Microsoft Switzerland Security Blog

Windows 7 almost five times more secure than XP

2011-05-17T14:02:17Z

CNET: Windows 7 almost five times more secure than XP Those are the findings of Microsoft's latest Security Intelligence Report, which detailed in depth the state of software vulnerabilities, exploits, security breaches, and malware in 2010. http://news.cnet.com/8301-1009_3-20063220-83.html#ixzz1MXpezMKz Microsoft SIR Report - Volume 10 Direct download ( PDF ) or Microsoft webpage: http://www.microsoft.com/security/sir/ What is SIR: The Security Intelligence Report (SIR) is an investigation of the current threat landscape. It analyzes exploits, vulnerabilities, and malware based on data from over 600 million systems worldwide, as well as internet services, and three Microsoft Security Centers. Regards Urs...(read more)

Germany provides a secure way to deal with spam

2011-03-08T09:28:00Z

"In theory, stopping spam is easy: just make it uneconomic to send millions of messages by charging for each one sent, or make senders authenticate their identity to stop address spoofing and simplify blocking. In practice, that would involve building a secure, parallel email infrastructure linking electronic authentication with real-world identities: a daunting task. Yet that's just what Germany is about to do." http://www.infoworld.com/d/security/germany-provides-secure-way-deal-spam-510?page=0,0&source=rss_security Certainly interesting approach and in my opinion something that is kind of overdue since a long time as good old SMTP was never designed for the today’s world and Internet. Also the idea to charge for emails is not new, but together with a new service type, providing emails on the same level as paper mail sounds interesting and it makes - at least for me - more sense to charge for such a service. I had many discussions with customers that wanted exactly such features like proof of identity, proof of delivery, etc. But the main question remaining is, if it makes sense to solve that in isolated solutions (services) or if we don't need a new global standard for such needs. SMTPv2? :-) As long as I need to attach also to the SMTP-World, I will still have a SPAM problem. Also interesting the second aspect of the article, describing a new German law, that allows ISPs to charge for sent messages (if they wish). However, I'm surprised that it needs a new law to do so. Would you pay for emails and if so, how much? Perhaps this would help to solve another issue: Bots on end users PCs. Sometimes, I get the impression that some people don't care about their PCs security and would even "accept" (or ignore) a (hidden) bot on their PC. They have a flat Internet rate and don't care about sent emails, other traffic and as long as the bot does not disturb their work. But if they have to pay? -Urs...(read more)

Windows 7 Security Primer

2011-01-03T09:15:30Z

Good series of articles about Windows 7 security: http://www.windowsecurity.com/articles/Windows-7-Security-Primer-Part1.html http://www.windowsecurity.com/articles/Windows-7-Security-Primer-Part2.html http://www.windowsecurity.com/articles/Windows-7-Security-Primer-Part3.html These articles cover the fundamental information how to secure Windows 7 and some of the lesser known security functionality it provides. - Urs...(read more)

Step by step instructions on how to build a UAG SP1 DirectAccess lab with NAP

2011-01-03T08:57:35Z

Good article and step by step instruction on simplifying DA/NAP deployments with UAG: http://www.windowsecurity.com/articles/Integrated-NAP-Functionality-UAG-2010-Service-Pack1-DirectAccess.html - Urs...(read more)

Hold on to Your Keys!

2010-09-21T10:40:52Z

There have been a few recent incidents of what we previously thought was extremely rare — malware authors using code signing certificates that were issued to companies with good reputations. The high-profile Stuxnet incident included validly signed malware with misappropriated Authenticode certificates from two Taiwanese companies. More recently, it appears a U.S. credit union lost its private key to malware authors who used it to sign some variants of Trojan:Win32/Tapaoux.A as well. http://blogs.technet.com/b/mmpc/archive/2010/09/16/hold-on-to-your-keys.aspx Microsoft has also published a guide: Code-Signing Best Practices: http://www.microsoft.com/whdc/driver/install/drvsign/best-practices.mspx -Urs...(read more)

A strong Password isn’t the strongest Security

2010-09-08T08:49:49Z

Make your password strong, with a unique jumble of letters, numbers and punctuation marks. But memorize it — never write it down. And, oh yes, change it every few months... Yes, that's it? Or not? "Keeping a keylogger off your machine is about a trillion times more important than the strength of any one of your passwords,” says Cormac Herley, a principal researcher at Microsoft Research who specializes in security-related topics. http://www.nytimes.com/2010/09/05/business/05digi.html?_r=1&bl - Urs...(read more)

Microsoft Freshens Retro Code Lock-Down Tool

2010-09-07T13:12:04Z

Microsoft has released a new version of a software tool that developers and administrators can use to harden older applications against common vulnerabilities. Short for Enhanced Mitigation Experience Toolkit, EMET version 2.0 brings several new protections to operating systems and applications such as Windows XP or Internet Explorer 6, which remain widely used even though they are not as secure as more recent releases. http://www.microsoft.com/downloads/details.aspx?FamilyID=c6f0a6ee-05ac-4eb6-acd0-362559fd2f04&displayLang=en Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before the latest updates have been applied or who get attacked before an update is even available, the results can be devastating: malware, loss of PII, etc. Security mitigation technologies are designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software. EMET allows users to manage these technologies on their system and provides several unique benefits: 1. No source code needed: Until now, several of the available mitigations (such as Data Execution Prevention) have required for an application to be manually opted in and recompiled. EMET changes this by allowing a user to opt in applications without recompilation. This is especially handy for deploying mitigations on software that was written before the mitigations were available and when source code is not available. 2. Highly configurable: EMET provides a higher degree of granularity by allowing mitigations to be individually applied on a per process basis. There is no need to enable an entire product or suite of applications. This is helpful in situations where a process is not compatible with a particular mitigation technology. When that happens, a user can simply turn that mitigation off for that process. 3. Helps harden legacy applications: It’s not uncommon to have a hard dependency on old legacy software that cannot easily be rewritten and needs to be phased out slowly. Unfortunately, this can easily pose a security risk as legacy software is notorious for having security vulnerabilities. While the real solution to this is migrating away from the legacy software, EMET can help manage the risk while this is occurring by making it harder to hackers to exploit vulnerabilities in the legacy software. 4. Ease of use: The policy for system wide mitigations can be seen and configured with EMET's graphical user interface. There is no need to locate up and decipher registry keys or run platform dependent utilities. With EMET you can adjust setting with a single consistent interface regardless of the underlying platform. 5. Ongoing improvement: EMET is a living tool designed to be updated as new mitigation technologies become available. This provides a chance for users to try out and benefit from cutting edge mitigations. The release cycle for EMET is also not tied to any product. EMET updates can be made dynamically as soon as new mitigations are ready The toolkit includes several pseudo mitigation technologies aimed at disrupting current exploit techniques. These pseudo mitigations are not robust enough to stop future exploit techniques, but can help prevent users from being compromised by many of the exploits currently in use. The mitigations are also designed so that they can be easily updated as attackers start using new exploit techniques. -Urs...(read more)

Microsoft releases Windows Phone 7 to manufacturers (RTM)

2010-09-03T08:26:22Z

Security relevant? Not sure... Fun? Definitely! Can't await mine... ;-) But to still give it a security touch, let's put this under 'Consumerization of IT'. http://www.cnet.com/8301-17918_1-20015314-85.html?tag=mncol;1n -Urs...(read more)

Microsoft Releases SDL Docs with Creative Commons License

2010-08-31T12:22:04Z

[PCMag] In the last several years, for the most part, Microsoft "got" the importance of security and took it to heart. One of the main points they got was that it was in their interest for all the software running on Windows systems (the Windows "ecosystem") to be secure, so they have been increasingly less proprietary about their security methods and mechanisms. http://blogs.pcmag.com/securitywatch/2010/08/microsoft_releases_sdl_docs_wi.php On that front there was big news today: Microsoft SDL (Security Development Lifecycle) : http://blogs.msdn.com/b/sdl/archive/2010/08/26/microsoft-sdl-and-the-creative-commons.aspx Creative Commons License http://creativecommons.org/licenses/by-nc-sa/3.0/ - Urs...(read more)

Anti-DoS Dynamic IP Restrictions for IIS 7.0 Hits Beta2

2010-08-31T12:12:40Z

Microsoft has made available for download the second Beta development milestone of an anti-DoS extension for version 7.0 of Internet Information Services [IIS]. The Microsoft Dynamic IP Restrictions for IIS 7.0 has reached Beta2 and is up for grabs via the Microsoft Download Center in two flavors, 32-bit (x86) and 64-bit (x64). http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=a0920a32-b63d-4e13-8e42-7ad7ad9b3168 The Dynamic IP Restrictions Extension for IIS provides IT Professionals and Hosters a configurable module that helps mitigate or block Denial of Service Attacks or cracking of passwords through brute-force by temporarily blocking Internet Protocol (IP) addresses of HTTP clients who follow a pattern that could be conducive to one of such attacks. This module can be configured such that the analysis and blocking could be done at the Web Server or the Web Site level. The module includes the following features: Seamless integration into IIS 7.0 Manager. Dynamically blocking of requests from IP address based on either of the following criteria: The number of concurrent requests. The number of requests over a period of time. Blocking of requests can be configured at either site or server level. Configurable deny actions allows IT Administrators to specify what response would be returned to the client. The module support return status codes 403, 404 or blocking the requests entirely. Support for IPv6 addresses. Support for web servers behind a proxy or firewall. - Urs...(read more)

Security Secrets the Bad Guys don't want you to know

2010-07-21T12:49:46Z

[PCWorld] You already know the basics of internet security, right? But when you've got the basics covered, but you still don't feel secure, what can you do? Here are a few advanced security tips to help you thwart some of today's most common attacks. http://www.pcworld.com/article/201309/security_secrets_the_bad_guys_dont_want_you_to_know.html?&tk=hp_fv Urs...(read more)

A group of 15 Nations agree to start working together to reduce Cyberwarfare Threat

2010-07-21T12:47:08Z

[The Washington Post] A group of nations — including the United States, China and Russia — have for the first time signaled a willingness to engage in reducing the threat of attacks on each other’s computer networks. http://www.washingtonpost.com/wp-dyn/content/article/2010/07/16/AR2010071605882.html Urs...(read more)

Microsoft Malware Protection Center - The Stuxnet Sting

2010-07-21T12:43:31Z

For the past week or so, MSRC has been closely tracking a new family of threats called Stuxnet (a name derived from some of the filename/strings in the malware — mrxcls.sys, mrxnet.sys). In the past few days, it has become a popular topic of discussion amongst security researchers and in the media. First and foremost, MSRC has recently released one additional signature for this threat, and urge our readers to be sure that you've got the latest anti-malware definition updates installed. http://blogs.technet.com/b/mmpc/archive/2010/07/16/the-stuxnet-sting.aspx Urs...(read more)

What does it mean if my version of Windows is no longer supported?

2010-07-14T11:33:16Z

An unsupported version of Windows will no longer receive software updates from Windows Update. These include security updates that can help protect your PC from harmful viruses, spyware, and other malicious software, which can steal your personal information. Windows Update also installs the latest software updates to improve the reliability of Windows—new drivers for your hardware and more. http://windows.microsoft.com/en-us/windows/help/what-does-end-of-support-mean Urs...(read more)

How the Microsoft Azure appliance changes the cloud computing skyscape

2010-07-14T11:25:00Z

Microsoft executive Bob Muglia said he was meeting with a chief information officer last year when the man grabbed him and said, "You don't get it. We never want another update from Microsoft again." The man was frustrated by the software updates a corporate customer has to install if it uses Microsoft software — security patches, service packs, other bug fixes. Instead of having to install alerts and patches every month, corporate customers won't have to worry because Microsoft will do it for them. http://seattletimes.nwsource.com/html/microsoftpri0/2012344672_howthemicrosoftazureappliancechangesthecloudcomputingskyscape.html More information on Azure: http://www.microsoft.com/windowsazure/ Urs...(read more)

Reminder: Support for Windows XP SP2 and Windows 2000 ended July 13, 2010

2010-07-14T10:59:00Z

As Microsoft announced in 2008, support for Windows XP Service Pack 2 (SP2) will end on July 13, 2010. Support for Windows 2000 will end on the same date. Customers running an unsupported version of Windows or Windows service pack will not be eligible for any Microsoft support options. Updates, including security updates released with bulletins from the Microsoft Security Response Center, will be reviewed and built for the supported versions and service packs only. The most current service packs are available to organizations, and they are easily deployed via Windows Update, Windows Server Update Services/Microsoft System Center, and the Microsoft Download Center. To better understand the Microsoft Support Lifecycle Policy and your support options visit the Microsoft Support Lifecycle page: http://support.microsoft.com/lifecycle/?LN=en-us&x=13&y=14 . Urs...(read more)

Microsoft Offers Developers Cloud Security Tips

2010-06-18T07:56:48Z

Microsoft this week published a best practices guide for writing applications to its Windows Azure cloud computing environment. http://download.microsoft.com/download/7/3/E/73E4EE93-559F-4D0F-A6FC-7FEC5F1542D1/SecurityBestPracticesWindowsAzureApps.docx "We wrote this paper because no matter how many defenses we add to Windows Azure, it is important that people building software or hosting services in 'The Cloud' understand that they must also build software with security in mind from the start," blogged Michael Howard, principal security program manager of Microsoft’s Security Development Lifecycle team. Urs...(read more)

3.7 Billion Phishing Emails were sent in the last 12 Months

2010-06-18T07:52:08Z

[Network World] Cyber criminals sent 3.7 billion phishing emails over the last year, in a bid to steal money from unsuspecting web users, says CPP. Research by the life assistance company revealed that 55 percent of phishing scams are fake bank emails, which try and dupe web users into giving hackers their credit card number and online banking passwords. WOW! Luckily I am, I only got a few of them! Urs...(read more)

Microsoft Unveils One-Stop Service for Reporting Stolen Accounts

2010-06-18T07:48:06Z

Microsoft on Thursday unveiled a program to alert banks and online services when accounts they oversee are compromised. The Internet Fraud Alert will serve as a centralized repository for stolen account credentials and personal information, Microsoft said in a press release announcing the system. http://www.microsoft.com/Presspass/press/2010/jun10/06-17FraudAlertPR.mspx Urs...(read more)

It's my blog again... ;-)

2010-06-18T07:43:00Z

You have probably recognized that we completely changed the blog platform. Not only that I was surprised completely lost my layout, links, etc on the page, I was no longer able to login into my blog account and not able to post! Thanks to our support guys, now everything is just fine again and Iwill be able to post new stuff... So appologizes for the break! Cheers Urs...(read more)

New Microsoft Windows cloud service for managing and securing PCs: Intune (Beta)

2010-04-21T08:06:00Z

Windows Intune Beta Windows Intune simplifies how businesses manage and secure PCs using Windows cloud services and Windows 7—so your computers and users can operate at peak performance, from virtually anywhere. Windows Intune is a comprehensive solution that includes PC management, malware protection, Windows upgrades, and more. Use the Windows Intune cloud service beta to: Manage updates Protect PCs from malware Proactively monitor PCs Provide remote assistance Track hardware & software inventory Set security policies http://www.microsoft.com/online/windows-intune.mspx -Urs...(read more)

New Twitter Account: @MSFTSecResponse

2010-04-09T12:37:00Z

MSRC blogs: We will use this account to augment the content here on the blog. For example, we will use the account to rapidly respond to emerging issues while we are gathering information for a more complete blog post. In addition, we will also use the account as a way to push content to our followers quickly. -Urs...(read more)

Microsoft Security Compliance Manager released

2010-04-09T05:53:00Z

The Security Compliance Manager will help you accelerate knowledge to merge best practices, customize once to centralize decision making, and export to multiple formats to enable monitoring, verification, and compliance. The tool is designed to help accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies. This end-to-end Solution Accelerator will help you plan, deploy, operate, and manage your security baselines for Windows client and server operating systems, and Microsoft applications. Access the complete database of Microsoft recommended security settings, customize your baselines, and then choose from multiple formats—including Desired Configuration Management (DCM) packs, Security Content Automation Protocol (SCAP), XLS, or Group Policy objects (GPOs)—to export the baselines to your environment to automate the security baseline compliance verification process. Download the Security Compliance Manager: http://go.microsoft.com/fwlink/?LinkId=182512 Learn more about the Security Compliance Manager: http://go.microsoft.com/fwlink/?LinkId=113940 Send any questions or comments to the development team: secwish@microsoft.com . Want to learn more about the free tools and guidance offered by the Security Solution Accelerators team? Discover how these resources can help your organization improve its security posture while saving time and money. For additional resources, including our latest releases and beta programs, visit the Security page on Microsoft® TechNet: www.microsoft.com/ssa . -Urs...(read more)

Microsoft out-of-band security bulletin release for IE

2010-03-31T12:04:00Z

Microsoft has released an out-of-band security bulletin on March 30, 2010. The bulletin is being released to address new attacks against customers of Internet Explorer. Users of Internet Explorer 8 and Windows 7 are not vulnerable to these current attacks. However, the released update contains fixes for IE5, IE6, IE7 and IE8 and therefore, it is recommended to update all versions of Internet Explorer: http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx Recommendation: The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For certain configurations, the update is marked as important only (not critical) and in this case the update must be installed/selected manually as well. Especially as we see these vulnerabilities being exploited already (mainly in the US and Asia), I would recommend to install the released updates fast. In addition, Easter time will not only allow lots of people to surf extensively on the Internet, I also expect an increased amount of mails and links to Easter-related stuff (Webpages and HTML mail), which could contain malware. -Urs...(read more)

Think You’re Immune from Online Fraud? Maybe Not!

2010-03-30T07:07:00Z

Bill Mullins’ Weblog: Guest writer Dave Brooks, a vastly experienced computer tech from New Hampshire, who is an expert at online safety, shares this chilling story on why even exercising proper security measures won’t guarantee your online financial safety. http://billmullins.wordpress.com/2010/03/25/think-youre-immune-from-online-fraud-maybe-not/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+wordpress%2FTVcE+%28Bill+Mullins%27+Weblog+-+Tech+Thoughts%29 -Urs...(read more)