Scott Charney, Microsoft's corporate vice president of Trustworthy Computing (TwC), recently talked to the publication Computerworld about the general state of computer security and Microsoft's efforts in particular.
Charney talks about Microsoft's relationship with the security community, the greatest threats to your security right now, and what Microsoft is doing to make sure that computer security is easy enough for his 78-year old mother.
Read the interview.
A lot of you have recently asked us about ActiveX controls.
Here's an example of a message you might have seen:
What are ActiveX controls?
ActiveX controls are small programs, sometimes also called "add-ons," used on the Internet. They can make browsing more enjoyable by allowing animation or they can help with tasks such as installing security updates at Windows Update.
Some Web sites require you to install ActiveX controls in order to see the site or perform certain tasks on it. The Web site that provides the ActiveX control should tell you what the control is for and provide any details you need to know before you install it.
What are the risks?
Unfortunately, ActiveX controls are like any other software program — they can be misused. They can stop your computer from functioning correctly, collect your browsing habits and personal information without your knowledge, or can give you content, like pop-up ads, that you don't want. Also, "good" ActiveX controls might contain flaws that allow "bad" Web sites to use them for malicious purposes.
Given these risks, you should only install ActiveX controls if you have information about the Web site that offers the control and the publisher that created the control. With this information you should then decide if are willing to trust your personal information to the Web site and to the publisher. For more information on how to determine if you trust a Web site, see How to recognize spoofed Web sites.
Here's a good rule to follow: If an ActiveX control is not essential to your computer activity, avoid installing it.
What do I do if I don't want to install an ActiveX Control?
When you install an ActiveX control, Internet Explorer displays a dialog box that identifies the publisher, and asks if you want to run the file. Click Don't run if you do not trust the Web site and publisher.
The Information Bar and the Add-on Manager also allow you to turn off ActiveX controls once you've enabled them. You can also delete them.
For more information, see How to remove an ActiveX control in Windows.
If you're interested in a much more detailed and technical explanation, see Designing Secure ActiveX Controls or Introduction to ActiveX Controls.
We've received several questions from blog readers who need help with their Hotmail accounts.
While we can't answer each question individually, below we answer five commonly asked questions. And we show you a few different places where you can get more help.
Hotmail is now Windows Live Hotmail. The screen might look a little different from what you’re used to seeing, but your e-mail address and password are the same and there are some great new features, like better protection from spam.
For more information, see mail.live.com.
If you've received abusive, harassing, or threatening e-mail messages from a Hotmail account, forward a complete copy of the abusive message (including the full message header) to [email protected].
You can also block the sender so he or she won't be able to send e-mail to you anymore.
Block e-mail from a specific sender:
1. Click the message from the sender you want to block.
2. Click Mark as unsafe. The e-mail message is deleted, and any additional e-mail messages from the same e-mail address are blocked.
If you think someone is trying to illegally access your personal information, such as your bank account number, credit card information, or your password, click Report phishing scam. For more information, see Recognize phishing scams and fraudulent e-mails.
You should check your junk mail folder periodically to check for real messages. Legitimate mail might be accidentally filtered into the junk folder because it might look like spam to Hotmail.
When you find a message that's not junk, click the Not Junk button while you are inside the e-mail message. This adds the sender to the safe senders list so that future e-mail messages from this sender will go directly to your e-mail inbox.
To help prevent a sender's e-mail messages from going into your junk folder, open an e-mail message from that sender and then click Mark as safe.
To use your Windows Live Hotmail account if you don't have your password, you must reset the password.
Reset your password:
1. On the Windows Live Hotmail Web site sign-in page, click Forgot your password?
2. Type your e-mail address and the characters from the picture, and then click Continue.
3. Select one of the following methods:
· Request password reset instructions in an e-mail message to an alternate e-mail account of yours.
1) Click Send yourself a password reset e-mail message.
2) Click Send Message.
3) Click Done.
4) Open your alternate e-mail account, and then follow the instructions in the e‑mail message from Windows Live ID.
· Answer your secret question to verify your identity.
1) Click Provide account information and answer your secret question.
2) Select your country or region, provide the answer to your secret question, and then click Continue.
3) Enter and confirm your new password, and then click Continue.
4) If you want to set up an alternate e-mail address, enter the e-mail address twice, and then click Continue. If you don't want to set up an alternate e-mail address, click Skip.
5) Click Done.
Visit the Windows Live Hotmail close account Web page. Follow the on-screen instructions, and then click Close account to close your account.
More questions? Get online support
Support for Hotmail is available 24 hours a day at mail.live.com. If you have a logon name and password, you can sign in to your account. Click the blue question mark to get help on any of the Windows Live Hotmail pages. Or visit the Windows Live Hotmail help page.
If you can't find the answer to your problem through Help, you can send e-mail to [email protected].
Microsoft makes every effort to answer e-mail support requests within 24 business hours.
Windows Defender is an antispyware program from Microsoft that helps protect you from spyware, pop-up windows, and other unwanted software. It's free to download for Windows XP users and it comes with Windows Vista. (You don’t need to download or install it if you have Windows Vista. For more information, see Windows Defender for Windows Vista.)
To check whether Windows Defender is already installed on your computer:
1. Click Start and then click All Programs.
2. Look for Windows Defender in the list presented.
If your computer is running Windows XP and you don't see Windows Defender on the list, you can download the program for no charge.
The Internet is a great place to start your job search and post your résumé—but beware of online scammers.
Scammers target popular job search Web sites with malicious software that infiltrates databases and allows criminals to access personal information of job applicants. Some scammers also pose as prospective employers and solicit information from potential candidates, such as names, addresses, phone numbers, and e-mail addresses.
Scammers collect this information in order to send fake or spoofed e-mail messages to job applicants.
These e-mails are known as phishing scams. These particular phishing scams are tough to spot because the sender uses the stolen personal information to make the e-mails more convincing.
If you use the Internet to look for a job, you should be careful no matter what sites you use.
Safety tips for online job searches
· Use an Internet service provider (ISP) that includes e-mail authentication to detect spoofed and forged e-mail. The leading industry standard is Sender ID, now used by more than 12 million domains.
· Use Microsoft Phishing Filter, available in Windows Internet Explorer 7 for Windows XP Service Pack 2 (SP2) and in Windows Vista.
· Never provide any non–work-related personal information such as your social security number, credit card number, date of birth, home address, and marital status online, through e-mail, over the phone, in a fax, or on your résumé.
· List your résumé on job sites that allow only verified recruiters to scan them. Review the site's privacy policy to determine if they provide e-mail addresses to any third parties.
· Carefully evaluate contact information in job ads or related e-mails. Watch out for spelling errors, an e-mail address that does not feature the company's name, and inconsistencies with area codes or ZIP codes. For more tips on spotting phishing scams, see Recognize phishing scams and fraudulent e-mails.
· Verify a prospective employer, recruiter, or recruiting agency through another source, such as the Better Business Bureau or a phone book, and then contact them directly. Ask for e-mail addresses and phone numbers. A good recruiter will appreciate your diligence and good judgment.
· Create exclusive Web-based e-mail addresses and accounts for all non-personal communication.
For more tips to help keep your personal information safe when you search for a job, see Beware of scams when job-hunting online.