Welcome to the Microsoft Security Newsletter - a monthly newsletter for IT professionals and developers bringing security news, guidance, updates, and community resources direct to your inbox. If you have suggestions or comments about the Microsoft Security Newsletter, please send us your feedback.
Viewpoint
|
|
By Matt Heller
The Web browser occupies a unique space as an essential business and personal productivity tool that is constantly exposed to potentially malicious content created by unknown individuals or groups. This month we'll look at past improvements of Microsoft Internet Explorer, the current state of malicious activity, and the enhancements offered in the next version of Internet Explorer to help protect users.
|
Top Stories
|
|
Read about a new identity architecture known as the "identity metasystem" and about "InfoCard," the code name for a technology designed to improve the safety of accessing resources and sharing personal information on the Internet. Learn more about the technology's potential impact on identity security and why browser support for "InfoCard" will be important for addressing the problem of online fraud.
|
|
|
Strider HoneyMonkey is a Microsoft Research project to detect and analyze Web sites hosting malicious code. The intent is to help stop attacks that use Web servers to exploit unpatched browser vulnerabilities and install malware on the PCs of unsuspecting users. Learn more about the project, recent findings, and a related university crawler-based study on spyware on the Web.
|
|
|
Experts and users agree that determining the appropriate level of security in any organization requires a largely commonsense risk assessment to determine which assets are most valuable, and then spending accordingly to protect them. This article outlines security fundamentals and the free tools Microsoft offers to help in the security and risk assessment process.
|
Security Guidance
|
|
By Tariq Sharif
Phishing is a way to trick computer users into revealing personal or financial information. In addition to covering the new features in Internet Explorer 7 that will help protect users from phishing attacks, Internet Explorer Program Manager Tariq Sharif offers tips on how users can protect themselves.
|
|
|
These easy-to-follow, practical articles explain how features in Internet Explorer 6 can help make your online experience more private and secure.
|
|
|
Internet Explorer 7 Beta 2 Preview includes advancements in security and browsing experience for end users, functionality and compatibility for developers, and manageability for corporate network administrators. Read this technology overview to learn more.
|
|
|
Application compatibility logging in Internet Explorer 7 is designed to help IT professionals evaluate changes in behavior of Web applications and Web sites caused by the new security features in Internet Explorer 7. A temporary toolkit is now available so that developers and IT professionals can begin testing application compatibility with Internet Explorer 7.
|
|
|
In Windows Vista, Internet Explorer 7 runs in Protected Mode, which significantly reduces the ability of an attack to write, alter, or destroy data on a user's computer or to install malicious code. This article describes the Windows Vista features used to implement Protected Mode, shows how to develop extensions that work with Protected Mode, and provides guidelines for developing more secure applications.
|
|
|
"Browser hijacking" is a common type of online attack in which hackers take control of your computer's Internet browser and change how and what it displays. If you use the latest security software and updates and practice safe Internet browsing, you're already doing a lot to keep the hijackers away. But there are several ways you can free a hijacked browser from the hackers and restore its settings.
|
|
|
Learn what you can do to help protect your customers and employees and prevent your company brand from being hijacked.
|
|
|
Enabled by default on Windows Server 2003, Internet Explorer Enhanced Security Configuration establishes a configuration for your server and for Internet Explorer that decreases the exposure of your server to potential attacks that can occur through Web content and application scripts.
|
|
|
The ISO image files are intended for corporate administrators who manage large multinational organizations, must download multiple individual language versions of each security update, or do not use an automated solution such as Microsoft Windows Server Update Services.
|
|
|
Learn how Windows Vista will help reduce security risks by allowing users to run with administrator privileges and still be productive.
|
This Month's Security Bulletins
Critical:
Important:
MVP Update
Subratam's memberships include Team Spybot and the Alliance of Security Analysis Professionals, a joint effort dedicated to providing security-related support to computer end users. His interests also include analyzing and testing viruses and spyware sent to him from fellow security enthusiasts worldwide.
|
|
Experts cite different reasons as to how computers become infected, but most agree that the browser used to surf the Internet can be the first line of defense. To help lessen the chances of getting infected, it is good to clarify some concepts and understand some of the terms closely associated with browsers and security.
|
Partners with Expertise in Security Solutions
|
|
VeriSign protects online interactions, enabling reputational, operational, and compliance risk management. VeriSign has been working with Microsoft to provide Internet Explorer 7 users more information on site identity. By sharing its rigorous authentication methodology with industry leaders, VeriSign is helping to establish a common standard for enhanced validation. VeriSign is also a coauthor of the WS-Trust specification on which the "InfoCard" design is based. For more information on VeriSign security solutions, please visit the VeriSign SSL Certificates home page or the SecureIT Alliance VeriSign home page.
|
Microsoft Product Lifecycle Information
Security Events and Training
|
|
Monday, March 27, Phoenix, Arizona
Join members of Microsoft's Application Consulting & Engineering (ACE) team at this Microsoft Security Development Lifecycle-IT (SDL-IT) mini-workshop. Learn how Microsoft leverages the SDL-IT to help ensure that line-of-business applications deployed at Microsoft meet security/privacy policy and best practice.
|
|
|
Get help with improving the planning and management of your organization's security strategy. Familiarize yourself with and test security features of products such as Microsoft Exchange Server 2003, Internet Security and Acceleration Server, and Windows Server 2003, and tools such as Microsoft Baseline Security Analyzer and Software Update Services.
|
|
|
These free clinics follow the same content outline as Microsoft security webcasts, but deliver that information in a learner-centered format. Learn at your own pace and easily find indexed security guidance. Perform security-related procedures in a safe virtual environment with free Microsoft Official Hands-On Labs.
|
Upcoming Security Webcasts
|
|
Tune in to learn about strategies for addressing online safety issues and technologies to help protect your company's networking infrastructure from attacks through the browser.
|
Microsoft On-Demand Security Webcasts
| • |
|
| • |
ISA Server 2004: Maximize Application Security and Performance
This series of technical webcasts covers everything from technical overviews and usage scenarios to deployment and troubleshooting. Our experts explain how to use Internet Security and Acceleration (ISA) 2004 to improve network security without sacrificing performance. You'll also learn more about partner solutions designed to extend the capabilities of ISA Server in areas such as antivirus and content filtering.
|
| • |
|
| • |
|
| • |
Bonus: Attend any live webcast through June 2006 and you could win a 40 GB MP3/WMA player. See official rules for more details. Offer open to residents of the United States and Canada only.
|
| • |
|
For IT Professionals: TechNet Webcasts
For Developers: MSDN Webcasts
|
Back to newsletter list
