Monday, July 31, 2006

Garden Certificate - Microsoft MVP Site


In "Garden Certificate Basics", I provided background information about Website Certificates, including an example of a highly questionable website using a false certificate. This was brought about by a question a visitor to this site raised when presented with a Certificate for mvp.support.microsoft.com, which is linked in my first blog entry, "About Me".

In order to demonstrate how to examine a safe certificate, I deleted the certificate from my computer for mvp.support.microsoft.com. After closing the browser and reopening the link for this blog site, I was immediately presented with the certificate notice below. This gave me the option to accept the certificate permanently, accept the certificate just for the session, or, finally, to not only not allow the certificate but also not connect to the site.
Note that the pre-selected option is to temporarilly accept the certificate for the session:


I had one additional choice. That was to Examine the Certificate. That is the option I selected which opened the Certificate Viewer. Note the information presented: "Could not verify this certificate because the issuer is unknown." That does not mean that the site is not safe. The statement merely reflects that mvp.support.microsoft.com (in this instance) is not a recognized authority. Additionally note, however, the Common Name (CN) on the Certificate: mvp.support.microsoft.com.


Observe on the detail screen that the Certificate Hierarchy is indicated as mvp.support.microsoft.com. That matches the site URL linked in the previously mentioned blog entry, "About Me".

With those details; that is, the Common Name (from the General tab) and the Certificate Heirarchy both matching the URL for the MVP site, you know that it is safe to close the Certificate Viewer, and accept the certificate.


Saturday, July 29, 2006

Garden Certificate Basics

I received an email last week that someone had visited Security Garden and was presented with the following message when visiting with Firefox:

"Unable to verify the identity of mvp.support.Microsoft.com as a trusted site"

As it was relayed to me, the certificate warning then provided the individual the choice of accepting the site or not.

This warning justifiably raised questions in the person's mind. What is a certificate? Is it some type of award? Does the message mean the Microsoft MVP link isn't safe? Does it mean that this site isn't safe? I assure you that the information I provide here in the Security Garden is safe, as is the MVP site. I would not intentionally post links to inappropriate or unsafe sites.

It is time to talk about digital certificates. For a technical explanation of digital certificates, see this Microsoft Technet article by Roger Grimes, entitled "Authenticode". For a hands-on, what are they, what to do, explanation, read on.


According to the definition from WhatIs.com,
A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.
Simply stated, a public key certificate uses a digital signature to connect the public key with an identify. In the case the reader of this site encountered, it was information presented to verify that the key belongs to Microsoft. It is the digital equivalent of an ID card, providing the name of an individual or other entity certifying that the public key, which is included in the certificate, belongs to that individual or entity.

With all that information, what do you do when presented with a certificate? Here's an example of a site with a faked certificate, discussed at Security and Secure IT:

As soon as the site in question was placed in the address bar, the Domain Name Mismatch error popped up indicating that the site was presenting a security certificate belonging to www.microsoft.com. Since I had no doubt that the certificate did not belong to that site, I clicked Cancel. From Subratam's report, I already know that the site in question has been reported as attempting to clone a Microsoft site.

If you elect not to be bothered with those details and want to let Firefox select a certificate for you, click on Tools > Options > Advanced. Under Certificates, select the option to have Firefox select a certificate automatically.

Garden Phone May "Call Forward"!

I expressed my original concerns with regard to Microsoft's "Windows Genuine Advantage" (WGA) software tools last month in "Garden Phone?". This morning I was reading a post in the Microsoft WGA Forum, entitled, "Is MS making my PC phone home?". A link within that thread led to discovering the following statement located in the "Microsoft Genuine Advantage Privacy Statement":

"How is this data used?

We use the information to

  • Help prevent improperly licensed use of the software
  • Improve our software and services
  • Develop aggregate statistics.
We may also share aggregate data with others, such as hardware and software vendors and volume licensees to help protect their license keys." {Bold added}
To be certain that I was not misunderstanding the definition of "aggregate", I checked the Merriam-Webster Online Dictionary:
"Main Entry: 1ag·gre·gate
Pronunciation: 'a-gri-g&t
Function: adjective
Etymology: Middle English aggregat, from Latin aggregatus, past participle of aggregare to add to, from ad- + greg-, grex flock
: formed by the collection of units or particles into a body, mass, or amount"
Aggregate is not defined as a summary but as being formed by the collection of units. In the context used by Microsoft in the privacy statement quoted above, I am certainly led to believe that such an aggregate will include all information collected by Microsoft with the WGA tools.

You might ask what information Microsoft collects. Again from the "Microsoft Genuine Advantage Privacy Statement":

"The tools collect such information as:

  • Computer make and model
  • Version information for the operating system and software using Genuine Advantage
  • Region and language setting
  • A unique number assigned to your computer by the tools (Globally Unique Identifier or GUID)
  • Product ID and Product Key
  • BIOS name, revision number, and revision date
  • Hard drive serial number
In addition to the configuration information above, status information such as the following is also transferred:
  • Whether the installation was successful
  • The result of the validation check

    . . . To help protect your privacy, only a non-unique portion of your IP address is used and retained with the information collected above."

Microsoft legal beagles have certainly left their footprint on the privacy statement. It is extremely general, with absolutely no limitation or indication of which hardware and/or software vendors this collection could be shared with. Will the data be sold to the highest bidder? Will the recipient vendors maintain the data secure or publish it for their own marketing purposes? Imaginary headline reading: "XYZ Software Company holds market share of Microsoft customers with their XYZ Software! Statistics follow."

Marketing departments could further benefit from this information, targeting their software based on region, narrowed by IP Address. After all, even though Microsoft retains only "a non-unique portion of your IP address", coupled with the region and language, that would be sufficient for vendors to target advertisements to areas not using their product based on the aggregate data collected by Microsoft.

Microsoft is not the world police force and, in my opinion, does not belong providing any data to other vendors. Message to Microsoft: Stick to protecting Microsoft license keys, not those of other vendors!

Monday, July 24, 2006

No Cyberpirates in this Garden!

We've heard a lot about piracy from Microsoft in connection with the Windows Genuine Advantage (WGA) tools. However, Microsoft is not the only company facing piracy issues. Students at Roberts Wesleyan College recently won a major award for their work to EndPiracy.

As members of SIFE, the goal of the students was to help curb entertainment-oriented Internet piracy. They provided the following statistics at EndPiracy:
"35 percent of software installed on personal computers was pirated in 2004. (bsa.org)

105,000 jobs are lost each year due to piracy.. (bsa.org)

Reducing piracy by just 10 percentage points worldwide would generate 1.5 million jobs and add $400 billion to the world economy. (downloadlegal.org)"
A comprehensive anti-piracy campaign was created by the Roberts Wesleyan team targeting high school students. They wrote, directed and produced a 60-second public service announcement (PSA) that took first place in a group of 50 competing SIFE teams. Their PSA also won a nationwide contest from Warner Bros. The PSA was shown to students on the Roberts Wesleyan campus as well as local high schools and colleges in the community. The PSA is viewable at the Roberts Wesleyan College SIFE team's website, EndPiracy.

Congratulations to each member of the team! Additional kudos to Roberts Wesleyan College for providing an incredible educational opportunity for not only the students who researched and created the website and prize-winning PSA, but also for the many students who will see and learn from the that work.

About SIFE:
"SIFE is a global non-profit organization active in more than 40 countries. SIFE is funded by financial contributions from corporations, entrepreneurs, foundations, government agencies and individuals. Working in partnership with business and higher education, SIFE establishes student teams on university campuses. These teams are led by faculty advisors and they are challenged to develop community outreach projects that reach SIFE's five educational topics:

* Market Economics
* Success Skills
* Entrepreneurship
* Financial Literacy
* Business Ethics"

Saturday, July 22, 2006

What's Down the Garden Path?

Most viruses, trojans, and other computer infestations are generally the result of clicking on a popup, banner advertisement or a link to an infected page. There are many web pages that contain hidden "drive-by" installations that can occur merely be accessing the page.

There are two methods available now to check what's down the garden path before accessing a URL. The first, and currently better known product is SiteAdvisor, originally developed at MIT and recently acquired by McAffee. SiteAdvisor includes plug-ins that reveal dangerous Web sites listed by search engines, including Google, MSN, and Yahoo, before clicking the link.

As indicated in information on "How SiteAdvisor Works", SiteAdvisor provides three indices through color changes of the "safety button":
  • Safe: We tested the site and didn't find any significant problems.
  • Caution: Our tests revealed some issues you should know about. (Example: a site tried to change our browser defaults, or sent a lot of "non-spammy" e-mail)
  • Warning: Our tests revealed some serious issues that you'll want to carefully consider before using this site at all. (Example: The site sent us lots of spammy e-mail or bundled adware with a download).
The newest tool available is LinkScanner by Exploit Prevention Labs. Simply paste the URL in the box provided at http://www.explabs.com/linkscanner/ where the site will be inspected in real-time to determine whether it is hiding any exploit code.

As explained by Exploit Prevention Labs:
"Cybercriminals use "lure" sites to attract web users to sites they have invisibly infected with exploit code. This exploit code is then used to infect users' PCs with drive-by downloads of spyware, rootkits, and other malware."
Although neither SiteAdvisor nor LinkScanner provide a guarantee that a site is 100% safe, checking out an unknown URL through either tool first will greatly supplement your computer's security tools and provide a much clearer picture of what may be lurking down the garden path.

Garden Music

The harp may not be your choice of music but by the Christmas Holidays, you will be able to play any "Zune" you prefer. Microsoft has announced plans to introduce a "Zune" music and entertainment player as well as the accompanying software.

From CNN Money.com:
"Under the Zune brand, we will deliver a family of hardware and software products, the first of which will be available this year," said Chris Stephenson, general manager of market for entertainment and services at Microsoft, in an statement. "We see a great opportunity to bring together technology and community to allow consumers to explore and discover music together."
Although Microsoft is facing stiff competition against Apple's iPod, the popularity of Microsoft software coupled with Microsoft's entertainment and devices division working with the X-Box team will certainly improve the odds. As the CNN Money article article further indicates:

"Allard's involvement is seen as significant because he is one of the few executives at Microsoft with experience in launching a consumer electronic device from scratch with the X-Box gaming system. His involvement suggests that gaming might be part of the media player."

Competition is good for the marketplace and Zune should make a nice accompaniment to the soon to be released Vista operating system.

Updated to provide sites to track the progress of Zune:

Zune Insider Blog
Madison and Pine
engadget
Coming Zune -- Subscribe to the Zune Newsletter

Scotty's on Patrol

An upgrade has been released for WinPatrol, making the current version 10.0.3. The revision was to provide minor requested enhancements and fix a couple of problems. Although it is a generally a good idea to upgrade to the latest software release, this upgrade is not required, but recommended if you have encountered errors.

The upgrade includes the following issues that have been fixed:

  • Fixed issue with the Info dialog when not using the default 96 DPI display property.

If you’ve changed your Display properties to greater than the default 96 DPI the Info/Properties dialog may have appeared to be chopped off. This problem only occurred after we made the Info dialog expandable.

  • Buffer Overflow crash may occur when using "Delete on Reboot".

A couple builds ago we added extremely tight buffer overflow control for security reasons.(More Info) It’s possible in previous versions of WinPatrol a buffer overflow occurred when using Delete on Reboot and we never caught it. Now we get an error dialog so we were able to resolve this issue immediately. If this bug affects your machine you’ll know immediately.

  • Feature Request: Added -NoOpen parameter to WinPatrol.exe.

Normally, running WinPatrol.exe a second time will launch the tabbed interface, WinPatrolEx.exe. Using user controlled process launchers such as Sudo for Windows can cause the interface to open when launching a 2nd WinPatrol process. Adding -NoOpen to WinPatrol will resolve this issue.

Winpatrol 10

Thursday, July 20, 2006

More on the Garden Phone

Several weeks ago, I wrote about the discussions surrounding Microsoft's Windows Genuine Advantage (WGA) tool in Microsoft's fight against anti-piracy. WGA continues to be controversial:

MS says WGA has caught 60 million Windows cheaters by ZDNet's Ed Bott -- According to a Microsoft manager, 60 million people have failed the Windows Genuine Advantage validation test. Microsoft claims the tool is nearly perfect at rooting out improperly licensed copies of Windows, with "only a handful of actual false positives." But the numbers don't add up.

At this point, I continue to agree Ed that the numbers just don't add up. However, Microsoft's WGA Team has a different point of view. Microsoft is claiming that
About 1 in 5 of the 300 million PCs that have run WGA validation fail.
Microsoft's claim means that the WGA Team believes that between yourself and four of your friends, family or workmates, one of them is operating a computer with a conterfeit operating system. Microsoft isn't claiming it is intentional in every case, but counterfeit, nontheless. Should you be among the "one in five" who hits a snag with WGA, see the WGA Team's suggestions in "What should customers do when they're given counterfeit software?".

Read the WGA Team's point of view in their blog at Windows Genuine Advantage.

Follow Ed Bott in his blog at "Windows and a whole lot more"

Tuesday, July 18, 2006

A Change in the Landscape

When there is a major change in the landscape, it is bound to be noticed. In this case, the security community is witnessing the acquisition of Winternals Software LP by Microsoft. As I wrote at "SpywareFree",
Remember Mark Russinovich's analysis of the Sony Rootkit? Have you used any of the Sysinternals tools such as Filemon, Regmon and Process Explorer?

In addition to the tools mentioned above, there is also RootKit Revealer, Autoruns (to see what is configured to start at login when your system boots) , and more. Sysinternals' tools have been widely used by the security community when evaluating what may be on a person's computer.

Mark Russinovich's statement at "Mark's Sysinternals Blog" in "On My Way to Microsoft!" that
. . . Microsoft is still evaluating the best way to leverage the many different technologies that have been developed by Winternals. Some will find their ways into existing Microsoft products or Windows itself and others will continue on as Microsoft-branded products. . .
is somewhat reassuring. Losing those utilities developed by Mark and Bryce Cogswell would certainly have an impact on both the security community and the public. On the other hand, incorporating some of those features into Microsoft products (under Mark and Bryce's guidance, of course Wink ), can have a very positive effect on Microsoft software.

As hearty as my congratulations are to both Mark and Bryce, I certainly hope that this change in landscape won't end up with the loss of an independent voice as well as the "can do" attitude provided throughout the years.

Microsoft Press Release
Winternals Press Release

A Rose Petal Has Fallen

There are times when there does not seem to be a way to put into words how deeply you feel. This is one of those times when there are neither enough nor the correct words to express deeply felt emotions.

A friend gave me this, author unknown. It says it better than I can.

A Mother's Love

A mother's love! What can compare with it! Of all things on earth, it comes nearest to divine love in heaven.

A mother's love means a life's devotion - and sometimes a life's sacrifice - with but one thought, one hope and one feeling, that her children will grow up healthy and strong, free from evil habits and able to provide for themselves. Her sole wish is that they may do their part like men and women, avoid dangers and pitfalls, and when dark hours come, trust in Providence to give them strength, patience and courage to bear up bravely.

Happy is the mother when her heart's wish is answered, and happy are sons and daughters when they can feel that they have contributed to her noble purpose, and in some measure, repaid her unceasing, unwavering love and devotion.

My Mother-in-law led a very interesting as well as extremely challenging life. She was born in Ukraine (Read about "Ukrainian Persecution and russification") and told us many stories about her life there, One was when, as a young woman during World War II, she walked many miles from their village to a city and back to get food for her and her father, who was very ill. It took her most of the day, but if she hadn't, he most likely would have died.

Even after the War, getting food was often a challenge. Perhaps that is why she was an amazing cook. I recall going to her house after the family had returned from a two-week trip to visit family out of state. Without a trip to the store, within no more than an hour of their return, she had a full meal on the table, seemingly created from nothing.
She could make pyrohy better than anyone. I learned so much from her but could never match her skills.

Mama had many other talents as well. She loved music and was self taught on the piano. She could draw almost anything. But, when it came to gardening, she could really create magic. Give her a twig and she would grow a tree. Give her a peach pit and soon there would be enough peaches for marmalade. Mama literally had hundreds of roses, all started under glass jars and grown with tender loving care. The soil of her last garden was mainly clay. She dug and composted and dug some more. For many years she maintained that house and garden on her own with more strength and fortitude than I will ever have.


Mama is at peace now.



"Vichnaya Pam'yat"
(Ever Remembered)

Mstyslaw (Corrine)
Lillian (Gerry)
Tanya (John)
Taras (Jill)
Natalie & Nicole

Saturday, July 15, 2006

Garden Closures!

The Windows 98 and Windows Me gardens are now closed. As part of the Microsoft Lifecycle Policy, support ended for Windows 98 and Windows Me on July 11, 2006. By end of support, this means that both technical and public support as well as critical security updates for these products has ended. If you are still operating a computer with either of these operating systems, you will still be able to obtain answers to support questions at Microsoft.com for at least another year. If it is within your means to update your operating system, you need to give it serious consideration.

Keeping in mind t
hat Microsoft had originally announced that end of support for Win98 and WinMe was to be in January 2004, the extra two and one-half years need to be considered as a bonus harvest.

The next scheduled garden closing is on October 10, 2006, for Windows XP SP1 and SP1a. Don't get caught without Service Pack 2. You can order SP2 on CD from Microsoft.

Friday, July 14, 2006

Congratulations, J-Mac!

Photo by CHRIS CARLSON The Associated Press

All of Rochester is proud of Jason McElwain being awarded the ESPY Award for best moment in sports. As Wayne Drehs wrote in J-Mac's meaningful message for autism, Updated: June 14, 2006, 11:55 AM ET at ESPN.com:
"It took four minutes. Four measly minutes for high school senior Jason McElwain to morph from a relatively unknown student manager of the Greece Athena basketball team into a nationwide inspiration."

{Snip}

"But hope is only the beginning. For many in the autism community, McElwain's story provides a much-needed template for the right way to integrate a special-needs child into the mainstream community.

When Lee Grossman, president of the Autism Society of America, first saw the clip of McElwain's magical night, he was blown away -- not by the frequency of 3-pointers swishing through the net, but by the frenzied students who jumped up and down and waved their arms back and forth and held up pictures of McElwain. Before he had even checked into the game."

Congratulations to J-Mac, his family, teammates, the Spencerport Rangers who played against the Greece Athena team that eventful night and, of course, Coach Jim Johnson.

A special thank you and a big {{{HUG}}} to my *virtual* friends who voted for J-Mac after I posted "J-Mac, A Special Teen".

Tuesday, July 11, 2006

Its Time to Patch the Landscape

If you have been following my postings, you may recall that I wrote in "Maintaining the Security Landscape" that to maintain the landscape of your garden you need to take preventative steps to keep the bugs and weeds out. For your computer, those preventative steps include Windows Updates.

The second Tuesday of July is called "Patch Tuesday" because that is when Microsoft releases the patches for your computer landscape. If you do not have Automatic Updates turned on, please refer to the linked post above for instructions. The updates you will get depends on your operating system.

See the Microsoft Security Bulletin for July, 2006.

Manually download updates from the
Windows Update Center.

Monday, July 10, 2006

You're Invited to My Garden Party!

Ok, so its not in "my" garden, but it is a special party. LandzDown Forum, where I spend a fair amount of time as a Forum Administrator and helping posters with computer problems, is celebrating our first anniversary since we opened the doors to the "public". We're still growing but have achieved our goal of providing a smallish, friendly security help forum.

Sunday, July 09, 2006

Learning Garden Maintenance

Maintaining a garden can be hard work, requiring a variety of tools, soil amendments as well as insect and weed deterrants and that inevitable sweat factor. However, using the wrong product or using it incorrectly can severely damage your plants.

To solve your gardening problems, you can get books from the library, at garden stores and information online or, for more serious problems, hire a gardening specialist. When it comes to serious problems, it is the same with computers. As in gardening, there are a wide variety of tools available. However, misusing those tools can have the same disasterous result on your computer as using a vegetation killer on your lawn.

Free help is available for cleaning your computer of undesirable elements by specialists at ASAP Member Sites. If you like what you see at these sites and want to learn how you can help others, there are a number of "schools" providing this training. The most well known are Malware Removal University, SpywareInfo Bootcamp and TomCoyote Classroom. All are taught by highly experienced malware fighters. Although training is not "easy", it is self-paced and there are a lot of people to help you along.

If you are interested in joining the fight, you can apply at one of the training schools from the links below.

Malware Removal University
SpywareInfo Bootcamp
TomCoyote Classroom

Friday, July 07, 2006

A New Garden Fence

In "The Garden Fence", I wrote that the best way to protect your garden is to fence it in. Today I found a new fence that appears interesting. Malware researchers are known to use various "virtual machine" software programs to protect their operating system when investigating the latest bugs. Now there is a software that acts as a fence around your browser, GreenBorder:
"Using virtualization combined with strong security, GreenBorder's patented technology creates an impenetrable protective barrier that keeps all interactions with a web site and its associated content and programs away from the internal parts of the PC (including the operating system and applications) as well as the user's drives and files. GreenBorder Pro prevents malicious code encountered online or embedded in downloaded content from silently installing; in addition, the software keeps all files and system resources invisible, protecting them from attacks and preventing them from being remotely accessed, modified, or controlled."
The only drawback to GreenBorder is the subscription cost. At $50 per year, it will be out of the price range for many casual netcitizens. The initial year is currently free for the first 10,000 downloads. Anyone who has paid a tech shop to purge their system of computer viruses will recognize that, in comparison, $50 is a small price to pay -- if it works, that is. It only works with Internet Explorer. I have not tested GreenBorder but wonder if "virtual surfing" will be the common method for web surfing in the future; that is, until the malware writers find a way to get through the virtual fences as well.

Wednesday, July 05, 2006

Scotty's on Patrol in My Garden!

As I wrote in "The Weed Barrier", WinPatrol is one of my favorite software programs. As you can see, Scotty is always on patrol in my garden.

BillP recently released WinPatrol 10. In this latest version of WinPatrol, Scotty can monitor hidden files in critical system areas. This "real-time" detection and elimination is particularly important with the increase in root-kits and new types of malware infiltration that target hidden files.

WinPatrol Plus now monitors even more non-tradition startup locations found in the registry. With WinPatrol Plus, license holders can disable unwanted programs including the Windows Genuine Advantage (For my comments on the WGA Notification tool, see "Garden Phone?".)

There are many more new features in WinPatrol 10. Learn more about the new and improved WinPatrol 10 features directly from BillP at Bits from Bill: WinPatrol 10.

To have Scotty on patrol in your garden, download the newest WinPatrol from
http://www.winpatrol.com/download.html.

Tuesday, July 04, 2006

More than Fireworks in the Garden this July 4th!

Wayne Porter has an indepth analysis with regard to his view on the direction Google appears to be headed in his "4th of July and Google's Core Four: Risks, Rewards & Offense Versus Defense". Although a lot of the writeup is *techie*, even the casual reader should garner enough from Wayne's writings to know that the time has come to be rather cautious around other offerings by Google. As Wayne states:

"Google is about to shift into a new realm- a new extension of its brand. No longer just the neutral helper and finder of great information, trendy logos, and cool trend finders augmented with handy services, and gigs of mail, but they will implant themselves into the stream where customer trust is more fickle, more critical and fumbles can be fatal or even cumulative in damage."
Through CPA (Cost-Per-Action) and Google Checkout, who will be in control and what will they do with those controls? Perhaps this Independence Day is time to consider a tea party of a different sort. I think I'll be getting my tea from MSN.

Happy Independence Day, America!

Sunday, July 02, 2006

Security Garden Spotlight

The first Security Garden spotlight is on Microsoft MVP Susan Bradley's "The real misconception about WGA" in which she states:

"...what I really don't like about it is the fact that it breaks the trust of patching. It's not a security update... and it's certainly only critical of a patch to Microsoft.. and the fact that the first 'drop' of it was a beta that was not clearly communicated to those of us who got that WGA update just was one of those moments that as a customer of Microsoft you just want to say to someone, somewhere... what WERE you thinking?"
Absolutely! AU (Automatic Update) is *supposed* to be for critical updates. As Susan pointed out:

"To whomever was the Product Manager who gave the go-ahead to place this WGA update into the "critical" section, shame on you. Shame on you for approving a beta patch to be offered up as a critically needed patch. Shame on you for not informing folks appropriately. Shame on you for not providing appropriate support mechanisms."
I recommend you read the complete article, linked above. I did and agree completely that Microsoft's WGA Notification tool
"...made the job of those of us who urge people to patch just a little bit harder."
Bravo, Susan!

Worms Detected!

Yesterday I reported about "Worms in the Garden." It is with relief that I learned from MVP Donna that Trend Micro is now detecting this worm. A big thumbs-up to those who obtain samples of the files and submitted them to the vendors.

See Trend Micro:

BKDR_IRCBOT.DB Behavior Diagram

Saturday, July 01, 2006

Garden Lights

Microsoft added more "lights" to the garden. That's right. On the first of January, April, July and October, Microsoft awards a new group of MVP's (Most Valuable Professional). Warmest congratulations to all awardees!

Although I am sure there will be others I will hear about, I am most excited about the award to Maddoktor2 (Robert Glass), the founder of
ASAP and Administrator of numerous security forums, including his own site at SpyWareBeWare!

The MVP Program as described by Microsoft:


"The Microsoft Most Valuable Professional (MVP) Program recognizes and thanks outstanding members of technical communities for their community participation and willingness to help others. The program celebrates the most active community members from around the world who provide invaluable online and offline expertise that enriches the community experience and makes a difference in technical communities featuring Microsoft products.

MVPs are credible, technology experts from around the world who inspire others to learn and grow through active technical community participation. While MVPs come from many backgrounds and a wide range of technical communities, they share a passion for technology and a demonstrated willingness to help others. MVPs do this through the books and articles they author; the Web sites they manage; the blogs they maintain; the user groups they participate in; the chats they host or contribute to; the events and training sessions where they present, as well as through the questions they answer in technical newsgroups or message boards.

Microsoft MVPs are simply an amazing group of individuals. We are excited to recognize and award MVPs as our way of saying "thank you" for their demonstrated commitment to helping others in technical communities around the globe."

Rich Kaplan
Sean O’Driscoll
Vice President
Senior Director
Customer Service, Partners and Automation
CSS Community and MVP















The above is from:
https://mvp.support.microsoft.com/mvpintro