Search This Blog

Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Thursday, March 3, 2016

Meet the Man Who Keeps Microsoft Safe and Secure

As the chief security officer for Microsoft, Mike Howard has more than a passing interest in the things he sees on the nightly news. Whether it's an uprising in the Middle East, the ongoing threat of terrorism or a natural disaster somewhere in the world, the former CIA officer is prepared for the impact various events could have on his company and its employees.
"Cybersecurity is a big issue on everyone's mind as we've become more globalized as a society and businesses have expanded their footprints and everything is digital," Howard said. "But, traditional security issues of theft, violence against employees, terrorism and natural disasters are all still paramount in terms of being the big security challenges for businesses."
This is especially true when your company is so large and so much in the public eye. Howard's security team is ultimately responsible for the safety and security of Microsoft's entire executive team, its 90,000 employees, roughly 90,000 contractors, 700 facilities in more than 100 countries worldwide and all of the visitors to those facilities. He's also responsible, of course, for all of their computers and hardware and the information it they contain.
The Microsoft security teams deals with threats of violence against executives and employees, employee violence, kidnapping threats, terrorism, natural disasters, property theft and, peripherally, intellectualproperty protection (which also falls under the purview of a separate, cybersecurity group at Microsoft).
Security "evangelist"
In Howard's time at the company, the security team has had to evacuate employees from Beirut and the Ivory Coast, has contracted forensic psychologists to examine threatening letters and regularly provides emailed safety information and warnings to all employees who travel overseas.
But it may be his role as an "evangelist" for the company's physical security business group that looms the largest in Howard's job description. Finding ways to communicate and demonstrate the importance of security — both physical and cyber — to the company's executives is the linchpin of developing a security program that manages to keep such a large and public company running smoothly, he said.
"A lot of [Microsoft's commitment to security] has to do with the evangelizing of security on several fronts within the last decade," Howard said. "My IT securitycounterpart and I have worked diligently to really get the movers and shakers, the decision makers here to understand security and to support those security efforts and the pushing down of that message throughout the enterprise."
Howard believes that his work driving home the importance of both physical and cybersecurity is part of the reason that Microsoft's company culture has come to reflect those values.
"We brief all new corporate vice presidents on security, we bring senior executives to the Global Security Operations Center in Redmond, [Wash.] and show them what technologies we employ to keep the company safe," Howard said. "We're not just guys checking doors and responding to emergencies."
Howard believes that Microsoft has come to understand what many companies never do: That cyber and physical security is integral to the company's overall business, and even its marketing plan.
"Security is important to the entire company," he said. "Intellectual property could be compromised and it can affect the company's brand reputation or lead to lawsuits," Howard said. "This realization led to cultural shift with company becoming more security conscious."
Employee assistance
To facilitate the rollout of solid security plans throughout the company, Howard's team has had to essentially deputize every employee to be the eyes and the ears of the company. Microsoft does that with a formal training program.
"Having a training program in place is essential to any security program," Howard said. "Without it, you don’t have a well-rounded security program. We have a certain amount of full-time employees and vendors to cover Microsoft globally; we could never cover the world adequately without educating and creating awareness programs that teach people what to look for."
Today, regular Microsoft employees are instructed to stop a stranger entering a building and ask to see their badge.
"That never would have happened ten years ago," Howard said.
Howard said that good security also involves working with the company's human resources department, which offers employee assistance programs that can help workers in difficult times and potentially prevent an employee problem from becoming a security threat.
"A robust employee assistance program is very important to security issues," he said. A bad economy, problems at home, even dealing with a sick relative can be things that can trigger security issues at work and having a team in place to help solve those problems can prevent them from ever turning into an incident of violence or theft, he said.


Tuesday, November 22, 2011

How to Remove Malware From Your Windows PC

Has a malware infection taken your PC hostage? Here's how to clean it out and restore your PC to a pristine state.

Is your computer running slower than usual? Are you getting lots of pop-ups? Have you seen other weird problems crop up? If so, your PC might be infected with a virus, spyware, or other malware--even if you have an antivirus program installed on it. Though other problems, such as hardware issues, can produce similar symptoms, it's best to check for malware if you aren't sure. But you don't necessarily need to call tech support or the geek across the street to scan for malware--I'll show you how to do it yourself.

Step 1: Enter Safe Mode

Keep your PC disconnected from the Internet, and don't use it until you're ready to clean your PC. This can help prevent the malware from spreading and/or leaking your private data.
If you think your PC may have a malware infection, boot your PC into Microsoft's Safe Mode. In this mode, only the minimum required programs and services are loaded. If any malware is set to load automatically when Windows starts, entering in this mode may prevent it from doing so.
To boot into Windows Safe Mode, first shut down your PC. Locate the F8 key on your PC's keyboard; turn the PC on; and as soon as you see anything on the screen, press the F8 key repeatedly. This should bring up the Advanced Boot Options menu; there, select Safe Mode with Networking and press Enter.
You may find that your PC runs noticeably faster in Safe Mode. This could be a sign that your system has a malware infection, or it could mean that you have a lot of legitimate programs that normally start up alongside Windows.

Step 2: Delete Temporary Files

Now that you're in Safe Mode, you'll want to run a virus scan. But before you do that, delete your temporary files. Doing this may speed up the virus scanning, free up disk space, and even get rid of some malware. To use the Disk Cleanup utility included with Windows, select Start, All Programs(or just Programs), Accessories, System Tools, Disk Cleanup.

Step 3: Download Malware Scanners

Now you're ready to have a malware scanner do it's work--and fortunately, running a scanner is enough to remove most infections. If you already had an antivirus program active on your computer, you should use a different scanner for this malware check, since your current antivirus software may have not detected the malware. Remember, no antivirus program can detect 100 percent of the millions of malware types and variants.
There are two types of antivirus programs. You're probably more familiar with real-time antivirus programs, which constantly watch for malware. Another option is on-demand scanners, which search for malware infections when you open the program manually and run a scan. You should have only one real-time antivirus program installed at a time, but you can keep a few on-demand scanners handy to run scans with multiple programs, thereby ensuring that you're covered.
If you think your PC is infected, I recommend using an on-demand scanner first and then following up with a full scan by your real-time antivirus program. Among the free (and high-quality) on-demand scanners available are BitDefender Free Edition, Kaspersky Virus Removal Tool, Malwarebytes,Norman Malware Cleaner, and SuperAntiSpyware.

Step 4: Run a Scan With Malwarebytes

For illustrative purposes, I'll describe how to use the Malwarebytes on-demand scanner. To get started, download it. If you disconnected from the Internet for safety reasons when you first suspected that you might be infected, reconnect to it so you can download, install, and update Malwarebytes; then disconnect from the Internet again before you start the actual scanning. If you can't access the Internet or you can't download Malwarebytes on the infected computer, download it on another computer, save it to a USB flash drive, and take the flash drive to the infected computer.
After downloading Malwarebytes, run the setup file and follow the wizard to install the program. Once installed, Malwarebytes will check for updates and launch the app itself. If you get a message about the database being outdated, select Yes to download the updates and then click OK when prompted that they have been successfully installed.
Once the program opens, keep the default scan option ('Perform quick scan') selected and click theScan button.
Starting the scan in Malwarebytes; click for full-size image.Starting the scan in Malwarebytes.
Though it offers a full-scan option, Malwarebytes recommends that you perform the quick scan first, as that scan usually finds all of the infections anyway. Depending on your computer, the quick scan can take anywhere from 5 to 20 minutes, whereas the full scan might take 30 to 60 minutes or more. While Malwarebytes is scanning, you can see how many files or objects the software has already scanned, and how many of those files it has identified either as being malware or as being infected by malware.
If Malwarebytes automatically disappears after it begins scanning and won't reopen, you probably have a rootkit or other deep infection that automatically kills scanners to prevent them from removing it. Though you can try some tricks to get around this malicious technique, you might be better offreinstalling Windows after backing up your files (as discussed later), in view of the time and effort you may have to expend to beat the malware.
If Malwarebytes' quick scan doesn't find any infections, it will show you a text file containing the scan results. If you still think that your system may have acquired some malware, consider running a full scan with Malwarebytes and trying the other scanners mentioned earlier. If Malwarebytes does find infections, it'll bring up a dialog box warning you of the discovery. To see what suspect files the scanner detected, click the Scan Results button in the lower right. It automatically selects to remove the ones that are known to be dangerous. If you want to remove other detected items, select them as well. Then click the Remove Selected button in the lower left to get rid of the specified infections.
Removing infections in Malwarebytes; click for full-size image.Removing infections in Malwarebytes.
After removing the infections, Malwarebytes will open a text file listing the scan and removal results; skim through these results to confirm that the antivirus program successfully removed each item. Malwarebytes may also prompt you to restart your PC in order to complete the removal process, which you should do.
If your problems persist after you've run the quick scan and it has found and removed unwanted files, consider running a full scan with Malwarebytes and the other scanners mentioned earlier. If the malware appears to be gone, run a full scan with your real-time antivirus program to confirm that result.

Tuesday, August 30, 2011

When Hackers Become the Good Guys


At DefCon III in 1995, the young crowd of 470 spent their time jamming a local radio station broadcast and playing Hacker Jeopardy at midnight when they couldn't drink at the bar. "Free Kevin" stickers were plastered everywhere protesting the jailing of fugitive hacker Kevin Mitnick, and a 14-year-old ran away from home to attend the event. (I know because I was there.)
At DefCon 19 this year, plenty of the nearly 12,000 attendees had gray hair, most work as security professionals, and some even brought their children. Mitnick was there signing copies of his latest book, "Ghost in the Wires," and posing for photographs, before appearing as a guest on "The Colbert Report" last week.
A community is growing and growing up.
In the early years, DefCon founder Jeff Moss used to say "if you're 20 and you're working for The Man, you're a loser," Richard Thieme, author of "Mind Games" and a professional speaker, recounted in his DefCon talk this year and in an interview with CNET afterward. "Ten years ago, Moss said 'if you're 30 and you're not working for The Man, you're a loser.' And now he agreed that at 40 he is The Man.'"
Moss, aka "Dark Tangent," started DefCon in 1993 as a farewell party to a buddy, only to have it become the world's largest hacker conference. He sold off the more commercial Black Hat security conference, which frees him up for public service--he serves on the Homeland Security Advisory Council and was named the chief security officerfor the non-profit Internet Corporation for Assigned Names and Numbers (ICANN) earlier this year.
Another hacker role model who is having a very direct impact on U.S. cyber security policies and funding is Peiter Zatko, who was better known as "Mudge" when he was a member of The Cult of the Dead Cow (CDC) and L0pht hacker groups in the 1990s. He presented at a session on password cracking and holes in Microsoft software at DefCon in 1996. This year, he gave a keynote talk at Black Hat about his plans as program manager for the information innovation office at the Defense Department's DARPA (Defense Advances Research Projects Agency) to fund hacker spaces and small security start-ups.


Read more: http://news.cnet.com/8301-27080_3-20095649-245/when-hackers-become-the-man/#ixzz1WVPoCjyq

Sunday, July 31, 2011

How to avoid facebook scams

Facebook is the part of people's daily life. It's no. 1 social networking website so it is used for spreading scams by spammers. Scammers search through Facebook user accounts and gather information from public profiles to send phishing emails so they can gather more secure information such as bank account numbers, credit card numbers and user login and password to other secure sites. On facebook scammers use Facebook applications to gather user's information and use their profile to post links of worms and trojans.

Steps to protect your facebook account from scams:

Steps


  1. Avoid clicking on short url's posted in facebook. If you want to click that link, verify it first from the person who posted it. MOst of this type of links are posted by facebook worms.
  2. Most of the scams are of the form of some videos. So avoid to click on such video link without verifying.
  3. If any of your friend send a link with some strange message, ask your friend first before click on those links.
  4. If after clicking on a link, it is aksing for some permission for using your profile information as every application ask before use. Be sure to check all the permission whether it is asking for valid permission or not.
  5. Try to use less application on facebook. Most of the applications on facebook are useless.
i know it's hard to avoid facebook applications but use those application after verifying it. Most of the scammers use your information for phishing and selling your information to other parties