Reto Haeni's cloud

Microsoft phases out MSN Messenger – Cybercriminals try to profit

Microsoft informed a while ago that Skype and Messenger are coming together. That means that millions of Messenger users will be able to reach their Messenger friends on Skype. By updating to Skype, Messenger users can instant message and video call their Messenger friends. This good news seems to being used now cybercriminals for attacking new systems. The criminals approach is fairly simple – they take advantage that MSN Messenger is still popular. Microsoft now promotes the download of Skype on the former MSN Messenger page and informs that the Messenger contacts will be available in Skype. There are then people that then still want to download MSN Messenger and this is the window of opportunity that cybercriminals exploit. They are registering malicious domains, buy advertising links on search engines and try to trick the user to download and install malware that masquerades as the MSN Messenger. With this they then get access to the computers of the victims and from there on the computer of the victim is under their control.

Don’t fall into that trap! Take steps to protect your computer (I wrote earlier a blog post about this that I now updated) and only download software from official sources which in this specific case download Skype from the official Microsoft site or from skype.com and you will be able to merge your messenger and skype contacts.

Migrate to Skype

Empfehlungen zum Säubern eines Computers

Normalerweise schreibe ich meine Blogposts auf Englisch aber da ich viele Anfragen auf Deutsch erhalte was jemand machen kann wo sich ein Cyberkrimineller (z.B. ein falscher “Microsoft Supporter”) Zugang zu einem Computer erschlichen hat poste ich mein empfohlenes Vorgehen auf Deutsch.

Die Frage was auf einem Computer während einer falschen “support session” gemacht wurde kann man leider nicht generell beantworten, da das Vorgehen nicht immer gleich ist. Wenn Sie jemandem Zugriff auf das Gerät gegeben haben oder ein Programm heruntergeladen und ausgeführt haben dann kann grundsätzlich alles „passiert“ sein. Sehr Wahrscheinlich haben es die Kriminellen auf Ihre Bank- und Kreditkarteninformationen abgesehen. Das Ziel können sie auf verschiedene Weise erreichen – sei es dass Sie direkt einen falschen Virenschutzservice bezahlen oder indem ein Spionageprogramm auf Ihrem Computer installiert wird.

Bezüglich des weiteren Vorgehens schlage ich das Folgende vor: • Schliessen Sie Ihren PC nicht mehr ans Internet an bevor dieser „gereinigt“ wurde • Ändern Sie alle Passwörter • Lassen Sie den PC von einem Fachmann untersuchen ob er Spionageprogramme oder ähnliches installiert hat. Wenn Sie dies selber machen wollen/können dann ist ein gutes Hilfsmittel dazu unter http://www.retohaeni.net/2012/04/windows-defender-offline/ aber leider bietet auch dies keine 100% Sicherheit. Ich würde empfehlen, dass ein Computerspezialist den Computer untersucht. Alternativ ist es wohl das Sicherste das Betriebssystem von Grund auf neu aufzusetzen (Windows und alle Applikationen neu installieren – nicht update oder upgrade) und anschliessend den Computer wieder so zu sichern wie ich es in meinem Blogpost dazu aufzeige. Hier vergessen Sie bitte nicht alle Daten etc vorher zu sichern. • Nehmen Sie Kontakt mit Ihrer Bank auf und beschreiben Sie den Vorfall um abzuklären ob zB Kreditkarten ausgetauscht werden müssen oder ähnliches.

Als Microsoft sind wir hier auch Opfer und können gegen kriminelle Handlungen wenig unternehmen da wir nur indirekt betroffen sind. Entsprechend müssten Sie gegebenenfalls Anzeige erstatten. Melden können Sie den Fall zB unter http://www.cybercrime.admin.ch/kobik/de/home.html. Dies ist noch keine Anzeige aber KOBIK wird Ihnen dann ein weiteres Vorgehen empfehlen.

Ich hoffe, dass dies als Ausgangspunkt hilft.

On Privacy: Things might not be what they appear

I got this forwarded at work and thought I share it with you. It is a video promoting safe internet banking but it is valid for all online topics. Be cautious what you put at any point online – it might be used in a way you did not intend it.

Windows Defender Offline – new tool against advanced malware

I wrote previously about how to secure your computer but last week Microsoft’s Malware Protection Center released a new tool against rootkits and other advanced malware that I would briefly like to review – the Windows Defender Offline.

Windows Defender Offline is scanning your PC to remove rootkits and other advanced malware that can’t always be detected by antimalware programs. If such a type of malware is detected on your PC you will be prompted by Microsoft Security Essentials to use Defender. However, it is good practice to run the Defender Offline on a regular basis as some advanced malware doesn’t necessarily get detected by any anti-virus program.

The main difference between Defender Offline and most other anit-malware tools is that it is run from a clean boot disk/CD/USB Stick and that way anti-malware that tries to use some cloaking technique will not have the possibility to hide.

For more information on what Windows Defender Offline does and what the system requirements are, please visit this website: http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline.

Windows 8 – why it matters for business

I have heard a couple of times from enterprises that Windows 8 looks great but that it is a consumer product and that adoption in the enterprise does not seem to bring an obvious advantage as most users work on a laptop and desktop and don’t need a metro surface. While I understand this initial reaction I see a large benefit for business to use Windows 8.

The way people work has changed and more work is done mobile. Until now the challenge was to still have the reliability, productivity and security a business needs. This is one of the strong advantages of Windows 8. It integrates seamlessly into the IT infrastructure and provides enterprise class security. And this even in multiple ways. Windows 8 provides an innovative and fun way to work on a slate or tablet in addition to more traditional laptops and desktop PCs. In addition there is the possibility to have Windows 8 on a USB stick with Windows To Go – a fully managed corporate Windows 8 desktop. Travelling light has never been that easy.

Picking some elements to talk about is not easy as the new functionalities are significant but looking at today’s cybersecurity threats I very much like the improvements that were made with the secure foundation. Trusted Boot is a key element. It validates the integrity of the entire boot process – from hardware, boot loader, kernel, boot-related system files to drivers. With antimalware loaded before all non-critical Windows components we achieve a better protection from rootkits. This in combination with Measured Boot Process, BitLocker Drive Encryption, AppLocker, and claim-based access control delivers end-to-end security like never before.

This is only a short overview on some of the Windows 8 features for business. A deeper and broader description was posted today in the Windows Team Blog here. It is worthwhile reading it.

Also check out the short video for an overview of  some central aspects of Windows 8:

Best of breed or end-to-end security stack

One of the discussions that I often have with senior IT decision makers is the overall security architecture and how the different layers of security mechanisms work together. In these talks I often see that security in enterprises is approached as a layered approach where, on purpose, security elements and products of different software vendors are used. I call this the best of breed approach as for each security function one can pick the top performer on the market. The main motivation behind this is that if there would be a weakness in a product from one vendor that the same problem will then not be found in the underlaying security layer as it is not from the same origin.

Sounds great? Adds clearly more security? Well yes in theory but maybe no in practice. The reality is that with the financial pressure that is common on todays system’s integrators, operations resources (financial, people and know-how) are sparse and the nicely designed layered approach has suddenly gaps as the complexity is just too high to have it properly handled. This then leaves gaps in the defense. In addition, the interaction of different products is often not well known. What hurts in that regard is that applying security patches can only be done once a thorough testing has occurred – which in turn takes time and resources and means that crucial patches are applied later and the window of opportunity for an attack is open longer.

With this now comes the question. What in practice brings you more security. The best of breed approach that is seldom fully implemented or the end-to-end security stack where your dependence on one supplier is increasing? How much of the dependence do you have already anyway? I observe a move to the second approach – mostly out of lack of operational resources – also in large enterprises with a quite a high security level. I see this even more accelerating in the future when we have more and more security solutions that are offered as cloud or hybrid services where platform compatibility will be a large factor. Does that mean we are having a sort of consumerization of IT also for security?

Less Spam today? Good news – I will tell you why

Microsoft Digital Crimes Unit

Did you notice that you got fewer spam e-mails today? All in all there were about 3.8 Billion fewer spam mails sent out. Why? Because there is one less Botnet in operation. Today Microsoft annaounced that we have taken down the Kelihos botnet in an action codenamed “Operation b79”.  This is the third botnet takedown in Microsoft’s Project MARS (Microsoft Active Response for Security), a program driven by the Microsoft Digital Crimes Unit in close collaboration with the Microsoft Malware Protection Center (MMPC) and the Trustworthy Computing team to annihilate botnets and advance the security of the Internet for everyone. Why does it matter? Because it is one step further in making cybercrime more expensive and it is the first time Microsoft has named a defendant in its fight against botnets making suddenly cybercrime much less anonymous.

Microsoft has a very interesting unit in the fight against Cybercrime – the Digital Crimes Unit. I had the opportunity to spend last week at their premise in Redmond, to have interesting discussions and get our efforts in regard to child abuse and digital crimes aligned. With our ever increased dependance on our computers, smartphones and networks at home, on the road and at work, it becomes more and more crucial to keep this infrastructure safe, secure and private. To achieve this we are working in close cooperation with local law enforcement agencies, government CERTs, Internet Providers and other organizations and agencies. From a personal perspective it is highly interesting to have the opportunity to work at national level as a facilitator and sponsor between these Swiss entities and the different units of Microsoft Redmond and to be able to participate in the fight against child abuse and cybercrime.

The fight against botnets will continue. There are still tens of thousands of computers infected that regularely try to connect to the three botnets Microsoft took down. The following video gives an impression of the state of two botnets as of 21. September 2011.

What now needs to be done is to clean up the infected computers. To aid in this I started working together with Government, Internet Service Providers and Community Emergency Response Teams so that we can also take advantage in Switzerland of the work that is done in Redmond. More on that in a later post once the initiative has advanced and all partners are on board. In the meantime – please keep your computers safe and private. With that you are participate in the global fight against cybercrime and you keep your privacy protected. You can find information on “how-to” in this earlier blogpost.

Interested to know more about the botnet takedown? Read here the official Microsoft Blog.

Follow the Microsoft Digital Crimes Unit on Facebook and Twitter.

Posting personal Information online? Beware if you overshare!

A new Microsoft study shows that before posting personal information online, more than half of U.S. teens and parents don’t truly consider the potential consequences of their actions.  Teens recognize the importance of limiting what they share online, yet they still reveal more personal data than their parents.  Six in 10 teens also say they have so-called “friends” in their social networks whom they’ve never met in person.

Chances are you already have a “digital reputation,” and you may not even know it.  On the Internet, we create an image of ourselves through the information we share in blogs, comments, tweets, photos, videos, and the like. Others add their opinions – both good and bad – and contribute to our online reputations.  Anyone can find this information and make judgments.  Accordingly, everyone needs to be cognizant of what they’re posting online, and how that aggregated information can tell one’s personal story and shape their digital impression.

A recent Microsoft survey  found that 79 percent of hiring managers and job recruiters in the U.S. said they routinely review online reputational information when considering job applicants.   All of sudden, that photo of you partying hardy or playing a practical joke on a friend may not be so funny after all even if you consider them your private matter. College admissions officers are also looking into social networks. As college board vice president James Montoya points out, the people who evaluate applications at most schools are “often under 30 years old and often Facebook users themselves.” Of course they will check out your online reputation. Should a partying foto matter? I agree – no it shouldn’t. Can it make the tipping point in deciding for or against an applicant? Yes it very well can. As the Microsoft study shows – 70% of employers have turned down job applicants because they didn’t like what they found online.

Managing one’s online behavior and reputation is a key component of being a good digital citizen. Digital citizenship is usually defined as “the norms of behavior with regard to technology use.”  But digital citizenship is more than just teaching social norms – it’s a way to prepare young people for life in a technology-rich society. Digital citizenship empowers young people and helps them develop a sense of ownership and personal responsibility – in order to make appropriate, ethical decisions in the online world.

In an effort to create a culture of “good digital citizens,” Microsoft is committed to helping youth, teens, parents and caregivers think about their online reputations.  Today we are releasing a new whitepaper titled “Fostering Digital Citizenship” and a Teen Reputation Guide.  The guide notes a series of tips, including …

• Tip 1 If you wouldn’t wear it, Don’t share it!
• Tip 2 Don’t use technology as a weapon. Really angry? Walk away from the keyboard – hands off your smartphone.
• Tip 3 Know what the Internet is telling people about you. Regularly search yourself online.
• Tip 4 Create strong passwords, change them often, and don’t share them with friends.

We make a host of digital citizenship resources available at our Safety & Security Center.  In addition to our research, reputation guide and whitepaper we’ve recently created three infographics, depicting how teens spend their time online, as well as an “at school” Internet safety tip card. Check them out or contact me if you are interested in learning more.

Rather than relying solely on protective measures, an approach to online safety that includes digital citizenship will help young people interact more safely in the online world. Teaching them about digital literacy, and digital ethics and etiquette is an important part of successfully navigating today’s online and offline world. It can make the difference between getting into the university they want and getting the job they applied for.

Evolution of Datacenters – Secure, Scalable and Reliable Cloud Services

I often get asked how Microsoft provides over 200 cloud services and what security measures are in place. There is a good video available that addresses how Microsoft delivers cloud services to more than a billion customers and 20 million businesses in over 70 countries. It is also a fascinating view onto the evolution of modern datacenters and their energy efficiency.

Here it goes:

Microsoft support does not call you – fraud alert!

We are receiving currently increased feedback from Microsoft customers about calls they receive from - supposedly - Microsoft support. The callers claims to be a Microsoft representative or working for a Microsoft partner. The usual call goes about the following:

• The caller calls from either the UK or the US and informs the Microsoft customer that there is supposedly a problem with some software on the computer or that they have indications that the customer has had recently some security problems.
• The caller claims to be from either a Microsoft Partner or a “Windows Service Center”.
• The caller speaks English but often with an accent.
• The caller will try to gain remote access to the computer e.g. by asking the customer to go to a – fraudulent – support website and download software or then send something by e-mail.
• Usually, if the customer is suspicious and starts asking questions, the caller hangs up.