Whilst many computer users are rightly obsessed with protecting their systems with the best antivirus programmes they can find, the Virus Bulletin has reported that the latest monthly ‘Patch Tuesday’ from Microsoft contained a whopping 17 alerts.

And these 17 alerts covered 40 separate vulnerabilities which make it a hard job for anyone trying to maintain best antivirus status a tricky job. Only two of these were categorised as ‘critical’, but that does not mean that the others aren’t dangerous enough to wreak havoc in innocent users’ systems. The two critical alerts also included fixes and patches for the Internet Explorer browser; a standard in most rounds of security patches.

So, what is a patch exactly, and how does it benefit users? A security patch is released to fix problems with all aspects of a computer, such as programmes and browsers. It is a nifty piece of software that is a saviour for many users and their concurrent computer problems. These can range from vulnerabilities in a computer or programmes’ security, to improving the usability and effectiveness of a particular programme.

When it comes to even bigger problems, ‘patches’ are given a different name. Large fixes of big problems, or to solve difficult issues, are often called ‘service packs’ or ‘software updates’. This kind of terminology is commonly used by Microsoft and its various Windows services.

A ‘patch’ can, therefore, be a blessing to users as it solves many niggling issues as well as large and debilitating problems. The alerts are therefore an important part of a users responsibility to keep their computer safe and well. Microsoft urges users to apply the patches as soon as they can. It is particularly important in a year beset with problems; Symantec claims that this large batch of patches takes the total for the year over 100, the first time that this has ever happened.

Patches are therefore part of the important fight to keep computers healthy and effective for their users. This particularly large batch of patches highlights the need for up to date and consistent updating of products to provide the best antivirus care to computers.

Guest Article by Neil Camp 

Anti virus reviews and independent testing centre AV-Test.org has issued its latest set of quarterly results. They tested 19 products within their multi-layered certification scheme.

One of the most surprising conclusions from the antivirus reviews and testing procedures this time, was that some of the major companies and their products did not meet the required standard.

Two notable examples of products failing to reach the grade were McAfee’s Internet Security and Microsoft’s Security Essentials, which is a free-for-home-use application. This was the second quarter running that the McAfee application was denied certification.

On the plus side, Trend Micro upped its performance from a poor showing in the last test and achieved its first certification.

The testing scheme, which was launched earlier this year, is made up of a number of key testing components which balances protection against live threats, and then how they are handled, including clean-up and usability issues. Also, impact upon computer speed and the number of false positives are also considered.

For a product to be granted certified status, a minimum score is needed from the complete range of tests.

Both the McAfee and Microsoft applications had problems in the protection and removal categories, although they did score well in other parts of the test.

Another poor shower was Norman’s Security Suite which also managed to not get an award for the second quarter in a row.

In contrast a number of companies and their applications did achieve passes. Norton, developed by Symantec, got the highest score overall, with successes from Webroot, PC Tools, Panda, Kaspersky, GData, F-Secure, ESET, BitDefender, Avira, AVG and Avast.

Anti virus reviews are commonplace these days, but for the large security software companies to fail to score highly with their products, especially given their resources and the money they cost, is somewhat embarrassing for two of the largest players named in this review.

It would be interesting to hear if the companies concerned are happy with the testing criteria and methods used.

Guest Article by Neil Camp 

The computer security industry may continue to encourage users to buy anti virus software, but the words might take on a greater significance if Microsoft decides to bid for massive bug catcher Symantec.

Internet security is essential to the wellbeing of computer users everywhere and the corporate world appear to be getting excited about its future potential. Not only has Intel snapped up McAfee for north of seven billion dollars, but news has just come of the purchase by Hewlett Packard of another computer security company, ArcSight, although for the lesser figure of $1.5 billion.

Hence the reasons for the bid rumours re Microsoft and Symantec. City dealers work on gossip, rumours and trends (some say like sheep), so the jump from two major bids, to talk of a third, is not unsurprising.

And it’s a persuasive theory. What worries many companies in any given sector is the size of the competition and their ability to lever their cash resources. McAfee and Symantec are both giants in that sector, with Symantec – the creators and developers of the Norton range of products – recognised as being the largest player. Now suddenly their main rival has the likes of Intel looking after them. This means that McAfee will have the financial muscle to step up research and development, and, should they so choose, implement an aggressive sales strategy with wholesalers and retailers. Symantec will now wonder how Intel’s big pockets will affect their competitive and technology standing.

The theory therefore goes, that Symantec might welcome a move from a larger company to offer it the same kind of weight that Intel now offers McAfee. And shareholders of Symantec might think that payday is around the corner with such a bid from a company like Microsoft. And Symantec’s recent near 10% rise in its share price suggests that the markets are hoping for a suitor for the internet security giant in the near future.

What’s more, many wags suggest that given Microsoft’s arguably terrible reputation when it comes to being the hacker’s favourite target, the Seattle company could do with a helping hand on the inside to help repel boarders.

But investment analysts aren’t convinced that Microsoft is ready to make such a move. They point to Microsoft’s better security record and their development of their own range of antivirus products, including anti-malware programmes and effective firewall solutions. Does it need Symantec to improve this area for them – maybe not? Nor would Symantec’s reputation for its Norton products to hog processor power like a jealous lover, endear it to the geeks in Seattle.

And nor would Symantec be cheap. Microsoft certainly has the deep pockets needed to acquire such a large company, but it may not give its own investors a reasonable return. A smaller computer security company might just do the trick instead. So many investors are taking the slide rule to other credible players, which have the technology, but not the premium price tag.

So, buy anti virus might just be the corporate buzz phrase for the end of 2010, and even if Microsoft don’t want to swallow Symantec, expect some smaller players to be targeted by other general computer companies.

Guest Article by Neil Camp

The phrase download internet security takes on a new meaning every month when Patch Tuesday comes around and people can see how alert Microsoft is when it comes to combating the latest virus threats.

And the latest Patch Tuesday, which allows computer users to download internet security patches in order to correct bugs, has proved a particularly big one. In this set, 14 alerts have been issued, with eight being rated ‘critical’ and the other six as ‘important’.

The most significant of these alerts that have been announced, affect Word, .NET, SMB Server, , MPEG Codecs and XML Core Services. As usual, the latest release also includes the most recent number of fixes that have been issued for Internet Explorer. Also included in this latest bulletin was a fix to solve the vulnerability with .lnk files, that has been causing a number of problems.

Coinciding with the release of the entry, Microsoft also wrote a blog entry describing and covering each of the most important fixes that were issued.

Adobe has also released some fixes; out of the three that were released, two were rated as ‘critical’ and one as ‘important’. This release – which had been timed to arrive at the same time as Patch Tuesday – was vital for fixing risky problems with Flash Player and Flash Media Server. As well as this, they release an important HotFix for ColdFusion.

Reader, a piece of software from Adobe, will have an emergency update released for it next week. Users will have to wait until this is issued before the vulnerabilities can be dealt with. In the mean time, any user who wishes to chose the alternative for viewing PDFs – Foxit Software – will have to update for a vulnerability that has affected a number of Apple iPhone users. The vulnerability is not, however, extended to Adobe users.

Users that download internet security patches are doing so to ensure that their computers remain safe from the host of vulnerabilities and dangers that are being created and released constantly.

Guest Article by Neil Camp

Software giant Microsoft has been accused of making a stealth download via one of its recent security patches.

Stealth downloads involve an unwitting computer user downloading code onto their machine without knowing of its transmission. It is sensitive subject in the computer security industry, as this is one of the main ways that malware is delivered onto people’s computers. It is a practice abhorrent in the industry and so for a leading company like Microsoft to be accused of such actions, has caused some embarrassment.

Allegedly, along with its regular Patch Tuesday security update, Microsoft bundled a Bing toolbar add-on. The stealth download adds the Bing toolbar to both the Mozilla Firefox and Internet Explorer browsers. And it does so without the users permission.

News of the stealth download was reported by technology blog Ars Technica. It stated that the Search Enhancement Pack update actually loaded the Bing toolbar onto those users who had installed the Windows Live Toolbar, or MSN bar, onto their Firefox and Internet Explorer browsers.

An apparently unabashed Microsoft told another tech news site, The Register, when questioned about the stealth download, that the problem arose because of a bug in the update file. It has, said Microsoft, now been fixed. They went on to explain the update, via the Search Enhancement Pack, was only supposed to work on those users with a Windows Live toolbar, MSN toolbar and a Bing Bar.

A spokesman said:
“We fixed the update so that going forward folks who still have only the older Windows Live Toolbar or MSN Toolbar will not see this behaviour anymore.”

So that’s alright then! Industry experts are a little less understanding and some have questioned Microsoft’s real intentions behind their stealth download tactics.

Microsoft was also in the news for suing an alledged spammer. Target of the lawsuit is Connecticut spammer Boris Mizhen. He is alledged to have sent unwanted emails to Microsoft customers and for gaming Hotmail’s spam filter. Mizhen is named in the legal action, as are several of his companies.

This is not the first time that Mizhen and Microsoft have locked horns. He was sued by the Seattle software giant in 2003 for sending spam to the web-based Hotmail service. The case then ended in a settlement with Mizhen paying out a reported $2 million and an agreement not to send anymore spam to Hotmail customers.

As regards the new, alledged campaign, Mizhen’s associates are keen to point out that these new messages were not spam and that many Hotmail users had moved them from their junk folders to their inboxes. Fair enough, although it’s thought by some that Mizhen and his companies alledgedly created the accounts which did this.

This has opened up the whole debate as to how successful spam filters are, especially those that rely on user feedback to judge the criteria of spam. Such techniques as whitelisting, blacklisting and Bayesian filtering are some of the ones used to recognize and filter out spam. Because these techniques are well known, they can be abused by spammers intent on ‘fixing’ the system and allowing their spam to get through.

Guest Article by Neil Camp