The Common Vulnerability Scoring System, or CVSS for short, is the first and only open framework for scoring the risk associated with vulnerabilities. CVSS is designed to rank information system vulnerabilities and provide an end user with a composite score representing the overall severity and risk the vulnerability presents. CVSS was created by The National Infrastructure Advisory Council (NIAC). Over the years it has become a very widely adopted scoring system and is used by such heavy hitters as the Department of Homeland Security, CERT, Cisco, Union Pacific, and Symantec to name but a few. CVSS is currently maintained by the Forum of Incident Response and Security Teams (FIRST), http://www.first.org, and was a combined effort involving many companies, including:
CERT/CC Cisco Systems eBay Internet Security Systems Microsoft DHS/MITRE Qualys Symantec
http://www.networkworld.com/community/node/21105
Urs
Many people don’t have the time or technical expertise to keep up on PC management and protection. Today Microsoft released the next version of Windows Live OneCare, which provides all-in-one, self-updating PC Care designed to help consumers and small businesses maintain the security and performance of their PCs. Windows Live OneCare, a subscription service part of the Windows Live family, is available at major retail outlets in seventeen countries and can also be downloaded at http://onecare.live.com.
For proper PC care, most consumers need more than just anti-virus software. Although such protection is clearly a must-have, electronic assets such as digital photos, music and financial data must also be protected. Furthermore, today people are putting more “miles” on their PCs, which can lead to system clutter and performance degradation. And with multi-PC homes and wireless networks becoming mainstream, consumers must deal with the additional complexity of things such as printer sharing and network security.For the typical consumer this can present a huge challenge. But consumers do not want to deal with a disparate mix of products that must be purchased, installed and maintained; instead, they just want their PCs to work, which means they want the following:• Software to help protect them from viruses and other threats.• A PC that consistently runs quickly and efficiently.• Protection of valuable data, regardless of its format or location.• Simple instructions when user action is required.
Microsoft Windows OneCare 2.0 includes the following features:
Protection Plus
Protection Plus in Windows Live OneCare means anti-virus and anti-spyware protection, a managed two-way firewall, and automatic updates to help ensure that consumers have the latest definitions to help protect their computers from hackers, viruses, worms, Trojan horses and other unwanted software. Protection Plus includes the following features:
Ø Integrated anti-virus and anti-spyware protection. Windows Live OneCare integrates anti-virus and anti-spyware technology for an improved experience for consumers, making the technology more accessible by combining the two filters into one comprehensive safeguard. In real time, Windows Live OneCare anti-virus scans or monitors the files on a subscriber’s computer and looks for virus definitions (patterns in the code that resemble those of known viruses) or identifies files that are behaving like viruses. If an infected file is found, Windows Live OneCare automatically cleans it to help prevent harm to the consumer’s computer. Windows Live OneCare also scans files received via Windows Live Messenger and enables consumers to scan files or folders on demand with a simple right-click on those files or folders.
Ø Managed, two-way firewall. One-way firewalls aim to keep hackers from breaking into a computer; however, they can be ineffective against viruses or stealth programs, such as zombies or spyware, that run unnoticed in the background and send information from a consumer’s computer to the Internet. Windows Live OneCare addresses the challenge of delivering two-way protection in a highly usable way. It features a managed, two-way firewall with ongoing policy updates to help protect PCs from hackers when sending or receiving data.
Ø Microsoft Update integration. During installation, Microsoft automatically enrolls customers in the Microsoft Update service and set their preferences to receive and install important updates to Windows and to other Microsoft products. By helping its subscribers stay up to date, Microsoft helps ensure that they will receive important security updates efficiently and on time.
Ø Automatic OneCare updates and upgrades. Continuous updates deliver and implement ongoing virus definitions, firewall policies, anti-spyware rules, performance-tuning routines and commonly backed-up file types. The subscription experience helps ensure that enhancements are automatically and continuously delivered so consumers do not need to worry about updating manually. In addition, with an active Windows Live OneCare subscription, customers are automatically upgraded to the next version of the service with new features as soon as it is available.
Ø Windows Live OneCare advisories. When significant new worms, viruses or other security threats are identified, Windows Live OneCare advisories can be sent to consumers’ PCs to let them know the status of their protection so they can take appropriate action if any is needed. Only when absolutely necessary will Windows Live OneCare prompt consumers for their action on a task.
Performance Plus
Performance Plus in Windows Live OneCare delivers PC tune-ups to help maintain computer performance and reliability, and eases management in a multiple-PC environment. Performance Plus includes these features:
Ø New. Proactive fixes and recommendations. Performance Plus looks at the specific configuration of the user’s system and makes proactive fixes and recommendations to improve the computing experience.
Ø New. Start-time optimizer. Performance Plus speeds PC boot time by allowing the subscriber to remove rarely used applications from the start-up menu. This helps to address one of the noticeable areas of concern for PC users.
Ø New. Monthly reports. The Monthly Report provides a summary of key actions that OneCare has performed in the last month, as well as activities and recommended actions for all PCs in a local network.
Ø Automated maintenance tasks. Performance Plus automates important janitorial tasks such as disk cleanup and disk defragmentation to help keep PCs running at peak performance.
Ø Virus scanning. Performance Plus runs a complete virus and spyware scan to check the entire computer for malicious programs. If any infected files are found, Windows Live OneCare automatically takes steps to help prevent harm to consumers’ computers by blocking access to the file until they decide what to do with it.
Backup and Restore
Security intrusions are not the only cause of data loss. Accidental deletion and disk failure also pose a threat to digital photos, music, financial data, software and other important electronic assets created as part of the digital lifestyle. Windows Live OneCare makes it easy for consumers and small businesses to back up files to CD, DVD, locally networked computers, external hard drives and most USB-enabled storage devices.
Ø New. Centralized backup enables users to centrally configure and monitor backups for all PCs covered under the same Windows Live OneCare subscription, with the data from all PCs backed up to a central location.
Ø New. Online photo backup keeps precious photos safe from theft or accidental loss by backing them up to an off-site location in Windows Live Folders (available at an extra cost).
WindowsSecurity.com article from Jakob H. Heidelberg on GPO stuff in Windows Server 2008:
http://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-Server-2008-Part1.htmlhttp://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-Server-2008-Part2.htmlhttp://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-Server-2008-Part3.html
In his most recent publication (“The Database Exposure Survey 2007 ”, November 12, 2007) , David Litchfield conducted a survey on how many database servers exist on the internet and are listening on their default TCP ports and are not protected by a firewall. According to the survey, 157 SQL Servers were found and 53 Oracle Servers were found. Below are key findings as reported in his survey.• 4% SQL Server systems were found to be completely unpatched.• 66% Oracle Server systems were running versions known to be vulnerable to critical vulnerabilities.
For me the real problem is not that so many servers are directly connected to the Internet - perhaps (or hopefully) there is a good reason for that, but if I would expose those machines directly to the Internet, I would at least kepp them up to date!
http://www.infoworld.nl/idgns/bericht.phtml?id=002570DE00740E180025739300013B77
The SANS Institute released its top 20 security risks for 2007, which documents the security arms race between cyber criminals and the folks playing defense. But let’s focus on the big scourge–zero day attacks:http://blogs.zdnet.com/security/?p=691
SANS Top-20 2007 Security Risks (2007 Annual Update):http://www.sans.org/top20/
November 19 – Visual Studio 2008 and .NET Framework 3.5 RTM (Developer, Connected Systems Division) Microsoft made its flagship development tool, Visual Studio 2008, available for download to its developer subscribers.
The release also includes technology called Language Integrated Query (LINQ) which is aimed at making it easier and more secure to build applications that tap into different data sources.
Visual Studio 2008 will be formally launched on February 27 next year along with Windows Server 2008 and SQL Server 2008.
I just had to create a bootable CD/DVD to offline clean a PC of a friend of mine. So I installed and used the Microsoft Malware Removal Starter Kit:
Based on the Windows Preinstallation Environment (Windows PE) kit, great collection for creating a rescue and cleaning disk. It is also very easy to add your own favorite tools as well.
http://www.microsoft.com/downloads/details.aspx?FamilyID=6cd853ce-f349-4a18-a14f-c99b64adfbea&DisplayLang=en
Additional resources for this topic:
The Antivirus Defense-in-Depth Guide: http://go.microsoft.com/fwlink/?linkid=28732
The Responding to IT Security Incidents page on Microsoft TechNet:http://www.microsoft.com/technet/security/guidance/disasterrecovery/responding_sec_incidents.mspx
The Windows Security Resource Kit, Second Edition from Microsoft Press:http://www.microsoft.com/MSPress/books/6815.aspx
Derek Melber on MicrosoftWindows Powershell:
"If you have not heard of PowerShell you must be living under a rock. If you have heard about PowerShell, then you must have been wondering how and if PowerShell is secure. I saw PowerShell for the first time about 4 years ago at an MVP conference. With all of the effort and sweat that has gone into PowerShell, it had better come with some advanced security. Well, it does! PowerShell is not just your routine scripting language. There are built in security features, as well as some additional security you can configure once in PowerShell."
http://www.windowsecurity.com/articles/PowerShell-Security.html
I'm tempted to say: Interesting! ;-)
http://www.technewsworld.com/story/60111.html
Sounds like a funny idea, but no surprise that the spamming-industry is searching for new ways to "influence people!
Security firm MessageLabs today reports that it has spotted a massive run of spam sent out in the form of MP3 files and masquerading as music clips from popular artists. This is the first instance of a large distribution of spam hiding inside sound files, the researchers say.
http://www.darkreading.com/document.asp?doc_id=137748&WT.svl=news1_1
Research data says buffer overflow bugs outnumber Web app vulnerabilities, and some severe Microsoft bugs are on the decline.
"And in case you were wondering, Microsoft's aggressive initiative to shore up its product security appears to be paying off -- the level of severity of bugs in the software giant's products is declining significantly, according to a security research arm of telecommunications firm Telus."
http://www.darkreading.com/document.asp?doc_id=139871&f_src=darkreading_section_296
The ubiquity of computers, particularly home computers, has led owners to treat them like refrigerators or toasters -- plugging them in, adjusting some initial settings, and using them until they break or until a different set of features is desired. This is a recipe for disaster because without education and the right security software, the end user doesn't stand a chance. Spyware was originally designed to observe users' Internet patterns and deliver pop-up ads based on their individual browsing and shopping preferences. Now, although pop-up ads continue to be a nuisance, hackers are far more focused on spyware as crimeware: computer programs designed expressly to facilitate illegal activity online.
http://www.technewsworld.com/rsstory/59944.html
"The information technology revolution has changed the way business is transacted, governments operate, and national defense is conducted. Protection of these systems is essential and continuous efforts to protect them have resulted in exponential growth in reported security incidents. There are threats from hackers, spies, corporate raiders, terrorists, professional criminals, and vandals -- all of whom have a vested interest and well defined objectives for challenging the technology for financial and political gain, leading to damages to the enterprise infrastructure."
http://www.securityfocus.com/infocus/1896?ref=rss
The 2007 Microsoft Office Security Guide provides IT professionals with best practices and automated tools to help strengthen the security of computers that run either Windows Vista or Windows XP SP2 and the following applications:
http://www.microsoft.com/technet/security/guidance/clientsecurity/2007office/default.mspx
"It really is difficult to imagine a "year of PKI" because PKI isn't your typical technology trend. PKI isn't a standalone security widget, it is a complex infrastructure that must be integrated into existing applications and business processes. Once implemented however, PKI can really improve security, protect data integrity, and bolster identity management."
http://www.news.com/8301-10784_3-9816996-7.html?part=rss&subj=news&tag=2547-1_3-0-5
See also technical information on microsoft.com:
Microsoft Enterprise PKI:http://www.microsoft.com/windowsserver2003/technologies/pki/default.mspx
Microsoft Identity Lifecycle Manager (ILM):http://www.microsoft.com/windowsserver/ilm2007/default.mspx
...and why also the development of an AV solution needs to go through a Security Development Lifecycle (SDL)!
The vulnerabilities in antivirus software make the programs as much a threat, as a help, to corporate network security:http://www.securityfocus.com/brief/632?ref=rss
And did I allready mentioned that neither Windows Live OneCare or Forefront Client Security are on the list? ;-)http://www.microsoft.com/forefronthttp://onecare.live.com/standard
Just found the following list on the internet:
1. Cross site scripting (XSS)2. Injection flaws3. Malicious file execution4. Insecure direct object reference5. Cross site request forgery6. Information leakage and improper error handling7. Broken authentication and session management8. Insecure cryptographic storage9. Insecure communications10. Failure to restrict URL access
And that brings me back to the previous post and how important (and sometimes easy) it is to check the own websites for thise kind of vulnerabilities.
http://blogs.technet.com/ms_schweiz_security_blog/archive/2007/10/24/xssdetect-code-analysis-tool.aspx
Interesting post summarizing the Security Intelligence Report (SIR). I definitely like the "Microsoft found that machines running Vista and Windows XP SP2 had "significantly" lower infection rates than older Windows operating systems." ;-)
http://www.itepistemology.com/2007/10/malicious-software-is-real-pandemic.html
It's not the time of thousands of PCs crashing anymore, but the silent "takeover" of our machines is a lot worse.
"The Malicious Software Removal Tool has uncovered some alarming statistics, for the first half of 2007 it detected 31.6 million phishing scams, an increase of more than 150% over the last half of 2006. In addition a 500% increase in Trojan downloaders and droppers, software that installs Trojans, password stealers, keyboard loggers and/or other malware on victims' systems. Also increasing, a growing number of backdoors—a category that includes bots and that the company referred to as an increasing threat to instant messaging users."
A little late for changing the strategy for 2007, but I don't think that the hot topics for 2008 are so dfferent. ;-)
http://www.windowsecurity.com/articles/Security-Market-Trends-2007.html
Roger has posted a very good article based on the Yankee group report. I especially like hes linking to existing (or almost existing) technology. I know, it's a bit long, but worthwile to read every word! ;-)
http://blogs.technet.com/rhalbheer/archive/2007/11/20/are-you-ready-for-your-users-of-the-near-future.aspx
A VoIP expert has unveiled new proof-of-concept software that allows an attacker to monitor other peoples' VoIP calls and record them for later review. Unencrypted VoIP really isn't very secure; if you have access to the raw network traffic of a call, it's not too hard to reconstruct the audio. Encrypted traffic is another story. German officials have discovered that when suspects use Skype's encryption feature, they aren't able to decode calls even if they have a court order authorizing them to do so. Some law enforcement officials in Germany apparently want to deal with this problem by having courts give them permission to surreptitiously install spying software on the target's computer.
http://techdirt.com/articles/20071126/174251.shtml
"Everyone knows that it is important to lock down the resources on the network. The resources that need to be locked down include folders and the files that are contained in them, as well as some Registry keys that are located on servers and workstations throughout the enterprise. We can’t forget those Active Directory objects that reside on domain controllers. All of these resources need to be locked down so that users that should not have access to them, can’t access them. To control the permissions on these resources, you have multiple options. Some options are more attractive than others, but a look at all options should be investigated."
http://www.windowsecurity.com/articles/Controlling-Resource-Permissions.html
"You know about the Storm Trojan, which is spread by the world's largest botnet. But what you may not know is there's now a new peer-to-peer based botnet emerging that could blow Storm away..."
http://www.darkreading.com/document.asp?doc_id=138610&WT.svl=news1_1
A hacker has released attack code that could be used to exploit a critical bug in some versions of the Windows operating system. Microsoft Windows Vista is not affected.
The vulnerability has been patched in the October patch cycle: Microsoft Security Bulletin MS07-055http://www.microsoft.com/technet/security/bulletin/ms07-055.mspx
See related article:http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9044580&intsrc=news_ts_head