When you use Internet Explorer 8 and Internet Explorer 7 you can help protect your computer from viruses, spyware, and other malicious software by surfing the Web in Protected Mode.
Protected Mode is always automatically active. You can check your status bar on the bottom of your Internet Explorer window to make sure it’s running.
For more information, see What does Internet Explorer Protect Mode do?
The Security Intelligence Report (SIR) is a comprehensive study of malicious software that Microsoft releases twice a year.
The latest report is Volume 8 (SIR v8) and covers analysis from September 2009–March 2010.
SIR v8 shows that the nature of cyber threats has become more sophisticated and professional but so has the ability of security professionals and software to protect against them.
Also, incidents involving attacks (hacking, malware, and fraud) have been significantly outnumbered in recent years by incidents involving negligence (lost, stolen, or missing equipment; accidental disclosure; or improper disposal).
The report finds that newer operating systems like Windows 7 are more secure. However, no matter what operating system or software your computer is running, the best way to protect it is to automatically install security updates.
To read about the key findings of the report or to download the full report, see Microsoft Security Intelligence Report Volume 8.
Support for Windows Vista without any service packs ends today, April 13, 2010.
If your computer is running Windows Vista without Service Pack 2, you won't get security updates for Windows. This means that your computer will be at risk for viruses, spyware, rogue security software, and other malicious software.
The newest operating system from Microsoft is Windows 7. To learn more, see Windows 7: new and improved security features.
If you want the most updated version of Windows Vista, get Windows Vista Service Pack 2 (SP2).
For more information, see:
· Support is ending for some versions of Windows
· What does it mean if my version of Windows is no longer supported?
· Compare versions of Windows
· Which version and service pack am I running?
Microsoft releases security updates on the second Tuesday of every month. Today Microsoft released 8 new security updates for Microsoft Windows and 2 new security updates for Microsoft Office and 1 new update for Microsoft Exchange Server.
Get the updates
To download the update, visit the Microsoft Update Web site. If you have automatic updating turned on, your computer will update and install this security update.
Read more about the updates.
Watch a video about the updates.
If you read this blog, you probably have at least a passing interest in learning about online safety or teaching others about it. Whether you’re an IT professional, a teacher, a parent, or just someone who happens to know a lot about cybersecurity, the U.S. government wants you.
The United States Department of Homeland Security is soliciting ideas from the public about how to spread the word about cybersecurity. They are especially interested in ideas that use social networking or other Web 2.0 technologies to get this information to the public.
The challenge is open until April 30, 2010.
Send your proposal to [email protected].
For more information and to read the challenge requirements, see the National Cybersecurity Awareness Campaign Challenge.
Questions about the challenge should be sent to [email protected].
If you’ve ever seen suspicious pop-up ads with urgent warnings to download security software, you’re not alone. According to the most recent Microsoft Security Intelligence Report, fake security software (also known as rogue security software) is the most prevalent trend in malicious software today.
To learn more about rogue security software and to help protect yourself against it, watch these three short videos created by the Microsoft Malware Protection Center. Feel free to share them with your friends and family.
· What is rogue software?
· How to check for rogue software
· How to defend your computer against rogue software
If you want to keep up with the very latest information about Microsoft’s response to emerging security issues, you can now follow the Microsoft Security Response Center (MSRC) on Twitter. The address is http://twitter.com/msftsecresponse.
If you follow us, you'll be the first to read:
· Behind-the-scenes information.
· Updates during the early stages of security incidents.
· Regular postings for the bulletin release cycle.
To learn more, read Jerry Bryant’s post on the MSRC blog.
And if you’re more interested in security for your home and family, follow our online safety team on Twitter.
Screen scraping is the act of taking all the information that a person has posted on their Web site or social networking page and then using the information to break into the user’s account or to commit some other fraud involving identity theft.
Social networking Web sites such as Facebook have grown exponentially in the past few years, and it’s not uncommon for people to post personal pictures and reveal personal information about themselves. People often prefer Facebook to traditional blogs because information is usually only available to people that they choose. However, if cybercriminals gain access to your Web site or social networking page, they can use screen scraping to steal your information and can pose as you. For more information about this type of scam, see Scammers exploit Facebook friendships.
You can use strong passwords and learn techniques to avoid social engineering scams, but the best way to prevent the negative effects of screen scraping is to minimize the amount of information that you post online.
Here are a few tips:
· Do not post anything online that you would not want made public.
· Minimize details that identify you or your whereabouts.
· Keep your account numbers, user names, and passwords secret.
For more information, see the following articles:
· Protect your privacy on the Internet
· Your information on the Internet: what you need to know
· How to reduce the risk of online fraud
· Help protect yourself against phishing scams and identity theft
Security essentials 2010 is the latest fake security software to use the Microsoft name to spread malware instead of to help protect against it. Security essentials 2010 is a form of rogue security software that cybercriminals use to trick people into infecting their own computers.
This fake software will not protect you against malicious software. In fact, it also asks you for payment in order to “unlock the full version.” Once the cybercriminals get your payment information, they can use it to commit even more fraud.
Microsoft Security Essentials is free to download. There is no trial version. You can download the program, find out more information about how it works, and see screenshots or the real product at Microsoft.com/Security_Essentials.
Here’s a screenshot of the fake software:
For more information about this fake software, see the Microsoft Malware Protection Center blog.
Most Internet users have probably seen e-mail scams that include promises of large amounts of money in return for a small initial payment. This is called advanced fee fraud, and every year, victims lose money to this scam and often inadvertently turn their personal information over to cybercriminals.
The MSN Auto Protection scam is a type of advanced fee fraud that cybercriminals use on auto buying Web sites like MSN Autos. Here’s how it works:
The cybercriminal offers a car for sale (often at a very low price) and when a buyer makes contact, the cybercriminal offers to sell the car using an escrow or third-party payment service such as “MSN Auto Protection Plan” or “MSN Money.” The cybercriminal claims that these services protect buyers because the payment for the car is held safely until the car is delivered. The problem is that there is no “MSN Auto Protection Plan” and MSN Money is not a third-party payment service.
Note: Third-party payment services (such as PayPal) do exist. For more information, see How to use third-party payment services.
The cybercriminal then sends a spoofed e-mail message to the buyer that appears to come from MSN. The buyer sends a payment, but never receives the car. Like the Microsoft Lottery scam and other scams that use the Microsoft name fraudulently, cybercriminals use the Microsoft logo and even copy language that you might see in genuine Microsoft e-mail messages.
To read more about how this scam works in the United Kingdom, see Warning: MSN Cars Vehicle Purchase Protection Program FRAUD.
To learn how to protect yourself from other types of fraud, see:
· Reduce the risk of online fraud
· How to recognize phishing e-mails or links
· Phishing scams that target activities, interests or news events
· How to recognize spoofed Web sites