Understanding The Many Microsoft Anti-Malware Software

If you are like many folks, it is really hard to understand the many names (some reused) for Microsoft Anti-Malware Software. Don’t feel like you are the only ones! Many people are confused about the various names especially those that have been resurrected and revamped.

Corrine at her Security Garden Blog has a great article to help you sort out all the names, the reused names, and what they all do! It was posted back in April 2012 and recently updated June 2014:

Understanding Microsoft Anti-Malware Software – Security Garden Blog 

Microsoft provides a variety of security products for both consumers as well as business environments.  With multiple products available, there is bound to be questions and, occasionally, confusion on which product to use.

This article is presented to help clarify questions about the variety of Microsoft anti-malware products.  (Updated:  06JUN2014)

The article starts out with the most confused ones; Microsoft Security Essentials (MSE), the renamed and revamped Windows Defender for Windows 8, but it doesn’t end there.

A must read article for anyone who wants to understand the many Microsoft Anti-Malware Software packages out there for the various versions of Windows for Consumers, Business and Enterprise customers.

WinPatrol Changing of the guard

WinPatrol – Scotty

WinPatrol has been very important over the years. I have several (six I think at least) lifetime memberships of WinPatrol software and I install it on all my Windows installs personally and for my friends, family and clients. It has been a staple in my security arsenal for many years now, and BillP has been a great friend to all of us.

BillP, thank you so much for continuing to look for someone who would fit the bill, as it were, and you certainly found a great choice!

I am very excited about the promise that Bret Lowry made to WinPatrol customers:

My commitment to WinPatrol customers is as follows:

One, your lifetime PLUS licenses are just that, lifetime licenses. That was the easiest topic in our negotiation and is written into the contract.

Two, WinPatrol will not have toolbars or other “add-ins” added to it or its installer. Installers that do that drive me crazy because I’m the guy people call to “fix” their computer after the installer completes its hijacking. I am not going to do that to my customers.

Three, I will be responsible for answering support questions, even more incentive to play nicely and stand-by item two above. And

Four, I use WinPatrol myself and therefore am committed to the continued improvement of WinPatrol. I am honored to have earned Bill’s trust and confidence in his allowing me to purchase WinPatrol. Bill has run WinPatrol with integrity since its inception, as a founder of Ruiware (along with my wife), I promise we will carry on that tradition.”

BillP, after reading your blog posting and Corrine’s Security Garden posting, I was totally thrilled to read about Bret Lowry, Ruiware, LLC being your choice.

Totally awesome! I knew you wouldn’t let us down! Thank you Bill for all the years you have given to us! We totally understand your need to step aside and wish your family all the best and your family is ever in my thoughts and prayers.

Corrine, thank you for letting us know of the change right away!

This must be a bittersweet day for BillP; to let go of his baby, to turn it over to someone else, but sweet knowing he turned it over to a great guy who will care for his customers the way he did.

Hi Bret Lowry! I am excited to meet you in Bits from Bill and from Security Garden Blog. Thank you for putting our minds at ease about the commitment you have given us. Hope you will still do the sales periodically like BillP always did and keep the price economical and the free edition which is so important.

On WinPatrol.com:

I’m very happy to announce WinPatrol’s future will be in the hands of Ruiware founder and former lead at Sunbelt Software, Bret Lowry. If you read today’s post and download our new version later today you’ll understand why I’m confident Scotty is in good hands.
Click here to find out why

And this wonderful note from Bret too:

WinPatrol.com - WinPatrol from Ruiware.

WinPatrol.com – WinPatrol from Ruiware. “When I discovered WinPatrol I knew it was a winner and a program I’d install for my entire family. WinPatrol customers matter. You still won’t find obnoxious toolbars when you download WinPatrol. Instead, we help you get rid of them. Thanks, Bret Lowry — Click on image to go to WinPatrol.com

In closing, I would like to echo Corrine’s thoughts from her Security Garden blog entry:

On a personal note, I have long respected Bill Pytlovany and, because of his honesty and high ethical standards, held him in high esteem.  I know I won’t be losing contact with him but still wish to take this opportunity to publicly thank Bill for providing an excellent product.

I could not have said it any better!

Microsoft has quietly stopped serving security updates to Internet Explorer 11 (IE11)

Microsoft has quietly stopped serving security updates to Internet Explorer 11 (IE11) on Windows 7  according to an article on Computerworld:

Microsoft strips some Windows 7 users of IE11 patch privileges – Computerworld

Microsoft has quietly stopped serving security updates to Internet Explorer 11 (IE11) on consumer and small business Windows 7 PCs unless the customer has successfully applied an April update for the browser.

The requirement and associated patch stoppage were similar to those Microsoft mandated for Windows 8.1 when it told customers they had to migrate to Windows 8.1 Update by June 10 or lose their patch privileges. The Windows 7 requirement, however, affected only IE11, Microsoft’s newest browser, not the operating system.

This type of thing is very hard to understand. Why would Microsoft do such foolish things. Why would they cut off their nose to spite their face by making things so difficult for their users? Windows Update should provide what is needed as it is needed. Period. If they can’t figure out how to do that, maybe they need to get someone in there to help them do the updates.

At this rate, they will be causing more people to move from Windows to other platforms like Mac and Linux. Do they not realize this? Not to mention that people need their security updates not just for the operating system but for the browser. If they want to maintain market share with their IE browser, they are showing a very strange way of doing that by cutting off the very much needed security updates because one hasn’t installed as yet. Why is it not installed? That is what should be addressed here.

All future security and non-security updates for Internet Explorer 11 require you to have update 2919355 or update 2929437 installed in order to receive updates (emphasis added).”

With the way that malware is attacking Microsoft Windows, I can not see how they can feel it is OK to do this as well as stopping supporting Windows XP when it as still garnered nearly a third of all users world wide even after security update support was ended for Windows XP. As of today, June 15, 2014 it still garner’s over 25% or 1/4 of the total global market:

netmarketshare.com as of 6-15-2014 - choose operating system Desktop Share by Version

netmarketshare.com as of 6-15-2014 – choose operating system Desktop Share by Version

 

May 2010 Windows 2000 fell below 5% and end of life for Extended Life Support of Windows 2000 was July 10, 2010 so WINDOWS 2000 FELL below 5% TWO MONTHS BEFORE SUPPORT ENDED.

OS Statistics- w3schools_org – includes less then 5% Win2K market share at time of end of support (PDF)

Windows 2000 End-of-Life – Strategic Technology Resources – Site Home – TechNet Blogs-11-10-2009 (PDF)

Netmarketshare postings.

Then the Windows 8.1 Update 1 fiasco and now this IE11 fiasco.

There is something very anti-customer about all of this, don’t you think? Especially in light of the fact that Windows is the most high profile target for malware purveyors because it garners the greatest marketshare.

I personally feel Microsoft has a made a BIG mistake ending support for Windows XP when it still holds slightly over 25% or 1/4 (one quarter) of the total global marketshare as shown above. And they are continuing to make security missteps for Windows 8.1 and Windows 7 users now too.

I do not understand. Microsoft has never been this way before in it’s long history of being customer centric. It just does not make sense.

Bits are Bits…Net Neutrality

But they say we'll all be better off this way (as they cut new content, innovation, consumer choice)

But they say we’ll all be better off this way (as they cut new content, innovation, consumer choice) – Imgur.com

What is net neutrality?

At its simplest, net neutrality holds that just as phone companies can’t check who’s on the line and selectively block or degrade the service of callers, everyone on the internet should start on roughly the same footing: ISPs shouldn’t slow down services, block legal content, or let companies pay for their data to get to customers faster than a competitor’s.

In this case, we’re also talking about a very specific policy: the Open Internet Order, which the FCC adopted in 2010. Under the order, wired and wireless broadband providers must disclose how they manage network traffic. Wired providers can’t block lawful content, software, services, or devices, and wireless providers can’t block websites or directly competing apps. And wired providers can’t “unreasonably discriminate” in transmitting information. The FCC has been trying in one way or another to implement net neutrality rules since 2005.

That was in the sidebar from The Verge’s article from May 14, 2014 called GAME OF PHONES: HOW VERIZON IS PLAYING THE FCC AND ITS CUSTOMERS

So very important!

Much more in the article.

I found that when I was reading a more recent article by arstechnica called Report: Verizon FiOS claimed public utility status to get government perks:

“It’s the secret that’s been hiding in plain sight,” said Harold Feld, senior VP of consumer advocacy group Public Knowledge and an expert on the FCC and telecommunications. “At the exact moment that these guys are complaining about how awful Title II is, they are trying to enjoy all the privileges of Title II on the regulated side.”

“There’s nothing illegal about it,” Feld, who wasn’t involved in writing the report, told Ars. However, “as a political point this is very useful.”

The FCC classifies broadband (such as FiOS) as an information service under Title I of the Communications Act, resulting in less strict rules than the ones applied to common carrier services (such as the traditional phone system) under Title II. But since both services are delivered over the same wire, Verizon FiOS is able to reap the benefits of utility regulation without the downsides.

Much more in this article as well.

Bits are bits. This is the point I have been pushing. Like water companies, electric companies and even telcos. There should be no fast lanes. There should be no place where they discriminate between bits. They are the water or electric company of the Internet. they provide the pipes that the data rides through. They should be simply providing the bits and not discriminating between them.

If they start discriminating between the bits, they set themselves up as the gatekeepers of the Internet. It opens the door to invasion of privacy and discrimination. It also stifles innovation by making it easier for big business to control the industry. It makes it exponentially harder for the next “Google” or “Yahoo” or other disruptive innovation to take off. If Google or Yahoo had to pay for fast lanes for their customers in the early days of the Internet, they never would have made it out of the gate. Neither will the next innovative and disruptive technology. And we will all be the losers if that happens. It will also make it harder for small businesses in general that might have an online component to their business to provide competitive services because they can’t afford to pay for those fast lanes. This will be true of small businesses that provide remote services as well as hosting, etc.

I think it is very important to contact the FCC and submit your thoughts on this very important issue of Net Neutrality which will affect us all in one way or another. Even if we are just users of the Internet, we will also feel the monetary impact, as well as freedom and privacy impact, and innovation impact. We always do.

What Do You Want Your Representatives to Ask Chairman Wheeler About Net Neutrality? – EFF.org:

Thus, Congress has an important role to play in the struggle for a neutral Internet. We know that members of the subcommittee are planning to re-write the Communications Act, and we know that letters from Congress members aren’t taken lightly by the FCC in the rulemaking process. That means it’s time to let our elected officials and the FCC know that we will fight to protect the future of our open Internet.

Here are three ways to join the debate and have your voice heard:

  1. Today, tweet your questions for FCC Chairman Wheeler during the Communications and Technology Subcommittee hearing using the hashtag #AskWheeler.
  2. Call your representative. Let’s be clear: any rules that allow Internet providers to discriminate against how we access websites would be a disaster for the open Internet.
  3. Submit comments in the FCC official rulemaking process. We’ve made it easy with our DearFCC.org public comment tool. It’s time to fill the FCC’s Open Internet docket with our voices and our stories. After all, it’s our Internet.

There are no easy solutions. But the FCC and Congress both want and need to hear from us. So let’s give them what they ask for. Let’s defend our Internet.

eBay – Change your passwords

Yep, this announcement was published by eBay and retracted and then put back out again. So yes, this is real.

EBay customers must reset passwords after major hack  CNN Money

Not just a rumor…as a precaution, in case the hackers are really good … time to change your ebay passwords. 

Hackers quietly broke into eBay two months ago and stole a database full of user information, the online auction site revealed Wednesday.

Criminals now have possession of eBay customer names, account passwords, email addresses, physical addresses, phone numbers and birth dates.

The company said the passwords were encrypted and are virtually impossible to be deciphered. Still, as a precaution, eBay is asking everyone to reset their passwords late Wednesday.

The company isn’t saying how many of its 148 million active accounts were affected — or even how many customers had information stored in that database. But an eBay spokeswoman said the hack impacted “a large number of accounts.”

eBay Suffers Massive Security Breach, All Users Must Change Their Passwords – May 21, 2014 – Forbes:

eBay is taking the breach extremely seriously stating that users employing the same password across eBay and other sites should also change those passwords. It stresses your eBay password should be unique.


eBay Inc. To Ask eBay Users To Change Passwords – eBay Announcements page (Posted May 21st, 2014 at 8:50 AM):

eBay Inc. To Ask eBay Users To Change Passwords

Earlier today eBay Inc. announced it is aware of unauthorized access to eBay systems that may have exposed some customer information. There is no evidence that financial data was compromised and there is no evidence that PayPal or our customers have been affected by the unauthorized access to eBay systems. We are working with law enforcement and leading security experts to aggressively investigate the matter.

As a precaution, we will be asking all eBay users (both buyers and sellers) to change their passwords later today. As a global marketplace, nothing is more important to eBay than the security and trust of our customers. We regret any inconvenience or concern that this situation may cause you.  We know our customers and partners have high expectations of us, and we are committed to ensuring a safe and secure online experience for you on any connected device.

Click here for updates and additional information.

- See more at: http://announcements…h.V13eaJ1m.dpuf

That Click here link above: Frequently Asked Questions on eBay Password Change – ebayinc.com:

What happened?

Our company recently discovered a cyberattack that comprised a small number of employee log in credentials, allowing unauthorized access to eBay’s corporate network.  As a result, a database containing encrypted password and other non-financial data was compromised.  There is no evidence of the compromise affecting accounts for Paypal users, and no evidence of any unauthorized access to personal, financial or credit card information, which is stored separately in encrypted formats.  The company is asking all eBay users to change their passwords.

What customer information was accessed?

The attack resulted in unauthorized access to a database of eBay users that included:

Customer name
Encrypted password
Email address
Physical address
Phone number
Date of birth

Was my financial information accessed?

The file did not contain financial information, and after conducting extensive testing and analysis of our systems, we have no evidence that any customer financial or credit card information was involved. Likewise, the file did not contain social security, taxpayer identification or national identification information.

Has the issue been resolved?

We believe we have shut down unauthorized access to our site and have put additional measures in place to enhance our security. We have seen no spike in fraudulent activity on the site.

BOLD RED emphasis mine.

More in the article.

I think there is some truth to this too:

eBay’s handling of cyber attack ‘slipshod’ – The Telegraph:

A British security expert has branded eBay’s reaction to a huge cyber attack “slipshod” as emails warning customers that their personal details were stolen have still not been sent out, almost 24 hours after news of the security breach was inadvertently leaked

I certainly would have appreciated an email (not with a link it it necessarily) but message within my eBay would have been good. I don’t click links in email but I would have gone to eBay announcements link at the bottom of every eBay page.

However, as a user, I really appreciate that eBay was forthcoming in the ebayinc.com FAQ.

I changed my eBay password as soon as I heard about it the first time. If you haven’t, please, go take care of that and make sure it is a unique password.

Patch Tuesday Sounds the Death Knell for XP

Patch Tuesday Sounds the Death Knell for Win XP – Graham Cluley – Lumension Blog

So this is it.

The big one.

We’ve had false starts before, but this time Microsoft really *are* going to tell the world about security vulnerabilities in Windows and *not* patch them in XP.

As soon as Microsoft releases its regular bundle of security patches later today, the clock starts ticking.

Because malicious hackers and penetration testers will be exploring how they can reverse-engineer Microsoft’s fixes in more modern versions of Windows to see if they can be exploited on the no-longer-supported Windows XP.

And, trust me, although the numbers are falling – there are still plenty of home users and businesses running computers on Windows XP.

Much more in the article.

And Graham Cluley is right … Microsoft is NOT patching Windows XP this time for this critical IE/Internet Explorer vulnerability like they did May 1. However, they did patch many other things.

Oh, and don’t forget your Adobe updates for Flash, Reader, and more!

NOTE: Windows XP still garners 26.29% of total NetMarketShare – Choose Operating System by Version. Windows 7 is at 49.27% Between them Windows 7 and Windows XP hold 3/4 of all the global market share. Every other OS fits in the last 1/4 of the Operating System by Version pie.

Malware infections tripled in late 2013 thanks to sneaky browser plugin, Microsoft says

Malware infections tripled in late 2013 thanks to sneaky browser plugin, Microsoftsays – PCWorld

A three-fold increase in Microsoft Windows computers infected with malicious software in late 2013 came from an application that was for some time classified as harmless by security companies.

The finding comes as part of Microsoft’s latest biannual Security Intelligence Report (SIR), released on Wednesday, which studies security issues encountered by more than 800 million computers using its security tools.

Microsoft has added detection of this malicious piece of crap to it’s  Malicious Software Removal Tool (MSRT), and let others know about it as well back in December 2013 according to the article.