Ryan Naraine

WASHINGTON, DC—The gospel according to LUA (least-privileged user account) took center stage at Microsoft Corp.s Security Summit East here with a pair of Redmond consultants pitching the idea of a well-funded security deployment repository to help developers create applications for non-admin users. The LUA principle, which promotes the use of accounts with fewer access rights […]

Intel Corp.s researchers are working to outwit cyber attackers, including those employing stealthy rootkits. The chip makers Communications Technology Lab, in a project called System Integrity Services, has created a hardware engine to sniff out sophisticated malware attacks by monitoring the way operating systems and critical applications interact with hardware inside computers. By watching a […]

The algorithm used in one of the most debilitating e-mail worm attacks in history has been cracked, allowing virus researchers to accurately predict the dates and URLs that will be used in future mutants. Researchers at Finnish anti-virus vendor F-Secure Corp. first cracked the code used in the Win32.Sober worm family in May this year […]

Microsoft Corp. has announced plans to make several key default changes to Internet Explorer 7s security zones to further harden the browser from malicious hacker attacks. The built-in zones, used in IE to enforce security rules for Web sites by grouping them into categories, will be changed to scrap the use of the “Intranet” zone […]

Whats the retail value of a security vulnerability in Microsoft Corp.s Excel spreadsheet program? At last check: $53 and counting. An unknown security researcher chose a novel way to issue a warning for a code execution flaw in Excel—posting it for sale on eBay. But the auction was pulled late Thursday after discussions between Microsoft […]

Microsoft Corp. has announced plans to ship two security bulletins on Patch Tuesday next week, and security analysts say its a safe bet that one will cover critical flaws in the Internet Explorer browser. As part of its advance notice mechanism, Microsoft said at least one of the two bulletins will be rated “critical,” but […]

A private security outfit has released a proof-of-concept exploit for a security flaw in Firefox 1.5, warning that the code can be modified to launch code execution attacks. However, officials at the Mozilla Foundation are downplaying the threat, insisting the bug is more of an “annoyance” than a serious security vulnerability. The exploit, which was […]

The sharp rise in rootkit detections on Windows machines is a direct result of adware/spyware vendors using sophisticated techniques to hide processes and prevent uninstallation, according to anti-virus vendor F-Secure Corp. The Finnish company, which ships an anti-rootkit scanner in its security suite, has identified ContextPlus, Inc., makers of the Apropos and PeopleOnPage adware programs, […]

A new malicious worm squirming through America Online Inc.s AIM network has the ability to carry on an instant messaging conversation with potential victims. Researchers at IMLogic Inc.s Threat Center spotted the new threat and warned that virus writers are continuing to push the social engineering envelope to trick computer users into downloading nasty malware […]

More than 20 percent of all malware removed from Windows XP SP2 (Service Pack 2) systems are stealth rootkits, according to senior official in Microsoft Corp.s security unit. Jason Garms, architect and group program manager in Microsofts Anti-Malware Technology Team, said the open-source FU rootkit ranks high on the list of malicious software programs deleted […]