Microsoft Forges 3 New Security Tools

Despite the best efforts of the computer security industry, hackers are launching more attacks than ever. In turn, members of the industry are working together to combat the threat. In line with this, Microsoft on Monday unveiled some new tools at the Black Hat security conference in Las Vegas, Nev.

These include Microsoft Security Update Guide, Project Quant, and Microsoft Office Visualization Tool.

All are available for free download.

Microsoft also issued a report on how several programs to combat hackers, announced at Black Hat last year, are shaping up.

The Growing Threat

Spam is surging to unprecedented levels, and only last week hackers launched a massive campaign to co-opt free online storage and services to their ends.

This campaign was tracked by security vendor AppRiver. Spammers were creating accounts on Yahoo, LiveJournal and Google Groups through an automated process that broke these sites’ CAPTCHA defense, according to AppRiver security analyst Troy Gill.

CAPTCHA is a test which requires anyone trying to create an account to key letters and numbers shown in a box on the page into a capture field. Up until recently, this would screen out software that automatically created accounts on public sites, because the software could not read and key in the letters and numbers, but that barrier seems to have been overcome.

Spammers want to automate the creation of accounts on public Web sites, as that speeds things up and lets them hit more people in less time.

“We’re in a dire situation where 15 to 20 percent of all packets on the Internet are bad stuff,” David Perry, global director of education at security firm Trend Micro, told TechNewsWorld.

“We don’t just have organized cybercrime, we have every kind of crime, panoply of crime.”

Microsoft’s New Tools

To fight that crime, newer and more sophisticated tools are needed. One of these is Microsoft Security Update Guide, one of the three tools Microsoft released today. It outlines Microsoft’s resources, processes and practices surrounding its security release process.

The second one is Project Quant. This is an open community project that lets IT develop a cost baseline for updates.

The third is Microsoft Office Visualization Tool, which helps customers better understand and deconstruct Microsoft Office-based attacks.

All three are necessary, according to Rob Enderle, principal analyst for the Enderle Group. “Most of the market is being managed almost part-time, and the Security Update Guide would be very helpful,” he said.

Qant lets users figure out what it costs to deal with a security threat and the cost of the alternatives, which may include upgrading to a newer technology. While it could lead them to select a non-Microsoft alternative, that’s the risk Microsoft has to take, Enderle said.

Coping With the Problem

A paper titled “Building a Safer, More Trusted Internet Through Information Sharing,” released at Black Hat, outlined Microsoft’s views on security.

“Cybercrime continues to grow … but a safer online experience can only be realized when customers, the industry and the security and privacy community work together,” the paper stated.

Microsoft’s Active Protections Program supplies Microsoft vulnerability information to security software customers, and a total of 45 companies around the world have joined up so far.

Microsoft Vulnerability Research, another program, shares security expertise with third-party software vendors.

However, these efforts represent only bandages, and more needs to be done, Trend Micro’s Perry said.

“Eventually, we’ll have to jack up the Internet and replace it or build something over it or under it,” he explained. “Every time we knock out the supports from under a structure that supports the majority of criminals, we force them to evolve. We call that civilization. My hope is that the bad guys become so civilized that they can’t be the bad guys any more and become the good guys.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Richard Adhikari
More in Hacking

Technewsworld Channels