This article in our free security tools series focuses on the benefits of the Microsoft Anti-Cross-site Scripting Library (Anti-XSS).  Cross-site scripting (XSS) is an attack technique in which an attacker inserts malicious HTML and JavaScript into a vulnerable webpage, often in an effort to distribute malware or to steal sensitive information from the website or its visitors. 

Three key objectives of information security are to maintain the confidentiality, integrity and availability of an organization’s information. Most of the conversations I have with security professionals seem to revolve around the confidentiality and integrity of data.  The topic of availability is typically broached only in discussions regarding DDOS attacks or Hackvitism.  But more and more of the security professionals I have been talking to lately have been interested in topics related to reliability and availability; as their organizations adopt cloud services, more people seem to be interested in these topics.

When I write “availability” I mean that information and services can readily be accessed with a high level of Quality of Service.

Just a few weeks ago I had the honor of presenting a keynote at the Cloud Security Alliance (CSA) Congress 2012 in Orlando, Florida. My talk focused on the cloud security themes and topics that have been top of mind for Chief Information Security Officers (CISOs) and other security professionals that I have been talking to about cloud security.

Several trends have been influencing the ways security professionals have been thinking about the roles that Information Technology (IT) plays in their organizations and how associated risks are managed.  The consumerization of IT, Big Data, the evolution of consumer privacy, targeted attacks, governments’ roles in cybersecurity, are all influencing conversations about IT and cloud computing.

This article in our series focused on Microsoft’s free security tools is on a tool called the Microsoft Safety Scanner.  The Microsoft Safety Scanner is a free stand-alone virus scanner that is used to remove malware or potentially unwanted software from a system. The tool is easy-to-use and packaged with the latest signatures, updated multiple times daily.  The application is not designed to replace your existing antimalware software, but rather act as an on demand virus removal tool in situations where you suspect your real time antimalware software might not be working correctly.  If the antimalware program you are running regularly becomes disabled without your knowledge you may have malware or rogue security software on your system.  Running the Microsoft Safety Scanner can help detect and remove malware or potentially unwanted software that may be disabling your real time antimalware software. 

As I wrote in the last article we published, based on new data from the Microsoft Security Intelligence Report volume 13 (SIRv13), exploit activity has increased substantially over the past year: Exploit Activity at Highest Levels in Recent Times: The Importance of Keeping All Software Up To Date. The data I shared in that article illustrates just how much exploit activity has increased since the second quarter of 2011 (2Q11).

If you are looking for a resource that will help you manage security with Windows Server 2012, then I encourage you to check out a new book which will be published in the next few months titled “Windows Server 2012 Security from End to Edge and Beyond.”  This book is designed to cover security for the client device that connects to server based applications and services and the servers themselves.  It also covers security for the edge of the network such as a firewall or a remote access server and finally, security for the cloud.  The book was written by Microsoft experts from our Server and Tools Business including Tom Shinder, Yuri Diogenes and industry technology consultant Debra Littlejohn Shinder.  The authors are just about complete with the book and expect to have it published in the first quarter of 2012. Check back regularly as we will provide an update when the book has been published.

Earlier this year we published a special edition Security Intelligence Report that looked at some of the ways the threat landscape has evolved over the past ten years.  The report included a view into how attackers have shifted their tactics over the past decade.  I discussed the data in this report in depth, in a series of articles that Jeff Jones and I wrote, looking back at how things have changed (part 1, 2, 3, 4, 5, 6).