This week, Xbox LIVE issued a Service Alert warning that you might receive phishing messages if you play the Xbox game Modern Warfare 2. If you receive a matchmaking message that seems suspicious, ignore it.
Microsoft is aware of the problem and is working to resolve the issue. For the most current information, see Xbox LIVE Status.
To help protect yourself from phishing and fraud, see Email and web scams: How to help protect yourself.
A vulnerability is a weakness that enables a cybercriminal to attack computer hardware, software, or services. Companies or individuals sometimes find vulnerabilities in the software of other companies, and there are different ideas about what to do with that information. Some companies disclose it publicly, possibly with the idea of pressuring the owner to fix it quickly. However, this also exposes vulnerabilities to cybercriminals.
Last summer Microsoft announced that we would be working directly with researchers and vendors to minimize the security risks for customers through a process called Coordinated Vulnerability Disclosure (CVD). Last week we announced an update to this process.
Here's a simple description of how CVD works:
Finders disclose newly discovered vulnerabilities in hardware, software, and services directly to the vendors of the affected product or to a coordinator who will report to the vendor privately. The finder then allows the vendor time to diagnose and offer fully tested updates, workarounds, or other corrective measures before the finder discloses detailed vulnerability or exploit information to the public.
The vendor continues to coordinate with the finder throughout the vulnerability investigation and provides the finder with updates on case progress. Upon release of an update, the vendor may recognize the finder in bulletins or advisories for finding and privately reporting the issue.
For a more detailed description, see Microsoft Security Response Center: Coordinated Vulnerability Disclosure or watch a video about how CVD works at TechNet Edge.
These days almost everything online requires a password. You already know that you should use complicated passwords and that you shouldn't use the same password for every account. Here are more tips on how to create stronger passwords and how to test your password strength.
If you want to know why it's so important to create different strong passwords for all of your accounts (and to change them often), see How I'd hack your passwords by MSN Money blogger, John Pozadzides.
Part of our job is to keep track of the latest Internet threats-viruses, spyware, rogues, bots, zombies, or some other form of insidious cybercrime that hasn't even been invented yet.
Since the fix for most of these threats is the same, downloading and installing Microsoft Security Essentials, we often categorize all of the threats with the umbrella term "malicious software" or "malware."
We thought you might be interested in learning exactly what we mean by that. If so, see our newest article, What is malware?
We try to answer as many of your email messages and comment questions as we can. But if you want a faster answer (or a second opinion), try Microsoft Answers. Here, Microsoft support engineers and super geek volunteers from around the world participate in a forum for tech questions.
Follow these links to find answers to popular questions that you've been asking us lately:
To get answers to additional questions, type your question into Microsoft Answers or browse the forums on the following topics:
A friend recently forwarded us the email below because they thought it was a scam. They were right. This email is a great example of three easy ways to detect a scam.
Microsoft releases security updates on the second Tuesday of every month. Today Microsoft released 17 security updates.
Get the updates.
Watch a video about the updates.
To get more information delivered to your email inbox, sign up for our security newsletter.
We recently received an email from a reader asking us if the security updates that we're always encouraging you to download and install are free.
Yes. Security updates from Microsoft are always free.
Security updates for Windows help protect against new and ongoing threats to your computer and your personal information. The best way to get security updates is to turn on Windows automatic updating, which is also free. If you don't want to use automatic updating, you should check for new updates about once a week.
For more information, see Understanding Windows automatic updating.
More free stuff
Regular updates are a great way to help secure your computer, but you also need protection from malicious software. To help safeguard against malicious software, download Microsoft Security Essentials, which is also free.
Stay informed about the latest security issues by visiting the Microsoft Safety & Security Center and sign up for our security newsletter.
Watch experts from Microsoft and other organizations explain how botnets work and how Microsoft and Pfizer helped bring down the Rustock botnet, a notorious source of spam, fraud, and cybercrime.
Watch the video from CNBC World Business:
Rustock Takedown Is Part of Larger War on Spam
A blog reader recently wrote in:
"A Facebook friend just told me that if the web browser says http:// and not https:// that my security is compromised. Is this true? How can I fix it?"
Your friend is right. Sort of.
If you're just browsing the web and not entering any sensitive information, http:// is just fine. However, on pages that you enter your password, credit card number, or other financial information, you should always look for the https:// prefix. If you don't see the "s," don't enter any information that you want to keep secure.
What does HTTP stand for?
HTTP stands for Hypertext Transfer Protocol. It's the first element you see in any URL and you can think of it as the language used to deliver information over the web. Most web browsers (including Internet Explorer) use an encrypted protocol called Secure Sockets Layer (SSL) to access secure webpages. These pages use the prefix HTTPS. The "s" stands for secure.
Now, since you mentioned that this was a Facebook friend that told you this, we think you might be referring to the recent changes that Facebook made to help increase your privacy. You can now adjust your Facebook security settings so that you only browse Facebook in the https:// mode.
To learn how to browse Facebook in the https:// mode, see The Facebook Blog: A Continued Commitment to Security.
For more tips on how to tell if a website is secure, see How to shop online more safely.
Last week we released the newest version of the Microsoft web browser, Internet Explorer 9. With this new version we also introduce the Add-on Performance Advisor which helps keep you safe from add-ons that might slow down your browser.
Internet Explorer 9 is free. Download it now.
Web browser add-ons are pretty much what they sound like. They're features that you can add on to your browser to make it faster, more efficient, or just more fun. In Internet Explorer 9 if an add-on is slowing down your web browsing experience, you'll see a warning in the notification bar that tells you how to disable the add-on or fix the problem.
In Internet Explorer 9 you can see the add-ons that you already have installed by clicking the gear icon, and then clicking Manage Add-ons.
Some examples of add-ons are:
See more add-ons at the Internet Explorer Add-ons Gallery.
As with any other software download, there is a risk that an add-on might include malicious software. So before you download a new add-on, consider whether the increase in speed, efficiency, and fun is worth that risk.
To help protect yourself against dangerous add-ons:
For more information: