Internet Security For Microsoft Users

Some say it is like MilitaryIntelligence, incompatible stuff smashed together.


InternetSecurityForMicrosoftUsers is a page focussed on improving security (allow legitimate access and reduce exposure to SocialEngineering and other scams). It concentrates on common situations faced by users of Microsoft client software (the majority). It includes the task of SecuringWindows and more.

I believe the IT community is not immune to being victimized, as indicated by various reports in the press in the past (e.g. within Microsoft many employee SQLserver DB were affected by a worm, months after the patch was released).


Major risks and counter measures

There's not a lot of point in listing these here. It will just be out of date and incomplete. http://www.microsoft.com/security/bulletins/default.mspx covers the above and more. But they're already listed on that site! Run WindowsUpdate!


SocialEngineering cases

Media Player DRM reported in late 2004 about users of even WindowsXp SP2 getting spoofed into allowing the download of fake Digital Rights Management material, MS said in Jan05 that it will provide a patch. See http://www.eweek.com/print_article2/0,2533,a=142839,00.asp


InternetExplorer users, upgrade to WindowsXp SP2 or switch to FireFox

This recommendation from a number of sites made after MS said no upgrades to IE available to users that do not use WindowsXp MozillaFirefox does not support ActivexTechnology, and is therefore touted as being more secure. It was claimed within a few days of FireFox 1.0 Nov2004 release, it has captured 3percent of browser market.

MicrosoftInternetExplorer in SP2 release of WindowsXp has low level changes to security zone architecture, making it more difficult for MalWare to operate unchecked. This is the reason the IFRAME bug did not affect SP2 enabled machines. See http://www.windowsitpro.com/Windows/Article/ArticleID/44561/44561.html


Or consider MaxthonBrowser, if you want to stay with the IE engine

Anyone have comments on using MaxthonBrowser as IE6 substitute for intranets, in terms of compatibility and other technical risks?


Technology components that seem to be frequently affected by security problems

Server Message Block (SMB) for file sharing. Problems are just beginning? See http://secunia.com/advisories/11634/ which acknowledges MS05-011 that reported the problem area

What is IFRAME See http://www.cs.tut.fi/~jkorpela/html/iframe.html

Browser Helper Object(BHO) not all that bad See http://msmvps.com/harrywaldron/archive/2004/07/02/9418.aspx


Reading Material (list updated by better material as they become spotted)


There exists a site that lists programs that might be running at startup, located at http://www.sysinfo.org. This can be used to identify programs, including MalWare, that are run on your own machine.


from NewInternetSecurityPatch

The latest seductive wrapper for a blatant virus. Another wrapper is pretending it's a bounce for an email you sent.

====

MS Customer

this is the latest version of security update, the "September 2003, Worm.Automat.AHB" update which eliminates all known security options on your MS Windows platform. It turns your computer into an SMTP server, scans your memory and drives for e-mail addresses, and sends itself to all of them. Then it takes a whack at your IRC, Kaazen, and your shared network drives.

It foils and mangles its headers each time to fool the less robust spam filters. Put another way, it installs a decade of spam technology to broadcast its malicious executable.

If you are stupid enough to think that MS would e-mail security patches, then you will not suffer as much as your electronic contacts, whose mail boxes will fill up with 1-10 copies of the "security patch" per minute.

3 years after the "I love you" worm, MS's installed user base can still be relied upon to double-click anything in their mails that looks harmless or official. And MicroSoft can still be relied upon to never close the simple loopholes in their systems.

Billy Gates why do you make this possible? Stop making money and fix your software!!

====

We could ask the big mail servers to start filtering this out instead of passing and wasting incredible amounts of bandwidth.

====

Thanks! I thought it was just some cool new MS scheme to propagate their patches from one computer to the next ;-)

====

I've always wondered why someone doesn't just write a worm/virus that exploits security holes such that it installs the patch for the security hole. Kind of like a vaccination.

AmigaComputer had one, but the leading virus scanners clobbered it for you anyway...

They tried that for SoBig?. Aside from the ethics of such an act, the 'patch' ended up consuming more network resources than the virus.

Or so said the AntiVirus? industry. Biased?

Possibly, but also correct in that the anti-worm at least did some damage. It is believed that Welchia was the virus responsible for crashing the State Department's electronic system for checking every visa applicant for terrorist or criminal history.

No big loss, unless it actually was accurate, non-biased, and non-partisan...


Anyone have information on Secure Agent (CSA), a rebranded product from Okena acquired by Cisco? MS is claimed to use this as a dayzero attack prevention mechanism.

No worries, mate! Just upgrade to Windows 98 ^H^H^H2000 ^H^H^H^H^HXP ^H^H^HXP, ServicePackTwo? and all your troubles will be fixed!

Pretty much the same for any operating system. Old versions don't get the maintenance.
CategorySecurity

EditText of this page (last edited May 12, 2005) or FindPage with title or text search