Thursday, November 09, 2006

Microsoft Security Tools

Whether you are a home computer user or an IT Professional, Microsoft has put together a large set of tools and information to help keep your computer or network secure. The latest for the home computer user is is the newly published "Safety and Security Online" magazine. Download the "Microsoft Consumer Magazine.pdf" and open with Adobe Acrobat. In the first issue you can . . .
• Read the story of a real victim of cybercrime,
• Test your knowledge of computer jargon with our short quiz, and
• Print online safety information cards to keep this important information at your fingertips.
A favorite tool of both IT Professionals and home users has just gotten better. When Mark Russinovich joined Microsoft, there was a mad rush to the Winternals site to download the tools everyone had grown to appreciate. Yesterday, Microsoft introduced Process Monitor v1.01:

"Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

Process Monitor runs on Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista as well as x64 versions of Windows XP, Windows Server 2003 SP1 and Windows Vista."
Another tool that I hope will not be needed by many is Microsoft's Rootkit Revealer v1.7 which was updated earlier this month.
"RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all persistent rootkits published at, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys). If you use it to identify the presence of a rootkit please let us know!"
In he event you do discover or suspect a rootkit on your computer, keep the infected machine off the internet. If you do online banking, shopping or bill paying, contact your bank and credit companies. Change your passwords (do NOT change your passwords on the infected machine, rather use a neighbor, friend or family member's computer or a computer at the local public library). Seek help at a security forum or from a local computer repair shop.

IT Professionals will find specialized guides created by the Microsoft Solutions for Security and Compliance team as well as security guidance organized by topic, product, and technology at
Security Guidance.

Not to be forgotten, of course, is the
Technet Security Center with links to the following important Security Response information:

Bulletins and AdvisoriesUpdate Tools
Newly released today for IT Professionals is the Windows Vista Security Guide.
"The Windows Vista Security Guide provides IT Professionals like you with specific recommendations and automated tools to further harden Windows Vista against real-world security threats."

No comments: