Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
In July, we kicked off a blog series focused on "Microsoft's Free Security Tools." The series highlights free security tools that Microsoft provides to help make IT professionals' and developers' lives easier. A good tool can save a lot of work and time for those people responsible for developing and managing software. In the series we discuss many of the benefits each tool can provide and include step by step guidance on how to use each. Below is a summary of the tools covered in the series and a brief overview of each.
Today we released the fourth annual Microsoft Security Response Center (MSRC) Progress Report. This report highlights advancements in various Microsoft information sharing initiatives that foster deeper industry collaboration, increase community-based defenses, and better protect customers.
This article in our series focused on Microsoft’s free security tools is on a tool called the Microsoft Safety Scanner. The Microsoft Safety Scanner is a free stand-alone virus scanner that is used to remove malware or potentially unwanted software from a system. The tool is easy-to-use and packaged with the latest signatures, updated multiple times daily. The application is not designed to replace your existing antimalware software, but rather act as an on demand virus removal tool in situations where you suspect your real time antimalware software might not be working correctly. If the antimalware program you are running regularly becomes disabled without your knowledge you may have malware or rogue security software on your system. Running the Microsoft Safety Scanner can help detect and remove malware or potentially unwanted software that may be disabling your real time antimalware software.
This article in our series focused on Microsoft’s free security tools is on a tool called Windows Defender Offline. Windows Defender Offline is a standalone software application that is designed to help detect malicious and other potentially unwanted software, including rootkits that try to install themselves on a PC. Once on a PC, this software might run immediately, or it might run at unexpected times. Windows Defender Offline works by scanning an operating system to check the authenticity of any communication the operating system has with the Internet. If there is an application deemed unsafe, it will alert the user and block the contents of the application until the user either accepts or denies the risk.
For many years attackers have used rogue security software, also known as fake antivirus software or “scareware”, to fool computer users into installing malware and/or divulge confidential information. These programs typically mimic the general look and feel of legitimate security software programs and claim to detect a large number of nonexistent threats while urging users to pay for the “full version” of the software to remove the threats. Attackers typically install rogue security software programs through exploits or other malware, or use social engineering to trick users into believing the programs are legitimate and useful. Some versions emulate the appearance of the Windows Security Center or unlawfully use trademarks and icons to misrepresent themselves (some examples of this below).
Author: Matt Thomlinson, General Manager, Trustworthy Computing
Targeted attacks by determined adversaries (also known as Advanced Persistent Threats or APTs) have been a hot topic recently. Although targeted attacks continue to make up a small fraction of the attacks we see today, reports of attacks targeting organizations and governments have attracted a lot of attention. We know that one of the first things determined adversaries do if they are able to successfully compromise their target organization’s network is to try to compromise the organization’s directory services. The reason is clear: a directory service contains the credentials that users, administrators and systems use to authenticate to the network and get access to the organization’s resources. If the attackers can get access to all these credentials, they can get access to more resources on the network.
According to data we recently published in the Microsoft Security Intelligence Report volume 12 (SIRv12), drive-by download attacks continue to be a favorite tactic used by many attackers attempting to compromise large numbers of systems around the world. I have written about drive-by download attacks in the past (What You Should Know About Drive-By Download Attacks part 1, part 2) and the need to keep all software up-to-date in an effort to mitigate this type of attack.