Given that Microsoft itself recommends anti-malware for Windows 7, this back-and-forth seems to be a moot point. What is still up for debate is the relationships that security companies are going to play with regards to Microsoft’s product.

Microsoft has five business segments: Client, Server and Tools, Online Services, Microsoft Business Division, and Entertainment and Devices. Security is part of the Server and Tools division . While Microsoft has made progress in augmenting its operating systems with some security features like SmartScreen, BitLocker and AppLocker, these additions are usually evolutionary in nature and focused on securing Microsoft products only and not customer data as a whole.

Security is not a zero sum solution. Customers are looking for complete protections against the known and unknown malwares, data loss, intrusion prevention, … You can read more about McAfee’s view on whether Windows 7 changes the security equation in a brief white paper.

At the end of the day, security is an essential part of everyday digital life, especially when it comes to computers. What large security companies such as McAfee bring to the table is a dedicated security focus. In a sense, these companies complement Microsoft by letting it do what it is best at (developing an OS or application) and taking care of what they do best (securing these applications).

Microsoft has rated several of these vulnerabilities as critical and recommends rapid adoption of these patches as exploits are expected to begin circulating for several in the next few days.  No small task when you’re talking about thousands of endpoints.

McAfee customers using Total Protection for Endpoint were once again secured by zero-day protection enabled by default.  With this protection, IT teams patch less frequently and urgently to save time, money, and effort.

McAfee VirusScan’s buffer overflow protection is expected to provide proactive protection against exploits of 22 out of 34 new vulnerabilities this month. McAfee’s Host Intrusion Prevention is expected to provide proactive protection against exploits of 22 out of 34 new vulnerabilities this month, including enhanced exploit reporting beyond VirusScan’s General Buffer Overflow Protection.

Other security vendors will be working around-the-clock with Microsoft on new signature updates to address these vulnerabilities. 

(This post was co-authored by Evelyn DeSouza and Scott Taschler, a McAfee systems engineer.)

Windows 7
The barrage of security fixes comes a week before Microsoft is expected to officially release Windows 7, a new version of Windows. Five of the security bulletins released today fix security vulnerabilities in the yet-to-be-released operating system, indicating that Windows 7 will bring little change when it comes to the security of Windows.

Booby-trapped Web sites
Many of the vulnerabilities addressed by the fixes could be exploited if a Windows user simply visits a malicious Web site or opens a rigged media file, favorite attack methods among cybercriminals.

Among the fixes the critical vulnerability (MS09-062) exposes Windows XP and Windows Vista users to attacks that exploit the Graphics Device Interface (GDI+), a Windows component used to process image files that has been patched repeatedly over the past couple of years.

Microsoft has repeatedly had to fix problems related to the Graphics Device Interface in Windows and vulnerabilities in the component have been exploited broadly in the past. Security researchers will be looking to reverse engineer today’s patches, which may very well lead to exploits being created.

Zero day vulnerabilities
Of the 13 bulletins, eight are rated critical by Microsoft, the company’s highest risk rating. Five are deemed important, one notch lower on Microsoft’s severity scale. Nine of the vulnerabilities had been previously disclosed, allowing cyberattackers a way to break into Windows systems before the fix was available.

McAfee recommends that users install Microsoft’s patches as soon as possible. Home users should use Windows Automatic Updates while business users need to have a risk management strategy in place to prioritize the patches.

McAfee provides enterprises with endpoint and network based security technology as well as risk and compliance tools to shield against cyberattacks and allow organizations to patch on their own time. Last week we announced Risk Advisor 2.0, which well tell enterprises what risks they face and show what countermeasures to take for protection.

McAfee Labs Security Advisories provide detail on the coverage of McAfee products when it comes to Microsoft’s vulnerabilities. You can subscribe online.

We invented and introduced Artemis because we recognized that a different approach to security was needed to deal with the astronomical growth in malicious software and the rate at which malware keeps coming at us today. The traditional signature-based approach no longer sufficed. 

McAfee Artemis Technology is based in the cloud and provides protection based on correlation of known malware fingerprints, whitelists and behavioral techniques with real-time threat intelligence gathered from the user community and McAfee honeypots. McAfee Artemis Technology is the first always-on, real-time protection system that secures enterprises and consumers from threats as they strike.

Artemis uses information across all threat vectors. It minimizes the exposure to threats by delivering protection within milliseconds, even before a signature update is available—making the endpoints smarter and safer, thereby mitigating the risks and lowering costs remediation.

Artemis Technology is part of our endpoint products and does not require enterprises or consumer to download any additional software to benefit from this real-time protection.

Since our products started shipping with Artemis, millions of endpoints have benefitted from the real-time protection. Artemis has not only increased their level of protection but also lowered the number of helpdesk call the companies had to deal with – tangible cost benefits given the current economic conditions.

Independent tests have clearly demonstrated the highest level of efficacy and protection that Artemis delivers. McAfee continues to strive to ensure that quality of protection (fewest false positives in the industry) is not compromised with higher detection rate.

Recently, our competitors have also announced similar cloud-based technologies, also talking up reputation-based technologies. Albeit a year late, we are glad to see that they recognized the need to supplement their signature based mechanisms with cloud-based protection.

McAfee provides the protection users and business need to ensure this new operating system is protected from malware and other threats McAfee’s latest version of VirusScan for Mac 9.0 supports Snow Leopard and provides fast and efficient malware scanning to protect your personal and/or company data.

As users and companies embark on upgrading to this new version, they also should take the time to consider their security requirements for the Mac platform. There are malware and exploits designed specifically to target the Mac operating system.

For example, earlier this year a Trojan horse threat was discovered on pirated copies of Apple’s iWork 09. This malicious threat, when installed, allows an attacker to remotely access an infected Mac, potentially exposing confidential data.

In today’s threat landscape, cybercriminals are after one thing – data – whether login data, banking data or personal data. The attackers don’t care what type of endpoint they get this from, but just that they get your data.

Existing VirusScan for Mac customers can download version 9.0 with their grant number. If you would like to evaluate this version of VirusScan for Mac, download a trial version.

I’m excited to announce a major new release of ePolicy Orchestrator (ePO), version 4.5, which will help these customers lower costs, improve security & ensure compliance.  This release provides users with new and improved functionality that makes their job of managing security even easier.  ePO is a single management platform that works across systems, networks, and data to not only lower customer costs, but also strengthen security.

Some of the new or enhanced features in ePO 4.5 include:

• New Multi-tiered architecture – Agent handlers can help address scalability and topology issues in their network and, in some cases, limit or reduce the number of ePO servers in their environment. Multiple server management/awareness enables policy sharing across management servers, complete with policy usage reporting.
• Workflow improvements - Now IT can manage with less effort. Common tasks are automated to save time and effort, new tasks can be set on automatic or run on demand, and troubleshooting for single systems or groups of systems is made easier.
• User-based policies – IT can customize security policies based on how users behave and what they need most
• System management integration – Thanks to integration with partner solutions from HP and EMC, ePO can open tickets for closed-loop remediation and troubleshooting, improving communication and response when issues arise
• Better usability – Gain-enhanced visibility, search, and workflow efficiency through the significant and time-saving improvements to the ePO user interface

Still want to learn more then click here to listen to why ePO is so great!

That challenge is the same one being issued by CIOs around the world: how do we transform security from a perceived obstacle into a supportive, dutiful business enabler? How do IT teams allow the adoption of new technologies without the risk of opening security gaps and ending up with egg on their face or worse?

It starts by acknowledging two realities: the art of hacking has evolved from being a mostly harmless hobby to a huge, profitable industry. According to a report from Purdue University’s Center for Education and Research in Information Assurance and Security, companies surveyed estimated they lost a combined $4.6 billion worth of intellectual property last year alone and spent approximately $600 million repairing damage from data breaches. A trillion dollars every year! This doesn’t even include the cost of litigation, the erosion of brand value, and ultimately business/customer loss.

The second reality, and one that CIOs are grappling with, is the fact that their current security architectures and processes were simply not built to handle the complexity, severity, or quantity of threats we are seeing today. When spam was just a nuisance, you could put a filter on inbound email and move on to your next task. Now email is the carrier for intelligently developed phishing attempts, and it doesn’t look like spam anymore; a complex breach that could severely impact a business could come from innocently clicking on an application link in Facebook. Worse, security architectures of the past were not built to handle the demands of the distributed, mobile workforce. You need to jump on to less-than-secure networks at the airport, send your vendor a list of customers, and share your patents with manufacturers around the world. And someone is waiting in the wings to acquire and sell all of that information.

McAfee understands and is helping CIOs around the world face these challenges head on. The concept of “optimizing” architectures simply means figuring out ways to integrate processes, get better visibility and control over their security posture, and go from a reactive state of managing security to a proactive state where security is ever-present but transparent to the business. It’s been thrilling to learn that security at McAfee is handled this way, and we help our customers get there as well. And with this week’s launch of McAfee e-Policy Orchestrator (ePO) 4.5 software, I see the opportunity for more and more organizations to readily make the journey from a reactive to an optimized security posture.

As the sun sets in California I thought I should provide an update on Conficker, the Windows computer worm that some predicted could wreak havoc on the Internet today.

Leading up to April 1st there has been a lot of speculation about a mass activation of the Conficker worm. Researchers at McAfee Avert Labs have been monitoring all day for any signs of a Conficker outbreak. As midnight struck across the globe, we have not seen any mass malicious activity. That’s the good news, the Internet is working as well today as it did yesterday.

However, this doesn’t mean Conficker was an April Fools’ prank. The worm is very real and according to some estimates has already infected as many as 12 million computers. Security is not a joke. McAfee Avert Labs today saw Conficker infected hosts attempting to call their master to get instructions, however those calls are not getting through. In the words of Avert Labs Researcher Vu Nguyen: “It is like E.T. phoning home, but nobody’s there.”

Why are Conficker bots not getting new commands from their master? This could be deliberate and the infected hosts may try again later, perhaps over the weekend when people aren’t watching as closely. Today every security company was watching closely and everyone was on high alert.

Computers infected with Conficker become part of an army of compromised computers and could be used to launch attacks on Web sites, distribute spam, host phishing Web sites or other nefarious activities. Additionally, once it is on a computer, Conficker digs itself in by attempting to deactivate security software and sabotaging tools to remove it.

Conficker first surfaced late last year, taking advantage of a security flaw in Microsoft’s Windows operating system to spread. Microsoft provided an emergency fix for the vulnerability last October with Security Update MS08-067. However, because many systems were not patched and not properly secured Conficker has slithered onto many Windows computers.

If you notice that you’re unable to access Web sites such as www.mcafee.com or your security software is acting up, that could be a sign that your system was taken by Conficker.

Protecting against Conficker isn’t hard and being proactive about security is always easier than having to clean up an infection after the fact. There are two basic things that will ensure a Windows computer is shielded against the worm.

1) Install Microsoft’s Security Update MS08-067
2) Run up-to-date antimalware software

A lot more information on Conficker is available on McAfee’s dedicated Conficker page. Also read the more technical Avert Labs blog if you want more detailed information on the worm and its activities today.

Even if the calendar says April 1, security isn’t a joking matter. A worm called Conficker may come back with a roar on April Fools’ Day. While this may be a prank and the actual event could be immaterial, you should make sure your computer systems are protected against this pest.

For many security professionals, including us at McAfee, Conficker is a déjà vu. It brings us right back to the late nineties and earlier this millennium when worms such as Blaster and Sasser wreaked havoc on the Internet by infecting one computer after the other without requiring any user action. It is important to note though that Blaster and Sasser were much more widespread than Conficker.

Conficker first surfaced late last year, taking advantage of a security flaw in Microsoft’s Windows operating system to spread. Microsoft provided an emergency fix for the vulnerability last October with Security Update MS08-067. However, because many systems were not patched and not properly secured Conficker has slithered onto as many as 12 million Windows computers, according to some estimates.

Several variants of Conficker have surfaced since the original. One variant, Conficker.C, could activate on April 1 and start another assault on Windows computers. Computers infected with Conficker become part of an army of compromised computers and could be used to launch attacks on Web sites, distribute spam, host phishing Web sites or other nefarious activities.

Additionally, once it is on a computer, Conficker digs itself in by attempting to deactivate security software and sabotaging tools to remove it. If you notice that you’re unable to access Web sites such as www.mcafee.com or your security software is acting up, that could be a sign that your system was taken by Conficker.

The good news is that protecting against Conficker isn’t hard. There are two basic things that will ensure a Windows computer is shielded against the worm.

1) Install Microsoft’s Security Update MS08-067
2) Run up-to-date antimalware software

Systems that for some reason can not be updated or run antimalware software should be isolated. For enterprises, McAfee’s intrusion prevention products including McAfee’s Network Security Platform and McAfee Host Intrusion Prevention also protect systems from getting hit by Conficker.

Should your computer be infected by Conficker and there is no antimalware solution, McAfee Avert Labs’ Stinger tool can remove the malware. In addition, McAfee Avert Labs has published a technical document to help find Conficker on your systems in case there has been a compromise.

McAfee Avert Labs will monitor the state of the Internet on April 1 and report on any Conficker activity on the Avert Labs blog. Meanwhile, if you have any indication who is behind Conficker, report them to the authorities and you may be eligible for a $250,000 reward offered by Microsoft.

What IT managers might not realize is that virtual machines face all of the security threats of physical machines, plus additional threats stemming from the virtualized environment that need to be addressed. Furthermore, with the expected increase in cybercrime driven by the economic downturn, threats will continue to grow in number and sophistication.

Security can’t continue to play a secondary role in the consideration of virtualization and today’s security solutions. IT departments must address both physical threats and new vulnerabilities introduced by virtualization or resulting security events will reduce the ROI gains achieved by virtualization.

To ensure protection in today’s virtualized environments, IT managers should consider the following:

• Utilize virtualization and security experts. Make sure that the IT team as a whole understands enough about virtualization and security to be able to see where securing virtualization may be an issue. Because the server virtualization team and the security team may not work closely, an outside perspective can help streamline the process
• Review the robustness of existing security offerings for what might have changed and the new threats presented by the virtualized environment
• Secure the virtualized environment from misconfiguration. Identify and follow best practices for configuring and operating the virtual infrastructure
• Automate and formalize, as much as possible, server creation and modification. The benefit will be higher quality – not leaving important details to be remembered, and efficiency – minimizing labor of IT staff.

Make sure that as you cut costs, you don’t cut corners on security. By doing so, you can help ensure that your organization actually reaps cost saving benefits, instead of additional costs related to security breaches. McAfee delivers leading integrated security solutions for virtualized environments and provides security assessment services specific to virtualization.