Tag Archives: Microsoft

The course towards security is set upon purchase of a computer

10 January 2015

In his report SME security on a shoestring budget Vladimir Jirasek aptly describes the state of the SME (Small- and Medium-sized Enterprises): They are the motors of economy! And increasingly susceptible to cyber-attacks, because they have only very limited IT budgets to spent.

Fortunately Microsoft provides lots of advice and free tools to help SME in the struggle against cyber-attacks. In addition lots of open software tools are available which help to boost security. Vladimir Jirasek discusses some of the fundamental built-in security measures for the safe operation of computers.

But the course towards security is set upon purchase of the computer. Please see below for my recommendations for Microsoft Windows-based computers

  • Select the 64-bit versions of Windows if you have the choice

I strongly recommend to buy a computer with a 64-bit Windows operating system, preferably Windows 8.1. Even with 4 GB Ram only, a 64-bit operating system makes sense because some security features like Enhanced Protection Mode in Internet Explorer require 64-bit processes.

Other security features, e.g. ASLR (Address Space Layout Randomization), which guards against buffer overflow attacks, work far more effective in a 64-bit environment.

Please check in advance whether your applications are 64-bit ready. Most of the 32-bit apps work without problems with a 64-bit windows.

The 64-bit Windows versions are normally available at no extra costs with a new computer. Please ask your reseller.

  • Select the professional versions of Windows if you have the choice

In the professional versions of Windows Vista, 7 and 8 is Microsoft’s drive encryption feature BitLocker included. If BitLocker is activated you have to enter a passphrase at boot time to release the drive. In the event of theft or loss a third party could not access the information on the drive because he does not know the passphrase to release the drive. BitLocker could be used to protect other storage devices as well.

The additional costs for the professional versions are at approx. 40 US$ if you buy a new computer.

With 64-bit Windows Professional the gain in security is high at moderate additional costs. I would recommend this choice even for home users.

That’s it for today. Have a nice Weekend.

Microsoft Publishes Critical Vulnerability MS14-066 in Windows SSL Library

15 November 2014

On November 11, 2014 Microsoft published in Security Bullentin MS14-066 a vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows. The vulnerability is rated Critial, the CVSS base score is 10 (high).

The good news is: This vulnerability was discovered by Microsoft itself during a proactive security assessment.

The bad news is: Since nearly all Microsoft products that uses SSL will use the Schannel package, the impact of this vulnerability might be greater than that of the Heartbleed SSL bug.

Although Microsoft published a patch last Tuesday, the November patch day, it will take a long time to patch possibly thousands of systems in a company. But the guys on the dark side will not sleep. It is very likely that exploits will be available on the black market within the next days.

Thus the patching must be strategically addressed. Hopefully you have an up-to-date inventory of your systems. I would start with systems that are exposed to the internet, e.g. external mail servers or web servers. In parallel I would patch all laptops and pad computers that leave the network. Although it’s not very likely that they listen for inbound SSL connections you should check and patch them. In the next step I would patch all internal servers and the remaining internal clients.

Bon week end!

Rion-Antirion Bridge, 38°19'11.0"N 21°46'25.2"E

Rion-Antirion Bridge, 38°19’11.0″N 21°46’25.2″E