// archives


This tag is associated with 3 posts

Windows Defender Offline – new tool against advanced malware

I wrote previously about how to secure your computer but last week Microsoft’s Malware Protection Center released a new tool against rootkits and other advanced malware that I would briefly like to review – the Windows Defender Offline.

Windows Defender Offline is scanning your PC to remove rootkits and other advanced malware that can’t always be detected by antimalware programs. If such a type of malware is detected on your PC you will be prompted by Microsoft Security Essentials to use Defender. However, it is good practice to run the Defender Offline on a regular basis as some advanced malware doesn’t necessarily get detected by any anti-virus program.

The main difference between Defender Offline and most other anit-malware tools is that it is run from a clean boot disk/CD/USB Stick and that way anti-malware that tries to use some cloaking technique will not have the possibility to hide.

For more information on what Windows Defender Offline does and what the system requirements are, please visit this website: http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline.

Less Spam today? Good news – I will tell you why

Microsoft Digital Crimes Unit

Did you notice that you got fewer spam e-mails today? All in all there were about 3.8 Billion fewer spam mails sent out. Why? Because there is one less Botnet in operation. Today Microsoft annaounced that we have taken down the Kelihos botnet in an action codenamed “Operation b79”.  This is the third botnet takedown in Microsoft’s Project MARS (Microsoft Active Response for Security), a program driven by the Microsoft Digital Crimes Unit in close collaboration with the Microsoft Malware Protection Center (MMPC) and the Trustworthy Computing team to annihilate botnets and advance the security of the Internet for everyone. Why does it matter? Because it is one step further in making cybercrime more expensive and it is the first time Microsoft has named a defendant in its fight against botnets making suddenly cybercrime much less anonymous.

Microsoft has a very interesting unit in the fight against Cybercrime – the Digital Crimes Unit. I had the opportunity to spend last week at their premise in Redmond, to have interesting discussions and get our efforts in regard to child abuse and digital crimes aligned. With our ever increased dependance on our computers, smartphones and networks at home, on the road and at work, it becomes more and more crucial to keep this infrastructure safe, secure and private. To achieve this we are working in close cooperation with local law enforcement agencies, government CERTs, Internet Providers and other organizations and agencies. From a personal perspective it is highly interesting to have the opportunity to work at national level as a facilitator and sponsor between these Swiss entities and the different units of Microsoft Redmond and to be able to participate in the fight against child abuse and cybercrime.

The fight against botnets will continue. There are still tens of thousands of computers infected that regularely try to connect to the three botnets Microsoft took down. The following video gives an impression of the state of two botnets as of 21. September 2011.

What now needs to be done is to clean up the infected computers. To aid in this I started working together with Government, Internet Service Providers and Community Emergency Response Teams so that we can also take advantage in Switzerland of the work that is done in Redmond. More on that in a later post once the initiative has advanced and all partners are on board. In the meantime – please keep your computers safe and private. With that you are participate in the global fight against cybercrime and you keep your privacy protected. You can find information on “how-to” in this earlier blogpost.

Interested to know more about the botnet takedown? Read here the official Microsoft Blog.

Follow the Microsoft Digital Crimes Unit on Facebook and Twitter.


Securing your computer – it’s simple!


Sometimes I think maybe too much about the needs of medium and large enterprises and don’t put enough emphasis on the security of private computers. An interview with the Tages-Anzeiger (here is the article in german) reminded me to address this issue here.

Microsoft is offering professional tools to first get your computer clean of “critters” and secondly to keep it safe. If you haven’t used a virus scanner for a while, aren’t sure how well it worked, if your computer behaves strangely (and no – not being able to read your mind is NOT strange!) or your subscription to your virus scanner has expired then I recommend that you use first the free Microsoft Safety Scanner (download here). This is a new product that you can download to your harddisk or to an USB drive. It is designed that it runs without internet connection so that you can take it to your parent’s over the weekend to check their computer (something I highly recommend!). It will only work for 10 days so that the virus signatures aren’t too old but you can download it as many times as you want.

Once your computer is cleaned from any “critters” I recommend protecting it with a good virus scanner. One can pay for that or one can use a good free scanner. Windows 8 comes already with built-in Windows Defender so the basic protection is already enabled. For older versions of Windows I recommend the Microsoft Security Essentials. They are free for private use and small businesses with up to 10 PC’s. They run quietly in the background and don’t massively impact on your computer’s performance and have been proven as one of the top security scanners available. The Microsoft Security Essentials is backed by the Microsoft Malware Protection Center (MMPC), which provides world-class antimalware research and response capabilities to support all Microsoft security products and services. In addition using the latest Internet Explorer protects you well against many threats and it is an especially good protection against malware. This, combined with having the automatic update enabled on your system, gives you a good starting point against the threats that are storming on a daily basis against your computer.

However, technology can help but the most important thing is still your actions. Be aware on what you click, download applications only from their official source and open only documents from sources that you know and you will be able to enjoy a safe internet experience. And if everything fails or if you are not sure if your system was infected run the Windows Defender Offline – a tool against advanced malware that I described in another post.

About the Author

Reto is partner at PwC Switzerland. He is leading the Cybersecurity practice and is member of PwC Digital Services leadership Team. He has over 15 years work experience in an information security and risk focused IT environment. Prior to working at PwC he was Microsoft's Chief Security Officer for Western Europe and also has work experience as group CIO, Chief Risk Officer, Technical Director and Program Manager.

more about me and contact info

replica Rolex