Microsoft Windows Malicious Software Removal Tool Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here:

http://go.microsoft.com/fwlink/?LinkId=40573

Microsoft offers free security program

CNN Article

Microsoft (r) Windows AntiSpyware (Beta)

Microsofts Spyware Site

Microsoft Anti-Spyware Software Info

I downloaded and installed the beta this morning, and it is interesting. I have attached a couple of screen shots. For those familiar with Ad-Aware and Spybot S&D there are a lot of similarities.

Everyone should update all of their computers to SP2. This new "service pack" is packed with many features to help protect your home computer.
It will be available via Windows Update soon, or you can download it from TechNet right now.

Here is a snippet from Slash Dot...

"Service Pack 2 for Windows XP has been released to manufacturers (RTM), is available to MSDN customers, and will soon be available to all via Windows Update and Microsoft sites. At ~ 250 megs, the download is big, and Microsoft will be offering the option of getting it on CDs. The much awaited Service Pack comes with many security updates (new NX and DEP protection), extra features (firewall, security center), and improvements for Windows. New versions of IE and OE come with the release, as well as improvements in the wireless networking field. So far, the service pack seems to be very stable (no known major issues) and does seem to speed up most systems. A review of SP2 Final with some limited download links is available at Neowin.net. I'd urge all users (pirate users too) to deploy the service pack and benefit from the genuine effort Microsoft have made with regards to security in this release."

I found a couple articles about how to configure your home system so that you don't have to be logged in as administrator on a daily basis, and then can launch specific applications as Administrator only when you need them. This is known in the computing world as a GOOD way to do things. Sadly most Windows applications require you to be Administrator to install software, and don't give you an option to provide an additional login/password (like when you join a machine to a domain). Here are the links and the key ways to setup applications to run as Administrator.

You MUST update your machines

Please be sure to run Windows Update as frequently as possible

Microsoft has learned of a Trojan program that is downloaded by the Download.Ject malware, also known as Scob, to client machines from infected IIS servers. When a user visits a Web site hosted on an IIS server that is infected with Download.Ject, the Web pages downloaded to the user's system contain an additional JavaScript program that downloads another Trojan program to the user's system. This second Trojan is called Backdoor:W32/Berbew, also known as Backdoor-AXJ, Webber, or Padodor. When this second Trojan runs on the user's machine, it performs several actions, including:

This is a good review of a new book that talks about how people compromise computer systems, good to know when trying to figure out how your system go owned, and how to detect it.

The phrase... "After reading this book, no sysadmin will sleep well at night"... is a bit of a modivation to read it.

http://books.slashdot.org/article.pl?sid=04/04/14/0141204&mode=thread&tid=126&tid=156&tid=172&tid=185

WHAT IS IT?

W32/Mydoom@MM spreads via e-mail. The Microsoft Product Support Services Security Team is issuing this alert to advise customers to be on the alert for this virus as it spreads in the wild. Customers are advised to review the information and take the appropriate action for their environments.

I was wondering why my browser was always switching to the "almighty search" when my computer couldn't find a particular web site. Then I poked around and found that some spyware program inserted the following DNS entries into my HOSTS files. (C:\windows\system32\drivers\etc).

216.177.73.139  auto.search.msn.com
216.177.73.139  search.netscape.com
216.177.73.139  ieautosearch

I recommend you use one of the HOSTS files I refer to in other messages to wipe out reference to common ad sites. And apparently you should replace it frequently to clean out any programs that might have hacked it. Also try making the file READONLY!

You MUST update your machines

You MUST update your machines.

These patches are critical to protecting your machine from future viruses. I am confident that there will be a 'worm' virus that will be created in the coming weeks that you will want to have your machine protected!. To do so is very easy.