If you've been worrying about computer security for awhile, you might remember when macro viruses in Microsoft Word and Excel files were at the top of the exploit list. These file formats, along with the omnipresent Adobe Reader PDF format, are once again among the biggest threat vectors being exploited by today's malware, according to a new report from the Microsoft Malware Protection Center. Fittingly, the full report and a condensed key findings version are available in either PDF or Microsoft's own XPS formats. These reports cover the July-December 2008 period.
Some key findings include:
Scareware (which Microsoft calls "rogue security software") is on the rise, including the latest versions of our old friend Antivirus XP.
A slight reduction in unique vulnerability disclosures from 2007, but the High (most serious) category was larger in the second half of 2008 than in the first half of the year or the second half of 2007.
Applications continue to be the biggest target (86.7%, with browsers at 8.8%, and operating systems at only 4.5%)
Redmond's ad writers drew blood with their first Laptop Hunters ad: "Congrats, Lauren. It's a PC," last month. They've wasted little time in following it up. This time, it's the guys' turn, and a little higher budget's in the offing: Giampaolo goes shopping for a powerful laptop under $1500. We watch him check out the stats, the keyboards, and hear him dismiss the Mac platform: "Macs, to me, are more about the esthetics, not the computing power." In the end, Giampaolo snags a Windows Vista-based laptop for about $1100. The tag line this time? "It's a PC because I'm really picky."
You can check out (Silverlight required) the continuing Laptop Hunters series at Microsoft's TV commercials website (including last year's painful "Mojave Experiment" and unbearable Gates & Seinfeld misfires). We like the Laptop Hunters commercials, but how about you? If you're on the Mac versus PC fence, do they push you off the fence? If you have Mac-loving friends or family members, what do they think? Join us after the jump for your chance to spill.
That's the message that Microsoft announced today on its Engineering Windows 7 blog, Cnet's Ina Fried reports.
While Microsoft says you can upgrade from Win7 Beta to RC when it becomes available, it prefers that you upgrade from Windows Vista to Windows 7 RC. Why? As the E7 blog entry points out:
The RC...is about getting breadth coverage to validate the product in real-world scenarios. As a result, we want to encourage you to revert to a Vista image and upgrade or to do a clean install, rather than upgrade the existing Beta. We know that means reinstalling, recustomizing, reconfiguring, and so on. That is a real pain. The reality is that upgrading from one pre-release build to another is not a scenario we want to focus on because it is not something real-world customers will experience.
This reasoning makes sense from Redmond's standpoint, but since the same blog post acknowledges that millions of users (including, I bet, a lot of Maximumpc.com fans) are using Windows 7 Beta as their "full time" operating system, Microsoft has outlined a way to bypass the usual installer checks. Join us after the jump for the details.
As Engadget puts it, the Windows Mobile news coming out of this week's CTIA Wireless 2009 trade show can be summed up in two words: "pretty" and "support" (for the upcoming Windows Mobile 6.5 operating system).
Want a phone where "pretty" is more than case-deep? Designer Isaac Mizrahi, Design Museum London, and the Council of Fashion Designers are teaming up with Redmond to create fashionable wallpapers for the 6.5 version of Windows Mobile. On the support side, Microsoft announced support from over 25 companies for its Windows Mobile Marketplace (Word 2003 DOC link).
For more about what Redmond put on display, join us after the jump.
The Conficker worm has been generating the big security headlines, but what The New York Times calls a "vast electronic spying operation" reveals an ongoing, very sophisticated cyberespionage campaign that may well represent an even more important threat than Conficker - especially to the Dalai Lama's Tibetan freedom movement.
Researchers at the University of Toronto Munk Center's Citizen Lab summarize GhostNet thus:
Documented evidence of a cyber espionage network— GhostNet—infecting at least 1,295 computers in 103 countries, of which close to 30% can be considered as high-value diplomatic, political, economic, and military targets.
Documented evidence of GhostNet penetration of computer systems containing sensitive and secret information at the private offces of the Dalai Lama and other Tibetan targets.
Documentation and reverse engineering of the modus operandi of the GhostNet system—including vectors, targeting, delivery mechanisms, data retrieval and control systems—reveals a covert, diffcult-to-detect and elaborate cyber-espionage system capable of taking full control of affected systems.
To find out more about how GhostNet works, join us after the jump.
It's been about six weeks since Redmond rolled out the Release Candidate for Vista SP2, and now the RTM Escrow build is available to Microsoft Connect beta testers, DailyTechreports. To make sure everything's working, the RTM Escrow build includes both slipstream and standalone installers.
If you find an unofficial source for something claiming to be the RTM Escrow build, the build string is 6002.17043.090312-1835. Typically, the RTM Escrow build is the last step before a public release, probably in April.
Check out our complete Vista SP2 coverage here. Have you tried this new build? Join us after the jump and give us your thoughts.
Our own Will Smith uses Twitter to announce new articles and content on Maximum PC, my wife and I use Twitter to keep track of our kids and their friends, and "Britney Spears" uses it to entertain and inform her fans. Why the quote marks? A weekend article in The New York Timesreveals what Cnetsays "we all sort of knew already" - Twitter is full of ghostwritten entries.
Some of the sports figures, celebrities, and politicians who use ghostwriters on Twitter and other Web 2.0 social network sites include Britney Spears (although her staff is now signing their own entries), 50 Cent, Candidate/President Barack Obama, Kanye West, Ron Paul, and others. However, the Times also gives credit where due to to celebrities who write their own tweets like Shaquille O'Neal and Lance Armstrong (who one-handed a recent tweet about breaking his collarbone).
Join us after the jump to sound off about celebrity social-network ghostwriting.
Microsoft's latest browser, Internet Explorer 8, has gotten mixed reviews from MaximumPC.com readers (see comments here and here), but one question that's hard for any individual user to answer about any browser is "how secure is it?"
To find out, Microsoft asked NSS Labs to pit IE8 RC1 against its predecessor, IE7, as well as the following third-party browsers: Firefox 3.0.7, Safari 3.2, Chrome 1.0.154, and Opera 9.64. The objective: find out which browser did the best job at handling so-called social-engineering malware sites - the ones that try to con you into downloading malware disguised as something else ("Adobe Flash update," anyone?).
ComputerWorldreports that IE8 did the best job of fending off attacks from 492 malware-distributing websites, blocking 69% of attacks (details here [PDF link]). If you're not using IE8, join us after the jump to learn how your favorite browser fared.
Windows Home Server's latest update, Power Pack 2, is now available via Windows Update, the TechNet Windows Home Server Team Blog reports. WHS users must have Power Pack 1 installed before they can receive Power Pack 2. If you missed Power Pack 1, get it here.
Power Pack 2 fixes a number of irritating bugs left over from Power Pack 1 and the original release, and adds new features. For an overview of what's new in Power Pack 2, join us after the jump.
Another reason why Google has left its competitors way, way behind in the search engine race: Friday, a post on the (unofficial) Google Operating System blog noted that you can now restrict Google image searches by specifying one of twelve different colors:
Only images that contain the specified color will be listed in the search results. Officially, you must use a command-line search in your browser's address bar to use this new feature, using the following syntax: