Linux vs Windows vs Mac

Microsoft is trying to protect Internet Explorer users by introducing a "privacy mode" for the next release of its Internet Explorer 8 web browser.

By clicking a button, users of IE8 will be able to limit how much information is recorded about where they go online and what they do.

Microsoft watchers have spotted two patent applications covering ways to manage the amount of information a browser logs. When introduced the privacy mode will match features found on other browsers.

Australian blogger Long Zheng has found two patent applications made by Microsoft on 30 July for ideas it calls "Cleartracks" and "Inprivate". The applications deal with methods of erasing data that browsing programs log, turning off features that record sites visited or notifying users of what sites are doing to log a visit. While many browsers already have menu options that let people alter security settings and clear history files it typically has to be done on a use-by-use basis.

Users may wish to turn on the privacy mode if they are planning a surprise party, buying presents or researching a medical condition and do not want others users of the same computer to find out.

Internet Explorer 8 is due to go on general release late in 2008 though early trial versions are already available.

Symantec warns Internet Explorer users about vulnerabilities to attacks targeting ActiveX. According to Symantec’s Sean Hittel, attackers have found a way to serve users the vulnerability prior to exploiting it. Targeted is a critical security flaw in the ActiveX Control for the Snapshot Viewer for Microsoft Access.

Microsoft has patched the vulnerability via a security bulletin issued in July 2008, but the update was deployed only on the systems with the software installed. Symantec claims that all Internet Explorer users are vulnerable.

Recently, we came across a rather unfortunate exploit case for the Access Snapshot Viewer ActiveX Vulnerability that took advantage of a property of the ActiveX system to exploit IE users who did not have the vulnerable control installed. How does one exploit a vulnerability that does not exist on a system you say? Sadly, attackers have found a way to install the vulnerable Access Snapshot Viewer ActiveX control through Internet Explorer prior to exploiting it," said Hittel.

Symantec indicated that the control is signed and as such its insulation is completely silent. In fact, in order to become vulnerable no user interaction is required. The attackers’ aim is to install the vulnerable control on the targeted computers, and then exploit the associated vulnerability.

Once this vulnerable control is installed on the victim’s computer, it is exploited in the same way as if the control was installed all along. To top it off, this attack is carried out as a drive-by attack, so the unprotected user may never know that they were vulnerable, or had been targeted, let alone infected," Hittel stated.

Microsoft’s ActiveX technology is an important factor for attacks due to its ubiquity and distribution model. Symantec has warned that the silent ActiveX installations, part of the core of ActiveX operation, contribute to exposing end users to security risks.

Microsoft is preparing to release a new set of patches for Windows Vista Service Pack 1 and Windows XP Service Pack 3.

"I did want to remind you that this information is intended to help with your planning for testing and deployment for next week’s release. It is preliminary information and it is subject to change," revealed Christopher Budd, Security Program Manager Microsoft Security Response Center. "As part of our regularly scheduled bulletin release, we’re currently planning to release seven Microsoft Security Bulletins with maximum severity of Critical, and five with maximum severity of Important. These updates may require a restart and will be detectable using the newly released version of the Microsoft Baseline Security Analyzer. As we do each month, we’ll be releasing an updated version of the Microsoft Windows Malicious Software Removal Tool."

32-bit Windows XP SP2 and SP3, as well as 64-bit XP and XP SP2 are directly impacted by one Critical and one Important vulnerabilities. Indirectly, the operating systems could also be affected by attacks leveraging Critical holes in Internet Explorer 6 and 7 and Windows Media Player 11, and two Important flaws in Outlook Express and Windows Messenger 4.7 and 5.1.

Users running Windows Vista RTM or SP1 are at risk from attacks designed to exploit a pair of Important vulnerabilities in the latest Windows client. Windows Mail, which is a default component of Windows Vista, also features security holes labeled with a severity rating of Important. However, the Critical vulnerabilities in IE7 and Windows Media Player 11, included by default into the operating system, can act as vectors for attacks.

Slowly but surely, the last major update of the Immortal OS, Windows XP is becoming available via almost every method, with the last thing that needs to be checked by Microsoft being Automatic Updates. The Redmond company will roll out XP SP3 through Automatic Updates ’shortly,’ thus making the 1000+ updates-including package available to practically anyone with XP installed (and an internet connection).

Hopefully ’shortly’ in MS talk means before the end of this week.

Windows® XP Service Pack 3 (SP3) includes all previously released updates for the operating system. This update also includes a small number of new functionalities, which do not significantly change customers’ experience with the operating system. This white paper summarizes what is new in Windows XP SP3.

Open source promoter and Tux fan, Canonical has now released a developer version of the upcoming Ubuntu Mobile Internet Device (MID) Edition 8.04. Available for download in couple of flavors, the operating system is a joint effort of the Ubuntu Mobile and Embedded community and the Moblin.org community. Built upon the foundation of the desktop version of Ubuntu, Ubuntu MID Edition features applications modified to work with a mobile internet device’s smaller screen, a specifically-designed MID browser based on Gecko, lots of customization options, touch screen support and more.

Set to be freely available, Ubuntu MID Edition is expected to be installed onto MIDs arriving before the end of this year. For more info on the MID-friendly operating system check out this page.

Microsoft readies patches for critical vulnerabilities affecting its Windows client and server operating systems, as well as components that ship by default with the platform.

The Redmond company is wrapping up no less than seven security bulletins for an unspecified number of vulnerabilities impacting even Windows Vista and Windows XP, updated with Service Pack 1 and respectively Service Pack 3. The seven security bulletins are scheduled for delivery on June 10, 2008, in accordance with the Redmond company’s monthly patch cycle.

"It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change. As part of our regularly scheduled bulletin release, we’re currently planning to release: three Microsoft Security Bulletins rated Critical, three Important, and one Moderate. As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated," revealed Bill Sisk, security response communications manager for Microsoft.

The three Critical security bulletins will impact both the 32-bit and 64-bit editions of Windows Vista RTM and SP1, Windows Server 2008, Windows Server 2003, Windows 2000 and Windows XP SP2 and SP3. The patches will address vulnerabilities which could allow for Remote Code Execution in the eventuality of successful exploits. According to Microsoft, the Bluetooth service is at risk, along with various versions of Internet Explorer, including 7, 6, 5.01 SP4, and DirectX 10, 9.08.1 and 7.0. Windows XP SP3 and Windows Vista SP1 contain all the high-risk security holes which will be patched by the Critical bulletin on June 10.

"Finally, we are planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS)," Sisk added.

SOURCE: softpedia.com