Joey writes:
"I just recently purchased a laptop and I am still very new at this. I have enjoyed two months of free antivirus software that came with my computer, but that will expire soon. Should I subscribe or is Microsoft Security Essentials as dependable, even though it's free?"
Microsoft Security Essentials is software that helps protect against viruses, spyware, and other dangerous or annoying software. Yes, it's free, but we also think it's dependable. Of course, we may be biased. Here's what a few other-unbiased--security experts are saying.
Download Microsoft Security Essentials now.
Today the Microsoft Security Response Center (MSRC) posted details about the April security updates. On Tuesday, April 12 at approximately 10 AM Pacific Time Microsoft will release 17 bulletins, 9 critical.
The easiest way to get the updates when they're available is to turn on Windows automatic updating. For more information about how this works, see Understanding Windows automatic updating.
The Microsoft Security Bulletin Advance Notification Service offers details about security updates approximately three business days before they are released. We do this to allow customers (especially IT professionals) to plan for effective deployment of security updates.
Advanced Notification includes information about:
For more information about the security updates that will be released on April 12, see Microsoft Security Bulletin Advance Notification for April 2011.
For official risk and impact analysis, as well as deployment guidance, visit the MSRC blog. If you are on Twitter, you might want also want to follow @MSFTSecResponse.
Microsoft released a security advisory today warning about fraudulent digital certificates that could be used to spoof content, perform phishing attacks, or perform other exploits that could put you at risk.
The best way to protect yourself is to turn on Windows automatic updating.
What are digital certificates?
Digital certificates are used to verify the identity of a website.
We're releasing this advisory because Comodo, a major certification authority, informed Microsoft that several digital certificates have been issued without sufficiently validating their identity. These certificates could be used to spoof the identity of services and trick you into trusting them.
Comodo has revoked these certificates, and they are listed in Comodo's current Certificate Revocation List (CRL). If your computer is up to date, it will recognize that these certificates are invalid.
For more information:
Microsoft, in cooperation with industry and academic partners, has taken down the Rustock botnet, a notorious source of spam, fraud, and cybercrime.
The Rustock botnet is a network of infected computers controlled by cybercriminals and used for a variety of illegal activities. The owners of the infected computers probably had no idea that their computer was being used to send spam. To learn how you can avoid being a victim of a botnet, see How to better protect your PC with botnet protection and avoid malware.
What did the Rustock botnet do?
Most of the spam messages generated by the Rustock botnet promoted counterfeit or unapproved generic pharmaceuticals from unlicensed and unregulated online drug sellers. Rustock spam also used Microsoft's trademark to promote these drugs. In another scheme, Rustock-generated email lured people into lottery scams in which spammers attempted to convince people that they had won a lottery. The victims were told that they needed to send the spammers money to collect the larger lottery winnings. To help protect yourself against these kinds of scams, see Email and web scams: How to help protect yourself.
Learn more about the Rustock botnet takedown
For more information, see:
Last week we told you about how to avoid fake donation websites and emails if you want to help Japanese earthquake and tsunami victims.
Eweek reports that cybercriminals have also started using Japanese earthquake related search terms to lead people to their malicious websites. These fraudulent websites show up in search results of people looking for news and information about the earthquake. If you click on these sites, you might be infected with software that could steal your personal information or might make your computer display fake virus alerts that trick you into paying for a fraudulent product or service.
Here are two free ways to help protect you against these fraudulent search results:
The newest version of Microsoft's web browser, Windows Internet Explorer 9, is now available to download for free.
Internet Explorer 9 includes several new features that help protect your computer from viruses and help protect you from fraud when you browse the web.
Download Internet Explorer 9.
One of our favorite new features of Internet Explorer is Tracking Protection. Tracking Protection lets you limit the way that websites track your activity as you browse the web. Internet Explorer creates a personalized Tracking Protection List for you. You can customize it or download a new Tracking Protection List.
For more information, see Discover Internet Explorer 9.
Microsoft has updated guidance regarding a vulnerability in Windows (the issue resides in the MHTML protocol handler) through Security Advisory 2501696 to help protect against limited targeted attacks.
Download and install the Fixit
To help protect your computer, download and install the free Fixit. If you've already applied the Fixit, you are not at risk.
Need help installing the Fixit? Visit Microsoft Fixit Center Online.
For information about ways Internet Explorer can keep you safe, please see the Windows Security blog post: Security and Internet Explorer.
It's tax time in the United States again. Whether you're filing online or off, it's good to be careful with your personal and financial information.
Here are some ways you can help protect yourself from online tax scams:
For more information from the IRS about tax scams and how to protect yourself, see Protect your personal information! The IRS does not initiate taxpayer communications through email.
For more information from Microsoft about online fraud, see Get help with phishing scams, lottery fraud, and other types of scams.
When we hear about a disaster like the earthquake in Japan today, most of us try to think of ways we can help. But some cybercriminals try to think of ways they can take advantage of online givers to steal money and personal information. Here are a few ways you can donate more safely.
Tips to help avoid online donation scams
For more advice, see Donation scams.
For more information about how to avoid other kinds of online fraud, see Email and web scams: How to help protect yourself.
Microsoft is actively updating news and disaster resources, including Bing Maps on the Microsoft Corporate Citizenship page.
Microsoft releases security updates on the second Tuesday of every month. Today Microsoft released of 3 security updates.
Get the updates.
We’ve heard a lot of news lately about how smartphones are the new frontier for hackers, virus writers, and cybercriminals. We talked to the folks on the Windows Phone 7 team and they haven’t heard any complaints about mobile viruses yet, but we thought it wouldn’t hurt to give you four ways that you can help secure any smartphone, not just a Windows Phone.
You’ll notice that this advice isn’t much different than what we’d recommend to help you secure your laptop or your desktop computer.
1. Protect your phone with a password. If your phone is lost or stolen, you can go a long way toward protecting your information if you’ve secured it with a password or a Personal Identification Number (PIN). If you use your phone to access your company’s email or intranet, chances are that they already require that you protect it with a password or PIN. To learn how to protect your Windows 7 phone with a password, see Lock screen FAQ.
For more information on how to choose a good password, see Create strong passwords.
2. Be careful when you install apps on your phone. Apps can do nearly everything these days, from streamlining your social networking to changing the channels on your TV. No matter what kind of phone you have, install apps from a trusted source. For Windows Phone, you can only install apps from the Zune Marketplace. This means that they have been digitally signed, which reduces your risk. (This is the same model used with Apple’s iPhone, but not with Google’s Android phone.)
3. Install your phone's updates. Just like on your PC, you should install all updates for your phone and for the apps on your phone. To learn how to do this with a Windows Phone, see Windows Phone Update Solution.
4. Make sure your smartphone has a feature that helps you find it if you lose it or if it is stolen. Windows 7 includes a “Find My Phone” feature that allows you to find a lost phone, lock it remotely, and also wipe it remotely so that no one can get access to the information there. For more information, see Find a lost phone. If you don't have a Windows Phone, you can usually install a third-party app that can do this for you.
To get more information about security and privacy for Windows Phone, see:
Today the Microsoft Security Response Center (MSRC) posted details about the March security updates. On Tuesday, March 8 Microsoft will release 3 bulletins.
They will address issues in:
For more information about the security updates that will be released on March 8, see Microsoft Security Bulletin Advance Notification for March 2011. Microsoft will host a webcast to address customer questions on the security bulletins on March 9, 2011, at 11:00 AM Pacific Time (US & Canada). Register now for the March Security Bulletin Webcast.
For official risk and impact analysis, as well as deployment guidance, visit the MSRC blog.