The Edge : windows xp

Using Built-in Functions to Achieve Single Sign-on in Windows

tonybradley — Wed, 01 Jul 2009 22:02:00 GMT

Password resets are more or less the bane of the help desk agent's existence. Carrying that through logically, they also represent a significant expense for the organization to pay for the lost productivity of the employees and the time and effort...(read more)

Vista Declared Most Secure OS

Essential Computer Security — Sat, 26 Jan 2008 13:54:04 GMT

Microsoft’s Director of Security, Jeff Jones, published the One Year Vulnerability Report for Windows Vista, in which he demonstrates that Vista is the most secure OS ever measured (based on the criteria used to calculate the first year vulnerability...(read more)

Slow Month For Microsoft Security Bulletins

Essential Computer Security — Wed, 12 Sep 2007 02:45:21 GMT

Rarely (if ever- I’ll have to do some research and find out) does Microsoft have 2 back-to-back months of Security Bulletin floods. This month was no exception. In August, Microsoft released 9 Security Bulletins, 6 of which were deemed Critical...(read more)

Keep Your Windows XP Running Steady

Essential Computer Security — Tue, 28 Aug 2007 13:34:28 GMT

Depending on the activities you engage in and the sites you visit, you can get some questionable, or sometimes outright malicious stuff installed on your computer. When you have a PC for your kids, or if you are sharing a PC with your kids, this can be...(read more)

Radio and TV Appearances

tonybradley — Sun, 14 Jan 2007 13:40:00 GMT

In recent months I have been contacted more frequently by the media, mostly as a result of marketing efforts for my latest book, Essential Computer Security. I was invited to guest on the IMI-TechTalk radio show at the end of November, and this past week I was invited to guest on the local Detroit Fox News morning show to discuss computer security with anchorman Alan Lee and promote my book.

IE6 Vulnerable More Than 3/4 Of 2006

tonybradley — Sun, 07 Jan 2007 15:38:00 GMT

According to a study compiled by the Washington Post's Brian Krebs, Internet Explorer 6 was vulnerable for 284 out of 365 days in 2006. That amounts to over 77% of the year. What does that mean? It means the for 3/4 of the year there were known vulnerabilities affecting Internet Explorer 6 for which no patch existed.

Some were fairly serious zero-day exploits that were being actively exploited in the wild while users waited for an update from Microsoft. Others were less serious, but were still left vulnerable, mostly due to the nature of the monthly Security Bulletin and patch release schedule that Microsoft uses. A flaw that is discovered the day after "Patch Tuesday" will most likely remain unpatched for an entire month until the next "Patch Tuesday". By contrast, Krebs found that the Firefox browser was only vulnerable for 9 days, and IE7 was too new to have any substantial data for this year's survey.

The pro-Firefox, Microsoft-bashing crowd will jump all over this. You can see it in the comments on Krebs' article. I fall into the camp that believes that IE is targeted because of its market share as much as the quality of the code. Firefox or Opera may, in fact, be superior from a security standpoint, but neither is impervious and if they had 85% of the web browser market share we wouldn't be so hyper-focused on the weaknesses of Internet Explorer (and neither would the malware authors). Still, it doesn't paint a pretty picture and Microsoft should take notice and seek to rectify the issue for IE7 and for 2007. You can read Krebs' complete article here: Internet Explorer Unsafe for 284 Days in 2006

Data Backup For Home PC Users

tonybradley — Fri, 05 Jan 2007 17:04:00 GMT

Companies understand the importance of data. Hardware and software can be replaced, but lost data can't. Those companies that don't truly understand the value of consistently backing up critical data are probably mandated to do so anyway by one of the various regulatory requirements such as Sarbanes-Oxley or HIPAA. Companies also have administrators that are paid to be expert in managing data and they are tasked with performing the backups. That is great for companies. What about home computer users?

Computers crash. Malware attacks. There are a wide variety of potential causes for losing data on a home computer. Years worth of digital photographs, income tax and investment information tracked in personal financial software and other such personal data is irreplaceable if lost in some sort of hard drive or data catastrophe. There are many programs available, including the backup utility built into Microsoft Windows, which you can use to back up your data. The question is- what do you need to back up? If you have 200Gb worth of data on your hard drive, the backup could take forever and be very cumbersome to manage. However, it is probable that only a small fraction of that data is truly critical or irreplaceable and needs to be backed up. The backup will be easier to manage and more efficient to perform if you pare it down to only the data that really needs to be backed up.

Microsoft has created a brief guide for home computer users to help them identify the files, or types of files, that are most likely to contain critical or personal information that needs to be backed up. For more guidance, read How to decide what data to back up

Unpatched Flaw In Microsoft Word Being Exploited

tonybradley — Wed, 06 Sep 2006 11:27:00 GMT

A flaw in the way Microsoft Word 2000 documents are processed could allow an attacker to execute malicious code remotely on vulnerable systems according to a Secunia alert. Exploit code has been identified in the wild and no patch is currently available, so Secunia has rated the Advisory as Extremely Critical and advises users not to open any untrusted Microsoft Office files. For more information, you can check out the details of the Advisory here: Secunia Advisories - September 5, 2006.