Privacy, Security Archive

While spyware protection on single home machines is quite easy using today's removal tools like AdAware or Spybot Search & Destroy, deploying and managing such tools in corporate networks is still a problem. AdAxis promises to ease both deployment and managability of AdAware in such environments. It provides a facility for pushing reference file updates to corporate network workstations, executing AdAware on workstations remotely without user interaction and monitor the spyware contamination degree of machines.

Much of the attention commanded by computer security issues focuses on threats from external sources. Firewalls and perimeter defense tools are deployed to deny unauthorised entry to the network. Experts look for vulnerabilities and ways to ensure that the perimeter cannot be breached. Administrators monitor network traffic for unusual activities and anomalies, and it is common for users to be warned against suspicious email attachments. Read more.

This series explores the sort of technologies we could use if we were to build a new platform today. The first 2 parts covered the Hardware and core OS. In this third part we look at security, the file system, file management and throw in a couple of other random ideas for good measure.

This lengthy and highly technical primer provides a gentle yet thorough introduction to elliptical key cryptography (ECC), said to be ideal for resource-constrained systems because it provides more security-per-bit than other types of asymmetric cryptography. The paper is from Certicom, which markets Security Builder toolkits targeting various popular desktop, server, and embedded OSes.

Speaking in Australia, Microsoft Chairman Bill Gates stressed that more widespread use of firewalls would solve some of the Internet's security problems. He also stressed that his company needs to reduce the frequency with which major security updates are released. He also noted that while most OSes can turn around a security fix in 60-90 days, "we have it down to less than 48 hours." He stressed the importance of using the Window auto-update feature and noted that SP2 defaults the auto-update and firewall to on.

Web surfers are no longer playing Russian roulette each time they visit a Web site, security researchers say, now that a far-reaching Internet attack has been disarmed.

"Windows is more secure than you think, and Mac OS X is worse than you ever imagined". That is according to statistics published for the first time this week by Danish security firm Secunia. The stats, based on a database of security advisories for more than 3,500 products during 2003 and 2004 sheds light on the real security of enterprise applications and operating systems, according to the firm.

Here’s a billion-dollar question: Why are Windows users besieged by security exploits, but Mac users are not? John Gruber is discussing why this happens and ultimately concludes that it doesn't matter why, what it matters is that you can't argue with facts.

After a year of tackling the Windows security nightmare, Microsoft has killed its Next-Generation Secure Computing Base (NGSCB) project and later this year plans to detail a revised security plan for Longhorn, the next major version of Windows, company executives said. On Tuesday, Microsoft executives confirmed that NGSCB will be canned. The project, dreamed up with Intel in 2002, was once code-named Palladium.

Microsoft estimates spyware is responsible for half of all PC crashes and warns that it has become a multimillion-dollar support issue for computer makers, Internet service providers and technicians. Also, Brad Wardell of Stardock wrote an interesting article regarding spyware on common Windows applications here and News.com has an article about spyware and the FCC here.

This paper was written by Ken Thompson around August 1984. Ken Thompson is the co-father of UNIX: "You can't trust code that you did not totally create yourself. No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect."

Forrester Research didn't come out with a single recommendation says eWEEK. Instead, the analyst firm recommends that businesses that value quick patches look to Microsoft and Debian. At the same time Forrester is concerned that Microsoft's new monthly security policy may delay important fixes.

Trusted Computing (TC) continues to be one of the most controversial technologies to come along in many years. Ross Anderson's (anti) TCPA FAQ, Lucky Green's apocalyptic DEFCON presentation, and sites such as notcpa.org and againsttcpa.com are full of predictions of online disaster if TC technology is allowed to go forward.

Malicious hackers and vandals are lazy and wait for Microsoft to issue patches before they produce tools to work out how to exploit loopholes in Windows, say experts.