Come June 23rd, 2009, Microsoft will open up codename Morro, its upcoming free security solution designed to replace Windows Live OneCare 2.0, to the public. The Redmond company offered official confirmation that codename Morro had been rebranded as Microsoft Security Essentials, and that the first Beta for version 1.0 was ready to debut next week. Access to Microsoft Security Essentials 1.0 Beta will be granted to testers in the United States, Brazil and Israel, the software giant informed. The information provided by Microsoft comes after screenshots of Morro made it into the wild, followed by the actual bits, leaked a couple of days ago.

“The Microsoft Security Essentials Beta will be made publicly available in Brazil, Israel and the U.S. starting June 23 at about 9am PDT from, and general availability is scheduled for later this calendar year,” a Microsoft spokesman told pctipsbox. More »

The Microsoft acquisition Sysinternals that is famous for their useful Windows utilities has a new site up that allows you to easily access any of their utilities for free over the internet in your command prompt. This allows you to run any of their utilities without first downloading it to your computer. Just open an administrative level command prompt and type in:


For example if you want to run Autoruns (a great program to see what starts up automatically) type \\\tools\autoruns.exe and hit Enter.

Every Sysinternals utility is available for “live” use. More »

A new boot record rootkit in the wild has the potential to bring Windows Vista down to its knees. Despite having applauded Windows Vista throughout 2007 as the most secure Windows operating system on the market, the latest Microsoft client still has some problems involving write-access to raw disk sectors. In this context, in early January 2008, GMER revealed that at the end of 2007 a new stealth MBR rootkit was detected in the wild, which could compromise Windows Vista.

“Unfortunately, all the Windows NT family (including VISTA) still have the same security flaw MBR can be modified from usermode. Nevertheless, MS blocked write-access to disk sectors from userland code on VISTA after the pagefile attack, however, the first sectors of disk are still unprotected”, the GMER member explained. “At the end of 2007 stealth MBR rootkit was discovered by MR Team members and it looks like this way of affecting NT systems could be more common in near future if MBR stays unprotected.” More »

MICROSOFT HAS BEEN QUAKING in its big, furry, Volish boots over virtualisation, if this article is to be believed. Supposedly, after some virtualisation doo-dads were toyed with to stick an active rootkit to a beta Vista kernal, Microsoft got so worried that it contemplated giving Vista virtualisation the boot.

As you may well be aware, virtualisation functions were left out of the Vista home editions. Betanews decided to chase up the Vole on this, and extracted the following from a Volish spinster: “Virtualization is a fairly new technology, and one that we think is not yet mature enough from a security perspective for broad consumer adoption.” More »

If you are a regular visitor to these pages you should know all about the current epidemic of zombification. For those of you that missed it, this is when a PC is hijacked and used with other PCs to spread Spam and viruses. Some experts reckon that as much as 80 percent of Spam could be coming from zombie PCs, working together in so-called botnets.
Some of these infections, which often hide in downloaded software called a rootkit, are extremely devious and may not show up on a routine anti-virus scan, so how can you tell if you have been infected?

It is not easy but if you know your way around Windows a built-in utility called Netstat can help, by displaying all of the attempts to use your PC is network and Internet connections. To fire it up go to Run on the Start menu and type (without the quotes) and this opens a DOS-like window, at the flashing prompt type netstat (again no quotes and the list of connections. It probably mean much to you but check the list of IP addresses, as this is where the rootkit infection will show its hand. More »