http://news.softpedia.com Softpedia News - Security Softpedia News en-us 2001 - 2009 Softpedia. All rights reserved. Sun, 29 Nov 2009 19:34:39 GMT Sun, 29 Nov 2009 19:34:39 GMT News http://blogs.law.harvard.edu/tech/rss 10 http://www.softpedia.com/base_img/softpedia_logo.gif http://news.softpedia.com/ http://news.softpedia.com/news/Forefront-Online-Protection-for-Exchange-Updated-127728.shtml Microsoft is offering an update version of the Cloud-based flavor of its security solution for Exchange Server. At the end of the past week, the refreshed variant of Forefront Online Protection for Exchange became available to customers currently leveraging the company Cloud services. Forefront Online Protection for Exchange is designed as a service offering protection for Exchange environments, be them on premise or also in the Cloud. Delivered under the Microsoft Online Services umbrella, FOPE is positioned as an alternative to the Forefront Protection 2010 for Exchange Server.

The difference of course, lies in the way that customers can access the offering. In this sense, FOPE is a hosted security solution, essentially a service that comes to the table with both anti-malware and anti-spam protection. At the same time, FOPE can be used in concert with Forefront Protection 2010 for Exchange Server, in order to provide additional security to Exchange environments.

“The new release of Forefront Online Protection for Exchange offers enhanced policy control capabilities (such as enhanced regular expressions support, custom dictionaries) for IT admins to more effectively adhere to compliance needs. In addition, it supports advanced globalization/localization by supporting 13 languages in the Admin Con... (read more)]]> Mon, 23 Nov 2009 12:07:00 GMT Softpedia News - Security http://news.softpedia.com/news/Forefront-Online-Protection-for-Exchange-Updated-127728.shtml Security http://news.softpedia.com/news/Forefront-Online-Protection-for-Exchange-Updated-127728.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Forefront-Threat-Management-Gateway-TMG-2010-Released-to-Manufacturing-127179.shtml At a little over a month since it pushed Forefront Threat Management Gateway (TMG) 2010 into Release Candidate stage, Microsoft has released the product to manufacturing. Ahead of the RC milestone, TGM 2010 went through no less than three Beta releases, a period of which Microsoft users to harvest feedback on the security solution. RTM’d on November 16th, 2009, Forefront Threat Management Gateway 2010 will be offered for purchase soon, the Redmond company promised, although no specific deadline of general availability was offered.

Still, customers looking to get a taste of what TGM 2010 RTM brings to the table can grab the gold release via the Microsoft Download Center. Microsoft is currently delivering evaluation versions of TGM 2010 RTM in a couple of flavors, namely Standard Edition and Enterprise Edition. Yaron Zakai-Or, Group Program manager, Forefront TMG, indicated that input from testers and early adopters was a key element in the development process of TGM 2010.

“Forefront TMG provides an unparalleled value to the network security marketplace by integrating multiple web security technologies into a single, comprehensive solution. Forefront TMG is also all about “the basics” to ensure that besides the breadth of new features, Forefront TMG also provi... (read more)]]> Tue, 17 Nov 2009 11:37:00 GMT Softpedia News - Security http://news.softpedia.com/news/Forefront-Threat-Management-Gateway-TMG-2010-Released-to-Manufacturing-127179.shtml Security http://news.softpedia.com/news/Forefront-Threat-Management-Gateway-TMG-2010-Released-to-Manufacturing-127179.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Microsoft-Confirms-COFEE-Leak-126954.shtml Microsoft has offered official confirmation that a tool it is providing to forensics investigators has been leaked in the wild. Labeled Computer Online Forensic Evidence Extractor (COFEE) the solution is essentially a USB drive that bundles together several PC forensics utilities designed for law enforcement organizations. Ahead of the leak, Microsoft was offering COFEE in the United States via the National White Collar Crime Center (NW3C) distributor, and worldwide through the International Criminal Police Organization (Interpol) in no less than 187 markets. Now COFEE is available for download on BitTorrent trackers and warez websites.

“We have confirmed that unauthorized and modified versions of Microsoft’s COFEE tool have been improperly posted to bit torrent networks for public download. We strongly recommend against downloading any technology purporting to be COFEE outside of authorized channels – both because any unauthorized technology may not be what it claims to be and because Microsoft has only granted legal usage rights for our COFEE technology for law enforcement purposes for which the tool was designed,” noted Richard Boscovich, senior attorney, Internet Safety at Microsoft.

However, despite the tool being available in the wild, the software giant underlined that it was in no way worri... (read more)]]> Fri, 13 Nov 2009 11:41:00 GMT Softpedia News - Security http://news.softpedia.com/news/Microsoft-Confirms-COFEE-Leak-126954.shtml Security http://news.softpedia.com/news/Microsoft-Confirms-COFEE-Leak-126954.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Free-Microsoft-Security-Tool-Tackles-Rogues-Masquerading-as-Windows-Security-Solutions-126851.shtml Microsoft has updated a free security tool it is offering Windows users in order to tackle two new rogue antivirus products masquerading as Windows security software. Following the November refresh, the Malicious Software Removal Tool (MSRT) is now capable of detecting and cleaning members of the Win32/FakeVimes and Win32/PrivacyCenter families of malware. According to the company, while both examples of malicious code have been initially started to spread at the start of 2009, it is only recently that they managed to become prevalent.

“Win32/FakeVimes has gone through a lot of different names, usually with two or three active at any given time. Currently it’s calling itself Windows System Defender and Windows Enterprise Suite. Its interface may look familiar even if you’ve never had the misfortune of being affected by the malware - it has copied elements of the Windows Defender and Windows Security Center UIs and its activate* button includes an imitation of the Genuine Microsoft Software logo,” revealed Hamish O'Dea, from the Microsoft Malware Protection Center.

Furthermore, FakeVimes also mimics the User Account Control (UAC) security mitigation from Windows Vista and Windows 7. The fake UAC is designed to provide users with an option to ... (read more)]]> Thu, 12 Nov 2009 13:35:00 GMT Softpedia News - Security http://news.softpedia.com/news/Free-Microsoft-Security-Tool-Tackles-Rogues-Masquerading-as-Windows-Security-Solutions-126851.shtml Security http://news.softpedia.com/news/Free-Microsoft-Security-Tool-Tackles-Rogues-Masquerading-as-Windows-Security-Solutions-126851.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Download-Free-Panda-Cloud-Antivirus-Final-for-Windows-7-RTM-126607.shtml Taking an innovative approach to the now traditional methods of delivering security for Windows computers, Panda Security has made available for download the final version of its free Cloud-based antivirus offering. Panda Cloud Antivirus is a free security offering designed to integrate seamlessly with Windows 7, but also with its predecessors, including Windows Vista and Windows XP. When it comes down to Windows 7 and Vista, support is available for both 32-bit (x86) and 64-bit (x64) flavors of the two platforms, while only x86 XP is supported.

Panda Security launched the first Beta development milestone of Panda Cloud Antivirus in April 2009. At that time the security solution did not provide support for Windows 7, which itself was still approximately half a year away from commercial availability. Only with the Beta 3 phase released in October was Panda Cloud Antivirus tailored to the latest iteration of Windows.

“Since the beta release of Panda Cloud Antivirus in April, we have been judiciously testing our cloud-based protection model, making upgrades in security and performance, and listening to our user community,” noted Juan Santana, CEO of Panda Security. “With Panda Cloud Antivirus 1.0, we’ve really changed the game, providing our users the most powerful and li... (read more)]]> Tue, 10 Nov 2009 14:33:00 GMT Softpedia News - Security http://news.softpedia.com/news/Download-Free-Panda-Cloud-Antivirus-Final-for-Windows-7-RTM-126607.shtml Security http://news.softpedia.com/news/Download-Free-Panda-Cloud-Antivirus-Final-for-Windows-7-RTM-126607.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Download-Forefront-Protection-2010-for-Exchange-Server-126550.shtml Concomitantly with the worldwide availability of Exchange Server 2010, Microsoft also announced the release of Forefront Protection 2010 for Exchange Server. Following day one of the TechEd Europe conference, customers around the world will be able to acquire Exchange Server 2010, and, for those that opt for Microsoft’s latest version of Exchange, Forefront Protection 2010 for Exchange Server is readily available to protect their environments. A trial variant of Forefront Protection 2010 for Exchange Server is already up for grabs.

“Part of our Business Ready Security strategy, Forefront Protection for Exchange (FPE) offers multiple anti-malware engines for 38 times faster detection than single engine solutions, and 99% guaranteed spam protection with only one in 250,000 spam false positives. Customers also have the choice of using the hosted Forefront Online Protection for Exchange service, or both offerings together for defense-in-depth,” revealed a member of the Forefront team.

According to Microsoft, customers opting for Forefront Protection 2010 for Exchange Server will be able to include premium antispam protection. The Redmond company noted that the security solution was capable of delivering a 99% detection rate, while generating less than 1 in 250,000 false positives. In... (read more)]]> Tue, 10 Nov 2009 10:21:00 GMT Softpedia News - Security http://news.softpedia.com/news/Download-Forefront-Protection-2010-for-Exchange-Server-126550.shtml Security http://news.softpedia.com/news/Download-Forefront-Protection-2010-for-Exchange-Server-126550.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Microsoft-Forefront-and-Antigen-Multiengine-Mix-Evolution-Reminder-126320.shtml As December 1st approaches, customers running Microsoft Forefront and Antigen products will need to take a series of steps in order to align themselves with the company’s strategy for items of the two product line-ups. The software giant announced on July 1st, that it would be revising its engine mix, and the deadline was the first day in December. According to Microsoft, the changes implemented are set up to boost detection, while optimizing protection for companies leveraging Forefront and Antigen.

“The AhnLab, CA, and Sophos engines will be retired on Dec. 1, 2009. After December 1st, customers will not receive any updates for these retired engines. In order to make sure your Antigen and Forefront products continue to scan efficiently and effectively for malware, any customers running the AhnLab, CA, or Sophos engines must DISABLE these engines before Dec. 1, 2009 and select from the new set of five engines – Authentium, Kaspersky, Microsoft, Norman, and VirusBuster,” revealed Brita Jenquin, senior product manager for Microsoft.

Come December 31st, 2009, Microsoft will modify the update infrastructure of Antigen for SharePoint 8.0 and Antigen for Instant Messaging 8.0. In this regard, the Redmond company is urging customers running the two security solut... (read more)]]> Fri, 6 Nov 2009 11:59:00 GMT Softpedia News - Security http://news.softpedia.com/news/Microsoft-Forefront-and-Antigen-Multiengine-Mix-Evolution-Reminder-126320.shtml Security http://news.softpedia.com/news/Microsoft-Forefront-and-Antigen-Multiengine-Mix-Evolution-Reminder-126320.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/New-Trojan-Prevents-XP-from-Booting-and-Shutting-Down-126044.shtml Developers will agree that code is never perfect as opposed to being always perfectible. This holds true for mammoth software products like the Windows platform, but also for smaller applications designed to run on top of the OS, and even for malicious code targeting the operating system. Microsoft has warned users that a new Trojan horse actively spreading in the wild, particularly on computers running Windows XP, will cause additional problems on top of the infection. Specifically, due to bugs contained by some versions of Trojan:Win32/Daonol, the malware can prevent XP machines from booting and from shutting down.

“Several recent versions of this malware are buggy and prevent computers from successfully shutting down or (more importantly) starting up. If you have (or someone you know has) a Windows XP system which won’t boot completely (ie, shows the ‘Windows XP’ splash-screen with the progress bar, but then the screen turns black and the system never starts up completely), it’s likely a Daonol infection,” explained Aaron Putnam, researcher with the Microsoft Malware Protection Center.

Daonol is by no means designed to prevent users from shutting down or starting up their computers. Such malicious behavior is a direct result of poorly written code, and nothing ... (read more)]]> Wed, 4 Nov 2009 09:21:00 GMT Softpedia News - Security http://news.softpedia.com/news/New-Trojan-Prevents-XP-from-Booting-and-Shutting-Down-126044.shtml Security http://news.softpedia.com/news/New-Trojan-Prevents-XP-from-Booting-and-Shutting-Down-126044.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Worm-Infections-Explode-Thanks-to-Conficker-and-Taterf-125883.shtml The volume of worm infections exploded in the first half of 2009, compared with the second half of 2008, according to Microsoft. In volume seven of the Microsoft Security Intelligence Report (SIRv7), the Redmond company indicates that Conficker and Taterf have made worm infections second only to those caused by miscellaneous Trojans. According to the software giant, worms such as Conficker and Taterf are designed to exploit unsecured file shares, as well as infect removable storage devices, while spreading from one machine to another. Microsoft warned that, unlike home users, enterprise IT environments were more exposed to the threat presented by worms because of unsecured file shares and removable storage.

“Miscellaneous Trojans remained the most prevalent category in 1H09, for the second straight period. Notably, Worms rose from fifth place in 2H08 to become the second-most prevalent category in 1H09, largely due to significantly increased detections of the worm families Win32/Conficker and Win32/Taterf, the two most prevalent families worldwide in 1H09. The prevalence of Password Stealers & Monitoring Tools also rose, due in part to increases in several password-stealer families aimed at players of online games. Of the remaining categories, Trojan Downloaders & Droppers, Miscellaneous Potentially Unw... (read more)]]> Mon, 2 Nov 2009 15:12:00 GMT Softpedia News - Security http://news.softpedia.com/news/Worm-Infections-Explode-Thanks-to-Conficker-and-Taterf-125883.shtml Security http://news.softpedia.com/news/Worm-Infections-Explode-Thanks-to-Conficker-and-Taterf-125883.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Antigen-8-for-SharePoint-SP1-and-for-IM-SP1-Available-125611.shtml Customers running multi-engine AV protection from Microsoft are advised to upgrade as soon as possible, as the Redmond company made available for download two major updates related to Antigen 8. On October 28th, the software giant released Antigen 8 for SharePoint Service Pack 1 and Antigen 8 for IM Service Pack 1. Both upgrades are now available for download, and customers already running Antigen 8 for IM and Antigen 8 for SharePoint can grab the SP1 release most suited to their specific product via the Microsoft Volume Licensing Service Center.

“The Forefront Server team is pleased to announce that Antigen 8 for SharePoint Service Pack 1 and Antigen 8 for IM Service Pack 1 are now available for download. It is important for customers to upgrade to these service pack releases before the AV engine mix is changed on December 1st, 2009 (as announced on July 1st, 2009). Previous builds of the product will still function after December 1st, but only one engine will be updating (Norman),” noted Tom Canino, lead program manager for Forefront Server Team.

At the start of July 2009, Microsoft announced that it was going to change its security strategy related to third-party products included in its own solutions starting December this year. Specifically, the Redmond company revealed that it... (read more)]]> Thu, 29 Oct 2009 14:09:00 GMT Softpedia News - Security http://news.softpedia.com/news/Antigen-8-for-SharePoint-SP1-and-for-IM-SP1-Available-125611.shtml Security http://news.softpedia.com/news/Antigen-8-for-SharePoint-SP1-and-for-IM-SP1-Available-125611.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Download-Free-Enhanced-Mitigation-Evaluation-Toolkit-125522.shtml As Microsoft bulletproofed Windows more and more, making it harder for attackers to identify and exploit vulnerabilities in the operating system, the company also catalyzed a change in the threat environment and a refocusing on third-party code as primary avenues of attack. At the same time, the Redmond company is providing a range of resources, including the Security Development Lifecycle, to developers of applications designed to run on top of Windows, in order to help them increase the security of their products. The Enhanced Mitigation Evaluation Toolkit is the latest resource provided by the software giant, set up to permit devs to apply security mitigation technologies to arbitrary apps.

Fermin J. Serna and Andrew Roths, from MSRC Engineering, explain that applications can be opted in via a command-line utility without requiring any sort of recompilation. In addition, the Redmond company has put in the effort to make EMET granular. Serna notes that applications can have mitigations added on a per process basis, rather than globally. According to the Redmond company, all mitigations included in EMET are no longer limited to up-level versions of Windows. This means that customers will be able to enjoy all the benefits of the added security without having to upgrade their systems.

But perhaps... (read more)]]> Wed, 28 Oct 2009 14:58:00 GMT Softpedia News - Security http://news.softpedia.com/news/Download-Free-Enhanced-Mitigation-Evaluation-Toolkit-125522.shtml Security http://news.softpedia.com/news/Download-Free-Enhanced-Mitigation-Evaluation-Toolkit-125522.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Microsoft-Security-Essentials-Now-Windows-7-RTM-Certified-125205.shtml Microsoft first revealed plans to deliver a free security solution designed to accompany its latest iteration of the Windows client to market in the second half of November 2008. Developed under the codename Morro, Microsoft Security Essentials was released almost a month ahead of the general availability of Windows 7 and is also designed to run on Windows Vista and Windows XP. The Redmond company made sure that Microsoft Security Essentials was tailored to Windows 7, and the security solution has made it among the exclusive list of the first anti-virus certification programs for the operating system.

Microsoft Security Essentials 1.0 has earned both ICSA Labs Certification for detection and ICSA Labs Anti-Virus Certification for cleaning along with additional products from ESET, Norman, PC Tools and Webroot. Both the 32-bit and the 64-bit versions of MSE 1.0 have been certified for Windows 7.

“The continuing onslaught of malicious code means it remains critically important that end-users have help maintaining the security of their operating systems, even on the newest ones," noted Andrew Hayter, anti-malcode program manager, ICSA Labs. “ICSA Labs works closely with product vendors and corporate users to develop thorough, up-to-date testing standards for anti-virus products. We ... (read more)]]> Mon, 26 Oct 2009 08:15:00 GMT Softpedia News - Security http://news.softpedia.com/news/Microsoft-Security-Essentials-Now-Windows-7-RTM-Certified-125205.shtml Security http://news.softpedia.com/news/Microsoft-Security-Essentials-Now-Windows-7-RTM-Certified-125205.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Web-Protection-Library-1-0-CTP-the-Evolution-of-the-Anti-XSS-Library-124629.shtml Microsoft is cooking the next iteration of the Anti-Cross Site Scripting Library, promising that the first Community Technology Preview will be made available soon. No definitive availability date was made public at the time of this article, but Anil Revuru, Senior SDE, Information Security Tools team, did share some details about the evolution of the Anti-XSS Library. A key aspect of this evolution is the fact that the security resource is no longer focused exclusively on anti-cross site scripting. In this regard, Microsoft has rebranded the old Anti-XSS Library as the Web Protection Library or WPL.

Revuru explained that the Web Protection Library label was designed to illustrate the new mitigations added to the Anti-XSS Library and Security Runtime Engine (SRE). “WPL now includes encoding methods to provide mitigations around LDAP Injection and CSS Injections (Cascading Style Sheets) with several others planned for the future. The runtime protection module includes a new HTTP Module that detects and protects from SQL Injection attempts using a specialized SQL Parser to detect any valid SQL queries in the input,” Revuru stated.

Moving forward, Microsoft is advising developers that are leveraging ASP.NET in order to build websites to turn to Web Protection Library 1.0... (read more)]]> Mon, 19 Oct 2009 08:19:00 GMT Softpedia News - Security http://news.softpedia.com/news/Web-Protection-Library-1-0-CTP-the-Evolution-of-the-Anti-XSS-Library-124629.shtml Security http://news.softpedia.com/news/Web-Protection-Library-1-0-CTP-the-Evolution-of-the-Anti-XSS-Library-124629.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/1-5-Million-Microsoft-Security-Essentials-Downloads-in-a-Week-124553.shtml Microsoft’s first example of a free antivirus might have gotten its fair share of criticism and raised eyebrows but fact is that the security solution is right on track to becoming a success. In just the first week since its debut on the market, Microsoft Security Essentials 1.0 (formerly codenamed Morro) has been downloaded in excess of 1.5 million times around the world, Microsoft reveals. Joe Faulhaber, from the Microsoft Malware Protection Center, notes that the key contributor to the early adoption figure explosion is the price of Microsoft Security Essentials 1.0, or lack thereof. Microsoft Security Essentials 1.0 is available as a free download to all Windows users that are running genuine copies of the operating system.

“Now that Microsoft Security Essentials is generally available to consumers in 19 countries, we've had a chance to go over the data, and there are some very interesting results. Just in the first week we saw well over 1.5 million downloads of Microsoft Security Essentials,” Faulhaber noted.

The software giant released Microsoft Security Essentials 1.0 to the public at the end of September 2009. Compatible with the 32-bit flavor of Windows XP, as well as with the 32-bit (x86) and 64-bit (x64) versions of Windows Vista and Windows 7, Microsoft Secu... (read more)]]> Fri, 16 Oct 2009 14:08:00 GMT Softpedia News - Security http://news.softpedia.com/news/1-5-Million-Microsoft-Security-Essentials-Downloads-in-a-Week-124553.shtml Security http://news.softpedia.com/news/1-5-Million-Microsoft-Security-Essentials-Downloads-in-a-Week-124553.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Windows-Antivirus-Pro-Tackled-by-the-Microsoft-Malicious-Software-Removal-Tool-124423.shtml Windows Antivirus Pro, also known as Windows Police Pro or ASC Antivirus, is the latest piece of rogue antivirus products that Microsoft has started tackling with its free Malicious Software Removal Tool security solution. Identified as TrojanDownloader:Win32/FakeScanti, the malicious code is an example of a fake antivirus, an application masquerading as a security solution. Just as other rogue antivirus programs, FakeScanti turns to a range of social engineering tricks in order to fool victims into paying for a license for a piece of software with no real functionality.

“We first saw a variant of Win32/FakeScanti back in early March of this year, when it went by the name of ASC Antivirus. There was then very little activity on the FakeScanti front until late July, when we noticed a file, which we detect as TrojanDownloader:Win32/FakeScanti, downloading a new version of the scanner going by the name of Windows Antivirus Pro. This version was proactively detected by the signatures added in March. Since then there has been a steady stream of new files, but only one name change, to Windows Police Pro,” revealed David Wood from the Microsoft Malware Protection Center.

At the bottom of this article you will be able to find a download link to the latest version of... (read more)]]> Thu, 15 Oct 2009 13:14:00 GMT Softpedia News - Security http://news.softpedia.com/news/Windows-Antivirus-Pro-Tackled-by-the-Microsoft-Malicious-Software-Removal-Tool-124423.shtml Security http://news.softpedia.com/news/Windows-Antivirus-Pro-Tackled-by-the-Microsoft-Malicious-Software-Removal-Tool-124423.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Free-Microsoft-Digital-Forensics-Tool-Comes-to-the-U-S-124288.shtml COFEE, a free Microsoft digital forensics tool, is now available to investigators in the United States after the Redmond company struck a distribution deal with the National White Collar Crime Center (NW3C). The agreement makes NW3C the first US distributor of Microsoft Computer Online Forensic Evidence Extractor (COFEE), and the second since the tool’s introduction earlier this year. In mid-April 2009, the software giant started offering the International Criminal Police Organization (Interpol) the tool for distribution in no less than 187 markets worldwide.

Explaining that it had identified the necessity for tools to keep up with the continuous evolution of cybercrime tactics and techniques, Microsoft put together COFEE in order to better equip law enforcement agencies with the right technologies to capture live computer evidence from machines at the scene of a crime. The key aspect of COFEE is that the tool requires only minor training and can be utilized successfully by law enforcement officers with limited computer expertise.

“The COFEE distribution agreement will be of enormous benefit to U.S. law enforcement agencies dealing with technologically sophisticated cybercriminals,” noted Donald J. Brackman, director of NW3C. “NW3C is very pleased to partner with Micros... (read more)]]> Wed, 14 Oct 2009 12:38:00 GMT Softpedia News - Security http://news.softpedia.com/news/Free-Microsoft-Digital-Forensics-Tool-Comes-to-the-U-S-124288.shtml Security http://news.softpedia.com/news/Free-Microsoft-Digital-Forensics-Tool-Comes-to-the-U-S-124288.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Download-Forefront-Threat-Management-Gateway-2010-Release-Candidate-RC-123995.shtml Forefront Threat Management Gateway 2010 has made a key step toward the RTM milestone, as Microsoft started offering the Release Candidate (RC) bits at the end of the past week. The RC of Forefront Threat Management Gateway 2010 is in the last major stage of the development process on the way to the release to manufacturing phase, and is currently up for grabs directly from the Microsoft Download Center. Just as was the case with the previous development release, Forefront Threat Management Gateway 2010 RC offers testers and early adopters a chance to try out the complete product ahead of finalization.

“While the Beta 3 release was feature complete and no new major features were introduced in the Release Candidate, there are several important improvements that will certainly justify the effort of upgrading your existing deployments to Forefront TMG 2010 Release Candidate. This release is all about security, reliability, performance, telemetry integration and overall solution completeness. This is our final public release prior to our RTM (release to manufacturing),” revealed Vladimir Holostov, lead program manager, release manager for Forefront TMG 2010.

According to the Redmond company, the evolution from Beta stage to RC was focused on a few critical areas of the s... (read more)]]> Mon, 12 Oct 2009 08:50:00 GMT Softpedia News - Security http://news.softpedia.com/news/Download-Forefront-Threat-Management-Gateway-2010-Release-Candidate-RC-123995.shtml Security http://news.softpedia.com/news/Download-Forefront-Threat-Management-Gateway-2010-Release-Candidate-RC-123995.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Forefront-Endpoint-Protection-2010-Delayed-123863.shtml Citing the necessity to change the management technology of Forefront Endpoint Protection 2010, Microsoft has announced that it will delay the security solution until the second half of the coming year, pushing general availability back from the initially planned release set for H1 2010. The Redmond company confirmed the schedule modification as well as the strategy update for Forefront Endpoint Protection 2010 on October 9th, 2009. At the same time, the software giant assured customers that it planned to launch the remaining Forefront lineup of products on time by the end of 2009 and in the first half of 2010.

“We are delaying the release Forefront Endpoint Protection 2010 - anti-malware for Windows desktops and servers - until the second half of 2010,” noted a member of the Forefront team. “ Based on customer feedback and market trends, we have made the strategic decision to build Forefront Endpoint Protection (FEP) on System Center Configuration Manager, Microsoft’s solution to comprehensively assess, deploy, and update servers, clients, and devices. This approach better aligns our customers’ client management and security infrastructure, helping simplify deployment and reduce costs.”

While the component of the upcoming Forefront Protection Suite (previously codenamed... (read more)]]> Fri, 9 Oct 2009 09:57:00 GMT Softpedia News - Security http://news.softpedia.com/news/Forefront-Endpoint-Protection-2010-Delayed-123863.shtml Security http://news.softpedia.com/news/Forefront-Endpoint-Protection-2010-Delayed-123863.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Introducing-the-Microsoft-Feedback-and-Error-Reporting-Portal-123729.shtml Microsoft has introduced a new portal designed to enable users to check the classification of URLs, and webmasters to ensure that their website’s classification is correct. The Microsoft Reputation Services Feedback and Error Reporting portal is now live, albeit still in Beta stage. The Beta label is a clear indication that the service is still in development, and that, as such, the portal still features some problems, which the Microsoft Reputation Services team is working to resolve.

“The portal's purpose is to allow anyone the ability to provide feedback to Microsoft on URL classifications. This includes suggesting alternate URL categorizations by simply selecting one-or-more categories that best describe the content of the URL,” revealed Dotan Elharrar, program manager, Forefront TMG.

According to the official description from Microsoft, the portal is set up to allow the checking of website classification in accordance with the data from the Microsoft Reputation Service. MRS serves URL filtering information to a range of the company’s security solutions, including Forefront Threat Management Gateway (Forefront TMG).

“It also allows you to suggest alternate classification by choosing from a list of categories and sending feedback to Microso... (read more)]]> Thu, 8 Oct 2009 09:39:00 GMT Softpedia News - Security http://news.softpedia.com/news/Introducing-the-Microsoft-Feedback-and-Error-Reporting-Portal-123729.shtml Security http://news.softpedia.com/news/Introducing-the-Microsoft-Feedback-and-Error-Reporting-Portal-123729.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Microsoft-Praises-AVG-Security-Toolbar-for-IE8-123606.shtml Microsoft has been little shy of praising the latest version of the AVG Security Toolbar for Internet Explorer as a “great example of the Guidelines for add-on developers in action.” According to Paul Cutsinger and Herman Ng, from the IE team, the AVG Security Toolbar team is setting a new standard in terms of IE toolbar quality and user experience.

Because they are third-party products, toolbar development, design and ultimately UX are out of Microsoft’s hands. The Redmond company does provide guidelines for developers to follow in order to ensure that the user experience associated with Internet Explorer doesn’t suffer, but the software giant doesn’t really have a say in how toolbars, or any other browser extensions are built.

“The AVG Security Toolbar team has recently released a new version of their toolbar. It has a more predictable user experience and does a better job of allowing users to stay in control of their browser,” Cutsinger and Ng noted. “They’re building valuable add-ons for people and at the same time they’re respecting user choice.”

Cutsinger and Ng revealed that Microsoft would like to see the same effort from all add-on developers when it comes down to extending Internet Explorer. In this regard, the tw... (read more)]]> Wed, 7 Oct 2009 09:55:00 GMT Softpedia News - Security http://news.softpedia.com/news/Microsoft-Praises-AVG-Security-Toolbar-for-IE8-123606.shtml Security http://news.softpedia.com/news/Microsoft-Praises-AVG-Security-Toolbar-for-IE8-123606.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Forefront-Identity-Manager-2010-RC1-Available-123584.shtml Microsoft is hammering away at the next iteration of its Identity Management tools and it reached a key mark toward the finalization and delivery of the gold build of Forefront Identity Manager 2010. As of October 6th, 2009, the Redmond company is offering testers and early adopters the chance to try a nearly final Build of Forefront Identity Manager 2010. Touting nothing short of significant performance and scalability enhancements across all areas of the product, the software giant has made available for download the first Release Candidate for the successor of Microsoft Identity Lifecycle Manager 2007.

“The long awaited RC1 release of Microsoft Forefront Identity Manager is finally here. Yes, we've been waiting a long time but good things take time and when it comes to FIM 2010 there are a lot of good things. FIM 2010, aka "ILM2", is the next iteration of Identity Management tools from Microsoft. While it is technically the successor to ILM 2007, aka "ILM1", it is by no means simply an upgrade. FIM 2010 dramatically improves enterprise identity management by delivering powerful self-service capabilities for Office end-users, rich administrative tools and enhanced automation for IT professionals, and .NET and WS based extensibility for developers,” revealed John McGlinchey, Sr. Consultant, Microsoft Co... (read more)]]> Wed, 7 Oct 2009 08:27:00 GMT Softpedia News - Security http://news.softpedia.com/news/Forefront-Identity-Manager-2010-RC1-Available-123584.shtml Security http://news.softpedia.com/news/Forefront-Identity-Manager-2010-RC1-Available-123584.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Download-Resources-Critical-to-Windows-7-Security-Evolution-123527.shtml Confronted with increasingly bulletproofed Windows operating systems, the threat environment shifted toward targeting vulnerabilities in the code designed to run on top of the platform. With security enhancements such as User Account Control, Address Space Layout Randomization, Kernel Patch Protection and driver signing, but also with the new development methodology set in place via the Microsoft Security Development Lifecycle, vulnerabilities in Windows Vista and its successor Windows 7 have become harder to exploit, in the eventuality that attackers do come across critical security holes.

The biggest advantage in terms of security Vista and Windows 7 have over precursor Windows clients is the Security Development Lifecycle. And with the threat environment changing focus onto third-party Windows applications, Microsoft is ready to share the SDL secrets with third-party developers. An illustrative example in this regard is the Microsoft Security Development Lifecycle (SDL): Developer Starter Kit.

“The Microsoft SDL - Developer Starter Kit offers content, labs, and training to help you establish a standardized approach to rolling out the Microsoft Security Development Lifecycle (SDL) in your organization—or enrich your existing development practices,” Microsoft revealed.
read more)]]> Tue, 6 Oct 2009 13:45:00 GMT Softpedia News - Security http://news.softpedia.com/news/Download-Resources-Critical-to-Windows-7-Security-Evolution-123527.shtml Security http://news.softpedia.com/news/Download-Resources-Critical-to-Windows-7-Security-Evolution-123527.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Get-Ready-to-Taste-Microsoft-Security-Essentials-Final-122259.shtml The final version of Microsoft's Security Essentials (codename Morro), the basic security solution the Redmond company is working on delivering for Windows, is expected to become available in a matter of weeks, at least this is what the software giant announced on Sunday in a note sent to beta testers. The MSE solution should come to the company's client as the replacement for Windows Live OneCare, which will end its life cycle as soon as the new security software arrives.

“The final version of Microsoft Security Essentials will be released to the public in the coming weeks. If you are running the older version of the beta (1.0.1407.0), we encourage you to upgrade to a newer version of the beta (1.0.1500.0),” is what Microsoft reportedly said to the participants to its beta testing program. Microsoft Security Essentials 1.0 beta went live officially on June 23 this year, and we've already seen a series of updates leaked on the web and made available for download.

According to some estimations there are more than 400,000 beta testers for Morro out there, with 75,000 people downloading the Security Essentials during the first day of public availability, thus allowing Microsoft to reach its aimed number of testers in only a day. The final version of Microsoft's new security solutions ... (read more)]]> Tue, 22 Sep 2009 05:51:00 GMT Softpedia News - Security http://news.softpedia.com/news/Get-Ready-to-Taste-Microsoft-Security-Essentials-Final-122259.shtml Security http://news.softpedia.com/news/Get-Ready-to-Taste-Microsoft-Security-Essentials-Final-122259.shtml#review_zone Softpedia News (Ionut Arghire) http://news.softpedia.com/news/Microsoft-Tackles-Malvertising-122065.shtml Microsoft is an innovator in more ways than one, with some innovations having more merit than others, and the Redmond company is now advancing into new territories for the sake of protecting customers. Tim Cranton, associate general counsel, revealed that Microsoft filed no less than five civil lawsuits in the King County Superior Court in Seattle (State of Washington) in a move designed to tackle malvertising. The term describes a practice of malicious online advertising, and the five legal actions debuted are the first of their kind, opening a new front designed to ensure that end users are secure while online. Cranton noted that the software giant was collaborating actively with providers of online ad platforms in order to fight malvertising, and that the lawsuits filed represented a fresh push in this direction.

“Malvertising works by camouflaging malicious code as harmless online advertisements. These ads then lead to harmful or deceptive content,” Cranton noted. “For example, ads may redirect users to a website that advertises rogue security software, also known as scareware, that falsely claims to detect or prevent threats on the computer. Malvertising may also directly infect a victim’s computer with malicious software like Trojans – programs that can damage data, steal personal informati... (read more)]]> Fri, 18 Sep 2009 10:42:00 GMT Softpedia News - Security http://news.softpedia.com/news/Microsoft-Tackles-Malvertising-122065.shtml Security http://news.softpedia.com/news/Microsoft-Tackles-Malvertising-122065.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Download-BinScope-Binary-Analyzer-for-Windows-7-121942.shtml Yesterday I was telling you that Microsoft released MiniFuzz to its Download Center, making the tool available for free to third-party software developers. However, the fuzzing solution MiniFuzz is just a part of the latest initiative from the Redmond company designed to allow non-Microsoft developers to adhere to its high standards of security via the Software Development Lifecycle. In this regard, the software giant also announced the availability of the BinScope Binary Analyzer. Essentially, according to Jeremy Dallman, security program manager, Security Development Lifecycle Team, MiniFuzz and the BinScope Binary Analyzer are designed to be used in tandem in order to ensure that software meets the key requirements of SDL.

“The BinScope Binary Analyzer is an SDL-required security tool that has been used by Microsoft teams since the early days of the SDL. It analyzes your binaries for a wide variety of security protections with a very straightforward and easy-to-use interface. At Microsoft, developers and testers are required to use this tool in the Verification Phase of the SDL to ensure that they have built their code using the compiler/linker protections required by the Microsoft SDL,” Dallman noted.

Both the MiniFuzz fuzz tester and the BinScope Binary Analyzer are up for grabs at n... (read more)]]> Thu, 17 Sep 2009 11:16:00 GMT Softpedia News - Security http://news.softpedia.com/news/Download-BinScope-Binary-Analyzer-for-Windows-7-121942.shtml Security http://news.softpedia.com/news/Download-BinScope-Binary-Analyzer-for-Windows-7-121942.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Windows-7-Bests-Snow-Leopard-Says-Mac-Hacker-121895.shtml A notorious Mac white hacker has put the latest iterations of client operating systems from both Apple and Microsoft in the balance and, after weighing, found the most recent cat from Cupertino inferior in terms of security compared to the rival from Redmond. Charlie Miller, of Baltimore-based Independent Security Evaluators, who managed to hack Mac OS X Leopard in record time in the past, indicated that the security Apple built into Snow Leopard is inferior not only to Windows 7, but also to Windows Vista, a three-year old operating system released at the end of January 2007. Miller’s statement contradicts the general perception that Mac OS X is superior in terms of security compared to Windows, and the security researcher should know, since he hacked Apple’s operating systems on more than one occasion.

Charlie Miller is best known for its Mac OS X hacks in the past two years, which have generated headlines around the world. Back in March 2008, the team of Miller, Jake Honoroff, and Mark Daniel from Independent Security Evaluators successfully "pwned and owned" an Apple MacBook Air, in a hacking contest sponsored by TippingPoint's Zero Day Initiative. At that time, Mac OS X was the first to fall, ahead of Vista SP1 Ultimate and Ubuntu in the Pwn2Own contest from CamSecWest. But Miller wasn’t done. ... (read more)]]> Thu, 17 Sep 2009 07:53:00 GMT Softpedia News - Security http://news.softpedia.com/news/Windows-7-Bests-Snow-Leopard-Says-Mac-Hacker-121895.shtml Security http://news.softpedia.com/news/Windows-7-Bests-Snow-Leopard-Says-Mac-Hacker-121895.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Download-Free-Panda-Cloud-Antivirus-Beta-3-for-Windows-7-121749.shtml The free Panda Cloud Antivirus has evolved, making yet another step forward toward general availability, one that has made it embrace the latest iteration of the Windows client. Windows 7 was released to manufacturing on July 22nd, 2009, and the Panda Cloud Antivirus already offers full support for the platform, as of the Beta 3 development milestone. Users will in fact be able to download Panda Cloud Antivirus Beta 3 via the link at the bottom of this article.

Panda's senior research advisor, Pedro Bustamante, revealed that the security outfit had been focusing on expanding the platform support for its upcoming Cloud security solution since the release of the previous development build. At the end of June 2009, Panda Software offered for download the second Beta for Panda Cloud Antivirus, and promised support for both x86 and x64 flavors of Windows 7 come September 2009.

“We have been circulating a limited Preview Release of Beta3 which supports Vista 64bit and Windows 7 (32 and 64bit). This Beta3 Preview only has additional platform support. No other functionality which is currently being developed for Beta3 is included yet in this Preview Release,” Bustamante noted. “Basically we’re interested in getting as much feedback from the 64bit and Windows 7 community as po... (read more)]]> Tue, 15 Sep 2009 15:02:00 GMT Softpedia News - Security http://news.softpedia.com/news/Download-Free-Panda-Cloud-Antivirus-Beta-3-for-Windows-7-121749.shtml Security http://news.softpedia.com/news/Download-Free-Panda-Cloud-Antivirus-Beta-3-for-Windows-7-121749.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Forefront-Threat-Management-Gateway-RC-Escrow-Builds-121594.shtml Microsoft is extremely close to entering the final stretch with the development process of the evolution of the Internet Security and Acceleration Server (ISA Server). Having released Beta 3 of Forefront Threat Management Gateway just three months ago, the Redmond-based company is now hammering away at the first Release Candidate Build. David B. Cross, Product Unit Manager Forefront TMG, explained that Microsoft had already managed to push Forefront Threat Management Gateway into the RC Escrow stage, and that, in this regard, the fully fledged Release Candidate was just around the corner.

However, Cross revealed that Microsoft needed additional feedback from testers before signing off the RC code. The request for input goes out to all customers that are test driving the third Beta of Forefront TGM, and is related to telemetry associated with the URL filtering capabilities and the Microsoft Reputation Service (MRS).

“We need more data and feedback to improve the coverage and accuracy of our URL filtering offering. This is critical so that we can adjust the service and results to match the wide audience we serve with the Forefront TMG product,” Cross noted. “My ask to the community is the following: If you have installed or deployed TMG Beta 3 and are using the URL filtering capabili... (read more)]]> Mon, 14 Sep 2009 12:31:00 GMT Softpedia News - Security http://news.softpedia.com/news/Forefront-Threat-Management-Gateway-RC-Escrow-Builds-121594.shtml Security http://news.softpedia.com/news/Forefront-Threat-Management-Gateway-RC-Escrow-Builds-121594.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/Forefront-Client-Security-1-0-Now-Plays-Nice-with-Windows-7-120960.shtml As of the start of September 2009, customers running version 1.0 of Forefront Client Security will be able to leverage the security solution even in the context in which machines in their environment are running the latest iteration of Windows client and server platforms. This because Microsoft has extended operating system support for Forefront Client Security 1.0 to also encompass the successors of Windows Vista and Windows Server 2008.

“Forefront Client Security (FCS) v1.0 is fully supported on Windows 7 and Windows Server 2008 R2 as of August 31, 2009. With the release of new updates available through Windows Server Update Services or Microsoft Update, customers will be able to extend the protection of FCS v1.0 on Windows 7 and Windows Server 2008 R2 systems and incorporate security in their infrastructure upgrade plans,” revealed a member of the Forefront team.

Microsoft has issued a Security State Assessment update (1.0.1710.103) for Forefront Client Security, introducing a range of fixes necessary to ensure that version 1.0 of the security solution will offer customers support for Windows 7 and Windows Server 2008 R2. However, Forefront Client Security 1.0 still won’t play nice with the Server Core installation of Windows Server 2008 R2. The Redmond-based company unde... (read more)]]> Fri, 4 Sep 2009 14:13:00 GMT Softpedia News - Security http://news.softpedia.com/news/Forefront-Client-Security-1-0-Now-Plays-Nice-with-Windows-7-120960.shtml Security http://news.softpedia.com/news/Forefront-Client-Security-1-0-Now-Plays-Nice-with-Windows-7-120960.shtml#review_zone Softpedia News (Marius Oiaga) http://news.softpedia.com/news/New-Microsoft-Online-Safety-Website-for-Web-2-0-Is-Live-120698.shtml There is only so much that a third-party can do to protect end users, and Microsoft makes no exception to this rule. Fact is that there is no panacea for security issues related to software or to Internet threats, and consumers will certainly never be able to buy a silver-bullet solution that will bulletproof their computers against attacks.

At the same time, there are attacks virtually impossible to block, “exploits” that do not target software vulnerabilities but human nature, such as social engineering techniques. However, a critical solution does present itself to increase safety, through education. And this is just what Microsoft is attempting with a new online safety website.

“Microsoft has been very active in providing online safety information for over a decade. Our newest effort is our redesigned Consumer Online Safety Education website at www.microsoft.com/protect. This site is designed for parents, caregivers, and educators to find the latest information on a number of online safety topics,” reads a message from a member of the Microsoft Privacy Team.

The website is designed to offer users the necessary resources to protect their machines, themselves and their families. In this regard, the main areas of interest are related to avoiding online fraud an... (read more)]]> Wed, 2 Sep 2009 08:23:00 GMT Softpedia News - Security http://news.softpedia.com/news/New-Microsoft-Online-Safety-Website-for-Web-2-0-Is-Live-120698.shtml Security http://news.softpedia.com/news/New-Microsoft-Online-Safety-Website-for-Web-2-0-Is-Live-120698.shtml#review_zone Softpedia News (Marius Oiaga)