We've received some email from blog readers who want to uninstall Microsoft's no-cost antivirus and antispyware software (Microsoft Security Essentials).

If you've had trouble removing the program, see How to manually uninstall Microsoft Security Essentials if you cannot uninstall it by using the "Add or Remove Programs" feature.

Fix it for me

To fix this problem automatically, click the Fix this problem link. Then click Run in the File Download dialog box, and follow the steps in the wizard.

Fix this problem 

Most of us have received suspicious email that looks like it came from someone on our contact list. These emails could contain a virus or other type of malware, or they could be a scam designed to trick you into turning over personal information or money.

Did the person from your contact list suddenly become a cybercriminal? Probably not. It's more likely that someone has gained access to their email account and is using the account for malicious activity. This is known as hijacking. If you think someone's account has been hijacked, you can try to let them know by contacting them by phone or by an alternative email address if you have one.

I think my own Hotmail account has been hijacked. What should I do?

If your Hotmail account has been hijacked, follow these steps from the Windows Live Solution Center:

1. Can you still sign in? If you can, then go to Account.Live.com and change your password.
2. Are you asked for your cell phone number after signing in? At sign in, Hotmail might ask for a cell phone number in order to send a text message with a secret code for you to enter.  This helps prevent spammers from using your account. 
3. If you can't sign in, try resetting your password: 

• If you set up a location and secret question on your account, you can enter the answer to reset your password.  Go to reset your password and select Use my location information and secret answer to verify my identity.
• If you set up an alternative email address on your account, you can send yourself a password reset link.  Go to reset your password and select Send password reset instructions to me in e-mail.

None of the above options worked. What do I do now?

If you can't sign in or reset your password, go to the Windows Live Validation page, and submit the requested information.  This process takes time (from 48 to 72 hours) so only use this if the previous options don't work for you.

 The validation process will ask for key information about your account that only you would be able to provide. This allows Hotmail to verify that you are the legitimate owner of the account. 

For more information, go to http://windowslivehelp.com/accountrecovery

For cybercriminals, scaring people is not limited to the last week in October.

Rogue security software, also known as scareware, is fake software that claims to provide security for your computer, but might generate misleading alerts or attempt to lure you into identity theft or other kinds of fraud.

According to the latest version of the Microsoft Security Intelligence Report, rogue security software has become one of the most common social engineering techniques that cybercriminals use to steal your money.

 In May of this year, Microsoft helped the FBI to serve federal indictments to individuals allegedly involved in a rogue security software ring that resulted in $100 million in losses to Internet victims worldwide.

To read guidance and watch videos about how to protect yourself from scareware, see Watch out for fake virus alerts.

 For a detailed description and the most recent findings about rogue security software, see the malware section of the Microsoft Security Intelligence Report.

A blog reader recently wrote to us asking about our use of the word cybercriminal.

"Can these people be caught and prosecuted? Where is the jurisdiction? My guess is that unless these 'cybercriminals' harvest politically sensitive data or material of that kind no one (officially) really cares too much beyond the point of trying to combat these people's success with more sophisticated preventative software."

Although Microsoft does work hard to create more sophisticated preventive software like Microsoft Security Essentials (antivirus and antispyware software) and SmartScreen phishing filters, we also devote considerable resources to fighting these crimes with legal efforts focused on catching and stopping cybercriminals.

The Microsoft Digital Crimes Unit (DCU) is a worldwide team of lawyers, investigators, technical analysts, and other specialists whose mission it is to make the Internet safer for everyone.

Here are a few recent successes of the DCU:

• Operation b49: Microsoft takes on the bots
• Microsoft works with Demi and Ashton Foundation to help protect children
• Using All the Tools at Our Disposal to Stop Spam Scams
• Scareware Indictments Put Cybercriminals on Notice
• Successful Legal Action Helps Protect Microsoft Customers from 'Spim'

The DCU also helps by financially supporting other organizations, such as the National Center for Missing and Exploited Children, in their own fights against cybercriminals.

To get updates on how the Digital Crimes Unit is fighting the cybercriminals of the world, follow them on Twitter and Facebook.

Microsoft Security Essentials (free antivirus and antispyware software) is now available for small businesses. Small business owners can download and install Microsoft Security Essentials for no cost.

For more information, see Microsoft Security Essentials available to Small Businesses on October 7.

Note: If you operate a business running more than 10 computers, we recommend that you use Forefront client security.

Earlier this week we told you about the myth that most identity theft occurs online. Today's myth is about online shopping.

Myth: Making purchases on the Internet is risky.

Fact: Most security experts agree that the risk of fraud is greater with offline purchases.

To shop more safely online with Internet Explorer:

• Look for https ("s" stands for secure) in the Web address and a closed padlock beside it or in the lower right corner of the browser window.
• Create strong passwords for all online accounts, particularly those used for banking or shopping.
• Consider the reputation of the company or website from which you buy.
• Never make online financial transactions on a public or shared computer, or on a public wireless network.

Download a brochure with more myths and facts:

How Dangerous is the Online World?: Myth vs. Fact XPS | PDF

For more tips, visit:

• 6 rules for safer transactions online
• How to shop online more safely
• How to use third-party payment services

In her keynote speech at the RSA Conference in Europe yesterday, Adrienne Hall (General Manager, Microsoft Trustworthy Computing) shared evidence from the latest Microsoft Security Intelligence Report and outlined the progress that Microsoft and others have made in battling botnets.

 "While we're proud of the progress we and others across the industry have made to date, there is still a lot of work to do," Hall says.

For more information, see:

• In Pursuit of Cyber Crime (Hall's post on the official Microsoft blog)
• RSA Conference Europe 2010
• RSA Conference: Keynote speakers

Today Microsoft released the latest Security Intelligence Report (SIR). The ninth volume of this comprehensive report covers evolving threat landscape trends from January through June 2010, with a focus on botnets.

You can read the report section by section online, or you can download the entire report.

Here are some of the key findings:

• Older operating systems are more vulnerable to infections than newer versions.
• Most attackers use social engineering techniques to trick you into installing malware.
• Stolen equipment remains the most frequent type of security breach incident.
• Windows Update and Microsoft Update usage has increased 75 % since the second half of 2006.

Read other key findings.

To download the entire report:

Security Intelligence Report: XPS | PDF

Download previous editions

Microsoft releases security updates on the second Tuesday of every month. Today Microsoft released 16 new security updates. 

• 10 updates for Microsoft Windows
• 2 update for Microsoft Office
• 1 update for Microsoft Windows Media Player
• 1 update for .NET Framework 
• 1 update for Internet Explorer 
• 1 update for Microsoft Server Software

 Why so many updates this month? 

We have a fairly standard number of updates affecting products like Windows and Microsoft Office. This month we also have updates from product groups that we don't see on a regular basis.

Get the updates.

Watch a video about the updates.

Myth: Identity theft usually happens on the Internet.

Fact: Online methods accounted for only 11% of identity theft in 2009.

Most identity theft happens offline. According to a 2009 study by Javelin Strategy and Research, stolen wallets and paperwork account for almost half (43%) of all identity theft.

Steps you can take to help prevent identity theft include:

• Keep sensitive paperwork in a locked storage device and never put checks in an unlocked mailbox.
• Shred sensitive paperwork when you no longer need it.
• Never leave your wallet, purse, mobile phone, or laptop unattended.

You can increase your identity protection online with these steps:

• Defend your computer with a firewall, antivirus, and antispyware software. Keep all software current (including your web browser) with automatic updating. Password-protect your wireless connection at home.
• Never share personal information that could be used to steal your identity.
• Create strong passwords that are hard to guess, and do not share them with others.

Stay tuned to this blog for more security myths debunked.

The SmartScreen Filter is a feature in Internet Explorer 8 that helps detect fraudulent websites that might install malicious software onto your computer or try to trick you into turning over personal information.

What does is mean when a website is blocked and flagged in red as a reported unsafe website?

A website flagged as unsafe is one that's been confirmed by reputable sources as fraudulent or linking to malicious software and has been reported to Microsoft. Microsoft recommends you do not give any information to or download anything from a website that SmartScreen Filter reports as unsafe.

How do I report a phishing websites?

Follow these steps to report a phishing website:

1. Go to the phishing website in Internet Explorer 8.
2. Click the Safety button (or the shield icon), point to SmartScreen Filter, and then click Report This Website.
3. Use the webpage that is displayed to report the website.

To see learn more, see SmartScreen Filter: Frequently asked questions.

The Microsoft Security Bulletin Advance Notification Service offers details about security updates approximately three business days before they are released. We do this to allow customers (especially IT professionals) to plan for effective deployment of security updates.

Advance Notification includes information about:

• The number of new security updates being released
• The software affected
• Severity levels of vulnerabilities
• Information about any detection tools relevant to the updates

For more information about the security updates that will be released on October 12, see Microsoft Security Bulletin Advance Notification for October 2010.

We can increase collective computer security by taking cues from the healthcare industry, argues Scott Charney, Corporate Vice President of Microsoft Trustworthy Computing. Charney outlined this position in a recently published paper entitled Collective Defense: Applying Public Health Models to the Internet

In a post on the Microsoft On the Issues blog, Charney writes, "Just as when an individual who is not vaccinated puts others' health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society." Charney says that Microsoft will provide and promote research and development to follow the public health model in computer security while still supporting user control and privacy.

Read Charney's blog post.

Download the paper.

This year one of the main focuses of National Cyber Security Awareness Month is the increasing risk of computer botnets and other types of malicious software (also known as malware).

Microsoft is fighting the war against botnets on both the technological and the legal fronts. To learn more about what you can do to avoid botnets, see How to better protect your computer from botnets and other malware. 

To find out what Microsoft is doing to combat the problem, see Operation b49: Microsoft takes on the bots.

On October 1, President Obama signed a proclamation recognizing October as National Cyber Security Awareness month. Microsoft has teamed up with the National Cyber Security Alliance (NCSA) to celebrate National Cyber Security Awareness Month by helping to increase awareness about Internet security.

The NCSA is a non-profit organization with sponsors in education, the United States government, professional organizations, and private corporations like Microsoft. The NCSA provides information, resources, and tools to help people and small businesses better protect their computers and their personal information from online threats.

For more information, see Stop. Think. Connect: National Cyber Security Awareness Month. To get tips on protecting yourself and your family, download our brochure.

The Microsoft on the Issues blog reports that Microsoft is teaming up with actors Demi Moore and Ashton Kutcher to fight against child sex slavery. Microsoft will work with the Demi and Ashton Foundation to develop ways that technology can be used to stop child exploitation.

For more information, see Microsoft works with Demi and Ashton in new initiative to protect children.