- Posted by christhi on March 25, 2010
Microsoft User Experience Kit launched today at SXSW
Today at SXSW, of which Microsoft Silverlight is a major sponsor of the Interactive Festival, Microsoft User Experience Kit is targeted at technical and creative leads who want to better understand the tools, technologies, and scenarios that span Microsoft’s User Experience ecosystem. Key topics range from “Building Immersive Multi-channel Solutions using Expression Studio” to “High fidelity and high Performing Desktop Touch Applications using Windows 7” to “Web Branding and Audience Targeting using SharePoint”. The kit’s contents can be browsed online and/or downloaded for offline use. It includes videos, presentations, sample code, and much more. Get the kit at http://uxkit.cloudapp.net!
The UX Kit is unique because while many technology-specific repositories exist, this is the first kit that helps “map” the Microsoft ecosystem, technology, and tools stack to that of the user experience, agency, and creative world.
Included in the UX Kit is a range of collateral and resources including: videos, reference implementations, sample code, live demos, installable tools, presentations, whitepapers and more. Featured technologies include Silverlight, Windows Presentation Foundation, Windows 7 Touch, Microsoft Surface, Windows Phone, SharePoint, Expression Studio, and Microsoft Advertising. Topics covered on the kit range from Rich Media Delivery using Silverlight and Deep Zoom to Multi-Channel Digital Marketing using Windows 7, SharePoint, Windows Phone, and Surface.
·
FAQ
Why another kit? There are many technology specific repositories but nothing that helps “map” the Microsoft ecosystem, technology, and tools stack to that of the user experience, agency, and creative world.
What is in the kit? Collateral such as videos, reference implementations, sample code, live demos, installable tools, presentations, whitepapers and more.
What technologies and tools are featured? Silverlight, Windows Presentation Foundation, Windows 7 Touch, Microsoft Surface, Windows Phone, SharePoint, Expression Studio, and Microsoft Advertising to name a few.
What topics are covered? Topics range from Rich Media Delivery using Silverlight and Deep Zoom to Multi-Channel Digital Marketing using Windows 7, SharePoint, Windows Phone, and Surface.
How do I “get the kit”? By following the link here! The kit’s browser is fully written in Silverlight and hosted on Microsoft Azure.
When can I “get the kit”? The Microsoft User Experience Kit will be launched on March 15th at South by Southwest in Austin and go live right here. – http://uxkit.cloudapp.net
- Posted by christhi on March 30, 2009
Conficker is a worm that is affecting some of our customers today, but industry experts agree that it is not likely to be a broad threat to the Internet. Microsoft is actively working with the industry to prevent the spread of the Conficker worm to help protect our mutual customers. We believe that most home users will not be affected by Conficker because the majority of customers sign up to have their machines automatically protected by Microsoft. You can find out whether you’ve been updated automatically on Microsoft Windows Update. Microsoft still maintains a $250,000 reward for information that results in the arrest and conviction of those responsible for illegally launching Conficker on the Internet. Anyone who is concerned about Conficker can get more information and free support by going to http://microsoft.com/protect or customers in the US and Canada can call the PC Safety hotline at 1-866-PCSAFETY.
Just as we take measures to protect ourselves from criminals in the real world, we must protect ourselves from potential online threats. Microsoft has offered a $250,000 reward in hopes to capture the criminals behind Conficker and also created a Conficker Working Group to bring the industry together to keep the Internet a safe and resourceful tool for everyone. To learn how you can help protect your computer, visit www.Microsoft.com/protect. It’s important to remember when these issues come up, that computers are generally safe if the right precautions have been taken to protect them. At Microsoft, we still believe in the Internet as an important place to work, play and live.
Q&A: April 1, 2009
Q: What will happen on April 1, 2009?
A: Based on our collective technical analysis, we’ve determined that systems infected with the latest version of Conficker will begin to use a new algorithm to determine what domains to contact. We have not identified any other actions scheduled to take place on April 1, 2009.
Q: Will an updated version of Conficker go out to already-infected systems on April 1, 2009?
A: It is possible that systems with the latest version of Conficker will be updated with a newer version of Conficker on April 1, 2009 by contacting domains on the new domain list. However, these systems could be updated on any date before or after April 1, 2009 as well using the “peer- to-peer” updating channel in the latest version of Conficker.
Q: Should the general public be alarmed? Why or why not?
A: No, the general public should not be alarmed. Most home users have been protected by Microsoft Security Update MS08-067 being applied automatically.
Q: What should people who are worried about April 1, 2009 and Conficker do?
A: We recommend that home users who have not yet enabled automatic updates do so and ensure their security software is up to date with the latest antivirus signatures for Windows Live OneCare, or the antivirus product they use. We recommend that enterprise customers continue to focus on the guidance from Microsoft and take multiple measures to minimize the risk of getting infected: Fully Install the MS08-067 update on all Windows computers in your environment. Because 100 percent deployment can be challenging in diverse enterprises, the next defense-in-depth steps can help minimize the risk too.
Use an antivirus product that has solid detection of Conficker. Such an antivirus program should be able to block the worm from copying itself to other machines. For example, Microsoft Forefront Client Security and Windows Live OneCare can detect and block this worm from the very first day of its discovery. Use strong passwords both for any user account and also for any file share in your environment. Make sure to use only AutoPlay options that you are familiar with as other options may have been added by malicious software. Some customers may prefer to disable the AutoRun functionality altogether. Evaluate additional security best practices in accordance with their organization’s policies and procedures
Please see our Conficker Web page for additional information on this specific threat. Latest version of Conficker (Conficker.D, Conficker.C or Downadup.C)
Q: How were previously infected systems upgraded to the latest version of Conficker (Conficker.D, Conficker.C or Downadup.C)?
A: Unlike prior versions of Conficker (Conficker.A, Conficker.B, Conficker.C/Conficker.B++), systems infected with the latest version of Conficker (Conficker.D, Conficker.C or Downadup.C) are not infected by being attacked by other systems infected by Conficker. Systems with the latest version of Conficker (Conficker.D, Conficker.C or Downadup.C) were previously attacked and infected with Conficker.B. These already-compromised systems were then “upgraded” to the latest version of Conficker (Conficker.D, Conficker.C or Downadup.C).
Q: How were Conficker.B systems upgraded to the latest version of Conficker?
A: Some systems infected with Conficker.B were able to access for a brief period of time a small number of domains that the Conficker Working Group was unable to bring under its control. The Conficker malware on these systems was “upgraded” to the latest version, Conficker.D (also known in the industry as Conficker.C or Downadup.C).
Q: How many Conficker.B systems have been upgraded to the latest version of Conficker (Conficker.D, Conficker.C or Downadup.C)?
A: While we don't conclusively know, we believe only a minority of Conficker.B systems were upgraded to the latest version of Conficker (Conficker.D, Conficker.C or Downadup.C) based on the limited time window that the small number of domains that were not under the Working Group’s control were available.
Q: If some of the Conficker.B systems were upgraded, doesn’t that mean that the Conficker Working Group’s effort has failed?
A: No, Microsoft and the rest of the Conficker Working Group has been focused on finding ways to disrupt Conficker activity as much as possible. The fact that most systems infected with Conficker.B have not been upgraded to the latest version of Conficker (Conficker.D, Conficker.C or Downadup.C) shows that we have been successful in those goals.
Q: How is the domain generation algorithm in the latest version of Conficker different from that in earlier versions?
A: The domain generation algorithm in the latest version of Conficker generates a larger number of possible domains to try and contact more domains than earlier versions. Specifically, there are 50,000 possible domains that it will attempt to contact and will visit 500 of these within a 24-hour period.
Q: What is the Microsoft doing about this new algorithm?
A: Microsoft has been working continuously to block access to domains that systems infected by Conficker attempt to contact. We are continuing this work and have expanded this effort to include those domains that will be contacted by the latest version of Conficker starting on April 1, 2009.
Q: Are there any other changes in the latest version of Conficker?
A: The latest version of Conficker also introduces a new “peer-to-peer” updating capability. This capability could enable a system infected by the latest version of Conficker to receive a new version or new instructions by contacting another system infected by Conficker rather than by contacting a domain determined by the domain generation algorithm.
Q: When did the latest version of Conficker come out?
A: Conficker.D was first detected by Microsoft on March 6, 2009. Impact of Conficker on Affected Systems
Q: What does the Conficker worm do to systems?
A: A system that is successfully infected by the Conficker.A or Conficker.B worm will attempt to infect other systems. Additionally, a system infected with any version of the Conficker worm will attempt to contact Web sites using domain names generated by an algorithm within the Conficker malware. Versions of Conficker.B and later will also seek to disable several important programs on the system related to security and update management on the system.
Q: We’ve seen some reports that this worm blocks people from receiving updates, including antivirus updates. Are you seeing this and what are you doing about it?
A: Yes. Often malware attacks use a variety of tactics to remain on the system and undetected. We continue to encourage people who feel they may be infected with the worm and are unable to access updates, to visit http://safety.live.com and run the Windows Live OneCare safety scanner to check for and remove any malware.
Q: How significant is Conficker, especially compared to other big worms, botnets, and security events like this?
A: Cyber threats have rapidly evolved from disruptive worms and large scale malware to complex, stealthy attacks that can target specific classes of users. This is a unique instance where the broader security community has collectively come together to commit expertise and intelligence to defend beyond our boundaries and better help protect Internet users. Conficker Propagation
Q: How does Conficker spread?
A: The Conficker worm family spreads in several ways. Conficker.A and Conficker.B seek to exploit a vulnerability that was addressed at the end of October 2008 with Microsoft Security Bulletin MS08-067. Conficker.B also seeks to spread by targeting weak password policies, unprotected file shares and USB devices. The latest version of Conficker does not seek to spread itself to uninfected systems. Instead, some systems that were infected with Conficker.B were “upgraded” to Conficker.D when they contacted a domain under the control of the malware author.
Q: Who is responsible for this worm? Is it Microsoft because it partially exploits a Windows vulnerability?
A: Cybercriminals are responsible for this malware as they released it on the Internet, and are intentionally exploiting people’s computers and information. Criminals will likely continue to focus on building malware that enables them to steal data, personal information, storage and bandwidth. Social engineering will likely continue to be a primary attack vector and installation method for this malware as criminals are increasingly abusing previously trusted channels of distribution.
Q: Why is there such disparity of numbers in the industry with regards to Conficker infections? We have seen anywhere from one million people affected to 16 million?
A: Because different companies use different methodologies to project infection levels, there has been variation in the reported number of infected machines. We estimate that there are three million machines currently infected by the worm.
Q: Does Conficker spread through AutoRun? If so, what can I do to protect myself?
A: Conficker.B and Conficker.C do try to spread through the Autorun feature. No other version of Conficker seeks to use the Autorun feature. Microsoft published guidance on how to mitigate infection attempts using Autorun, which has been a common vector manipulated by the Conficker (a.k.a. Downadup) worm. Information can be found here. Customers who have downloaded MS08-038 and have followed the guidance provided in Microsoft Knowledge Base (KB) article 953252 are protected from this vector of attack.
Q: We hear talk of an impending second phase of attacks from Conficker. What do you anticipate happening next?
A: There may be a second phase of the threat at some point in time. However, we believe based on similar situations in the past, that the tremendous level of awareness and monitoring of this worm by industry and law enforcement will be a deterrent to a large second wave of attacks. At the end of the day, we can’t speculate on the intentions of criminals, but what we can do is work to limit the impact of any second phase.
Q: Why does Conficker continue to spread even though Microsoft issued the update in October?
A: There is always some percentage of customers who don’t apply an update at any given time, due to a variety of reasons. While most home users have been protected by Microsoft’s MS08-067 security update being applied automatically, once the worm gets a foothold inside an enterprise, it’s difficult to remove and this is where most people are having problems.
Q: Why is Conficker using domain names? Is this a new trend?
A: It is trying to download malware from these domains and it also uploads infection counts to these domains, but this is not a new trend. Domain Technical Questions
Q: How will you disable domains targeted by Conficker?
A: Microsoft is working with partners to identify and register any previously unregistered domains and thus pre-empt registration of those domains for potential criminal use. Secondly, a number of the domains are being redirected toward ‘sinkhole’ servers that are owned by trusted research partners around the world. ‘Sinkhole’ servers allow researchers to observe the worm’s activity.
Q: Are those domains that receive information from Conficker attacks, hosting malware... how is that defined?
A: Microsoft and others are actively monitoring all the domains. Of the domains not registered through this collaborative effort, none are showing any malware.
Q: What is ICANN's role? Is ICANN telling registrars they have to cooperate?
A: ICANN’s support and partnership has been enormously helpful throughout this collaboration. However, any inquiries about their specific actions and efforts within this group should be directed to ICANN, as we are not in a position to comment for them.
Q: How does this work for registrars that aren't part of this effort? Will they have their name server entries blocked?
A: If an individual attempts to request a domain that has already been registered, they will be denied the ability to register that domain.
Q: When did Microsoft work with ICANN and security researchers to disable domains targeted by Conficker? How many were disabled? Is that an ongoing effort?
A: Up to 500 domains a day are being disabled as part of this ongoing industry collaboration.
Q: Who is in charge of identifying the domains, contacting their owners and then the actual disabling?
A: The overwhelming majority of these domains are not owned, thus only a small percentage need to be addressed. Microsoft is working together with its partners to address the remaining domains.
Q: What is Microsoft doing with these domains?
A: A large percentage of these domains are being blocked from being registered. Secondly, a number of the domains are being redirected toward ‘sinkhole’ servers that are owned by trusted research partners around the world. ‘Sinkhole’ servers allow researchers to observe the worm’s activity.
Q: Are only the “spammy” domains affected?
A: The Conficker worm did not target one top-level domain (TDL) in particular. Many common TLDs that are in use including TLDs and some commonly used “cc TLDs” were included in the domains affected. Most of the domains are just a semi-random group of characters, nothing meaningful.
Q: How can this algorithm determine if a domain is viable?
A: All domain names are potentially valid.
Q: If registries are registering the domains listed in the worm, can’t Conficker just generate another list?
A: A new variant of the worm would be required for this to happen. Disruption Announcement
Q: What did you announce?
A: As part of Microsoft’s continuing efforts to protect its customers, Microsoft announced a collaborative effort with technology industry leaders and academia to implement a coordinated, global approach to combating the Conficker worm.
Q: Why are you announcing this now? Is there a new threat?
A: As part of the normal threat mitigation process, Microsoft first gathered information about this threat, and then thoroughly analyzed the issue to determine the best course of action. After review, it was determined that Microsoft would reach out to industry partners to address this threat, effectively continuing a long standing trend of community-based defense against malware and online threats. As many customers around the world are affected by the Conficker worm, Microsoft feels that it is imperative to protect customers by both leveraging internal expertise and partnering with industry allies to proactively prevent the use of similar attacks in the future
Q: What does Microsoft hope to accomplish with this collective effort?
A: At Microsoft, we’re working to prevent cybercrime in every way possible: legally, technologically and through consumer education. We can’t do it alone, which is why we’re proud to partner with government, law enforcement and industry groups in this effort. A holistic comprehensive defense in depth approach in the enterprise, adapted and designed for that enterprise is needed to combat today’s threats – but that has always been the case. With our continued partnership with other security vendors, ICANN, security researchers and domain name operators, we hope to slow down the worm moving forward.
Q: What was Microsoft’s role in this process?
A: As cyber threats have rapidly evolved, a greater level of industry coordination and new tactics for communication and threat mitigation is required. To optimize the multiple initiatives being employed across the security industry and within academia, Microsoft helped unify these broad efforts to implement a community-based defense to disrupt the spread of the Conficker.
Q: Who at Microsoft is involved?
A: Microsoft has mobilized its ISET (Internet Security Enforcement Team), MMPC (Microsoft Malware Protection Center) and MSRC (Microsoft Security Response Center) to collaborate with vendors, security researchers, ICANN and operators within the domain name system to disrupt the use of the worm and prevent potential attacks.
Q: What other parties have been involved in this work?
A: Organizations involved in this collaborative effort include Microsoft, ICANN, Neustar (.biz), Verisign (.com, .net and .cc), CNNIC (.cn), Afilias (.info), Public Internet Registry (.org), Global Domains International, Inc. (.ws), Symantec, AOL, F-Secure, M1D Global, Microsoft Active Protections Program partners , ISC, researchers from Georgia Tech, The Shadowserver Foundation, Arbor Networks and Support Intelligence.
Q: Who led this effort?
A: Microsoft has facilitated and led this industry collaboration, but it’s been the collective expertise and contributions that has really made this an unparalleled global security response.
Q: What is different about this collaboration? Why now?
A: Cyber threats have rapidly evolved from disruptive worms and large scale malware to complex, stealthy attacks that can target specific classes of users. This is a unique instance where the broader security community has collectively come together to commit expertise and intelligence to defend beyond our boundaries and better help protect Internet users.
Q: How has government or law enforcement been involved in this effort?
A: Microsoft works with law enforcement to combat cyber crime around the world, and this issue is no exception. Microsoft supports law enforcement by providing them with investigative and forensic assistance, in an effort to identify and target the cybercriminals who are preying on Internet users.
Q: How will the coordination of these parties influence action in the future?
A: Cybercrime is a global issue that ignores boundaries and jurisdictions. It can’t be tackled by any one agency or industry working in isolation. The future requires broader public/private partnerships on a global scale with cooperation among governments, law enforcement and industry.
Q: Is this an ongoing partnership?
A: As cyber threats have rapidly evolved, a greater level of industry coordination and new tactics for communication and threat mitigation is required. Microsoft helped unify these broad efforts to implement a community-based defense to disrupt the spread of Conficker, and is committed to working with the technology industry through collaborations and formal partnerships. Examples of these include Microsoft’s involvement with Industry Consortium for Advancement of Security on the Internet (ICASI), as well as the collaborative dialogue Microsoft participated in during the DNS vulnerability in 2008.
Q: What is the goal of this Working Group? What’s the measure of success?
A: Microsoft and the rest of the working group has been focused on finding and implementing ways to disrupt Conficker activity as much as possible. While eradicating Conficker through our work would be desirable, the realistic goal is to disrupt Conficker-related activity as much as possible to provide customers more time to deploy MS08-067 and clean systems infected by Conficker. Antivirus Reward
Q: What is the Antivirus Reward?
A: Microsoft has announced a US$250,000 reward for information that results in the arrest and conviction of those responsible for illegally launching the Conficker worm.
Q: Where should people go with information?
A: Individuals with information about the Conficker worm are encouraged to contact their international law enforcement agencies. Additionally, Microsoft has implemented an Antivirus Reward Hotline, 1-425-706-1111, and an Antivirus Reward Mailbox, avreward@microsoft.com,where tips can be shared.
Q: When was the last time Microsoft announced the use of the reward program?
A: The last time Microsoft announced a reward for information leading to an arrest and prosecution of malware was in 2004 as a result of Sasser.
Q: When was the last time Microsoft paid out a reward? How much has been paid out?
A: Microsoft disclosed a payment of $250,000 in July 2005 in relation to Sasser.
Q: When did AV Reward start?
A: The Antivirus Reward program began in 2003.