14 DAY TRIAL // On Monday, Microsoft announced that Sender ID, "an e-mail authentication technology protocol that helps address the problem of spoofing and phishing by verifying the domain name from which e-mail is sent", is available for all users at no cost.
"Sender ID seeks to verify that every e-mail message originates from the Internet domain from which it claims to have been sent. This is accomplished by checking the address of the server sending the mail against a registered list of servers that the domain owner has authorized to send e-mail. This verification is automatically performed by the Internet service provider (ISP) or recipient's mail server before the e-mail message is delivered to the user. The result of the Sender ID check can be used as additional input into the filtering tasks already performed by the mail server. Once the sender has been authenticated, the mail server may consider past behaviors, traffic patterns, and sender reputation, as well as apply conventional content filters when determining whether to deliver mail to the recipient," it is mentioned on the product webpage. "Users will be able to implement, commercialize and modify Microsoft's patented e-mail authentication technology without having to sign a licensing agreement," the giant said in a statement. If we take a moment and analyze this decision, it is obvious that Microsoft wants to assure that its clients are receiving the best privacy and security the company can offer. Or not?
Next day, the giant announced that Windows Defender is now available for all Windows XP users, with many other languages coming in the next weeks. Windows Defender is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it's detected and minimizes interruptions and helps you stay productive. Now, with 2 free support incidents for Windows XP and Windows Server 2003.
Windows Defender detects and removes known spyware from your computer, which helps make your Internet browsing safer. The software uses automatic definition updates provided by Microsoft analysts to help detect and remove new threats as the threats are identified. The company also mentioned that Windows Defender Beta 2 expires December 31 so you're advised to upgrade to the final version of the software.
On Wednesday, the security company Secunia released an advisory saying that "a weakness has been discovered in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks". "The problem is that it's possible to display a popup with a somewhat spoofed address bar where a number of special characters have been appended to the URL. This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions," the also mentioned.
As they rated that flaw "less critical", Secunia produced a sample of this flaw helping you to discover if you're vulnerable or not. The test is available here.
Just after a day since a bug was discovered in Internet Explorer 7, it is now Internet Explorer 6's turn. After a post on the Security Response Center blog, the giant said they are investigating the issue, "a code that creates new ActiveXObject('ADODB.Connection.2.7') and then executes a number of times" as it is mentioned by The SANS Institute.
The MSRCTEAM team posted a message saying that "they have initiated our Software Security Incident Response Process to investigate this issue. Once we have completed the investigation and understand if there is a threat to customers we will take the appropriate action to protect and provide guidance - as required. As always we are working with our MSRA partners to monitor and secure the ecosystem."
On Friday, the giant announced that Office validation will be mandatory, meaning that you cannot access Office Online templates if you're not "genuine". "By using only genuine Office software, you can be confident that you have access to all the latest features and updates from Microsoft," it is mentioned on the product webpage.
"Run the Office Validation Assistant to scan your computer and help determine whether your copy of Microsoft Office XP or Microsoft Office 2003 is genuine. For the most comprehensive results, Microsoft recommends that you also complete the Genuine Office Comparison Guide," they advise us. After you press the "Validate Now" button, it is necessary to download and install an ActiveX Control, to determine the status of your Office solution.
The giant provides another way to see if you have a genuine version of Microsoft Office, mentioning that comparing your product with a Microsoft solution is 100 percent efficient. "You may also compare the special anti-counterfeiting features of your Office XP or Office 2003 installation CD and Certificate of Authenticity (COA) with those included with genuine Microsoft software," they said.
Week's Conclusion: Microsoft made some important steps this week. I think the most significant one is the decision taken on Friday, Office validation being necessary for download Office templates. I'm really curious if the fate of this tool will be similar to WGA that produced many headaches for the giant.
