Microsoft Security Essentials

Letöltöttem innen a Microsoft új biztonsági programjának BETA változatát (antivirus és antispyware).

MSE

Gond nélkül felment a Windows 7 RC-re.

Most a tesztelése következik.

IE8 issues if immunization by Spybot-S&D is enabled

 

E-társak, gáz van!

 

There are reports that IE8 will not start fast if user’s system is immunized using Spybot S&D.  I able to reproduce this in Vista and XP.

There is report of high-CPU usage when Spybot –S&D immunization is enabled. I able to reproduce this in XP.

There is also report that IE8 will not load fast or it will hang if restricted sites exists in IE Restricted Sites zone, e.g. using IE-SPYAD and I able to reproduce this also in XP and Vista.

Time for the authors to check their protection tools for IE8 compatibility.  For now, users who want IE8… should disable the immunization and IE-SPYAD.  For users who prefer the protection over IE8, stay first with IE7.

Discussion at http://www.calendarofupdates.com/updates/index.php?showtopic=17654

Related blog:  http://blogs.msdn.com/ie/archive/2009/03/19/internet-explorer-8-final-available-now.aspx

IE8 issues if immunization by Spybot-S&D is enabled

2009.03.25:

Spybot S&D Team’s response on IE8 issues

2009.03.28:

Work-around by users on slow startup of IE with immunization

2009.04.08:

New MS KB

Automatic Scan for Virus When Plug in USB Flash Drive » Raymond.CC Blog

Since manually scanning USB flash drive is troublesome, I found a way to automatically scan the USB flash drive whenever it is inserted or plugged in to a Windows computer.
USBVirusScan is a small program that will launch any program you provide as a command line parameter each time a USB stick is inserted. The author use it to start a full virus scan on the inserted USB drive, hence the name.


Ragyogó megoldás az USB flash drive-okon tenyésző vírusok ellen!


Link: http://www.raymond.cc/blog/archives/2008/04/13/automatic-scan-for-virus-when-plug-in-usb-flash-drive/

Virtualization Support for ISA and RRAS (A frustrated reader gets a response from Microsoft)

Rendkívül érdekes történet. A biztonsággal és virtualizálással foglalkozóknak el kell olvasni.

Over the past few months, I’ve been doing a lot of traveling and I’ve neglected this blog. (If for some reason, anybody is interested in how I spent my summer, see the end of this post for my quick summary. It feels odd to be writing about myself, but I guess that’s what people do in blogs.) Anyway, I’m back now and have a million things to write about. Microsoft has been incredibly busy!
I’ll start by sharing a letter from a reader, Jeff Vandervoort, who asked me to get a response from Microsoft. At the end of Jeff’s letter, you’ll see the response Microsoft gave me. I’ll be eager to hear what you think.

Virtualization Support for ISA and RRAS

Security Update for the 2007 Microsoft Office System (KB936960)

  1. WindowsUpdate.log:
    1. 2007-08-14    20:26:59:486     912    bf0    Report    REPORT EVENT: {EBD00822-A710-49F6-81C1-5AEA5E368FC0}    2007-08-14 20:26:54:469+0200    1    182    101    {9FF36D09-9505-46AF-8B21-5EBEB95AE7D4}    100    80070643    MicrosoftUpdate    Failure    Content Install    Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for the 2007 Microsoft Office System (KB936960).

  2. Direct download KB936960 and install failed.
  3. officeupdate.microsoft.com -> officeupdate success.

Újabban csak én szaladok bele a Microsoft Update hibáiba?

És még mindig nem tudom miért keletkezett a hiba. A fenti workaround megoldotta.

       

Preventing an internal spammer – E-Bitz – SBS MVP the Official Blog of the SBS "Diva"

Avagy: a spammerek már a spájzban vannak.

So what can you do to proactively prevent a client’s workstation to be turned into a spam spewing beast?

Les Connor and ISA Server 2004 once again to the rescue:

He builds a rule to deny any port 25 transmissions from anything other than the server itself and an internal scanner.

Action: Deny, log requests
Protocols: Selected : SMTP
From: The lan (defined IP address range)
Exceptions: SBS, Printer and Scanner IP's, which are defined specific IP
addresses.
To: Anywhere (pre-existing destination)
Users: All
Schedule: Always

Caveat, this blocks the use of telnet <external host> 25 from any local
machine for troubleshooting purposes, so beware of this if you use it on
your *own* network for testing SMTP.


You might also want to build an alert rule when this deny rule kicks in as it would be a sign of infestation.

Preventing an internal spammer – E-Bitz – SBS MVP the Official Blog of the SBS “Diva”

Most Computer Attacks Originate in U.S.

A spájzban lévő ruszkik műve.  

The United States generates more malicious computer activity than any other country, and sophisticated hackers worldwide are banding together in highly efficient crime rings, according to a new report. Researchers at Cupertino-based Symantec Corp. also found that fierce competition in the criminal underworld is driving down prices for stolen financial information. Criminals may purchase verified credit card numbers for as little as $1, and they can buy a complete identity _ a date of birth and U.S….(read more)

Source: Most Computer Attacks Originate in U.S.

Tools to scan for missing patches and insecure versions – Calendar Of Updates

Donna összeírta a használható eszközöket:

1. Microsoft Update or Windows Update and Office Update
2. Microsoft Baseline Security Analyzer
3. Secunia Software Inspector
4. Belarc Advisor
5. SecurityExpressions
6. RadarSync 2007

Tools to scan for missing patches and insecure versions
One of the important tasks to help protect our computers from exploits and bugs is to update the applications. An up-to-date antivirus and anti-spyware will not always protect a user from attacks and infection if the system is not fully patched.
Even antivirus vendors recommend to user to always keep a patched systems and applications.

Source: Tools to scan for missing patches and insecure versions – Calendar Of Updates

I’m rocking out to Whisky In The Jar by Thin Lizzy from the album Greatest Hits

Microsoft allows bypass of Vista activation

Rossz fiúk! Nóta, vidámság! 

In its TechNet documents, Microsoft recommends the repeated use of SkipRearm. How many times is “multiple times”? My testing revealed that the answer is, well, indefinite.
On a copy of Vista Ultimate that Microsoft released in New York City on Jan. 29, I found that changing SkipRearm from 0 to 1 allowed the command slmgr -rearm to postpone Vista’s activation deadline eight separate times. After that, changing the 0 to 1 had no effect, preventing slmgr -rearm from moving the deadline. The use of slmgr -rearm 3 times, plus using SkipRearm 8 times would eliminate Vista’s activation nag screens for about one year (12 periods of 30 days).
On a copy of the upgrade version of Vista Home Premium that I bought in a retail store on Jan. 30, slmgr -rearm also worked 3 times and SkipRearm worked 8 times before losing their effect. This combination would, as with Vista Ultimate, permit a one-year use of Vista without nag screens appearing.
On a copy of the full version of Vista Home Premium that I bought in a retail store on Mar. 14, SkipRearm had no effect on extending the use of slmgr -rearm at all. This suggests that Microsoft has slipstreamed a new version into stores, eliminating the SkipRearm feature in Vista Home. That could mean that changing the key from 0 to 1 will now work only in the business editions of Vista — Business, Enterprise, and Ultimate — so corporations can use the loophole.

Source: Microsoft allows bypass of Vista activation

Security attacks you can’t stop: browser patch delays

És mint tudjuk, a legtöbb nyavalyát a webről szedhetjük össze. Nem kéne egy picit igyekezni MS, a nagy tömeggyűlések közti szünetekben? 

“Delays in updating browsers can leave users vulnerable to attack.

But, in updating browsers–especially when a zero-day attack was in progress–Microsoft trailed Apple, Mozilla and Opera in providing fixes. On average, IE patches appeared ten days after the flaw was reported, while Opera, Mozilla and Safari browsers were patched, on average, in two, three, and five days, respectively.” 

Source: Security attacks you can’t stop: browser patch delays