Panda Platinum Internet Security 2005 Receives the Trojan Checkmark Certification

Panda Software’s consumer product Platinum Internet Security 2005 has recently obtained the Trojan Checkmark
certificate from West Coast Labs for protection against Trojans.  This certificate for Panda Platinum Internet Security covers the prevention, detection and elimination of these types of threats and comes in addition to those previously received for both detection and disinfection of viruses.

More in PRNewswire

Kaspersky welcomes Microsoft antivirus move

Eugene Kaspersky, founder of anti-virus firm Kaspersky Labs, speaking at the AusCERT security conference, said he believes Microsoft’s entrance into the anti-virus market will improve internet security, but does not believe Microsoft will be able to dominate the market. A variety of anti-virus solutions makes the Internet safer, argued Kaspersky: if all houses were guarded by one type of lock, thieves could break into any house. Microsoft has acquired three companies in order to develop an anti-virus product. Microsoft anti-malware leader Jason Garms has confirmed that Microsoft is working on such a product, but gave few details.,2000061744,39193800,00.htm

Microsoft Internet Explorer “window()” Denial of Service Weakness

Benjamin Tobias Franz has discovered a weakness in Internet Explorer, which can be exploited by malicious people to cause a DoS (Denial of Service).  The problem is caused due to certain objects not being initialized correctly. This can be exploited to crash a vulnerable browser via some specially crafted JavaScript code called directly when a site has been loaded.

NOTE: It is currently not believed that this issue can be exploited for code execution purposes, but this cannot be ruled out completely.

The weakness has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2.

Solution: Disable Active Scripting except for trusted sites.

Browser to act like anti-phishing tool? Possible!

Gervase Markham blogged his thoughts on a “future” and “possible” function of browsers to act like anti-phishing tool e.g. Netcraft toolbar

With Netcraft toolbar (anti-phishing tool which is available to Firefox and IE browsers), user will report a suspected phished site. Once verified by Netcraft’s central server as phishing site, it will be added in the database.  The next time the user or other users will visit the phished site, it is blocked.  The reporter just saved the community  from fraudsters.  IMHO, reporting is always useful. Report suspected spywaretrojans, worms and virus to security vendors.

G. Markham wrote:

So… it would certainly be technically possible for browsers to automatically detect sites attempting to exploit fixed security holes. For example, Firefox 1.0.4 could have been written to detect sites attempting to use the Firefox installation API with a javascript iconURL. Rather than just blocking the exploit attempt, it could then, either automatically or with the user’s permission, report the URL of that site back to a central server, so it could be assessed for placing in a block list feed. Such an assessment could be automatic – script a copy of the browser to go to the URL and see if it detects the exploit also.

Then, older browsers which had not been upgraded, but which were blocking sites from a list including that feed, would still have some amount of protection from attack. As soon as it had been reported by one user using a new browser, all users using older versions would be vaccinated against attack from that site.“

Windows 2000 & IE 5.01 SP3 & 6 SP1 on Windows 2000 support info

Windows 2000 moves into Extended Support after June 30th

There are two important events that will happen to the support policy for Windows 2000 after June 30th of this year.

First, support for both IE 5.01 SP3 and IE 6 SP1 on Windows 2000 SP3 will expire. Users running IE 5.01 or IE 6 SP1 on Windows 2000 should upgrade to Windows 2000 SP4 in order to continue to receive security updates.

Second, Windows 2000 SP4 moves from mainstream to extended support.



Many unaware of browser-security link

Many American online computer users are unaware that choice of browser affects Internet security, and few switch browsers even when they know the risk, a Norwegian study said Monday.

The Oslo-based browser-maker Opera Software ASA, which touts its own browser as being one of the most secure, released a survey of 2,835 online users in the United States, which indicated that only 51 percent of what it called the “adult online population” were aware that the type of browser can affect a computer’s vulnerability to malicious software, such as viruses and spyware.

The poll, first released to The Associated Press, also showed that only 11 percent of those asked said they had switched browsers for security reasons. The survey was conducted in March 25-29 by the Harris Interactive polling group and had a margin of error of about 5 percentage points.


[June 14, 2005] How Microsoft IT Utilizes Governance

Start Time:   Tuesday, June 14, 2005 9:00 AM (GMT-08:00) Pacific Time (US & Canada)  
End Time:   Tuesday, June 14, 2005 10:00 AM (GMT-08:00) Pacific Time (US & Canada)

Event Description  
Products: Security 
Recommended Audience: IT Professional 
Language: English-American

Governance is a critical element of effective information security programs. It can occur at multiple levels on focused tasks or initiatives, or it can be more broadly applied as part of an enterprise security strategy. In this webcast, Microsoft security director Pete Boden discusses approaches to information security governance. He will show how shared goals, metrics and visibility across business units improves linkage to the business, demonstrates business value, and ensures focus on the right priorities.

Presenter: Pete boden, Microsoft IT Director Information Security, Microsoft Corporation

TechNet Webcast

[June 13, 2005] Security Risk Management

Start Time:   Monday, June 13, 2005 9:00 AM (GMT-08:00) Pacific Time (US & Canada)  
End Time:   Monday, June 13, 2005 10:30 AM (GMT-08:00) Pacific Time (US & Canada)

Event Description  
Products: Other 
Recommended Audience: IT Professional 
Language: English-American

When establishing security for your network, you must take risk assessment, cost-benefit analysis, and implementation of security countermeasures into consideration. The Security Risk Management Guide, designed by Microsoft, can help your organization establish the ongoing process of security risk management. This 90-minute webcast presents a qualitative approach to risk management, incorporating best practices from the industry as well as those learned and formulated by the Microsoft internal IT Group.

Presenter: Kevin Remde, TechNet Presenter, Microsoft Corporation

Technet Webcast

[June 9, 2005] Value of Licensing: Education

Start Time:   Thursday, June 09, 2005 10:00 AM (GMT-08:00) Pacific Time (US & Canada)  
End Time:   Thursday, June 09, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada)

Event Description  
Products: Other 
Recommended Audience: Education 
Language: English-American

Join us to learn about our subscription licensing programs for education customers, Campus Agreement and School Agreement. Designed to reduce the costs of acquiring, upgrading, maintaining and managing software for multiple computers, the latest Academic Volume Licensing programs provide simple yet flexible volume-based pricing. These exciting programs allow you to right to run a selection of Microsoft products, and any upgrades or downgrades of those products, for a 12-month term. Even if the number of computers or users grows, you remain fully licensed for the term. You can also license students for use of selected products on a personally owned computer or an institution-owned computer checked out to a student for the school year. Plus, you automatically receive the benefits of Software Assurance Membership. At Microsoft, we are committed to providing the best licensing solutions for our education customers.

Value of Licensing