microsoft

Microsoft Holds Off Installing Update

April 23rd, 2013

Microsoft is urging users to who haven’t installed it yet to hold off on MS13-036, a security update that the company released earlier this week to fix a dangerous security bug in its Windows operating system. The advice comes in response to a spike in complaints from Windows users who found their machines unbootable after applying the update.

The MS13-036 update, first released on Tuesday, fixes four vulnerabilities in the Windows kernel-mode driver. In an advisory released April 9, the company said it had removed the download links to the patch while it investigates the source of the problem:

“Microsoft is investigating behavior wherein systems may fail to recover from a reboot or applications fail to load after security update 2823324 is applied. Microsoft recommends that customers uninstall this update. As an added precaution, Microsoft has removed the download links to the 2823324 update while we investigate.”

The problems with the patch appear to be centered around Windows 7 and certain applications on Windows 7, such as Kaspersky Anti-Virus. Microsoft has issued instructions on how to uninstall this update in the “resolution” section of this advisory.

Update, Apr. 23: Microsoft has re-released the problematic security update to address the problems that some Windows users were experiencing with the MS13-036 patch. The new update, KB62840149, replaces the faulty one, which was KB2823324.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Google five times safer than Bing

April 18th, 2013

As the World Wide Web becomes the choicest destination of an ever growing community, cyber criminals find newer ways of attacking them. They have now started targeting them through the search engines. They make websites, blogs and pages that are based on current issues and dump those malwares there.

In a recent research done by AV-TEST, that analyzed the search results of a number of search engines, found that Google was a safer search engine than Bing

Microsoft’s search engine Bing is nearly five times as likely as Google to link to malware, a study by independent research firm AV-TEST found. Out of every 10.9 million links generated by Google,272 directed towards malware according to thirty-six different anti-virus services.

Bing returned a tiny bit more results than Google for the same terms, less than half a percentage point more. But 1,285 of the Bing links contained malware, a nearly fivefold increase over Google.

AV-TEST, that is based in Germany, took eighteen months to analyze a host of search engines from the likes of Google,Bing,BaiduYandex etc.

Google beat all the other websites to emerge as the safest search engine.

“Although search engine operators such as Google and Bing make a lot of effort to avoid doing so, they sometimes deliver websites infected with Trojans and similar malware among their top search results,” AV-TEST’s Markus Selinger observed  in the report. “Other search engines do an even worse job.”

AV-TEST analyzed nearly forty million websites shown in the search results of the search engines.It tested a nearly equal number of results from Google and Bing, and found out that Bing has nearly five times as many malicious results as Google. However, Bing still fared as the second safest engine in the study since the other search engines were worse

The readers might think that the number of infected websites is small considering there are that many results your search engine churns out every second. But the scary part is that you are not the only one .There are billions of people who use these engines.Imagine the humungous numbers the malware results would catapult to if we consider putting all the results together!

The study also shows that around 110 million infected sites are currently active so online-goers aren’t all that safe from malware harm.

The study also threw light on the 110 million malicious sites still active online that could be threatening for the netizens who are not careful of what they are opening.

Microsoft tried salvaging their search engine’s reputation through this response

“We show results with warnings for about 0.04% of all searches, meaning about 1 in 2,500 search result pages will have a result with a malware warning on it.  Of those, only a small proportion of malicious links ever get clicked and the warning therefore triggered, so a user will see the warning only 1 in every 10,000 searches. In any case, the overall scale of the problem is very small.”

Alertsec safeguards you against those never ceasing malware attacks

Traditional antivirus approaches don’t work any more and a new approach to endpoint security is required to better protect your company from malicious threats.

The above threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe18 for your personal 30-day free trial

Alertsec further offers computer protection software from Check Point as a fully customizable and pre-packaged data encryption software solution. It can help you dramatically reduce your cost of ownership for encrypting your laptops.


Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

Enhanced by Zemanta

Add Microsoft to list of hacked companies

February 15th, 2013

Updated to include Microsoft comment Security software companies must be smiling ear to ear as they read the news briefs coming off the transom. Microsoft said today that an undetermined number of computers in its Mac software business unit got infected with malware. The company said the number of infected PCs was small but that there was no indication customer data had been compromised.

In a blog post late Friday, Matt Thomlinson, who directs the company’s Trustworthy Computing Security program at Microsoft, wrote:

Consistent with our security response practices, we chose not to make a statement during the initial information gathering process. During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing. This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries (see our prior analysis of emerging threat trends). We continually re-evaluate our security posture and deploy additional people, processes, and technologies as necessary to help prevent future unauthorized access to our networks.


Welcome to the new normal. The escalating number of reported attacks was underscored by a recent report on malware put together by McAfee which reported that the number of trojans created to steal passwords rose about 72 percent in the last quarter.

Last week Apple said that an unknown number of Macs had been compromised, but that “there was no evidence any data left Apple.” The malware was tied back to a site targeting iPhone developers. Employee computers for Facebook and most likely dozens of other companies were also breached.

The incidents occurred roughly around the same time that The New York Times, The Wall Street Journal, and The Washington Post disclosed that outsiders had also targeted their employees’ computers.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Surveillance a la Skype: EFF, others seek answers

January 11th, 2013

Microsoft needs to open up about the trustworthiness of its Skype software for confidential conversations, according to an open letter to the company posted today.

The letter, from an array of privacy advocates, Internet activists, journalists, and others, calls on Microsoft to provide public documentation about the security and privacy practices around Skype, which facilitates video and voice communications over the Internet. Microsoft completed its $8.5 billion acquisition of Skype in October 2011.

The authors of the letter say they’re worried in particular about the access that governments have to both Skype conversations themselves and to the user data generated by those communications. Among the groups that have signed the letter are the Electronic Frontier Foundation, Reporters Without Borders, the Egyptian Initiative for Personal Rights, and the Tibet Action Institute. The letter states, in part:

Many of its users rely on Skype for secure communications — whether they are activists operating in countries governed by authoritarian regimes, journalists communicating with sensitive sources, or users who wish to talk privately in confidence with business associates, family, or friends.

It is unfortunate that these users, and those who advise them on best security practices, work in the face of persistently unclear and confusing statements about the confidentiality of Skype conversations, and in particular the access that governments and other third parties have to Skype user data and communications.

Back in 2008, Skype had told CNET that it couldn’t comply with wiretap requests “because of Skype’s peer-to-peer architecture and encryption techniques.”

Anxiety about how Skype may be used for government eavesdropping heated up after the Microsoft acquisition. According to a July 2012 story on Slate, hackers were alleging that a just-completed change to Skype’s architecture could make “lawful interception” of calls easier to conduct.

Meanwhile, Microsoft has been working to integrate Skype more tightly into its product lineup. For instance, the company plans to replace its Windows Messenger Live instant-messaging client with Skype worldwide in March, except in mainland China.

The letter calls on Microsoft to release a “regularly updated Transparency Report” — similar to those issued by Google — that touches on these points:

  • Quantitative data regarding the release of Skype user information to third parties, including number of requests, type of data requested, and how often those requests are honored.
  • Specific details of all user data Microsoft and Skype currently collects, and retention policies.
  • Skype’s best understanding of what user data third parties may be able to intercept or retain.
  • Documentation regarding the operational relationship between Skype with TOM Online — a mobile Internet company in China that offers a government-approved version of Skype — and other third-party licensed users of Skype technology.
  • Skype’s interpretation of its responsibilities under the Communications Assistance for Law Enforcement Act (CALEA) and in response to subpoenas and National Security Letters (NSLs).

The letter was addressed to Skype division president Tony Bates, Microsoft chief privacy officer Brendon Lynch, and Microsoft general counsel Brad Smith.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization

Enhanced by Zemanta

Windows RT hack Don’t sweat it, Microsoft says

January 3rd, 2013

Windows RT can be hacked to run unsigned desktop apps, but Microsoft sees no reason to worry.

As described yesterday, the hack allows someone with a certain amount of savvy to change code in the Windows RT kernel so the tablet-based OS can run desktop apps. Officially, the only desktop programs that Windows RT supports are Microsoft’s own Internet Explorer and Office suite. Otherwise, the OS can run only Windows Store apps.

But the hack isn’t geared for the average Windows RT user.

Besides requiring the necessary programming chops, the hack can only change code in memory. So a user would have to modify the code each time the device boots up.

Further, desktop applications would have to be recompiled for ARM processors, so users couldn’t just run their existing desktop programs, which are designed for Intel x86 processors.

In a statement sent to CNET, Microsoft cautioned that the hack poses no security threat and actually applauded the people who discovered the hack. But the company also hinted that the hack may be eliminated in a future update to RT.

The scenario outlined is not a security vulnerability and does not pose a threat to Windows RT users. The mechanism described is not something the average user could, or reasonably would, leverage as it requires local access to a system, local administration rights and a debugger in order to work. In addition, the Windows Store is the only supported method for customers to install applications for Windows RT. There are mechanisms in place to scan for security threats and help ensure that apps from the Store are legitimate and can be acquired and used with confidence. We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We’ll not guarantee these approaches will be there in future releases.

The hack was uncovered by someone dubbed clrokr, who described how he was able to change a certain value in the RT kernel to expand the types of apps RT can run. Through his efforts, the hacker also discovered that Windows RT isn’t that differentfrom Windows 8, calling Windows RT “a clean port of Windows 8.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta