Apr 18 2018

Microsoft claims to make Chrome safer with new extension

Enlarge (credit: Chrome's unsafe content warning.)

Chrome already provides effective protection against malicious sites: go somewhere with a poor reputation and you'll get a big, scary red screen telling you that you're about to do something unwise. But Microsoft believes it can do a better job than Google, and it has released a Chrome plugin, Windows Defender Browser Protection, that brings its own anti-phishing protection to Google's browser.

Microsoft justifies the new plugin with reference to a 2017 report that claims that the company's Edge browser blocked 99 percent of phishing attempts, compared to 87 percent by Chrome and 70 percent in Firefox. The plugin brings Edge's protection to Chrome, so if the theory holds, it should bump the browser up to 99 percent, too.

The new extension doesn't appear to disable Chrome's own checking (or at least, it doesn't seem to be doing so for me), so at the very least isn't likely to make you less safe, and with phishing being as widespread as it is, the extra protection probably doesn't hurt.

Read 1 remaining paragraphs | Comments

Apr 11 2018

AMD systems gain Spectre protection with latest Windows fixes

Enlarge / An AMD Ryzen. (credit: Fritzchens Fritz)

The latest Windows 10 fixes, released as part of yesterday's Patch Tuesday, enable protection against the Spectre variant 2 attacks on systems with AMD processors.

Earlier this year, attacks that exploit the processor's speculative execution were published with the names Meltdown and Spectre, prompting a reaction from hardware and software companies. AMD chips are immune to Meltdown but have some vulnerability to the two Spectre variants. Spectre variant 1 requires application-level fixes; variant 2 requires operating system-level alterations.

Both Intel and AMD have released microcode updates to alter their processor behavior to give operating systems the control necessary to protect against Spectre variant 2. Microsoft has been shipping the Intel microcode, along with the operating system changes necessary to use the microcode's new features, for several weeks now; with yesterday's patch, similar protections are now enabled on AMD machines.

Read 2 remaining paragraphs | Comments

Mar 13 2018

Patch Tuesday drops the mandatory antivirus requirement after all

(credit: amalthya / Flickr)

In the immediate aftermath of the Spectre and Meltdown attacks, Microsoft created an unusual stipulation for Windows patches: systems would only receive the fixes if they had antivirus software installed and if that antivirus software created a special entry in the registry to indicate that it's compatible with the Windows fixes.

This was due to the particularly invasive nature of the Meltdown fix: Microsoft found that certain antivirus products manipulated Windows' kernel memory in unsupported ways that would crash systems with the Meltdown fix applied. The registry entry was a way for antivirus software to positively affirm that it was compatible with the Meltdown fix; if that entry was absent, Windows assumed that incompatible antivirus software was installed and hence did not apply the security fix.

This put systems without any antivirus software at all in a strange position: they too lack the registry entries, so they'd be passed over for fixes, even though they don't, in fact, have any incompatible antivirus software.

Read 5 remaining paragraphs | Comments

Mar 01 2018

Intel’s latest set of Spectre microcode fixes is coming to a Windows update

Intel Skylake die shot. (credit: Intel)

Windows users running the latest version of Windows 10 on recent Intel processors will soon be receiving Intel's microcode updates to address the Spectre variant 2 attack.

Earlier this year, attacks that exploit the processor's speculative execution were published with the names Meltdown and Spectre, prompting a reaction from hardware and software companies. Intel released microcode updates for its processors to provide operating systems with greater control over certain aspects of this speculative execution; however, the company's initial releases were found to cause problems.

Intel has since fixed the microcode bugs, but until this point Microsoft has said that Windows users should turn to their system vendors to actually get the new microcode.

Read 5 remaining paragraphs | Comments