Windows Security Blog

On this blog, we’ve discussed the ways that scammers can attack your PC, through malicious software, rogue security alerts, phishing attacks and more. But the bad guys have now devised a new vector: the phone. I first learned about this when I heard...

You may have seen articles recently that highlight a social engineering technique called “cookiejacking” and how a particular instance may currently affect Internet Explorer. It’s important to note that we have not seen widespread attacks related to this...

Our friends over at the FutureFed blog reported that Windows 7 the has passed  the Common Criteria (CC) certification process and achieved Evaluation Assurance Level 4 with augmentation (EAL4+). Common Criteria certification is an international standard...

While the Internet is an amazing resource in terms of the information you can find and things you can do today, it’s important to also be smart about how you browse. A browser can be a great tool in helping you stay safe when you go online. Most online...

Last week, we saw the re-emergence of another new trojan that is disguising itself as Microsoft’s no-cost antimalware program Microsoft Security Essentials . This imposter is known in the technical world of antimalware combat as “ Win32/FakePAV ”. FakePAV...

We announced back in September that Microsoft Security Essentials would be changing its licensing terms and would soon become available to small business on up to 10 PCs. We are happy to announce that beginning tomorrow, October 7, the change will go...

It has been one year since Microsoft Security Essentials was made generally available to the public and to celebrate, we are pleased to share that there are now over 30 million customers in 74 different countries around the world enjoying the trusted...

As we continue to evolve security and privacy at Microsoft, we are doing more than securing our own products and refining our own processes – we are continually responding to the growing and changing threat landscape.  Despite the proliferation and...

Anti-virus research and data security organization AV-Test recently spent three months testing 19 security products in the areas of protection, repair and usability. On Monday, August 16th they released the test results, and we’re excited that Microsoft...

By way of introduction, I’m Eric Foster and have recently joined my colleagues on The Windows Blog to write on ‘all things’ security. I thought it only fitting that my first blog be about one of my favorite personal product recommendations, Microsoft...

Posted on half of Pete LePage on the Internet Explorer team. Protecting Windows customers is an absolute priority for the Internet Explorer engineering team. That's why we work hard to make sure our browser has some of the best safety and privacy features...

Earlier today, Core Security Technologies issued a security advisory for our Virtual PC (VPC) software. The advisory calls out a proof of concept where the virtual machine monitor allows memory pages above the 2GB level to be read from or written to by...

The RSA Security Conference is underway this week in San Francisco and Microsoft's own Scott Charney, Corporate Vice President Trustworthy Computing, delivered one of yesterday's keynote addresses: Creating a Safer, More Trusted Internet . The keynote...

Last week at the Black Hat DC conference a presenter showed how one manufacturer's Trusted Platform Module (TPM) could be physically compromised to gain access to the secrets stored inside. Since that presentation, I have had plenty of questions from...

Windows 7 is seeing success in the marketplace which I am very happy about from a security perspective. The Microsoft Security Intelligence Report has shown us again and again that the more up-to-date a PC is, the less likely it is to be infected by malware...

Now that Windows 7 is available, a recent blog by Chester Wisnieski (who works at security vendor Sophos), entitled Windows 7 vulnerable to 8 out of 10 viruses , which has stirred some interest. Here's a quick summary for those who missed Chester's...

Volume seven of the Microsoft Security Intelligence Report (SIRv7) - part of Microsoft's commitment to providing an unparalleled level of security intelligence to help keep individuals and organizations better informed and to maximize security investments...

User Account Control is one of those Windows features that evokes a number of different responses from folks. Most people appreciate the enhanced security UAC offers, but we did hear complaints about the high number of UAC prompts in Windows Vista. This...

We have been working in partnership with our independent software vendor (ISV) community to move the ecosystem to a set of new application programming interfaces (APIs) that many ISVs use to report status to Security Center (integrated within Action Center...

RSA was great last week - security was clearly top of mind for the attendees, and I fielded a number of different questions last week about how Microsoft protects our customers. Some are pretty straightforward around how the various Windows 7 security...

Here’s the last of the security stories from the RSA show floor. To wrap things up we asked John (JG) Chirapurath (Director, Identity & Security Business Group) to give us a quick rundown on Microsoft Forefront for Business Ready Security and how...

Here is another story from a Microsoft Program Manger discussing their favorite things in Windows 7. This time it is Eric Lawrence (Senior Program Manager on the Internet Explorer Team) to talk about his favorite security features in Internet Explorer...

While walking the show floor here at RSA, I ran into Steve Riley, who’s an incredibly passionate and knowledgeable Security Evangelist (or officially “Senior Technical Evangelist”) in Microsoft’s Trustworthy Computing organization. He’s a well respected...

The buzz at RSA around Windows 7 has been tremendous. Yesterday, in his keynote, Scott Charney (Corporate VP Trustworthy Computing) talked about AppLocker and how it helps ensure that only known, trusted software is run within an organization’s desktop...

I attended Scott Charney’s keynote this morning at RSA – Moving Towards End to End Trust: A Collaborative Effort . I would assume that many of the readers of this blog are not familiar with the End to End Trust story. In a nutshell, End to...