Security

The malware assault on our PCs escalated in 2008, according to antivirus vendor F-Secure. The company's threat summary for the second half of 2008 reports that F-Secure added 1 million virus definitions to its database this year, a threefold increase from the number of viruses the Finnish security vendor detected in 2007.

Today's malware authors aren't just looking to cause trouble; they're after your money and personal information, which these days are synonymous. Attacks are only going to increase in number and sophistication. If you thought you could avoid an infection by staying away from questionable … Read more

An unpatched security hole in Internet Explorer that is being exploited affects all versions of the browser, making it more serious than originally believed when it was first publicized two days ago, Microsoft says.

Microsoft is investigating reports of attacks against a new vulnerability in IE but said in an update to a security advisory issued late on Thursday that all versions of IE are potentially vulnerable.

The company recommends setting the Internet zone security setting to "high" and using access control lists to disable Ole32db.dll to provide the most effective protection against an attack.

"Our … Read more

Anyone thinking about cutting security spending to save money during the recession should read a copy of the new Center for Strategic and International Studies (CSIS) report titled "Securing Cyberspace for the 44th President." The report outlines a pattern of persistent attacks which are no match for our vulnerable Internet infrastructure. For those who can't or won't take the time to read this report, try listening to the recently aired cybersecurity discussion on the National Public Radio show On Point.

The message here echoes my somewhat infamous tagline: "information security is far worse than you … Read more

Microsoft is listed fifth in the Top 10 list of the worst spam service ISPs compiled by Spamhaus.org.

Spammers are advertising links to sites that "peddle fake pharmacy products, porn, and Nigerian 419 scams" on Microsoft's Live.com and Livefilestore.com sites because they know that the Microsoft sites won't get blocked by antispam groups, writes Brian Krebs on his Security Fix Blog at the Washington Post.

Spamhaus has been alerting Microsoft to the problem for some time, but to no avail, Richard Cox, Spamhaus' chief information officer, told Krebs. Other security companies, including McAfee … Read more

Last month, IBM released a report (PDF) identifying the security challenges facing enterprises in the next two to five years. The survey is based on data collected internally by IBM.

One theme is that as the pace of globalization picks up, traditional boundaries continue to disappear. In this new global reality, "open for business" can mean pooling resources or sharing sensitive information among organizations.

The IBM report notes that "the line between participation and isolation can also mark the line of opportunity and risk. (Enterprises) rely on business systems and automated policies to guard that line--to root … Read more

Microsoft shocked the security industry on Tuesday by announcing that it will stop selling its consumer-focused Microsoft OneCare security software. Instead, Microsoft said that it will offer a new free alternative dubbed "Morro" in mid-2009. What does this sudden change in direction mean?

1. Microsoft is cutting its losses After two years of hawking OneCare, the company barely made a blip in consumer security market share and was probably bleeding red ink. It is cheaper to give away Morro than to package, distribute, and promote OneCare.

2. There's a reason to remain in the market So why … Read more

Since its introduction in 2006, Microsoft's Windows Live OneCare has altered the antivirus landscape. With Tuesday's announcement that Microsoft will no longer be selling the product in retail outlets but offering a new free version, code-named Morro, starting in the second half of 2009, it's sure to change the field once again.

Since Microsoft bought Romania-based antivirus firm GeCad five years ago, there has been fear among the commercial antivirus vendors that the software giant would simply bundle its malware protection within the next version of Windows. While that didn't happen--and it's unlikely to happen… Read more

One week after a breached corporate health care company refused to pay extortionists, the criminals now are seeking money from the corporate clients whose employee data might have been exposed.

St. Louis-based Express Scripts said on Tuesday that a limited number of its clients--which include government agencies, unions, and employers--have received letters threatening to expose the personal information of its members. The company said the letters sent to its clients were similar to the original extortion threat it received in October.

The company also said it was establishing a reward totaling $1 million to anyone providing information that results in … Read more

In this week's Security Bites podcast, CNET's Robert Vamosi talks about user authentication with Kim Cameron, chief architect with the Identity and Security group at Microsoft.

At this year's PDC and again at WinHec, Microsoft certainly talked up its new Windows Azure cloud-based services, along with Windows 7. It has also been talking about Geneva, the code name for the next version of CardSpace, the Microsoft user authentication system. One goal of Geneva is to extend the reach of its predecessor, Active Directory Federation Services.

To help developers, Microsoft unveiled at PDC and WinHec the Geneva Server … Read more