Tag Archive: security

Microsoft Security Essentials gets certified

Posted Aug.21, 2010 under Microsoft

AV-Test.org, a group with more than 15 years of experience in the area of anti-virus research and data security, has given Microsoft Security Essentials their certificate of approval. They tested 19 anti-virus and security applications in the second quarter this year, all but four certified: Trend Micro Internet Security Pro 2010, BullGuard Internet Security 9.0, Norman Security Suite 8.0 and McAfee Internet Security 2010.

The AV-Test team said, “During April, May and June 2010 we continuously evaluated 19 security products using their default settings. We always used the most current publicly available version of all products for the testing. They were allowed to update themselves at any time and query their in-the-cloud services. We focused on realistic test scenarios and challenged the products against real-world threats. Products had to demonstrate their capabilities using all components and protection layers.

The products were tested according to following categories:

  • Protection – static and dynamic malware detection, including testing for real-world 0-Day attacks.
  • Repair – system disinfection and rootkit removal
  • Usability – amount of system slow-down caused by the tools and the number of false positives.

The anti-virus applications were scored from 0.0 (worst) to 6.0 (best), Windows Security Essentials scored a 4.0 in Protection, a 4.5 in Repair and a 5.5 in Usability.

The Windows Security Blog was happy about the certification and said, “the most important validation of AV quality comes from independent certification organizations like VB100, AV-Test and others. With the current version of Microsoft Security Essentials and the new version now available in beta, our commitment remains constant: to provide security you can trust that is easy to use and provides protection that runs quietly and efficiently in the background, ensuring a great Windows user experience.

The three applications that tested highest were Kaspersky Internet Security 2010, Symantec Norton Internet Security 2010 and Panda Internet Security 2010. None of the applications tested scored higher than a 5.5.

View: Source

Tags: ,
Leave a Comment

Microsoft set to release a record breaking Patch Tuesday

Posted Aug.05, 2010 under Microsoft, Windows 7, Windows Vista, Windows XP

Microsoft announced today that it will be releasing a mega ‘Patch Tuesday’, where they will fix security holes and vulnerabilities in their software.

The record breaking update will deliver 14 security bulletins, fixing a record-tying 34 vulnerabilities in Microsoft Windows, Office, Internet Explorer and Silverlight. Microsoft hasn’t addressed this many vulnerabilities in a single month since June 2010, but only released 10 bulletins.

Out of the 14 bulletins, 8 were labeled as “Critical,” Microsoft’s highest severity level, the other 6 patches were labeled as “Important,” the next level down from Critical.  The patches will address remote code executions (RCE) and elevation of privileges.

The patches will fix security holes in the following operating systems and software:

  • Windows XP Service Pack 2 & 3 *
  • Windows Vista Service Pack 1 & 2
  • Windows 7
  • Windows Server 2003 Service Pack 2
  • Windows Server 2008 Service Pack 2
  • Microsoft Office XP Service Pack 3
  • Microsoft Office 2003 Service Pack 3
  • Microsoft Office 2007 Service Pack 2
  • Microsoft Office for Mac 2004 & 2008
  • Open XML File Format Converter for Mac
  • Microsoft Office Word Viewer
  • Microsoft Office compatibility pack for Word, Excel & PowerPoint 2007
  • Microsoft Works 9
  • Microsoft Silverlight 2 & 3

* = Windows XP Service Pack 2 will only received limited updates.

These patches are expected to roll out on Tuesday August 10, 2010, and may require a restart.

View: Source

Tags: , ,
Leave a Comment

Apple sitting on iOS exploit fix

Posted Aug.05, 2010 under Apple/Mac

Apple has reportedly readied a fix for an exploit uncovered yesterday which could potentially allow hackers to gain un-permitted access to devices running Apple’s mobile operating system, iOS.

Apple said yesterday that it was “investigating” the issue, but today released a statement saying it had found a solution to the exploit which will be made available in a “coming update” – likely iOS 4.1, which is currently being tested by registered Apple iPhone developers.

“We’re aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update,” an Apple spokesperson told CNET.

The two security exploits, highlighted by only current web-based iPhone jailbreak which launched last weekend, relate to the way the iOS web browser, Safari, reads PDF files on the iPad, iPhone and iPod Touch.

One of the exploits utilizes the methods that Safari uses to read and parse PDF files to gain access to the ‘protective sandbox’, while the second hole allows the code to get out of the ‘sandbox’ and access root control privileges for the device — potentially allowing hackers the ability to install rogue apps that could monitor user actions.

The second hole — the one which gives malicious code access to the root control privileges for the device — is so worrying that the German Government’s Federal Office for Information Security suggested users avoid opening PDF files until a fix is made available.

View: Source

Tags: , , ,
Leave a Comment

Microsoft to release emergency patch for Windows shortcut bug

Posted Aug.03, 2010 under Microsoft, Windows

Microsoft is planning to release an out of band security update today to address the Windows shortcut vulnerability.

The vulnerability is caused by an error in Windows Shell when parsing shortcuts (.lnk). The flaw can be exploited automatically by executing a program via a specially crafted shortcut. Certain parameters of the .lnk are not properly validated on load, resulting in the vulnerability. Microsoft says it has “seen only limited, targeted attacks on this vulnerability.”

For the exploit to be successful it requires that users insert removable media (when AutoPlay is enabled) or browse to the removable media (when AutoPlay is disabled). According to Microsoft’s initial advisory, exploitation may also be possible via network shares and WebDAV shares. Microsoft stated that the exploit affects all Windows versions since Windows XP, including Windows 7.

Last week, the software giant issued a Fixit solution for customers, to help prevent attacks attempting to exploit this vulnerability. However, applying the fixit removed the graphical representation of icons on the Task bar and Start menu bar and replaced them with white icons without the graphical representation of the icon. This temporary fix wasn’t ideal for most customers so Microsoft sped up testing to deliver an out of band fix.

“We are releasing the bulletin as we’ve completed the required testing and the update has achieved the appropriate quality bar for broad distribution to customers. Additionally, we’re able to confirm that, in the past few days, we’ve seen an increase in attempts to exploit the vulnerability. We firmly believe that releasing the update out of band is the best thing to do to help protect our customers,” said Christopher Budd, Microsoft Security Response Manager.

Microsoft will release the update later today, just over a week before its regular “Patch Tuesday”.

View: Source

Tags: ,
Leave a Comment

Enter your email address:

Delivered by FeedBurner