Speaking in Australia, Microsoft Chairman Bill Gates stressed that more widespread use of firewalls would solve some of the Internet's security problems. He also stressed that his company needs to reduce the frequency with which major security updates are released. He also noted that while most OSes can turn around a security fix in 60-90 days, "we have it down to less than 48 hours." He stressed the importance of using the Window auto-update feature and noted that SP2 defaults the auto-update and firewall to on.
Privacy, Security Archive
Web surfers are no longer playing Russian roulette each time they visit a Web site, security researchers say, now that a far-reaching Internet attack has been disarmed.
Security researchers warned Web surfers to be on their guard after uncovering evidence that widespread Web server compromises have turned corporate home pages into points of digital infection.
"Windows is more secure than you think, and Mac OS X is worse than you ever imagined". That is according to statistics published for the first time this week by Danish security firm Secunia. The stats, based on a database of security advisories for more than 3,500 products during 2003 and 2004 sheds light on the real security of enterprise applications and operating systems, according to the firm.
Here’s a billion-dollar question: Why are Windows users besieged by security exploits, but Mac users are not? John Gruber is discussing why this happens and ultimately concludes that it doesn't matter why, what it matters is that you can't argue with facts.
Microsoft officials poured cold water on a published report that said its Next-Generation Secure Computing Base (NGSCB, code-named Palladium) project is being canned. "The project is continuing full steam ahead. It's alive and kicking and we're very excited about it. The vision has been refined over the last year but it's absolutely not true that it's being killed," MS product manager Mario Juarez said.
After a year of tackling the Windows security nightmare, Microsoft has killed its Next-Generation Secure Computing Base (NGSCB) project and later this year plans to detail a revised security plan for Longhorn, the next major version of Windows, company executives said. On Tuesday, Microsoft executives confirmed that NGSCB will be canned. The project, dreamed up with Intel in 2002, was once code-named Palladium.
Microsoft estimates spyware is responsible for half of all PC crashes and warns that it has become a multimillion-dollar support issue for computer makers, Internet service providers and technicians. Also, Brad Wardell of Stardock wrote an interesting article regarding spyware on common Windows applications here and News.com has an article about spyware and the FCC here.
The open source community has mastered many challenges and has been successful in numerous areas. However, there is one glaring weakness that needs to be remedied.
This paper was written by Ken Thompson around August 1984. Ken Thompson is the co-father of UNIX: "You can't trust code that you did not totally create yourself. No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect."
Forrester Research didn't come out with a single recommendation says eWEEK. Instead, the analyst firm recommends that businesses that value quick patches look to Microsoft and Debian. At the same time Forrester is concerned that Microsoft's new monthly security policy may delay important fixes.
Creating a popular new computing approach always seems to bring with it a familiar catch-22: security issues. And Web services is no exception.
Trusted Computing (TC) continues to be one of the most controversial technologies to come along in many years. Ross Anderson's (anti) TCPA FAQ, Lucky Green's apocalyptic DEFCON presentation, and sites such as notcpa.org and againsttcpa.com are full of predictions of online disaster if TC technology is allowed to go forward.
Malicious hackers and vandals are lazy and wait for Microsoft to issue patches before they produce tools to work out how to exploit loopholes in Windows, say experts.
AMD's Athlon-64 (for PCs) and Opteron (for servers) will protect against buffer overflows when used with a new version of Windows XP. Intel plans similar features on next generation Pentium chips.
UK based security firm mi2g has analyzed 17,074 successful digital attacks against servers and networks. The results are a bit surprising. The BSD OSes (including FreeBSD and Mac OS X) proved to be the systems least likely to be successfully cracked, while Linux servers were the most vulnerable. Linux machines suffered 13,654 successful attacks, or 80% of the survey total. Windows based servers enjoyed a sharp decline in successful breaches, with only 2,005 attacks. "Read more" for our take.
The research firm warns that the ASN.1 vulnerability made public this week could prove worse than the vulnerability that made MS Blaster possible.
Web surfers battling "spyware" face a new problem: So-called spyware-killing programs that install the same kind of unwanted advertising software they promise to erase. Though the companies that fail to disclose this practice are facing an outcry from consumers and watchdogs, there is little people can do to defend their systems, security firms say.
The first place many companies look for Apache support is their main distribution provider, most commonly Red Hat or SuSE. As open source grows, the need for support grows, and this new need has led to the development of a new support option: third-party vendors who manage or patch software. Flaws raise red flag on Linux security but many users remain confident about the security of the open-source environment notices ComputerWorld.
This has been indeed an interesting year for Linux security. The point of this article is to offer a view on what I believe to be some of the most interesting happenings in 2003. The Linux experts that offer their view on 2003 are Bob Toxen (one of the 162 recognized developers of Berkeley UNIX and author of "Real World Linux Security") and Marcel Gagne (President of Salmar Consulting, Inc. and author of "Linux System Administration - A User's Guide" and "Moving to Linux").