When version 10 of Internet Explorer is published, it will default to sending the “Do-not-track” header (DNT). DNT will be enabled in the “Express Settings” Windows setup process. But there will be a “Customise” option that will allow users to stop the DNT header being sent. Microsoft’s Chief Privacy Officer Brendon Lynch says that this is consistent with Microsoft’s approach to customer privacy and underscores that it is a top priority for the company. Continue reading Internet Explorer 10 will have Do-Not-Track as default
Microsoft has released version 1.0 of of its Attack Surface Analyzer, bringing the application out of beta status. Attack Surface Analyzer was originally announced in January 2011 and is designed to give developers and system administrators the ability to gauge how installing a certain application will effect the attack surface of a Windows system.The company says that it has received “quite a bit of positive feedback” on the tool and is now ready to make it available to the wider public. Continue reading Microsoft’s Attack Surface Analyzer matures
Windows 8 will let you log in by using a photo as your password.(Credit: Microsoft) Continue reading Windows 8 to let you use a picture as your password
Microsoft, beginning in January, will automatically upgrade Windows customers to the latest version of IE available for their PC, Ryan Gavin, senior director of IE, said in a blog post Thursday. The Redmond, Wash.-based computing giant’s move to embrace what is known as “silent updates” follows actions already taken by Google, which pioneered the concept for its Chrome web browser in 2009, and Mozilla, which announced recently it is working on a mechanism for automatic Firefox updates.
Microsoft is aiming to better protect users from threats, such as social-engineered malware, which often targets out-of-date web browsers, Gavin said. Continue reading Microsoft to begin silently updating IE in 2012
Everybody hates a restart, that disruptive final step to install a new update to Windows or another application. So Microsoft, in the spirit of making the system reboot less annoying, will require just one restart per month for every update to its upcoming Windows 8 operating system.
Windows 8 machines will require a restart only when security updates requiring a restart are installed. That basically means just one restart a month, unless Microsoft issues an emergency patch during that time frame that requires a restart.
“With this improvement, it does not matter when updates that require restarts are released in a month, since these restarts will wait till the security release. Since security updates are released in a single batch on the second Tuesday of every month, you are then getting essentially one restart a month. This simplification helps in three ways: it keeps the system secure in a timely manner, reduces restarts, and makes restarts more predictable,” said Microsoft’s Steven Sinofsky in a new Windows 8 blog post this week.
If there’s a critical security update, such as one to shut down an active worm exploit, Windows Update will automatically install and restart the machine. “But this will happen only when the security threat is dire enough,” Sinofsky said.
Windows Update will notify the user of an automatic restart, posting a message on the login screen for three days. “You will no longer see any pop-up notifications or dialogs about pending restarts. Instead, the message appears in a more visible and appropriate place (the log-in screen),” he said in the post.
Not all patches require a restart, however. “The purpose of the changes to the reboot process post updates is to make the whole experience faster and less cumbersome for users,” says Andrew Storms, director of security operations for nCircle. “Enterprises will likely continue to manage patch deployment and reboot cycles as they deem necessary using tools like group policies, WSUS, and System Center.”
Microsoft isn’t saying yet whether the new single-restart policy will be employed with Windows 7, as well. “I think Microsoft will probably take a wait-and-see attitude if these enhancements in Windows 8 will be back-ported to Windows 7. If they find that patches are getting installed more often and faster, then I will put money on Microsoft implementing the change in Windows 7, as well,” Storms says.
Meanwhile, it’s unclear how the new update strategy for Windows 8 would affect the future possibility of Microsoft’s Windows Update eventually helping push third-party application patches. “One topic that has come up often around this topic is the deployment of third-party patches using Windows Update. The real question about third-party product updates is when, or if, Microsoft will utilize its existing update technology to push out updates from other vendors. For example, Microsoft could certainly do a lot of good by helping Adobe distribute their patches,” Storms notes.
But pushing other vendors’ patches would put some of the responsibility for those updates on Microsoft. “I don’t think they are ready to take on this level of risk just yet, but I do think we are headed in the direction of a single update source in the future,” he says.
Microsoft is unveiling a beta of the next version of its Security Essentials anti-malware program and is hunting for people who can give it a test drive.
Users interested in trying out the beta can officially register at the sign-up page. A Microsoft Live account is required, and the company promises to send out e-mails when the beta is available to download.
The number of initial beta testers required will be limited, according to a recent Microsoft blog. But the company expects to release the beta to the general public by year’s end.
Microsoft is touting several new features in Security Essential’s next release, including a simpler interface, better performance, and savvier detection and cleanup features. The new version will also be able to automatically remove severe malware infections without bothering the user.
Security Essentials initially launched in 2009 as a beta and soon graduated to version 1.0. The product fared well in an early test by security firm AV-Test.
Microsoft released version 2.0 last December, improving its speed and smarts at detecting malware and tying it in with the built-in Windows Firewall.
But the future of Security Essentials may be up in the air, at least when it comes to Windows 8. Microsoft is planning to beef up its built-in Windows Defender tool for its upcoming OS to take on more of the power and functionality currently found in Security Essentials.
A Google software developer has taken to his own company’s social networking site to sound off on public perception that mobile devices are in the cross-hairs of attackers.
Despite a plethora of security software maker reports that warn of a rise in mobile malware, such as a recent one from Juniper Networks, which found that malicious Android samples have spiked 472 percent since July, Chris DiBona believes the handheld platform is far more secure than traditional computing environments.
And vendors that sell products in this area are trying to take advantage of a customer base instilled with fear, he said.
In a Wednesday post on Google+, the open source programs manager at the technology giant said he credited more secure coding and built-in mechanisms with making mobile devices better apt to handle threats, such as ones that stem from application stores.
“All the major vendors have app markets, and all the major vendors have apps that do bad things, are discovered, and are dropped from the markets,” he wrote. “No major cell phone has a ‘virus’ problem in the traditional sense that Windows and some Mac machines have seen. There have been some little things, but they haven’t gotten very far due to the user sandboxing models and the nature of the underlying kernels.”
He called out both analysts and anti-virus companies for spreading a message of hoopla.
“Yes, virus companies are playing on your fears to try to sell you … protection software for Android, RIM (BlackBerry) and iOS (Apple),” DiBona wrote. “They are charlatans and scammers. If you work for a company selling virus protection for Android, RIM or IOS, you should be ashamed of yourself.”
Harry Sverdlove, CTO of Bit9, an application whitelisting company, agreed that open source platforms like the Android aren’t any less secure than proprietary systems. But Sverdlove described the Android ecoystem as “chaotic” due to the “low barrier of entry” by which developers can submit applications to the Android Marketplace.
“Of course there’s definitely a lot of overhype [among security vendors] but there’s a lot of reality too, and there are a lot of bad apps out there,” Sverdlove told SCMagazineUS.com on Monday.