XP SP3 vs Vista SP1, Windows Feature Comparison

This white paper compares the following features and capabilities of Windows XP with SP3 and Windows Vista with SP1: security, management, deployment, mobility, and productivity. Feature – Security Development Lifecycle (SDL)XP SP3: Developed for Windows XP with SP2. Vista SP1: The Microsoft SDL makes security a top priority throughout the development cycle by mandating a repeatable engineering process that every developer must follow, and by verifying that process before product release. The SDL is an evolving process that implements rigorous standards of secure design, coding, testing, review, and response for all Microsoft products. The SDL helps remove vulnerabilities and minimize … Continue reading XP SP3 vs Vista SP1, Windows Feature Comparison

5 Misunderstood Features in Windows Vista

Based on feedback from IT Pros in the trenches, here are the features that can cause confusion and slow Windows Vista adoption: • User Account Control – A key goal of UAC in Windows Vista is to help nudge Independent Software Vendors towards designing applications that function in standard user mode.  One reason this feature is misunderstood is because UAC isn‟t a single feature; it‟s a set of technologies to help end users run with standard user privileges, and reserves Local Administrator privileges for IT staff or limited specific circumstances. • Image management – Few people relish change, especially when … Continue reading 5 Misunderstood Features in Windows Vista

Calendar of Updates stops posting updates of Comodo Firewall Pro

Many don’t like the Ask Toolbar in a security program so after learning that Comodo Firewall Pro’s new installer contains Ask Toolbar… it is now one of the products that we will not post update information at Calendar of Updates. More info at http://www.dozleng.com/updates/calendar48011 http://www.dozleng.com/updates/index.php?showtopic=18314

10 Annoying software: a rogues’ gallery

ZDNet’s showing photos of 10 annoying software Adobe Reader, Apple’s Software Updater, Windows Update Program in Vista, Sun Java, Norton etc. http://reviews.zdnet.co.uk/software/0,1000001048,39419834,00.htm Over in Calendar of Updates, we got: Installers Hall of Shame or here Uninstaller’s boo-boos We also do not post updates that have Ask Toolbar

Anti-fraud researcher faces fraud charges

One of the researchers behind ScanAlert, the “Hacker Safe” certification company McAfee recently acquired, is facing fraud charges in Indiana. Brett Oliphant, whose title had been vice president of security services before the Napa, California, company was acquired by McAfee in January, is facing 11 counts of securities fraud in transactions that allegedly brought in more than $1.215 million. Oliphant and his brother Bryan were charged in December. Their trial is set for November 18 at the Elkhart County Superior Court in Indiana. http://www.techworld.com/security/news/index.cfm?newsID=101538&pagtype=all

Microsoft Expands Security Information Sharing Program to CERTs

Program to further response and guidance for computer security incident response worldwide. GOLD COAST, Australia — May 21, 2008 — Today at the annual AusCERT Asia Pacific Information Technology Security Conference, Microsoft Corp. announced the extension of the Microsoft Security Cooperation Program (SCP) to include computer emergency response teams (CERTs), computer security incident response teams (CSIRTS), and other response and guidance organizations that represent a nation, region or population. SCP, a worldwide program originally formed for government entities, provides a structured way for Microsoft to share information efficiently, improving responses to computer security incidents and decreasing the risk of system … Continue reading Microsoft Expands Security Information Sharing Program to CERTs

Old Is New Department: Microsoft Patents Proactive Virus Protection

Microsoft has just snared a U.S. patent for proactive virus protection, which is how security software helps secure your PC when it encounters shape-shifting malware not already in its antivirus definition file. What I want to know is, what does this mean for all the other vendors — like McAfee, Symantec, Kaspersky, and Trend Micro — that have been selling proactive protection software for years? Do they now have to pay Microsoft protection; I mean, royalties? http://www.informationweek.com/blog/main/archives/2008/05/microsoft_paten.html

Permanent Denial-of-Service Attack Sabotages Hardware. New malware attack: Phlashing

Researcher to demonstrate a permanent denial-of-service (PDOS) attack that remotely wipes out hardware via flash firmware updates Smith will demonstrate how network-enabled systems firmware is susceptible to a remote PDOS attack — which he calls “phlashing” — this week at the EUSecWest security conference in London. He’ll also unveil a fuzzing tool he developed that can be used to launch such an attack as well as to detect PDOS vulnerabilities in firmware systems. His so-called PhlashDance tool fuzzes binaries in firmware and the firmware’s update application protocol to cause a PDOS, and it detects PDOS weaknesses across multiple embedded systems. … Continue reading Permanent Denial-of-Service Attack Sabotages Hardware. New malware attack: Phlashing

Apple iTunes Customers Targeted By Phishers

Anyone paying any attention at all should be able to detect the difference between “kurvemageren.com” and “apple.com,” security experts report. Having delivered consistently strong financial results over the past year, displaced Wal-Mart as the leading U.S. music retailer, stormed into the mobile phone market, and outperformed the rest of the computer industry, Apple has never looked more polished. But Apple’s success has a downside: There are now enough Apple customers to attract cybercriminals. Phishers have begun using Apple’s brand as bait. Communications security company Proofpoint has detected a phishing message that attempts to exploit Apple’s name. A screen shot provided … Continue reading Apple iTunes Customers Targeted By Phishers

Apple under pressure to fix Safari ‘carpet bomb’ flaw

The Google-backed StopBadware.org coalition has called on Apple to rethink its stance on whether the Safari “carpet bomb” issue reported by Nitesh Dhanjani constitutes a serious security risk. Dhanjani originally discovered than it is possible for a booby-trapped Web site to litter the user’s Desktop (Windows) or Downloads directory (~/Downloads/ in OSX) with executables masquerading as legitimate icons. “This can happen because the Safari browser cannot be configured to obtain the user’s permission before it downloads a resource. Safari downloads the resource without the user’s consent and places it in a default location (unless changed),” Dhanjani said, warning that it … Continue reading Apple under pressure to fix Safari ‘carpet bomb’ flaw