Saturday, January 31, 2009

WinPatrol v16 Monitors Changes to UAC

For the past several days, discussions in various venues have centered around what has been described as a security flaw in Windows 7 UAC. To illustrate the concern for this issue, at the end of this post is a sampling of blog posts by many well known bloggers in the tech community.

As has been pointed out, this change by Microsoft is "by design". However, regardless of whether UAC is changed on the PC by a family member or malicious software, Bill Pytlovany has added a new feature to WinPatrol v16 (Beta) which Monitors Changes to UAC Settings.

I installed the new beta on the Windows 7 test installation and changed the UAC from the default (medium) security setting. Scotty warned me of the change and allowed me to prevent the change by clicking Yes to block the change and restore the original setting.

Had I installed a program that made this change, this warning would have allowed me to have WinPatrol restore the original setting.



In the event the change is intentional, merely click No and WinPatrol will not prevent the change and restore the original settings.

Once again, I applaud Bill Pytlovany!

See Bits from Bill: WinPatrol v16 Monitors Changes to UAC Settings.


Blog Post Sampling:
  1. Adrian Kingsley-Hughes, ZDNet: Microsoft neuters UAC in Windows 7
  2. Andrew Nusca, ZDNet: UAC security flaw in Windows 7 beta
  3. Aubrey, Windows Connected: Massive Security Hole In Windows 7
  4. Bill Pytlovany, Bits From Bill: Windows 7, Not Ready for Prime Time
  5. Dana Epp, SilverStr's Blog: Is UAC really broken in Windows 7? More importantly, does it make us less secure?
  6. Dwight Silverman, TechBlog: Updated: Windows 7's UAC is now insecure 'by design'
  7. Ina Fried, c|net News: Windows 7 less annoying, but also less secure?
  8. John Leyden, The Register: Windows 7 UAC shutoff 'bug' leaves Microsoft unmoved
  9. Larry Seltzer, PCMag, SecurityWatch: Is UAC Emasculated in Win7?
  10. Long Zheng, I Started Something: Sacrificing security for usability: UAC security flaw in Windows 7 beta (with proof of concept code)
  11. Long Zheng, I Started Something: Microsoft dismisses Windows 7 UAC security flaw, continues to insist it is “by design”
  12. Paul Thurtott, Supersite for Windows: Microsoft response to UAC ‘issue’
  13. Tom Warren, Neowin.net: Microsoft: Malware can disable UAC in Windows 7 'by design'
  14. Tom Warren, Neowin.net: Microsoft insists UAC vulnerability is not a flaw
  15. Rafael Rivera, Within Windows: Malware can turn off UAC in Windows 7; “By design” says Microsoft
  16. Sumeeth Evans, Bink.nu: UAC security flaw in Windows 7 beta (with proof of concept code)
  17. Swa Frantzen, SANS Diary: Windows 7 - not so secure ?



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, January 30, 2009

WinPatrol to Plug UAC Security Flaw In Windows 7

One of my favorite features of Windows Vista and also the feature most loudly complained about in the press is UAC (User Account Control). In response to the outcry, Microsoft introduced changes to UAC in Windows 7, providing four levels of UAC.

"Always notify me," described below in the list of Windows 7 UAC Settings, is the default setting. As Long Zheng explains,
"By default, Windows 7’s UAC setting is set to “Notify me only when programs try to make changes to my computer” and “Don’t notify me when I make changes to Windows settings”. How it distinguishes between a (third party) program and Windows settings is with a security certificate. The applications/applets which manage Windows settings are signed with a special Microsoft Windows 7 certificate. As such, control panel items are signed with this certificate so they don’t prompt UAC if you change any system settings.

The Achilles’ heel of this system is that changing UAC is also considered a “change to Windows settings”, coupled with the new default UAC security level, would not prompt you if changed. Even to disable UAC entirely."
As Long points out, until or unless Microsoft fixes this flaw, the current work-around is to change the default UAC policy to “Always Notify”. This will force Windows 7 to notify you even if UAC settings change.

Enter my hero:

Bill Pytlovany, the developer of WinPatrol, rides to the rescue with Scotty the Windows Watchdog, protecting Windows users from Windows 95 through Windows 7. Watch for a new release of WinPatrol v16:
"WinPatrol v16 will include a feature that lets you know if your UAC settings have changed."
Update: See WinPatrol v16 Monitors Changes to UAC

Windows 7 UAC Settings
:
  1. Always notify me and dim my desktop until I respond -- This is the most secure setting.

    The Secure Desktop (dimming) will be employed providing notification before programs make changes to your computer or Windows settings that require the permissions of an administrator.

  2. Always notify me -- This is a medium level of security setting.

    According to Microsoft there is a small security risk using this setting if you already have a malicious program running on your computer. You will be notified before programs make changes to your computer or Windows settings that require the permissions of an administrator. The UAC dialog box is not on the Secure Desktop with this setting. As a result, other programs might be able to interfere with the dialog's visual appearance.

  3. Notify me only when programs try to make changes to my computer -- This setting has a medium level of security.

    You will be notified before programs make changes to your computer that require the permissions of an administrator. You will not be notified if you try to make changes to Windows settings that require the permissions of an administrator. You will be notified if a program outside of Windows tries to make changes to a Windows setting.

  4. Turn off UAC -- This is the least secure setting.

    You will not be notified before any changes are made to your computer. If you are logged on as an administrator, programs can make changes to your computer without you knowing about it. If you are logged on as a standard user, any changes that require the permissions on an administrator will automatically be denied.

References:


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Monday, January 26, 2009

Microsoft and the European Commission

In a forum thread at WinVistaClub Forum, I was reminded that I had read the BBC article, Microsoft is accused by EU again (via Stealthzone at LandzDown) last week. So, what is the story with the EU (European Union) and Microsoft this time?

It seems that a complaint was filed with the European Commission by Opera Software ASA* and, as a result of their study, the Commission sent a Statement of Objections to Microsoft on the tying of Internet Explorer to Windows.

According to European Commission Press Release:
"The evidence gathered during the investigation leads the Commission to believe that the tying of Internet Explorer with Windows, which makes Internet Explorer available on 90% of the world's PCs, distorts competition on the merits between competing web browsers insofar as it provides Internet Explorer with an artificial distribution advantage which other web browsers are unable to match. The Commission is concerned that through the tying, Microsoft shields Internet Explorer from head to head competition with other browsers which is detrimental to the pace of product innovation and to the quality of products which consumers ultimately obtain. In addition, the Commission is concerned that the ubiquity of Internet Explorer creates artificial incentives for content providers and software developers to design websites or software primarily for Internet Explorer which ultimately risks undermining competition and innovation in the provision of services to consumers."
In the "Microsoft On The Issues" Blog article, "Microsoft and the European Commission," it was indicated that the Commission is alleging that the inclusion of Internet Explorer in Windows since 1996 has violated European competition law.

I am finding this incredibly difficult to understand. I recall the first personal computers that were installed in our office included the choice of both IE and Netscape. I elected to use Netscape as my preferred browser.

A forum search at Freedomlist reveals that in 2002 I was using K-meleon, moved to Mozilla 1.1 to Firebird and then back to Mozilla -- all on my Windows 95 computer. It wasn't until 2004 that I migrated to Firefox. Somewhere along the line, I tried Opera but did not care for it. I skipped Windows 98 and went to Windows XP and now Windows Vista and Windows 7 Beta -- all with Firefox as my browser of choice.

If Microsoft were undermining the competition, as implied by the Commission, how would it be so easy for me to have used an alternate browser all of these years? I certainly do not have any problems with accessing websites or using software with Firefox. In fact, I find the customizable features, including add-ons and themes, of Firefox preferable.

By requiring OEMs to include alternate browsers in new computers, I suggest that the EU does not care that OEMs will then be tempted to charge the consumer extra to not install multiple browsers. It will also be more costly for OEM distributors to change the images as those multiple browsers are updated for vulnerabilities. That, or they will leave the vulnerable browser versions and the customer will blame Microsoft when their new computer is infected.

No one is forced to purchase a Microsoft operating system. There are alternatives. Note, however, that if you purchase a Mac, the only installed browser is Safari. That also does not preclude the Mac owner from installing an alternate browser. Interestingly, the comments at AppleInsider in "Europe revives claims of Microsoft web browser monoply" further substantiate that the freedom to use an alternate is with the consumer, not the vendor.

It is not as though alternate browsers are fee-based or licensed and having IE installed is hurting vendors of alternate vendors. Customers are free to install any browser of their choice. In my opinion, the EU would provide a greater service to the public by taking action against vendors who include pre-checked options with their software offerings, resulting in unwanted software and/or toolbars. Someone please refer the Commission to the Calendar of Updates "Installers Hall of Shame."

Incidentally, IE8 RC1 (Release Candidate) is now available for download. I certainly plan on upgrading IE8 Beta on Windows 7 to RC1 but will continue using Firefox. (Edit Note: I subsequently read on the IE Blog that I will need to wait for the final release of IE8 on Windows 7 Beta.)
References:

*About Opera:
"Opera Software's first product, the Opera web browser version 2.1 for Windows, was released in 1997. Opera Software had an IPO in February 2004, and was listed on the Oslo Stock Exchange March 11, 2004."




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Sunday, January 25, 2009

WinPatrol One Day Only: 50% off WinPatrol Plus

Bill Pytlovany is offering a one-day only special of 50% off a WinPatrol Plus subscription. The clock started ticking about 8 hours ago so time is running out. As I post this, there is less than 16 hours left for this special deal.

WinPatrol PLUS
24 Hour 50% off Sale $14.97

One time fee!
Satisfaction is guaranteed
Supports Windows 95 - Windows Vista including Vista 64

In my testing, WinPatrol Plus works great on Windows 7 Beta as well. Go for it: http://www.winpatrol.com/





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, January 23, 2009

Centralized Information About The Conficker Worm

A summary of the information Microsoft has provided on the Conficker worm is included in a summary in the Microsoft® Malware Protection Center blog by Ziv Mador.

As has been stated many times, but I will repeat yet again, if you have not yet applied MS08-067, please do so as soon as possible.

See Centralized Information About The Conficker Worm.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, January 20, 2009

Conficker Infects Sheffield, UK Hospitals

Yesterday The Register reported that three out of ten Windows PCs are still not patched with MS08-067 against Win32/Conficker.B/Downadup infections. The story today, however, is more serious. More than 800 computers in the Sheffield Teaching Hospitals Trust are reported infected with Conficker.

It is bad enough when that number is home PCs but when the number includes a city's hospitals, the results are disastrous. How did the Sheffield Teaching Hospitals get infected? Microsoft automatic security updates were disabled during Christmas week after computers in an operating theater restarted during surgery. It did not take long after that. Conficker was detected on December 29.

From The Register:

"David Whitham, the Trust's informatics director, said in a statement: "We do not know how the virus entered the network but at around the same time as the virus became evident the automatic update process had been temporarily disabled following problems with a number of PCs in theatres.

"This decision was taken by the IT Change Advisory Board to prevent further disruption in theatres which could have affected patient care." No individual was responsible for the move, the Trust added."

I can certainly understand the gravity of a computer restarting in a hospital operating room during surgery. Turning off automatic updates for the entire city hospital system is certainly not the solution.

Apparently the hospital IT staff has never heard of the Group Policy Editor. I suggest they study Microsoft KB Article 307882, "How To Use the Group Policy Editor to Manage Local Computer Policy in Windows XP". If that is beyond their skill level, perhaps consider isolating the computers in the operating arenas and manually update those computers when surgical procedures are not scheduled.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Inaugural Release: WinPatrol v16 Beta

Today marks the inaugural release of WinPatrol v16 Beta. Bill Pytlovany has done it yet again! I have used WinPatrol since Windows 95. However, it matters not what Microsoft operating system is released, each new version of WinPatrol adds yet another useful feature.

I have already installed WinPatrol v16 Beta on both Windows Vista and Windows 7 Beta and it is working beautifully! (Standard precaution: It is not recommended that beta software be installed on production computers and always create a restore point before installing new software.)

WinPatrol v16 Beta adds two unique features to this popular (an my favorite) program. As BillP explains,

"The first has to do with Windows 7 and User Access Control. There are two versions of the small WinPatrol monitor component. One requires UAC permission, one does not.

Initially, the non-UAC version will run so you don’t have a UAC alert every time you reboot. If however, a change is detected and WinPatrol needs permissions we’ll swap the WinPatrol monitor with the one which requires UAC.

Lets user know that UAC access is required

This dialog will only be seen by Vista and Windows 7 machines with UAC activated. It will only occur once and only if needed."

The second addition, the "Hide Alert Messages", is only available WinPatrol PLUS subscribers (remember a WinPatrol PLUS subscription is a one-time update charge with no annual renewal fees). The Hide Alerts Messages feature also includes the option to ignore “RunOnce” changes to the registry.




To access Hide Alert Messages, launch WinPatrol and click the Options tab. The new feature is available via the button on the left next to "Lock File Types".




Additional information is available in Yes We Can, Release WinPatrol v16 Beta and WinPatrol Beta Headquarters.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Monday, January 19, 2009

Win32/Conficker.B/Downadup Infections

There has been a lot of publicity recently about the Win32/Conficker.B/Downadup infections. These are the infections that were addressed by the out-of-band update in October, MS08-067. People with unpatched systems are experiencing system lockout and other problems.

Technical Background

Win32/Conficker.B exploits a vulnerability in the Windows Server service (SVCHOST.EXE) for Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows 2008. While Microsoft addressed this issue in October with Microsoft Security Bulletin MS08-067, and Forefront antivirus and OneCare (as well as other vendor’s anti-virus products) helped protect against infections, many systems that have not been patched manually through Server Update Services and Microsoft/Windows Update or through Automatic Updates have recently come under attack by this worm. Attacked systems may lock out users, disable our update services and block access to security-related Web sites:

In response to this threat, Microsoft has:

  • Updated the January version of the Malicious Software Removal Tool (MSRT) to detect and remove variants of Win32/Conficker.B. You can download this version from the MSRT from either the Microsoft Update site or through its associated Knowledge Base article.

Fellow MVP Harry Waldron has provided some excellent coverage of this worm. The figures are quite scary because this is not the easiest infection to remove. See Harry's recent posts on this worm:

If security updates are not up-to-date on your computer, I strongly recommend that you download and run the MSRT and then apply the security update MS08-067 as soon as possible.

References
:





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Sunday, January 18, 2009

Donna's Security Flash

Have you been missing your regular updates from fellow Microsoft MVP Donna Buenaventura at her Donna's Security Flash? Although Donna still has the second phase of a major relocation still ahead of her, you will be see a couple fresh posts on her blog.

Stop by Donna's Security Flash to say "Hi" to Donna.





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Saturday, January 10, 2009

Microsoft On the Issues

With an initial post by Microsoft General Counsel Brad Smith, Microsoft launched a new blog, Microsoft On The Issues, which is intended to address news, perspectives and analysis on legal and policy issues. As explained by Mr. Smith:

"The centrality of tech issues in public life and Microsoft’s history as an innovator in the digital arena have often led to our involvement in public policy debates. These have included a wide range of issues, from broadband access, online privacy and data portability to intellectual property protection, competition law, international trade and immigration.

Over the years we have used a variety of communications vehicles to share our positions.

Today we are launching "Microsoft on the Issues" to open another, more direct line of communication that will enable us to quickly and succinctly provide our perspective on the pressing technology matters of the day. We do not want this to be a one-way conversation. We want to create a transparent dialogue with readers and stakeholders. We want to enhance our participation in discussions that propel policy-making at local, national and international levels."

It will be interesting to see how this new endeavor develops. I am particularly interested in discussion surrounding privacy.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, January 09, 2009

January 2009 Advanced Notification

Just a quick post before ending my lunch break . . . The Microsoft Security Bulletin Advance Notification for January 2009 has been published. One critical security update is anticipated for Tuesday, January 13, for Windows.

See the MSRC Blog for additional information.

References:



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, January 07, 2009

Windows 7 Beta Available!

Steven Ballmer announced that Windows 7 is now available for TechNet and MSDN subscriptions and for the general public on January 9. As Brandon LeBlanc posted:
"On January 9th, the Windows 7 Beta will be available for Windows enthusiasts to
download via the
Windows 7 page on Windows.com. The Windows 7 Beta is going to be available download-only (we’re not sending out physical media) and available for a limited time to the first 2.5 million people who download the beta."

Get the complete information here: Information on Downloading and Installing Windows 7 Beta




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wow! New Look for Kodak.com

Just in time for CES 2009, Kodak rolled out a brand new home page. If you haven't visited lately, now is a great time to stop by http://www.kodak.com.





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

CES 2009 Keynote Address Links

Not at CES and want to see the Keynote? Below are the links for the Live Webcast which will carry Steve Ballmer's Keynote at 6:30 p.m. PST, today, Jan. 7:

http://wm.istreamplanet.com/customers/ms/750_ms_ces_090107.asx (750kbps)
http://wm.istreamplanet.com/customers/ms/300_ms_ces_090107.asx (300kbps)
http://wm.istreamplanet.com/customers/ms/100_ms_ces_090107.asx (100kbps)






Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

CES 2009

The International Consumer Electronics Show (CES) 2009 is about to kick off and everyone is waiting to hear what Steve Ballmer will talk about during the keynote (see Live Webcast, Steve Ballmer Keynote: Microsoft at CES 2009 Virtual Pressroom). There is an lot of interest in circles that I follow as to when the Windows 7 Beta will be available to testers.

In the meantime, it should be noted that Microsoft is not the only company involved in CES. In fact, once again, Kodak received Innovations Awards from the International Consumer Electronics Association with Honors Awarded to KODAK All-in-One Inkjet Printer and KODAK EASYSHARE Digital Frame:

"ROCHESTER, N.Y., Nov. 21 -- Eastman Kodak Company (NYSE:EK) has earned two Innovations 2009 Design and Engineering Awards from the International Consumer Electronics Association (CEA). The honors were announced at the International Consumer Electronics Show (CES) Press Preview in New York City. The KODAK ESP 9 All-in-One Printer earned honors in the Computer Peripherals category, while the KODAK EASYSHARE M820 Digital Frame received accolades in the Eco-Design and Sustainable Technology category."



If you have followed Security Garden for any period of time, you will know that you will enjoy incredible savings on ink with any of the Kodak AiO printers without sacrificing quality. The KODAK ESP 9 and ESP7 both have built-in secure Wi-Fi printing and Ethernet connectivity.





Not to be left out is the KODAK EasyShare M820 Digital Frame enabling you to bring favorite moments back into your life on the 8 in. (20.3 cm) 16:9 wide screen. It provides vibrant color and crisp detail.

At CES 2009, Kodak is introducing the KODAK Z980 Digital Camera, new models in the M-Series Digital Camera line and the new KODAK Zx1 Digital Video Camera.

Get A peek at what's new for CES from Jenny Cisney and read the news release at New introductions from Kodak deliver brilliant images, unique ways to create and easy ways to connect.

For Twitter users, follow Jenny and Jeff Hayzkett or just tune in at Kodak Online Today.






Remember - "A day without laughter is a day wasted."

May the wind sing to you and the sun rise in your heart...

Thursday, January 01, 2009

The Magic Continues In 2009




"Congratulations! We are pleased to present you with the 2009 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others.
...

The Microsoft MVP Award provides us the unique opportunity to celebrate and honor your significant contributions and say "Thank you for your technical leadership."

Toby Richards
General Manager
Community Support Services"

My thanks to the developers of the tools used to help people seeking help in the forums and to all the talented people who share their knowledge behind the scenes.

This is certainly an exciting way to start off the New Year! More about the Microsoft MVP Program here.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

SecurityGarden Archive


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

WinPatrol

Many Security Garden readers are already fans of (my favorite) WinPatrol and know that I frequently include information about WinPatrol here. For those of you who do not have "Scotty, the Windows Watchdog" patrolling your computer, allow me to tell you a bit about WinPatrol.

WinPatrol is a multi-purpose utility designed to increase performance and protect against unwanted changes to your Windows Computer. WinPatrol was introduced in the days of Windows 95 and is compatible with every Windows Operating System, including Windows 7. WinPatrol includes 64Bit support and "works out of the box" without any adjustments necessary. WinPatrol is free for personal use and also has a one-time payment licensed PLUS version.

The features listed below are among the reasons I use WinPatrol, described more fully at the WinPatrol Features page:
  • Delay Startup Programs
  • Warn if AutoUpdate Status Changes
  • Track Date/Time Programs are First Detected
  • Prevents Changes to File Type Associations
  • Keylogger Detection
  • Kill Multiple Tasks in One Step
  • Twenty Thousand Program Descriptions
  • Disable Vulnerable Active X Controls
  • Create Hijack Style Log Files



WinPatrol Posts at Security Garden

Microsoft Sites



The Microsoft sites listed below provide essential security information:






  • Microsoft Safety & Security Center
    The latest in computer security information for Consumers, Developers, IT Professionals and Businesses.
  • Microsoft Support Lifecycle
    Support lifecycle information for product families. For an alphabetized list of all Microsoft products, see the Support Lifecycle Index page.
  • MMPC: Microsoft Malware Protection Center Blog The MMPC Blog includes day-to-day, “behind the scenes” information about new, emerging and interesting malware threats as well as other research topics in the computer security field.
  • MMPC: Microsoft Malware Protection Center Portal
    The MMPC includes a wealth of information. It is your source for the latest definitions and change logs for Microsoft security software. Research malware, get guidance and advice, links to additional tools and resources, submit a sample and more at the MMPC.
  • MSRC - Microsoft Security Response Center
    The MSRC is "the" source for information from the Security Response team on Security Bulletins, Security Advisories and information about vulnerabilities, mitigations, and workarounds.
  • Microsoft Trustworthy Computing Blogs
    This site tracks all Microsoft Trustworthy Computing blogs.
  • Security Research & Defense
    Obtain information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance. In particular, a source to obtain additional technical information on security updates.
  • Security TechCenter -- Get links to technical bulletins, advisories, updates, tools, and prescriptive guidance designed to help IT pros keep Microsoft servers, desktops, and applications up to date and secure. 
  • Security Tips & Talk --  Regularly updated with tips to protect your digital devices with security, safety and privacy advice for the whole family.
  • Microsoft Security Bulletins -- Obtain detailed information on security updates for all Microsoft products.

A complete list of official Microsoft team blogs is available at BlogMS, updated weekly.



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Subscribe | Follow

Like on Facebook  Like Security Garden on Facebook.

Follow Click to follow Security Garden on Twitter.

To receive regular updates subscribe to Security Garden via "RSS"

Subscribe by E-mail via FeedBlitz. Just type your E-mail address in the box below and click Submit. Confirm the E-mail received from FeedBlitz.
















Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Awards | Associations

Microsoft Most Valuable Professional

I am honored to have been awarded and re-awarded a Microsoft Most Valuable Professional since 2006 in Consumer Security.

"The Microsoft MVP Award recognizes exceptional technical community leaders from around the world who voluntarily share their high quality, real world expertise with others. Microsoft MVPs are a highly select group of experts representing technology's best and brightest who share a deep commitment to community and a willingness to help others. Worldwide, there are over 100 million participants in technical communities; of these participants, there are fewer than 4,000 active Microsoft MVPs.
At Microsoft, we believe that technical communities enhance people's lives and the industry's success by providing users with the opportunity to have conversations about technology that catalyze change and innovation. Technical communities help users adopt new technologies more quickly and more effectively. Also, they help Microsoft product developers understand the "pulse" of our users and better meet our customers' needs. As the most active, expert participants in technical communities, MVPs are recognized and awarded for their inspirational commitment to technical communities.
In order to receive the Microsoft MVP Award, MVP nominees undergo a rigorous review process. Technical community members, current MVPs, and Microsoft personnel may nominate candidates. A panel that includes MVP team members and product group teams evaluate each nominee's technical expertise and voluntary community contributions for the past year. The panel considers the quality, quantity, and level of impact of the MVP nominee's contributions. Active MVPs receive the same level of scrutiny as other candidates each year."
Alliance of Security Analysis Professionals

I have been a member of ASAP since its formation in 2004 and serve as Secretary, ASAP Admin Council.

ASAP
"ASAP stands for the Alliance of Security Analysis Professionals™.

ASAP started out as a small band of security support sites under siege, but has expanded rapidly to include the "Best of the Best" the Internet Security Community has to offer.

ASAP is made up of internet security oriented website and forum owners, administrators, and staff, as well as individuals, companies, and various organizations also dedicated to providing security related support to computer end users.

ASAP is a joint effort dedicated to assisting end users with as seamless a process as possible by using methods such as cross-referrals, multiple product support services, easy information access, and cross referencing with verification.

ASAP's goals are:

  • To ensure a high standard and quality of security support no matter where you seek help.
  • To recommend in an equal and fair manner products available to keep your computer clean and safe, regardless of pricing.
  • To ensure that end users are not affected by so called "product wars" and unfair marketing tactics, which have plagued several industries in recent years.
ASAP ensures that quality support and assistance will be freely available - knock one of the support networks out and another will pick it up immediately. In addition, pooled resources permit the ability to provide support redundancy, thereby adding an additional layer of protection against Internet based threats.

If you see the ASAP logo or banner used by a website, bulletin board, or individual, you can be assured that you're getting the best support and assistance possible. ASAP members have varying fields of expertise: some ASAP members provide assistance with anti-virus software, firewalls, computer hardware issues, security updates, phishing, etc., while others provide log analysis and specialized malware removal. The combined efforts of all ASAP members are dedicated to providing free security-related support to computer end users.

ASAP is a non-profit, volunteer network."

United Network of Instructors and Trained Eliminators

I am proud to be a member of UNITE, which provides a valuable venue for communication within the security community.

UNITE

"UNITE stands for:
  • Unified
  • Network of
  • Instructors and
  • Trained
  • Eliminators
If you are being helped by a member of UNITE, you can be assured that you are receiving help from a well trained malware fighter who has the support of hundreds of the industry's best experts.

UNITE members are people from all walks of life who have taken the time to graduate from at least one of the big online training institutions, or have comparable experience. Each institution runs completely independently, but each has one goal in mind: the safe and successful removal of malware from every victim's computer.

To become a member of UNITE, contact a current UNITE member for information."







Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...