Microsoft tempts antitrust lawyers with expanded antivirus offering | ZDNet

You want a good, solid, free antivirus program? Microsoft Security Essentials fills the bill nicely. Unfortunately, even though it was officially released more than a year ago, it’s still one of the best-kept secrets in personal computing. Its installed base of 30 million users worldwide might sound big in raw numbers, but it’s a drop in the bucket compared to the billion-plus Windows PCs in use.

All that’s about to change, as Microsoft has now begun delivering Microsoft Security Essentials via Microsoft Update to customers in the United States (a pilot program in the UK started earlier this year). If Windows detects that you’re currently running without up-to-date antivirus protection, this is what you’ll see in the Optional Updates section:

read more Microsoft tempts antitrust lawyers with expanded antivirus offering | ZDNet.

‘Private Browsing’ Not So Much – PCWorld

Security researchers have revealed that ‘private browsing’ modes on web browsers, which are designed to remove all traces of the sites a user has visited, can leak information.

A study by Dan Boneh from Stanford University which is due to be presented at the Usenix Security Symposium in the U.S. next week claims that many browser add-ons or website security measures stop the ‘private browsing’ mode from working properly.

via ‘Private Browsing’ Not So Much – PCWorld.

Google Dumps Microsoft Windows Company-Wide — Blames Windows For China Hacking Attack

Well, Google has taken the next step in its world domination plan, banning Microsoft Windows from internal use.

Employees will be given the choice between Apple’s Mac OS and Linux.

Adding insult to injury, Google is also publicly citing Windows security problems for the decision and blaming Windows vulnerabilities for the China hacking incident.

So that’s 20,000+ Windows licenses that won’t be sold and renewed at Google in future years.

Given that Google is in the process of introducing a competitive platform and operating system (Android/Chrome), this move isn’t surprising. The important question for Microsoft is whether other companies will follow suit.

via Google Dumps Microsoft Windows Company-Wide — Blames Windows For China Hacking Attack.

Report: Google password system attacked | Tech News on ZDNet

The cyberattack on Google last year reportedly yielded access to a password system that controls millions of users’ access to the company’s services including e-mail and business services.

Gaia, which allows users to sign in using their password once for a range of services, was compromised during a two-day attack last December, according to a New York Times report that cited a person with knowledge of an internal investigation. However, Gmail users’ passwords do not appear to have been stolen, and the company quickly initiated security changes to its networks, according to the report.

via Report: Google password system attacked | Tech News on ZDNet.

Beware the new Facebook password reset scam | InSecurity Complex – CNET News

If you get an e-mail that appears to be from Facebook saying the company reset your password and urging you to open an attachment, it is a scam. Repeat, it is a scam.

McAfee warned people in a blog post on Wednesday to beware of an e-mail that appears to come from Facebook urging recipients to open an attachment to get their new password.

The attachment contains a password stealer that can potentially access any username and password combination used on the computer, not just the login credentials for Facebook.

“This threat is potentially very dangerous considering that there are over 350 million Facebook users who could fall for this scam,” McAfee says. “This is also the sixth most prevalent piece of malware targeting consumers in the last 24 hours, as tracked by McAfee Labs.”

There are obvious clues that this is a phishing scam. For one, Facebook doesn’t send e-mails like this. It may send an e-mail with a link where the user can reset the password, but not an e-mail with an attachment. Secondly, the e-mail has poor grammar and awkward phrases. For instance, Facebook is not capitalized in the salutation.

via Beware the new Facebook password reset scam | InSecurity Complex – CNET News.

Google buffs Chrome privacy in new beta –

Google has improved privacy features and introduced automated translation of foreign-language web pages in a new version of its Chrome 4.1 beta browser for Windows.

Users can now control how the browser handles cookies, images, JavaScript, plug-ins and pop-ups on a site-by-site basis, the company said on the release of the new beta version on Tuesday. For example, they can decide whether to allow cookies only from trusted sites.

“Browsers are perhaps the most important piece of software for computer users today,” said Google’s Munich engineering director Wieland Holfelder in a statement. “With the new release, we also give users even more choice and control over their own privacy while surfing the web.”

via Google buffs Chrome privacy in new beta –

Zeus Trojan infects 74,000 PCs in global botnet | Tech News on ZDNet

More than 74,000 PCs at nearly 2,500 organizations around the world were compromised over the past year-and-a-half, in a botnet infestation designed to steal login credentials to bank sites, social networks and email systems, a security firm said on Wednesday.

The systems were infected with the Zeus Trojan, and the botnet was dubbed ‘Kneber’ after a username that linked the infected PCs on corporate and government systems, according to NetWitness.

via Zeus Trojan infects 74,000 PCs in global botnet | Tech News on ZDNet.

Microsoft probes possible privacy snafu | Tech News on ZDNet

Microsoft is looking into reports that some Windows Live customers may have gotten access to other users’ information.

“Microsoft is investigating reports of a limited number of instances in which Windows Live customers may have access to other customers’ accounts when accessing their account through mobile Web browser,” the company said in a statement Tuesday. “Microsoft takes customers’ privacy seriously, and immediately upon learning of these reports, we started an investigation.”

The Microsoft Live sign-in was unavailable for about an hour Tuesday. No word if the two incidences are related.

The company added that it “will take appropriate action once we have completed the investigation.”

via Microsoft probes possible privacy snafu | Tech News on ZDNet.

Malware hits all-time high in January | Tech News on ZDNet

The amount of unique malware tracked by security vendor Fortinet, reached an all-time high in January.

Its distinct malware volume soared to over 9,000 last month, more than twice that in December, the company said in a statement Wednesday. Headquartered in Sunnyvale, Calif., Fortinet collects data from its FortiGate network security appliances and intelligence systems located globally, and compiles monthly threat statistics from the data.

Topping the charts were variants of Bredolab, accounting for more than 40 percent of all malware activity. The Bredolab downloader program, which has assumed the No. 1 position since November 2009, has been associated with the Gumblar attacks, said Fortinet.

via Malware hits all-time high in January | Tech News on ZDNet.

Microsoft, Google split over browser bug bounty | InSecurity Complex – CNET News

To entice security researchers to look for holes in the Chrome browser, Google has announced it will pay $500 for bugs found in the code. But several experts say that’s not enough money to motivate skilled vulnerability researchers.

“I think it’s ridiculous,” Charlie Miller, a senior security researcher at Independent Security Evaluators, said when asked Monday for his opinion of Google’s new bug bounty program. “It’s insulting. It’s so low.”

Under Google’s new “experimental” incentive program, announced last week, people will get paid $500 for select interesting and original security vulnerabilities discovered in Chrome, or $1,337 for particularly severe or clever bugs. That figure refers to the geek term for elite, or “leet,” which can be spelled out using the numbers.

Mozilla pays $500 to researchers who find valid security bugs in the Firefox browser, the Thunderbird e-mail client, or the Mozilla suite.

via Microsoft, Google split over browser bug bounty | InSecurity Complex – CNET News.