Whilst many computer users are rightly obsessed with protecting their systems with the best antivirus programmes they can find, the Virus Bulletin has reported that the latest monthly ‘Patch Tuesday’ from Microsoft contained a whopping 17 alerts.

And these 17 alerts covered 40 separate vulnerabilities which make it a hard job for anyone trying to maintain best antivirus status a tricky job. Only two of these were categorised as ‘critical’, but that does not mean that the others aren’t dangerous enough to wreak havoc in innocent users’ systems. The two critical alerts also included fixes and patches for the Internet Explorer browser; a standard in most rounds of security patches.

So, what is a patch exactly, and how does it benefit users? A security patch is released to fix problems with all aspects of a computer, such as programmes and browsers. It is a nifty piece of software that is a saviour for many users and their concurrent computer problems. These can range from vulnerabilities in a computer or programmes’ security, to improving the usability and effectiveness of a particular programme.

When it comes to even bigger problems, ‘patches’ are given a different name. Large fixes of big problems, or to solve difficult issues, are often called ‘service packs’ or ‘software updates’. This kind of terminology is commonly used by Microsoft and its various Windows services.

A ‘patch’ can, therefore, be a blessing to users as it solves many niggling issues as well as large and debilitating problems. The alerts are therefore an important part of a users responsibility to keep their computer safe and well. Microsoft urges users to apply the patches as soon as they can. It is particularly important in a year beset with problems; Symantec claims that this large batch of patches takes the total for the year over 100, the first time that this has ever happened.

Patches are therefore part of the important fight to keep computers healthy and effective for their users. This particularly large batch of patches highlights the need for up to date and consistent updating of products to provide the best antivirus care to computers.

Guest Article by Neil Camp 

Software giant Microsoft has been accused of making a stealth download via one of its recent security patches.

Stealth downloads involve an unwitting computer user downloading code onto their machine without knowing of its transmission. It is sensitive subject in the computer security industry, as this is one of the main ways that malware is delivered onto people’s computers. It is a practice abhorrent in the industry and so for a leading company like Microsoft to be accused of such actions, has caused some embarrassment.

Allegedly, along with its regular Patch Tuesday security update, Microsoft bundled a Bing toolbar add-on. The stealth download adds the Bing toolbar to both the Mozilla Firefox and Internet Explorer browsers. And it does so without the users permission.

News of the stealth download was reported by technology blog Ars Technica. It stated that the Search Enhancement Pack update actually loaded the Bing toolbar onto those users who had installed the Windows Live Toolbar, or MSN bar, onto their Firefox and Internet Explorer browsers.

An apparently unabashed Microsoft told another tech news site, The Register, when questioned about the stealth download, that the problem arose because of a bug in the update file. It has, said Microsoft, now been fixed. They went on to explain the update, via the Search Enhancement Pack, was only supposed to work on those users with a Windows Live toolbar, MSN toolbar and a Bing Bar.

A spokesman said:
“We fixed the update so that going forward folks who still have only the older Windows Live Toolbar or MSN Toolbar will not see this behaviour anymore.”

So that’s alright then! Industry experts are a little less understanding and some have questioned Microsoft’s real intentions behind their stealth download tactics.

Microsoft was also in the news for suing an alledged spammer. Target of the lawsuit is Connecticut spammer Boris Mizhen. He is alledged to have sent unwanted emails to Microsoft customers and for gaming Hotmail’s spam filter. Mizhen is named in the legal action, as are several of his companies.

This is not the first time that Mizhen and Microsoft have locked horns. He was sued by the Seattle software giant in 2003 for sending spam to the web-based Hotmail service. The case then ended in a settlement with Mizhen paying out a reported $2 million and an agreement not to send anymore spam to Hotmail customers.

As regards the new, alledged campaign, Mizhen’s associates are keen to point out that these new messages were not spam and that many Hotmail users had moved them from their junk folders to their inboxes. Fair enough, although it’s thought by some that Mizhen and his companies alledgedly created the accounts which did this.

This has opened up the whole debate as to how successful spam filters are, especially those that rely on user feedback to judge the criteria of spam. Such techniques as whitelisting, blacklisting and Bayesian filtering are some of the ones used to recognize and filter out spam. Because these techniques are well known, they can be abused by spammers intent on ‘fixing’ the system and allowing their spam to get through.

Guest Article by Neil Camp

Microsoft has been busy issuing security patches (also known as security bulletins) in a fast and furious way over the last few days, with security patches also coming from Adobe and Apple.

Microsoft sent out ten alerts which covered 34 separate vulnerabilities and these came together with a number of other updates and additional fixes. Only three of these security patches were ‘critical’ and they affected media decompression, ActiveX and their web browser, Internet Explorer.

Adobe has recently had to fix a long line of weaknesses with security patches in their product line-up and the latest was uncovered in the Flash Player. This effects multiple platforms and will also create impacts on the Adobe Reader and version Nine of the Acrobat. Although a fix has been issued, not all elements are covered and some platforms will have to wait for help.

Security patch experts say that the older versions of the PDF handling software are safe from the problems. Those users of Reader and Acrobat are being told they can work around the problem, but they have to make inoperative, delete, or rename the component called ‘authplay.dll.’ This provides the Flash function within the PDF documents.

As well as Microsoft and Adobe, Apple has also had its fair share of security patch problem fixing. They have had some problems with their latest version of the Safari browser which is said to have numerous issues inherited from older versions. Not least is a long-discovered weakness which enables malicious sites to harvest history data from the Safari browser.

Computer security officials are again warning computer users to accept security patches sent by the creator of the software in order to protect themselves against all manner of malware programmes.

And they stress that only those security patches from reputable, known companies should be downloaded. A common tactic is to trick computer users into thinking that they need a patch, only to find that it is in effect a malicious programme.

Guest Article by Neil Camp