Windows 8 Security: What’s New
Posted on May 18, 2012 in Uncategorized
The Start screen is the most obvious change to Windows 8, but some of the biggest changes are less apparent. When Windows 8 comes out later this year, the new Start screen and Metro-style apps will likely be the first changes you’ll notice, but those aren’t the only things that are new. Microsoft is also making some serious security enhancements to help keep your system safer and to improve Windows’ ability to combat viruses and malware. It just may be the biggest improvement to Windows security yet.
Antivirus Comes Preinstalled
For the first time in the history of Windows, you’ll enjoy protection from viruses, spyware, Trojan horses, rootkits, and other malware from the very first day you turn on your Windows PC–without spending a cent. Windows 8 comes with an updated version of Windows Defender that includes traditional antivirus functions in addition to the spyware protection and other security features that it has offered since Windows Vista. Windows Defender now provides similar protection–and a similar look and feel–to that of the free Microsoft Security Essentials antivirus program, which Microsoft has offered to users as an optional download since 2009.
The updated Windows Defender resembles Microsoft Security Essentials.
Since Windows Defender will provide at least basic virus and malware protection, purchasing yearly antivirus subscriptions (such as from McAfee or Norton) or downloading a free antivirus package (like AVG or Avast) is optional, whereas before it was pretty much required if you wanted to stay virus-free. Of course, you may disable Windows Defender and use another antivirus utility that promises better protection and more features, but at least everyone will have basic protection by default.
Better Download Screening
When Microsoft released Internet Explorer 9, it updated the browser’s SmartScreen Filter to help detect and block unknown and potentially malicious programs that you download; the function complements IE’s website filtering, which works to block phishing and malicious sites. Starting with Windows 8, the program-monitoring portion of the SmartScreen Filter is built into Windows itself, and it will work whether you’re using IE, Firefox, Chrome, or any other browser.
In Windows 8, the first time you run a program that you downloaded from the Internet, the SmartScreen Filter checks it against a list of known safe applications, and alerts you if it’s unknown and therefore has the potential to be malware. If the alert does pop up, you could then further investigate the program (and the source where you downloaded it) before running it.
SmartScreen produces an alert if you run an unknown program.
Since Microsoft is adding the SmartScreen feature, the company is removing the previous Security Warning alerts that appeared when you first opened a downloaded program (the old alert would show the verification status of the program publisher and warn you about running programs downloaded from the Internet).
This is a welcome change, as it cuts down on the number of alerts you have to click through–with Windows 8, you’ll see an alert only when something’s amiss.
Faster, More Secure Startup
Starting with Windows 8, Microsoft will begin to promote a new type of boot method, UEFI (Unified Extensible Firmware Interface), which improves upon and replaces the archaic BIOS boot system that most PCs have been using for decades. I won’t get into the technical details here, but UEFI offers better security, faster startup times, and a number of other benefits.
Thanks to this new boot method (and other system enhancements), your PC will start up more quickly–in as little as 8 seconds, from the time you press the power button to when Windows fully loads to the desktop. But you’re sure to appreciate the less noticeable improvements too. The Secure Boot feature of UEFI will prevent advanced malware (such as bootkits and rootkits) from causing damage, and it will stop other boot loader attacks (such as malware that loads unauthorized operating systems) as well.
Though Windows 8 will work on PCs with the old BIOS boot system, Microsoft will require new PCs that carry the Windows 8 Certification to use the UEFI boot system with the Secure Boot feature enabled by default. This Secure Boot requirement is causing some concern within the PC industry and among power users, as it could complicate the process of using Linux distributions or dual-booting multiple operating systems. However, Microsoft has promised to keep boot control in users’ hands, and the company requires system makers participating in Windows 8 Certification to offer a way for users to disable the Secure Boot feature on PCs (but not on tablets).
Two New Password Types
Windows 8 introduces two new password types that you can use when logging in to your Windows account: a four-digit PIN and a “picture password.”
For the picture password, you choose a photo or image and draw three gestures (a combination of circles, straight lines, or taps/clicks) in different places to create your “password.”
Even if you decide to use these new password types, you still must set up a regular password. A PIN offers a faster way to log in, and a picture password gives you a more creative and fun way to do so. Sometimes you’ll have to enter the regular password, such as when you need administrative approval for changing system settings as a standard user, but you can log in to your account using the PIN, the picture, or your regular password.
Other Noteworthy Defense Measures
The enhanced Windows Defender, SmartScreen, boot system, and password protection are the most noticeable security improvements in Windows 8. But the new OS has even more system enhancements that you won’t see at all. A few core Windows components (such as the Windows kernel, ASLR, and heap) have been updated to help reduce common attacks and exploits even further.
Eric Geier is a freelance tech writer. He’s also the founder of NoWiresSecurity, which provides a cloud-based Wi-Fi security service for businesses, and On Spot Techs, which provides on-site computer services.
Article source: http://www.pcworld.com/article/255776/windows_8_security_whats_new.html
Read MoreAdoption of Microsoft’s Security Development Lifecycle (SDL) Spreads
Posted on May 18, 2012 in Uncategorized
Article source: http://news.softpedia.com/news/Adoption-of-Microsoft-s-Security-Development-Lifecycle-SDL-Spreads-270248.shtml
Read MoreMicrosoft Encourages Sharing At Security Conference
Posted on May 18, 2012 in Uncategorized
Microsoft’s first Security Development Conference 2012 has taken place in Washington DC, which seeks to encourage a diverse set of companies, government agencies and academic institutions to share their own experiences and adopt a Security Development Lifecycle (SDL).
The event, held 15 and 16 May at Washington’s Fairmont hotel included information for leaders in software engineering, process and business management who are responsible for implementing or accelerating the adoption and effectiveness of secure development practices in their organisations.
The 2012 conference was the first in what is to be an annual series of SDC events, Microsoft said.
Good To Talk
Keynote speakers included Scott Carney, corporate vice president for Trustworthy Computing at Microsoft; Richard A. Clarke, chairman of Good Harbor Consulting and former special advisor to the President for cyber security; and General Michael V. Hayden, principal at the Chertoff Group and former director of the Central Intelligence Agency and National Security Agency. Diamond sponsors of the SDC were Adobe, Cisco and Microsoft.
In a blog post about the event, Steve Lipner, partner director of program management for Trustworthy Computing at Microsoft, said:
“To see more and more private and public organisations recognize the value and importance of implementing secure development practices makes me cautiously optimistic that in the future software will be more secure than the software we’ve seen in the past. I remember when in 1997 I attended the RSA Security Conference held in the basement of the Mark Hopkins Hotel in San Francisco with a few hundred attendees. Today, the annual RSA Conference is a major industry event with more than 10,000 attendees. I’m not certain that the Security Development Conference will follow that sort of trajectory, but I do believe that secure development is of growing importance, and I also know that industry commitment can start small and grow.”
As part of the conference, Microsoft announced two new success stories – the Government of India and Itron have both integrated the SDL into their processes.
The Government of India has recognised the importance of a holistic integration of security and is promoting that key concept by including secure coding practices in their draft national economic five-year plan, Lipner said. “They believe this is a significant step that will help improve the security of all software and services produced in their programs. India’s Computer Emergency Response Team (CERT-In) which leads the country’s response to cyber threats has already taken steps to implement the five-year plan by leveraging Microsoft’s SDL as one of the core tenets for application security. In addition, the National Informatics Centre, part of the Central Government Office of India, requires training in SDL principles including the training of more than 10,000 of India’s cyber forensic investigators. The government of India is also encouraging domestic businesses to adopt similar processes, showcasing the significant role public-private partnerships play in making critical systems more secure. You can read more about the steps the Government of India is taking to secure its environment in the case study available for download here.”
Meanwhile, Itron, a provider of energy and water resource management solutions for nearly 8,000 utilities around the world, also has incorporated the SDL into their development process.
“With the increase in threats to critical infrastructures, Itron realized it needed to take proactive steps to protect its systems by building security in from the start,” Lipner said. “The company recently implemented Microsoft’s SDL, making it mandatory for the development of all of its software and hardware. Itron now has one of the most mature secure development programs in the Smart Grid space. You can read more about the steps Itron is taking to secure its systems through a case study we have published for download here.”
Security Drive
In addition to the keynote speakers, other speakers at the event included representatives from IBM, Symantec, Red Hat, the National Security Agency, Itron, Cisco, Adobe, the National Institute of Standards and Technology (NIST), Lockheed Martin, EMC, Salesforce.com and a host of others, including several other speakers from Microsoft.
To date, Microsoft’s free SDL tools and resources have been downloaded over 940,000 times reaching over 150 regions around the world.
Recent Microsoft research has demonstrated an overall decline in the exploitability of vulnerabilities in Microsoft products by greater than 30 percent when comparing the latest version of all Microsoft software to all supported previous versions over the past 18 months.
350 days after implementing the Microsoft SDL, MidAmerican Energy was the only business unit inside its parent holding company, MidAmerican Energy Holdings Company, that external auditors found to have no security vulnerabilities. And, MidAmerican realized an overall productivity gain of up to 20 percent using Microsoft SDL.
A recent study by the Aberdeen Group, found the total cost of remediating an actual application security-related incident at about $300K (£240,000) and that organisations who implemented an SDL realised four times their return on annual investments in security. Forrester reconfirms this by stating those practicing SDL specifically reported visibly better ROI results than the overall population.
How well do you know Internet security? Try our quiz and find out!
Article source: http://www.techweekeurope.co.uk/news/microsoft-security-conference-78559
Read MoreMicrosoft cloud survey: Security, cost both a deterrent and an attraction
Posted on May 16, 2012 in Uncategorized
Small and midsize businesses that actually use cloud services see them as a way to boost security and save money, according to a survey sponsored by Microsoft.
The same survey finds similar-size businesses not using cloud services worry they might not be secure enough and that the costs of transitioning to them might be a hurdle.
The goal of the survey was to find out the expectations small and midsize businesses had for cloud services and how that compared to the reality experienced by companies that are already using cloud services, says Tim Rains, director of Microsoft’s Trustworthy Computing.
WINDOWS 8: Firefox, Chrome cry foul over Windows 8 on ARM
The upside for security is that cloud services on average cuts 18 hours per week from security management time, the survey says, because much of it is handled by the provider, Rains says. “It doesn’t eliminate the need for patch management on-premise, but there’s less of it to manage,” he says.
That saves money, but also increases security because providers are likely to patch and upgrade in a timely manner as a competitive edge.
The survey says that over the past three years, businesses using cloud services enjoyed decreases in security spending that are more than five times the savings reaped by businesses that didn’t use cloud services. Of those using cloud services, 20% say they reduced their security management costs, but the number was just 4% for those that didn’t use cloud services.
Still, 40% of those respondents not using cloud services say security is the reason they don’t, but 67% of them say they would be more confident about using cloud services if there were industry security standards. Visibility into how cloud providers operate their networks so customers can map that to standards and best practices would make 38% of respondents more confident about buying cloud services.
A third of those not using cloud services say they see the cost of transitioning to cloud services as a barrier.
The survey questioned 94 small and midsize businesses using cloud services and 93 that did not. Microsoft says cloud users were defined as companies that used a cloud service via a subscription model, and did not differentiate among SaaS, IaaS and PaaS offerings, or what types of data or functions were entrusted to those services.
The survey was conducted by research firm comScore, which did not reveal to respondents that the survey was sponsored by Microsoft. Respondents were not qualified based on which cloud vendor they used.
A small to midsize business was defined as one with between 100 and 250 PCs in its network.
Article source: http://www.pcadvisor.co.uk/news/security/3357595/microsoft-cloud-survey-security-cost-both-deterrent-attraction/?olo=rss
Read MoreCloud Computing Security Benefits Dispel Adoption Barrier for Small to Midsize Businesses
Posted on May 16, 2012 in Uncategorized
REDMOND, Wash. — May 14, 2012 — Research released today by Microsoft Corp. shows that small and midsize businesses (SMBs) are gaining significant IT security benefits from using the cloud, according to a new Microsoft study in five geographies.
The study shows that 35 percent of U.S. companies surveyed have experienced noticeably higher levels of security since moving to the cloud.1 In addition, 32 percent say they spend less time worrying about the threat of cyberattacks. U.S. SMBs using the cloud also spend 32 percent less time each week managing security than companies not using the cloud. They are also five times more likely to have reduced what they spend on managing security as a percentage of overall IT budget.
“There’s a perception that security is a barrier to cloud adoption,” said Adrienne Hall, general manager, Microsoft Trustworthy Computing. “Yet when companies embrace and invest in cloud services, they find the benefits far outweigh previous concerns.”Time and money spent managing security prior to using cloud services is being reinvested by SMBs to grow their businesses and be more competitive. The survey shows the following in the U.S.:
•Of SMBs that use the cloud, 41 percent said they were able to employ more staff in roles that directly benefit sales or business growth, 39 percent invest in more product development or innovation, and 37 percent experienced improved agility and competitiveness.
•More than half of those surveyed (52 percent) said using the cloud enabled them to add new products and services that benefit their business more quickly and securely.
•Of those surveyed, 42 percent said the cloud made it easier for them to scale their business to explore new markets.
“Any solution that helps SMBs’ bottom line has to be good for them and the economy,” said Ryan Brock, vice president of Worldwide SMB Cloud Channels at Access Markets International Partners. “When it comes to security, the cloud offers SMBs a level of expertise, specialist resources and investment that they cannot hope to match. This translates into cost and time savings and better protection against cyberthreats, which gives them the freedom to innovate and grow their business.”
An example of a company that has realized the security benefits of the cloud is SkyWire Media Inc., a small business in Nevada that helps other businesses personalize and distribute rich content to mobile devices. As a small business, it was a challenge for SkyWire to keep up to date with security management. After transitioning to Windows Intune, a cloud-based management and security solution, the company no longer faces the same problem.
By simplifying software distribution and streamlining the security upgrade process, Windows Intune helped SkyWire save $90,000 (U.S.) in IT costs over a span of six months, a savings of $15,000 (U.S.) per month. By retiring third-party antivirus and antimalware tools, the company was able to redeploy the cost of overseeing these processes.
“Since we started using Windows Intune, support calls are down by 70 percent,” said Thomas Castleberry, chief operating officer, SkyWire. “We can now prevent malware before it interferes with the productivity of our salespeople — and this means they can go out and win new business.”The study, commissioned by Microsoft and conducted by research company comScore Inc., polled companies with between 100 and 250 PCs in the U.S., Singapore, Malaysia, India and Hong Kong.
Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.
¹ For the purpose of this research, cloud users were defined as companies that used a cloud service via a subscription model.
Note to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://www.microsoft.com/news. Web links, telephone numbers and titles were correct at time of publication, but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/news/contactpr.mspx.
Article source: http://www.microsoft.com/en-us/news/Press/2012/May12/05-14SMBSecuritySurveyPR.aspx
Read More