some cool new MS scheme to propagate their patches from one computer to the next ;-) ==== I've always wondered why someone doesn't just write a worm/virus that exploits security holes such that it installs the patch for the security hole. Kind of like a vaccination. ''AmigaComputer had one, but the leading virus scanners clobbered it for you anyway...'' They tried that for SoBig. Aside from the ethics of such an act, the 'patch' ended up consuming more network resources than the virus. ''Or so said the AntiVirus industry. Biased?'' Possibly, but also correct in that the anti-worm at least did some damage. It is believed that Welchia was the virus responsible for crashing the State Department's electronic system for checking every visa applicant for terrorist or criminal history. ''No big loss, unless it actually was accurate, non-biased, and non-partisan...'' ---- Anyone have information on Secure Agent (CSA), a rebranded product from Okena acquired by Cisco? MS is claimed to use this as a dayzero attack prevention mechanism. ---- No worries, mate! Just upgrade to Windows 98 ^H^H^H2000 ^H^H^H^H^HXP ^H^H^HXP, ServicePackTwo and all your troubles will be fixed! ''Pretty much the same for any operating system. Old versions don't get the maintenance.'' ---- CategorySecurity