A friend bought a new laptop that runs the Windows Vista operating system.
She told me she loved the experience and the convenience of all the new features, but she also grumbled about how many security warnings she received:
"It's like it won't let me do anything without first asking me if I really want to do it."
Security is about making choices. Online criminals get more sophisticated every day, and even those of us who are technically savvy can benefit from continuing to ask ourselves:
Do I really want to click that link? Visit that Web site? Enter my personal information into that pop-up window?
Windows Vista is designed to give you control of the answers to those questions and to give you the resources to help keep your computer, your personal information, and your family safer.
Security is about making choices, for software developers, too: Create an operating system that is too secure and you might have trouble doing what you want to do. Make features easier to use and your computer might be exposed to more attacks. Finding the right balance is just not easy.
In January Jim Allchin, (now retired) former Co-President, Platforms & Services Division, wrote an excellent and insightful blog entry on some of the trade-offs that the Windows Vista team made in order to balance security and convenience in the newest Windows operating system.
If you’re wondering why you have to read so many security warnings, it might be worth a look. Read the Windows Vista team blog: Security vs. Convenience.
Windows Defender is a Microsoft program that helps protect you against spyware and other unwanted software. It's built into Windows Vista and you can download it for free if you use Windows XP.
Windows Defender provides real-time protection, but also allows you to scan your computer for spyware manually. If it finds anything suspicious you'll see an alert.
Here's what the alerts mean and what you should do about them.
Alert level
What it means
What to do
Severe
Widespread or exceptionally malicious programs, similar to viruses or worms, which negatively affect your privacy and the security of your computer, and can damage your computer.
Remove this software immediately.
High
Programs that might collect your personal information and negatively affect your privacy or damage your computer, for example, by collecting information or changing settings, typically without your knowledge or consent.
Medium
Programs that might affect your privacy or make changes to your computer that could negatively affect your computing experience, for example, by collecting personal information or changing settings.
Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.
Low
Potentially unwanted software that might collect information about you or your computer or change how your computer works, but is operating in agreement with licensing terms displayed when you installed the software.
This software is typically benign when it runs on your computer, unless it was installed without your knowledge. If you're not sure whether to allow it, review the alert details or check to see if you recognize and trust the publisher of the software.
Not yet classified
Programs that are typically benign unless they are installed on your computer without your knowledge.
If you recognize and trust the software, allow it to run. If you do not recognize the software or the publisher, review the alert details to decide how to take action. If you're a SpyNet community member, check the community ratings to see if other users trust the software.
By now you've probably heard about the rise of identity theft on the Internet. One of the most common forms of fraud is called a phishing scam.
What is a phishing scam?
Phishing scams are fraudulent e-mail or Web sites that try to fool you into filling out forms that could be used to steal your personal or financial information or account passwords.
Phishing protection starts with good e-mail practice
Anti-phishing detection automatically deletes the e-mail or moves it to the junk folder depending on the level of confidence that it is indeed a fraudulent message. If a message is moved to the junk folder, the e-mail client notifies you of the threat.
The following include anti-phishing detection:
Get phishing protection when you browse the Web
Phishing scams usually arrive in your e-mail inbox, but the trouble starts when you click a link that takes you to a page you didn't intend to go to. And the problem is that you might not even know there's a problem.
If you've accidentally clicked one of these links, Phishing Filter in Internet Explorer 7 helps prevent you from accidentally providing sensitive information to a fraudulent Web site. It warns or blocks you from potentially harmful Web sites. For more information, see Phishing Filter: Help protect yourself from online scams.
In the past few weeks we've received dozens messages from readers who've received e-mails that claimed to be from Microsoft. The mails stated that the recipient was the winner of a large amount of money.
These e-mails are a type of scam called "advance fee fraud." You should not respond. For more information and tips on how to avoid phishing scams, read Recognize and avoid fraudulent e-mail to Microsoft customers and You have not won the Microsoft Lottery.
In a previous blog entry we asked you to contact us if you've experienced online fraud or phishing. We received several questions from people who weren't sure if the e-mail messages they'd received were phishing scams.
Although we can't respond directly to every message, we wanted to address a few of your concerns here.
Also, we're still looking for stories from people who've had their identity stolen by an online criminal. So, use the Email link above this entry to tell us your story.
What are phishing scams?
Phishing scams are fraudulent e-mails or Web sites that try to fool you into filling out forms that could be used to steal your personal or financial information or account passwords. For more information on phishing scams, see Recognize phishing scams and fraudulent e-mails.
How can I tell if an e-mail is a phishing scam?
Phishing e-mails often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites. They might also contain the following common phrases:
· "Verify your account."
· "Dear Valued Customer."
· "During regular account maintenance…"
For more information see, Recognize phishing scams and fraudulent e-mails.
What should I do if I receive a phishing scam?
If you think you've received a phishing scam, delete the e-mail. Do not click any links in the message. For more information, see How to handle suspicious e-mail.
Where can I get more information about phishing?
Please see the following:
· What to do if you've responded to a phishing scam
· Phishing Filter: Help protect yourself from online scams
· What is social engineering?
· Stay safe from scams and frauds (from StaySafe.org)
· Fighting back against identity theft (from the Federal Trade Commission)