Windows 8 raises the bar for PC security

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

Windows 8 is officially here. Microsoft held an event in New York yesterday to launch the new OS, and spent a lot of time talking about cool features and introducing a plethora of hardware options available with Windows 8. One thing Microsoft didn’t talk about much, though, is security—and the new features in Windows 8 that will keep your PC and data safe.

As with every previous iteration of the Windows operating system, Windows 8 is the most secure version yet. That really goes without saying, and amounts to little more than marketing hype. Each new version includes the security features of the previous one, but improves on them and adds new features to address potential risks missed by the predecessor. Not to suggest that Windows 8 is invulnerable, but it should be expected that it’s more secure than Windows 7, or any previous version of Windows.

Read more »

14

Webroot SecureAnywhere 2013 adds protection for Mac OS X

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

Webroot SecureAnywhere 2013 is here. The new security suite from Webroot includes a variety of updates in the areas of performance, and the overall user experience. But, the most notable feature of SecureAnywhere 2013 is that it now also protects Mac OS X.

Let’s start with a look at SecureAnywhere in general. While the overall goal of the software is the same as competing antimalware and security suites, and it seems logical to compare them, SecureAnywhere is a whole new approach. Webroot completely threw out its flagship products, and started over by building SecureAnywhere around a more proactive philosophy based off the acquisition of Prevx.

Webroot logo
Webroot SecureAnywhere is a whole different
approach to defending against malware.
Read more »

2

Kaspersky Lab announces a brand-new OS focused on security

Katherine Noyes , PCWorld Follow me on Google+

Katherine Noyes has been an ardent geek ever since she first conquered Pyramid of Doom on an ancient TRS-80. Today she covers business and tech in all its forms, with an emphasis on Linux and open source software.
More by

The past two years or so have brought a new breed of scary malware to the forefront of public attention, including the infamous Stuxnet worm that was discovered back in 2010.

Following hard on Stuxnet's proverbial heels, of course, were Duqu, Flame, Gauss, Shamoon, and Wiper, to name just a few examples.

These new threats are generally thought to be state-sponsored in many cases and developed for cyberespionage against specific targets; another factor in common is that they tend to work through Microsoft Windows.

Read more »

6

Microsoft plans patch for critical flaw in Word next Tuesday

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

It’s the first Thursday of October. Do you know what happens on the first Thursday of each month? Microsoft provides an advance notification of the security bulletins it plans to release on the second Tuesday of the month—more commonly known as Patch Tuesday.

Following an unusually light Patch Tuesday in September, Microsoft was forced to deal with the specter of a zero-day exploit being used in the wild to attack Internet Explorer. Microsoft responded with an out-of-band patch reflecting the urgent nature of the threat.

IT admins will be a little busier in October. According to the Microsoft Security Bulletin Advance Notification for October 2012, Microsoft has a total of seven new security bulletins slated for release next week. Six of the seven are rates merely as Important, while the seventh—a patch for a flaw affecting all supported versions of Microsoft Word—is rated as Critical for Word 2010.

Read more »

5

Microsoft pushes out critical security updates for Internet Explorer

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

Microsoft has published an out-of-band security bulletin—MS12-063—to address a vulnerability that is being actively exploited in attacks in the wild. In addition, Microsoft also released an update to resolve a critical flaw in Adobe Flash in Internet Explorer 10—which is the default browser in Windows 8 and Windows Server 2012.

Microsoft has responded quickly in its investigation of reports that a zero-day vulnerability in Internet Explorer is being actively exploited. Microsoft issued a security advisory with workarounds, and mitigating factors to help customers guard against attacks pending a fix. Then, it released a one-click Fix-It tool to protect customers while kicking its developers in to high gear to create a more permanent fix.

Read more »

4

What you need to know about the Internet Explorer zero-day attacks

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

Microsoft has confirmed reports that a zero-day vulnerability in its Internet Explorer Web browser is being actively attacked in the wild. While Microsoft works diligently to crank out a patch, it’s important for businesses and consumers to understand the threat, and the steps that can be taken to avoid compromise while you wait.

Microsoft has published a security advisory acknowledging the threat. According to Microsoft, the zero-day exploit affects Internet Explorer 7, 8, 9. Internet Explorer 10 is not impacted, but it’s not completely safe because it remains vulnerable to flaws in the embedded Adobe Flash.

The Microsoft advisory includes some tips that can be used to defend against this threat pending a patch for the underlying flaw. Microsoft recommends that customers use the Enhanced Mitigation Experience Toolkit (EMET) to implement mitigations that can prevent the zero-day exploit from working. In addition, Microsoft advises customers to set the Internet and local intranet security zone in Internet Explorer to “High” to block ActiveX controls and Active Scripting from running, or at least configure it to prompt before executing.

Read more »

6

Microsoft confirms patch for Flash in IE10 coming soon

Adobe recently issued an update for the popular Flash Player utility to patch critical flaws that could allow an attacker to run malicious code on the target system. But, if you’re using Windows 8, the version of Flash that Microsoft has embedded in Internet Explorer 10 is still vulnerable. Good news, though—an update is forthcoming to address that problem.

Adobe responds quickly to patch identified vulnerabilities, and most Windows users are conditioned to apply security updates as they’re released, but Microsoft is responsible for updating Flash in its Web browser. Windows 8 hasn’t yet officially launched, though, and Microsoft’s initial response was that Flash would not be updated until after October 26 when Windows 8 becomes available to the general public.

Microsoft baked Flash into IE10, so it's responsible for patching it.
A couple of the flaws addressed by Adobe were given its highest threat warning level, and are associated with attacks that are already circulating in the wild. Last week, Adobe confirmed that Windows 8 users are still vulnerable to these threats.

Read more »

1