Is This Security Alert Really from Microsoft?by Mitch Tulloch, author of Windows Server Hacks
Although you can use Automatic Updates (AU) to keep your Windows XP computer up to date with security patches, it's also good to know exactly what these patches are doing and why they're necessary. One way of doing this is to periodically visit www.microsoft.com and click on the Security link under the Product Resources heading. This takes me to Microsoft's Trustworthy Computing: Security home page, where I find a prominent link to the current month's security updates, which has a link to security guidance on TechNet, where if I just wanted a quick summary I would probably select the Want Less Technical Detail? link, which takes me to a page where I can find a link that says Review the nontechnical summaries, which has a link called This month's security updates summary, which takes me back to where I was earlier and tells me almost nothing about the updates for this month. So this time I'll instead click on security guidance on TechNet and select Microsoft Security Bulletin Summary for June 2005, which finally gives me what I'm looking for--albeit at a technical level that some home users could find daunting. (There seems to be a gap between what Microsoft considers "less technical" detail and "more technical" detail for security bulletins.)
Anyway, there's got to be an easier way of getting information about the patches AU is applying to my system. The answer is to subscribe to email alerts from Microsoft Technical Security Notification Services. These notifications are usually sent out once a month by Microsoft via email to alert administrators about details concerning recently found security vulnerabilities in Windows and the patches that fix them. Once you subscribe to this service, which requires Microsoft Passport, you can receive the alerts in your inbox and keep abreast of what patches AU is applying to your machine.
Of course, not every email that arrives in your inbox and purports to be from Microsoft is actually from Microsoft. Some security bulletins that appear to be legitimate are actually messages with worms or viruses attached, while others are phishing attempts to redirect your browser to a bogus site that can capture sensitive personal info from you or install a Trojan on your machine. How can you tell if a security bulletin in your inbox is really from Microsoft and not from some bad guy? Microsoft tells us four ways to do this, which basically amount to the following:
- If the email has an attachment, don't open the attachment. The email did not come from Microsoft, since the company never includes attachments in its security bulletins. Delete the email immediately.
- If the URLs in the email begin with http://www.microsoft.com or https://www.microsoft.com, then the email may or may not be from Microsoft. If it contains an URL like http://www.microsof1.com or https://www.micros0ft.com, however, it's definitely not from Microsoft, so don't click on that URL.
- If you can find the exact information in the bulletin somewhere on Microsoft's web site, then the email may be from Microsoft. Of course, a sneaky attacker might craft an email that is almost identical to an existing, legitimate Microsoft security bulletin and try to fool you into clicking on a link in it.
- Finally, if you clicked on a link in the email and it took you to an SSL web site (you can tell this by the closed-lock icon in the status bar), then you can double-click on the lock icon to verify that the Issued To field of the web site's digital certificate says www.microsoft.com. Of course, if you're a nontechnical user, then you're probably out of your depth here.
Only the first method above is a dead giveaway; that is, if the security alert email has an attachment, then it's bad and should be deleted. The other methods rely to various degree on the sophistication, brains, patience, and good eyesight of the user and are probably not as helpful. But what more can Microsoft do? I've heard rumors that the next version of IE will include advanced features to help protect against phishing and spoofing attacks, but we'll have to wait and see how that works out.
There's more to security alerts than plain old email, however. If you'd prefer to receive your security alerts from Microsoft by other methods, you can now get them by RSS feed or Windows Messenger or MSN Messenger. You can also subscribe to Comprehensive Security Alerts, in which Microsoft will alert you by email concerning upcoming security bulletins, changes to existing bulletins, and security advisories on various relevant topics. Then there are patches for Microsoft Office, for which you can receive email notification by subscribing to the Inside Office--Product Updates Alert on the Office Online web site. If an update in this newsletter applies to you, you can download and apply the update from the Office Update web site. And if you have other Microsoft software installed on your PC, you can also search the Microsoft Download Center for news or information about patches for your software.
All of this is simply to say that monitoring what patches are coming out of Redmond and why they're needed is not a trivial task. There's lots of information to watch for and lots of different vehicles to deliver it. How do you keep abreast of security fixes for your XP machine? What do you find useful on Microsoft.com and what drives you bananas? Let me know below.
Return to the Windows DevCenter.