PCTips Box

You invested in dead bolts and alarm systems to protect your business from theft of merchandise and equipment. But a cyber thief does not need access through the front door to steal the information you store on your PCs. Client credit card and bank account numbers, employee data and other confidential files are all at risk in a cyber attack.

Implementing sound security measures can greatly reduce your vulnerability to phishing (a type of Internet-based scam designed to steal your identity), spyware, and other malicious software used to steal or otherwise compromise business data. The good news is that built-in security features in Windows Vista Ultimate make it much easier to safeguard your PCs. Here are three you should know about: (more…)

Microsoft’s Internet Explorer is without a doubt the main vector of attacks, when it comes down to web-based threats. Its ubiquity, as well as its intimate integration into the Windows platform, makes it an excellent avenue for attacks. With IE6, Microsoft has gained an ill reputation for failing dramatically to protect end users. From IE6, which undoubtedly is an apex of insecurity compared to alternative browsers, the Redmond company moved to Windows Vista and Internet Explorer 7 under User Account Control, virtually cutting the browser from the critical areas of the operating system. Web-based attacks coming via IE7 in Protect Mode will not be able to write themselves to disk without specific user permission, because the browser runs with the very least possible privileges. (more…)

Microsoft has confirmed that the Office suite is once again under fire at the beginning of 2008. However, it seems that attacks only target the Excel component in a variety of Office versions. Concomitantly with revealing that a Critical, Zero-Day vulnerability is being actively exploited in the wild, the Redmond company provided assurance that users of the latest versions of the Office System are not at any risk from attack. Office Excel 2007, Excel 2008 for Mac, Office Excel 2003 Service Pack 3 as well as users that have installed Microsoft Office Isolated Conversion Environment (MOICE) are not affected by the vulnerability.

A member of the Microsoft Security Response Center revealed that: “a targeted attack exploiting a vulnerability in Microsoft Office Excel. Our investigation has shown that this vulnerability affects Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000 and Microsoft Excel 2004 for Mac. Microsoft Office Excel 2003 Service Pack 3, Microsoft Office Excel 2007 and Microsoft Excel 2008 for Mac are not affected as they do not contain the vulnerable code.” (more…)

Microsoft has stepped up its security vulnerability research and defense, making available a new online hotspot designed to offer a “deep” insight into the threats associated with the company’s software products. Deep and not quite. Jonathan Ness, the head of the Microsoft SWI Defense team of software security engineers, revealed that IT professionals and security researchers would be able to access information related to security vulnerabilities, as well as the necessary mitigations and workarounds to dodge exploits, but also data about active attacks, along with extended guidance. At the same time, the Redmond company will attempt to divulge as little information as possible. The contradiction comes as Microsoft has to protect the end users from the risks associated with reverse engineering. (more…)

Microsoft has patched a patch released for Internet Explorer. It might not sound good, but it’s true. And it all began with the Redmond company’s monthly patch cycle. On December 11th, 2007, Microsoft made available Security Bulletin MS07-069 Cumulative Security Update for Internet Explorer (942615). As it is a tradition with offering and implementing security updates into Internet Explorer, the company releases a complete set of patches for all the supported versions of the browser, every month. Each security bulleting not only plugs the latest security holes, but also deals with previous vulnerabilities. (more…)