There has been a lot of talk in recent weeks and months about mobile security, especially surrounding the Android operating system made by Google.  Much of the hype, which comes largely from the sellers of security products, is unfounded, playing off of the fears of mobile users to sell their wares.  Avast!, who make free anti-virus software for computers, are now doing the same for mobile.

While malware in the mobile arena still is a rarity, it’s always best to play it safe.  Since avast!, by issuing free security software, isn’t just taking advantage of scared users of mobile devices, and the growing market of mobile devices is creating an ever-growing target, it’s probably a safe bet that security is something worth looking at for your mobile handset or tablet.

avast! for mobile is currently available only for Android, but it will likely be bringing its security wares to other mobile platforms in the future.  It’s a lightweight app that won’t hog up your mobile device and a little security never hurt anyone, so it may be worth a look for anyone carrying around an Android, and for those on other mobile operating systems, you may want to keep an eye on your app app store.  After all, security, no matter what you are doing, is worth having.

To install avast! head over to the Android Market.  For a full review, I recommend visiting AndroidAndMe who did a great job breaking everything down.  You can watch a video below that also gives you an overview of the app.

Alan

Alan is the owner and editor of Making Windows Easy. In addition to writing about technology he is also an avid distance runner and hiker. Read More

Website - Twitter - Facebook - More Posts

One thing that has been lacking from the latest version of Windows Home Server is anti-virus protection.  The first version of the Windows Home Server operating system from Microsoft has several anti-virus apps available from different security firms, but the 2011 OS has had nothing so far.  That has been a source of some frustration from the enthusiast community who were anxious for the latest version of the server OS.

Now, finally, a company has stepped up to create the first, and only, anti-virus, software for the latest Windows Home Server version.  Security firm G Data has entered the picture with their G Data IS for Home Server, which is available now for $99.  Anti-virus was one of the first apps requested by Windows Homer Server users after the 2011 version was  released.

It’s funny, but none of the vendors who released anti-virus apps for the original Windows Home Server have issued updates to support the latest version of the server operating system.  That’s a shame, but thankfully G Data has come up big for all of us.  The price is a bit steep, but when you own the market, as G Data currently does, you can name your price. However, before you fret over the cost, the $99 buys you anti-virus protection for not just your Windows Home Server, but also up to five computers on your network.  You can check them out at G Data Software.  Perhaps soon Microsoft will step up with a version of their Microsoft Security Essentials for the Windows Home Server.

Alan

Alan is the owner and editor of Making Windows Easy. In addition to writing about technology he is also an avid distance runner and hiker. Read More

Website - Twitter - Facebook - More Posts

Although 100 is a nice round number, that’s probably not the reason Microsoft pushed out a patch for Windows right in the middle of a holiday week.  When a fix suddenly appears, and it’s not “Patch Tuesday”, it usually means something very bad has been found somewhere in Windows, and in this case it’s in the .NET Framework.  A hole was discovered within .NET that has been rated as “Critical” because of a Denial of Service vulnerability.

The patch, MS11-100, also address 3 other security holes that had been found in the software.  The release of the patch was announced last night via a post at the Microsoft security blog.  The announcement reads, in part:

“Yesterday evening, we published an Advanced Notification alerting customers to a new out-of-band security update planned to be released today. The notification listed the update as addressing a Critical Elevation-of-Privilege vulnerability, leading to several questions from customers who expected the bulletin addressing a Denial-of-Service vulnerability to be rated Important.

Before hearing about this vulnerability, we had planned to release a .NET security update addressing three vulnerabilities, one of which was a Critical elevation-of-privilege vulnerability. When this vulnerability notification arrived a few weeks ago, the ASP.NET team included the fix into the update already being developed and tested. So the bulletin today addresses four vulnerabilities, one of which is the ASP.NET Denial-of-Service vulnerability presented yesterday. You can read more about the other vulnerabilities in the Security Bulletin and we also invite you to join us for a webcast at 1:00 p.m. PST today (Dec 29) where we will describe the vulnerabilities and answer your questions live “on the air.” You can sign up for the webcast here.”

The update was was pushed out today to all machines with Windows update enabled.  The fix is for virtually all active versions of Windows, which consists of Windows XP SP3, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008 and 2008 R2.

Alan

Alan is the owner and editor of Making Windows Easy. In addition to writing about technology he is also an avid distance runner and hiker. Read More

Website - Twitter - Facebook - More Posts

Everyone today is concerned with the security of their computer.  With hacks, viruses, and spyware at an all-time high, we all need to be vigilant about everything we do online – every email, website, and download.  For a couple of years now, Microsoft has offered their free security suite, Microsoft Security Essentials.  Some people may remember that before MSE, Microsoft issued Windows Defender, which is essentially an all-purpose malware detector and remover, which is now a part of Windows 7.  This week Microsoft quietly released a new, albeit beta, version of that app called Windows Defender Offline.

Why would you want an “offline” version?  Because many of today’s malware apps have become so sophisticated that they are almost impossible to detect, let alone remove, from a PC that is booted up and running.  They integrate themselves into the Windows operating system to keep them from being detected and removed.  According to Paul Thurrott, of the Windows Super Site, ” This tool can help final and remove malicious software, much like the version built into Windows. But because it can be installed to CD, DVD, or USB flash drive, it can be run in offline mode, when the Windows OS isn’t running. And that makes it more effective, since many exploits, like rootkits, are hard to remove when Windows is running.”

You will need a blank CD, DVD, or USB Drive to download and install Windows Defender Offline Beta onto.  If you are using a USB Drive then be aware that you will need to format the drive, so don’t use one that contains files you don’t want to lose.  You can get the app, in 32-bit and 64-bit versions, from this Microsoft site.

Alan

Alan is the owner and editor of Making Windows Easy. In addition to writing about technology he is also an avid distance runner and hiker. Read More

Website - Twitter - Facebook - More Posts

Microsoft has placed new security features in Windows 8 to help better “protect” it.  However many experts have expressed concern over the boot protection, fearing that it may prevent users from dual-booting their systems with Linux.  Microsoft has long treated Linux as if it were malicious software.  Now a security researcher, Paul Kleissner, has written “Stoned Lite”, a bootkit designed specifically for Windows 8.

Kleissner debuted his Windows 8 bootkit at the Malcon Conference in Mumbai, India but had previously announced his intentions to create it.  Kleissner also says that he alerted Microsoft in advance of his intentions being made public.  Stoned Lite for Windows 8 is the successor to previous bootkits, all named Stoned, which Kleissner has written for Windows XP, Windows Vista, Windows 7, and Windows Server 2003.

The new bootkit, supposedly does not attack the Windows 8 UEFI or secure boot features.  A paper on Stoned Lite, as well as the Power Point presentation from Malcon, can be downloaded from Kleissner’s site.  The source code for the bootkit has not yet been made public.  He has also released a video demo, which you can watch below.  There has been no public response from Microsoft as of this writing.

Windows 8 Bootkit Demo from Peter Kleissner on Vimeo.

Alan

Alan is the owner and editor of Making Windows Easy. In addition to writing about technology he is also an avid distance runner and hiker. Read More

Website - Twitter - Facebook - More Posts

Microsoft is about to release a beta version of their Security Essentials tool.  The Security Essentials software was released on September 29th, 2009 is now the most popular security software in North America, and one of the most popular worldwide.  Part of it’s popularity is it’s price – it’s free.  Part is that it just works really well and doesn’t bog down your computer like other (Norton and McAfee) security suites that are simply in the game of who can have the most features.

Microsoft has announced they are about to begin beta testing the next version of Security Essentials.  The beta program, which was announced today on the Microsoft Technet blog, is only open to a limited number of people, although Microsoft didn’t release the number of beta versions they will distribute.  During the first beta test in 2009 Microsoft limited distribution to 75,000 users.

Features in the Microsoft Security Essentials Beta will include:

• Enhanced protection through automatic malware remediation – The Beta will clean high-impact malware infections automatically, with no required user interaction.
• Enhanced performance – The Beta includes many performance improvements to make sure your PC performance isn’t negatively impacted.
• Simplified UI – Simplified UI makes Microsoft Security Essentials Beta easier to use.
• New and improved protection engine – The updated engine offers enhanced detection and cleanup capabilities.

With Microsoft stating that the beta will be limited, users may want to sign up now by visiting the Microsoft Connect site.  The Security Essentials beta is not yet out.  Microsoft will be emailing testers when the beta is ready for download.

Alan

Alan is the owner and editor of Making Windows Easy. In addition to writing about technology he is also an avid distance runner and hiker. Read More

Website - Twitter - Facebook - More Posts

A lot of today’s malware comes, not through email, but through simply surfing the web.  In what is known as a “drive-by” malware is loaded onto a computer by merely visiting an infected website.  And don’t think you’re safe because you avoid all questionable web sites, because it can happen on reputable sites as well.  Many prominent places, such as Facebook, have inadvertently hosted malicious software on the sites.  That’s where a good security program and up-to-date software come in to play.  Many of these drive-bys happen because of security holes in the web browser.

Today Microsoft released a new website, YourBrowserMatters.org, which is designed to alert a user to the vulnerability rating of the web browser they are using.  It works on a scale of 0-4.  By simply visiting the site your browser will be scored, and you can click a link to find out  what the score actually means.

According to the Microsoft announcement, “about a quarter of all PCs connecting to the Web are using an outdated version of their browser. This equates to about 340 million PCs worldwide.”  They elaborate that, of those PC’s, 15.2% run IE 6 or 7, 7.5% run Firefox 3.6, or older, and 1.7% run Chrome 12 or older.  Of the three, Chrome is the only one that automatically updates without user intervention.

When I visited the site using 7.0.1 i received a score of 2.  With Chrome 14.0.835.202 I got a 2.5, while Internet Explorer 9.0.8112.16421 yielded a score of, wait for it…a perfect 4 out of 4.

I won’t accuse Microsoft of any funny business here.  After all, IE 9 is really a good browser.  I will say that I would like to see a similar test from an independent security firm.  Regardless, they do provide some helpful information here, like making sure you are using the latest version of your web browser and keeping Windows up-to-date.  If you want to test it out, you can visit visit www.YourBrowserMatters.org.

Alan

Alan is the owner and editor of Making Windows Easy. In addition to writing about technology he is also an avid distance runner and hiker. Read More

Website - Twitter - Facebook - More Posts

As you have probably heard, this morning many Google Chrome users found their web browser had been removed after Microsoft Security Essentials flagged as malware.  While conspiracy theorists may want to make something of this, it was only an accident.  Microsoft wouldn’t intentionally do this for at least two reasons – one is that Chrome isn’t even Internet Explorer’s biggest competition, Firefox is (at least for now), and second, the US Justice Department and the EU would have a field day with it.

The problem has since been fixed with a new definitions file issued for Security Essentials.  Once downloaded and installed, Chrome can be re-installed and should work fine from there on.  The problem was that a file – PWS:Win32/Zbot was detected within Chrome.  That particular file is a known password-stealing trojan.  For more details on the cause of this you can visit Ed Bott’s Blog.

Within the last hour Google issued their first statement via their blog.  They promise to issue a fix of their own within the next 24 hours and give detailed instructions on how the mistake can be fixed.

“Earlier today, we learned that the Microsoft Security Essentials tool began falsely identifying Google Chrome as a piece of malware (“PWS:Win32/Zbot”) and removing it from people’s computers.

If Chrome is working correctly for you, then there’s no need to take any action.

We are releasing an update that will automatically repair Chrome for affected users over the course of the next 24 hours. In the meantime, if you want to fix the problem with Microsoft Security Essentials and restore Chrome manually, please follow the instructions below.”

Google goes on to detail the fix separately for users of Windows 7, Windows Vista, and Windows XP.  If you choose to wait then the Google-issued fix will automate this process and, again, will be out within 24 hours.  To read Google’s full response and get the their instructions you can visit the Google Blog.

Alan

Alan is the owner and editor of Making Windows Easy. In addition to writing about technology he is also an avid distance runner and hiker. Read More

Website - Twitter - Facebook - More Posts

The recent hack that exposed SSL, or HTTPS, encryption was addressed today by Microsoft with Security Advisory 2588513.  The problem is not Microsoft’s, but is industry-wide and can effect anyone on any platform while using any HTTPS website.  There are no reports of this exploit in the wild yet, but it remains possible that they are out there.  There are some criteria that must be met for the exploit to be taken advantage of.  According to Microsoft’s bulletin, here is what must be present:

• The targeted user must be in an active HTTPS session;
• The malicious code the attacker needs to decrypt the HTTPS traffic must be injected and run in the user’s browser session; and,
• The attacker’s malicious code must be treated as from the same origin as the HTTPS server in order to it to be allowed to piggyback the existing HTTPS connection.

It also requires a high-bandwidth connection from the attacker to the victim, which makes it even less likely.  However, since it’s always better to be safe than we recommend reading the alert and following the advice given.

To keep up with the latest security news, you can follow Microsoft Technical Security Notifications.  You can subscribe to updates via RSS or Email.  For more information, visit Is SSL broken? – More about Security Advisory 2588513.

Alan

Alan is the owner and editor of Making Windows Easy. In addition to writing about technology he is also an avid distance runner and hiker. Read More

Website - Twitter - Facebook - More Posts

Microsoft has, for years, taken abuse over it’s security, and sometimes (XP and before) it was rightfully given abuse.  But the Redmond software giant has to be given credit for their steady improvement.  It began in XP when SP1 turned on the firewall by default, continued with Vista, and has hit the big-time in Windows 7.

Now, one of the leading internet security firms, Kaspersky, has released some big news – Microsoft no longer has any software on their top ten vulnerability list.  In fact, not only is it a bit of redemption for Microsoft, but a real black eye for two other companies – Adobe and Oracle are in sole possession of the entire top ten list.  Adobe’s Flash Player, not surprisingly, racked up seven of the top ten vulnerabilities.

The findings were endorsed at last week’s Black Hat Security Conference, by speaker Chris Padget – “Vista was a giant leap in the right direction …World-leading’ is entirely appropriate…Microsoft’s security process is spectacular…If security is a process, not a product, Microsoft deserves a lot of credit. Vista was a giant leap in the right direction.”

Alan

Alan is the owner and editor of Making Windows Easy. In addition to writing about technology he is also an avid distance runner and hiker. Read More

Website - Twitter - Facebook - More Posts