Microsoft Updates Guideline on Windows Driver Security

Microsoft has released an updated guide on driver security. This new guide offers advice that developers could use to ensure Windows drivers are secured against basic attacks and preventable flaws.   Driver Security Guidance This section contains information on enhancing driver security. In this section Topic Description Driver security checklist This topic provides a driver security checklist for driver developers. Threat modeling for drivers Driver writers and architects should make threat modeling an integral part of the design process for any driver. This topic provides guidelines for creating threat models for drivers. Windows security model for driver developers This topic describes how the Windows security model applies to drivers and explains what driver writers must do to improve the security of their devices. Use the Device Guard Readiness Tool to evaluate HVCI driver compatibility This topic describes how to use the tool to evaluate the ability of a driver to run in a Hypervisor-protected Code Integrity (HVCI) environment.   The nice part is that all this is also available as PDF. I am starting to like these new initiatives from Microsoft. I wrote that they are taking a clear stance on PUA and now I see that they are actually…

Microsoft takes on Potentially Unwanted Applications

Starting March 1, 2018, Windows Defender Antivirus and other Microsoft security products will classify programs that display coercive messages as unwanted software, which will be detected and removed. If you’re a software developer and want to validate the detection of your programs, visit the Windows Defender Security Intelligence portal.   Unwanted software Identifying and analyzing unwanted software is a complex challenge. New forms of unwanted software are constantly under development. The same technology that can make software unwanted also appears in software that you want to keep and use (such as antivirus or antimalware software). It’s not always possible to automatically determine whether a program is something you want to keep or something you want to remove.   Evaluation criteria Microsoft researchers use the following categories to determine whether to add a program to the definition library, and what classification type, risk level, and recommendation to give it: Unwanted behavior: The software runs unwanted processes or programs on your PC, does not display adequate disclosures about its behavior or obtain adequate consent, prevents you from controlling its actions while it runs on your computer, prevents you from uninstalling or removing the program, prevents you from viewing or modifying browser features or settings, makes misleading or inaccurate claims…

Network Access Control and IoT Security

Network Access Control,  is an approach to computer security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement. When a computer connects to a computer network, it is not permitted to access anything unless it complies with a business defined policy: anti-virus protection level, system update level configuration. While the computer is being checked by a pre-installed software agent, it can only access resources that can remediate (resolve or update) any issues and nothing else. Once the policy is met (it has an antivirus, it is up to date, etc.), the computer is able to access network resources and the Internet, within the policies defined within the NAC system.   CISCO NAC and Microsoft NAP Network Access Protection or NAP is a Microsoft technology for controlling network access of a computer host based on system health of the host, first introduced in Windows Server 2008. NAP includes client and server components that allow you to create and enforce health requirement policies that define the required software and system configurations for computers that connect to your network. It also enforces health requirements by inspecting and assessing…

Microsoft EMET has a problem with Java – but who doesn’t ?

EMET stands for Enhanced Mitigation Experience Toolkit – and it is a tool that you MUST have installed on your Windows PC. EMET is a utility that helps prevent vulnerabilities in software from being successfully exploited.EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform. For more information about EMET, click the following article number to view the article in the Microsoft Knowledge Base: 2458544 The Enhanced Mitigation Experience Toolkit When EMET mitigations are applied to certain software or certain kinds of software, compatibility issues may occur because the protected software behaves similarly to how an exploit would behave. This article describes the kind of software that usually presents compatibility issues with EMET’s mitigations and a list of products that exhibited compatibility issues with one or more of the mitigations that are offered by EMET.   Java and EMET While I was installing a software that was needing JAVA, EMET popped up several time with an error: EMET version…

No Image

“What do you want to download today?” (free eBooks from Microsoft)

Microsoft finally found out that Free is very, very powerful. Especially when you want to do “free” marketing. For example, this link is going viral across the Internet. So, in the Microsoft way: “What do you want to download today?” 🙂 (I hope this slogan is not copyrighted. 🙂 ) Thank you, Eric Ligman. If you’re not convinced yet to have a look, then start with this one: How To Recover That Un-Saved Office Document  

No Image

Microsoft, you’re not as smart as you thing you are!

I was installing an update of OneNote and I suddenly received this popup:   Continuing could be expensive” You’re connected to a network that limits downloads every month. We need to stream some large files over your network connection to install Ofifice, so we recommend installing while connected to an unrestricted netowork. … Seriourly, Microsoft? How the hack do you know what kind of contract I have? Or, are you working with NSA and spying on my contract? Or with BND (Bundes Nachrichten Dienst – for Germany) ? For the record, I don’t have a volume base internet access contract. I have no idea how they could figure out this. My take on this is that the text is wrong. They wanted to say that “If you are connected to a network that limits downloads every month” things can become expensive.    

No Image

How LinkedIn uses your face for job ads

I saw this picture while being logged in on LinkedIn. I wasn’t doing anything specific and definitely not something related to job  search. This appeared on the right side of the window. The funny thing is that if you click on Apply Now you see that actually the ad is location dependent. This job was in Germany (where I live) and actually relatively near me (Munich is 200 KM near me). No, I didn’t apply 😉    

No Image

Microsoft Defender and dangerous alert levels

Description: This program changes various computer settings. Advice: This software is typically benign when it runs on your computer, unless it was installed without your knowledge. If you’re not sure whether to permit it, review the alert details or check if you recognize and trust the publisher of the software. Category: Tool       Clicking on the link in the dialog gets you here where it is explained that it is actually a Research Tool.   Research Tool:Win32/EICAR_Test_File Tool:Win32/EICAR_Test_File (?) Encyclopedia entry Published: Mar 08, 2007 Aliases Not available Alert Level (?) Severe Antimalware protection details Microsoft recommends that you download the latest definitions to get protected. Detection initially created: Definition: Released: Oct 07, 2008 Summary This potentially unwanted software is detected by the Microsoft antispyware engine. Technical details are not currently available.  

No Image

Guest blogger: Larry.Walsh: Security Idea: Recall the Internet

I totally agree with this blog post of Larry.Walsh (seen on from CompTIA). Source: Author: Larry.Walsh Microsoft’s Scott Charney says we should treat malware-infected PCs in the same manner as 19th century public health officials treated victims of typhoid, tuberculosis and cholera: quarantine. Yes, the head of Microsoft’s Trustworthy Computing believes malware infections are so pervasive and destructive that isolation is the only means for protecting the greater good. Perhaps, but I have a better idea: recall. First, let’s review Charney’s idea – quarantine. “Governments, industry and consumers should support cyber-security efforts modeled on efforts to address human illnesses. For a society to be healthy, its members must be aware of basic health risks and be educated on how to avoid them,” Charney said at the International Security Solutions Europe (ISSE) Conference in Berlin this weekend. Charney, who worked at the Department of Justice prior to joining Microsoft, is essentially correct. In the past three years, the world has seen an explosion of malware – more than 5 million new samples. Just one of the past three years has produced more malware than in 20 years prior to 2007. Each year, malware costs individuals and businesses millions of dollars…

%d bloggers like this: