A Collection of Random Thoughts
Thursday, February 17, 2005
Technical refresh of Microsoft Anti-spyware
Sometime yesterday, Microsoft released a Technical Refresh of their Anti-spyware utility. That refresh can be downloaded from here:
I will be upgrading later today, but from the download link, it would appear that there have been several changes made based on feedback from customers (another reason to send feedback!).
From Microsoft's website:
"Since releasing Windows AntiSpyware (Beta) on January 6, 2005, we have received feedback from customers and have made enhancements to the software based on his feedback. We have enhanced some of the real-time protection agents, added new threat categories, and improved stability and performance. If you are using a previous version you can simply upgrade to the refreshed version. The version number of the refreshed version is 1.0.509. To check the version number, click About Microsoft AntiSpyware… on the Help menu. Participants in the worldwide SpyNet™ community play a key role in determining which suspicious programs are classified as spyware. Microsoft researchers quickly develop methods to counteract these threats, which are automatically downloaded to your PC, so you stay up-to-date."
If you decide to upgrade to this version, please pass on any feedback (good or bad) to the folks at Microsoft. They have set up newsgroups for this as well as answering questions, which are available here:
Wednesday, February 09, 2005
New security bulletin released
Yesterday, a series of new security bulletins were released. One in particular is of interest because it affects a broad range of products, including Exchange 2003 and Exchange 2003 SP1. It is also listed with a severity rating of critical. If you are running any of the products listed in the security bulletin, this patch is one that you ought to apply now.
Microsoft Security Bulletin MS05-012
Vulnerability in OLE and COM Could Allow Remote Code Execution (873333).
David Lemson, who works on the Exchange team at Microsoft, writes the following, which should tell you that this is an important patch.
"Read this bulletin: http://www.microsoft.com/technet/security/bulletin/MS05-012.mspx
Install the patches. Get others to do the same. This is an important OS fix for Exchange systems."
I've been following Robert Hensing's Incident Response Blog http://blogs.msdn.com/robert_hensing/Rss.aspx and it sounds like the majority of cases that he and his team work on involve systems that were not patched. Don't become a statistic. Install this patch.
Tuesday, February 08, 2005
The Microsoft Borg
Hmmm, just saw this press release from Microsoft.
It will be interesting to see how this plays out. Sybari is well known for their excellent server-based Antivirus products (mainly messaging platforms), and was also famous for creating a "shim" for Microsoft's ESE back in the 5.5 days. I'll be watching to see what the reaction is from other antivirus vendors.