Month: October 2006

InternetPerils has an interesting animated gif that shows a “cluster” of phishers.

A phishing message arrives in your mailbox, pretending to be from a bank, or from an etailer such as eBay or Paypal. It directs you to a web page and asks you to enter your password or social security number to verify your identity, but the web page is not one actually associated with the bank; it’s on some other server.

InternetPerils has discovered that those phishing servers cluster, that infest ISPs at the same locations for weeks or months.

Here’s an example of a phishing cluster in Germany, ever-changing yet persistent for four months, according to path data collected and processed by InternetPerils, using phishing server addresses from the Anti-Phishing Working Group (APWG) repository.

Link here.

Alex Eckelberry
(Thanks Bill)

 />

(Edelman’s strategy diagram)

There’s revelations coming out that mega PR firm Edelman created three “independent” blogs for WalMart (called “flogs”).   The first one that was outed was “Wal-Marting Across America”, a travelogue of a couple of RVers that was found out to be paid Edelman staffers.  Now, MediaPost reports that two more blogs, PaidCritics and a blog run off of Working Families for Walmart were all manufactured blogs.

As Mya Frazier writes in Ad Age (link here via Walmartwatch), “It’s ironic that Edelman Worldwide helped to write the Word of Mouth Marketing Association’s code of ethics, which states: “Honesty of identity: You never obscure your identity.”

Oh yeah, that’s ironic. Especially coming from a PR agency.

Edelman got tricky and got caught with their hands in the cookie jar.  Will this make a difference for WalMart’s brand?  Hell no.  WalMart is virulently hated by a minority of people, tolerated by a larger group and loved by RVers and shoppers (ostensibly those who are at or below the median income line,  where every penny counts).  

But PR agencies have been playing games like this for a long, long time — with an explosion around the turn of the century.  Smarmy PR types have used deceptive means to craft public opinion for as long as there has been a press, except over the 100 years, it’s evolved into a fine science of sleaze.  There’s the obvious ones, like global warming — it’s “unproven” and “junk science” — the very words implanted through repetition in the American public originally through oil company funding of The Global Climate Coalition and now by groups such as the Competitive Enterprise Institute and Frontiers of Freedom (please, I’m not making a political statement). And then there’s the not-so-obvious ones, like the drumbeat of the of the Committee on Public Information, which crafted US opinion on World War I; and in technology, McAfee’s predictions of worldwide apocalyptic chaos from the Michelangelo virus – an act which transformed the antivirus industry from a largely shareware model into a real business.

Covert control of public opinion has been the hallmark of 20th century PR, and it hasn’t served us well at all. It’s just that now, with the ease of transparency on the Internet, it’s much easier for them get caught.  But it’s still there and quite a part of our society.  The pharmaceutical industry is built on PR (how many “syndromes” and diseases can you actually make up to sell more drugs?), as are many other industries.  How many “thinktanks”, “grass-roots” organizations and “independent studies” are the work of PR agencies?  Some are obvious, like Hands Off the Internet (with their silly video), which a clearly disclosed membership roster. But most are not-so-obvious. 

Question “facts” until you’ve verified them yourself, question authority and always be skeptical anything you read in the paper or on television until you’ve checked it for validity.  You’d be surprised as to how many times there’s a crafty PR person behind popular “opinions”.  Our only weapon against it is our own intelligence and our willingness to go against the tide. 

And read the client lists or practice specialities of the big PR agencies — Edelman, Hill and Knowlton and others.

Alex Eckelberry

On the ongoing saga of Spamaus vs. David Linhardt, life is a bit better.

From SecuriTeam:

The proposed order is limited to only the first remedy, suspension of the domain name by The Internet Corporation for Assigned Names and Numbers (“ICANN”), the entity responsible for coordinating unique identifiers used for Internet communication, or Tucows, Inc., the registrar through which Spamhaus obtained its domain name. Neither of these outfits are parties to this case. Though more circumscribed than the preceding request, this relief is still too broad to be warranted in this case. First, there has been no indication that ICANN or Tucows are not independent entities, thus preventing a conclusion that either is acting in concert with Spamhaus to such a level that they could be brought within the ambit of Fed. R. Civ. P. 65(d). Though our ability to enforce an injunction is not necessarily coterminous with the rule, the limitations on its scope inform an exercise of our power to address contempt. See, e.g., Rockwell Graphic Systems, Inc. v. DEV Industries, Inc., 91 F.3d 914, 920 (7th Cir. 1996). Second, the suspension would cut off all lawful online activities of Spamhaus via its existing domain name, not just those that are in contravention of this court’s order. While we will not condone or tolerate noncompliance with a valid order of this court, neither will we impose a sanction that does not correspond to the gravity of the offending conduct.

Link here.

 

Microsoft has released a set of privacy guidelines for developers.

Failing to protect customer privacy can lead to an erosion of trust. Over the last several years, Microsoft has established extensive internal guidelines for developers that help them protect customer privacy, give them a view into customer expectations and global privacy laws, and document the hard lessons we’ve learned. These guidelines have been engrained in our development process and are now incorporated into the Security Development Lifecycle (SDL). The impact has been felt across Microsoft’s products and services.

In response to requests from customers, partners, ISVs, educators, advocates, and regulators, we created a public set of privacy guidelines for developing software products and services. These guidelines are based on our internal guidelines and our experience incorporating privacy into the development process. By documenting our principles, we hope to help anyone building products and services to meet customer expectations and deliver a more trustworthy experience.

As the threat landscape escalates, customers are feeling less able to control access to their personal information, so consumer trust is waning. As an industry, we need to set a high bar for respecting customer privacy, to help build greater trust in the Internet and e-commerce. We want to foster an open dialogue with others in the industry so we can build a common set of privacy best practices to help meet our privacy obligations and increase customer trust. We are pleased to offer our guidelines as a starting point to accelerate this effort.

Link here via BeSpacific.

I’m getting reports of people not being able to see the blog.  Should be resolved soon by the good folks over at Blogger.

The headline is “Security rivals shut out of Microsoft meeting”. 

This meeting was under NDA, so what was actually discussed I can’t say. 

However, the not-secret part of it was that someone at Microsoft accidently sent out the LiveMetting presentation invites as “presenter”, which if you’ve ever used LiveMeeting, is an invitation to chaos.  Realizing their error, the meeting was rescheduled for 30 minutes later, and that didn’t all come together, because the meeting had been originally setup to end at 12:30, so we were promptly all kicked off.  Finally at 12:45 EDT the meeting went as planned.  Those who missed this meeting will have the ability to view another later today.

While I have my disagreements with Microsoft on the PatchGuard issue, I must defend them in this instance. It was a case of a few honest mistakes made by well-intentioned people, probably working under a tremendous amount of stress. No big deal people.  Like I’ve never made a few honest mistakes in putting together a presentation?

Alex Eckelberry

Another good one from Lance James.

A phisher may also use a Trojan or other Malware to watch for instances of a web browser and use the information contained in the title bar to search for various keywords referencing previously submitted data. By hooking directly into the IE Browser Helper Object, bypassing TLS/SSL encryption, malware such as berbew, mitgleider, haxdoor, and snapper will grab this post data and send it to a data collection server. The Secure Submission Transfer (SST) module of the DFP product seamlessly protects a banks login HTTP forms data from being potentially hijacked by malware without requiring a client-side software plugin.

Link here.

Alex

This is really cool.  Sun has released Project BlackBox, a “Datacenter in a box”, capable of supporting 10,000 simultaneous desktop connections all from a standard shipping container. 

I can see this being useful for all kinds of plug-and-play operations, from simple commercial uses to portable military command centers, disaster recovery or disaster assistance.

“Containerization”, using ISO-standard containers, revolutionized the cargo industry.  A standard container can fit on a train, boat or truck, anywhere in the world.  Using this existing and highly evolved logistics method makes a lot of sense.

Alex Eckelberry

Great blog posting by Mike Jagger on a badly setup alarm system.  If you have a home or business alarm, worth reading.

The image above summarizes, for me, everything that is wrong with the security industry (click on the image for a bigger version). The installation is absolutely criminal and how any company could charge a dime for monitoring a system like this is beyond my comprehension. In the race to offer the cheapest possible alarm in order to generate a monthly monitoring fee, far too many systems have been installed like this offering a false sense of security to literally millions of Canadians, Americans and other unsuspecting victims.

There are so many things wrong here that it is hard to know where to start. Here is a short list of the 3 most important issues…

Link here via Schneier.

Alex

Some financial institutions use “virtual keyboards” to authenticate users.

They are basically useless against today’s threats like Haxdoor.  Why?  Because certain keyloggers use form grabbing (grabbing POST submissions).  And since virtual keyboards do a POST submission, they’re useless against these malware threats.  Doh!

And phishing Uber-guru Lance James has done a writeup on it here.

Alex Eckelberry

 

Couple of examples of what I call “affinity spam” (fraudulently representing yourself as a company known to you in order to lure you into clicking on a link) seen today .

These purport to be from Earthlink and advertise RX or mortgage rates.

(The purported Earthlink-supported mortgage site)

(The purported Earthlink-supported RX site.)

These are all fake and are bad to install on your system.

IP: 85.255.118.195 
vccodec(dot)com     

IP: 69.50.188.109   
hqcodec(dot)com     

IP: 69.50.188.109   
powercodec(dot)com           

IP: 69.50.188.109   
medcodec(dot)com 

IP: 216.255.183.202           
ptproject.com   (currently offline) 

All of these sites, except for ptproject(dot)com, have installers confirmed on their sites, even if the main page is not loading.

Patrick Jordan
Sr. Researcher

Warning: Seriously geeky security humor.

Link here via SecuriTeam.

And a bonus link here.

Joe Wells, our chief scientist for security, is speaking at the Information Technology Security Awareness Day at the University of Florida.

The eighth University of Florida Information Technology Security Awareness Day will be held from 8 a.m. to 4:20 p.m. Nov. 8 in the University of Florida Reitz Student Union Auditorium. The event is sponsored by the office of the interim chief information officer and will be hosted by the UF IT Security Team.

ITSA Day is held annually to provide IT workers from UF, Gainesville and surrounding communities with exposure to current, upcoming and popular security trends. Esteemed experts in specific security fields are chosen as speakers so attendees are educated by a variety of peers and professionals. Bringing IT security awareness to campus IT workers and the community is a significant goal of the UF IT Security Team. ITSA Day will be streamed live and recorded for Internet viewers around the world.

“Each year presents new security challenges and improved ways to protect against them,” said Kathy Bergsma, UF information security manager. “ITSA Day helps keep IT workers informed about current challenges and ways to mitigate them.”

Security experts from the Sunbelt Software, Cisco Systems Inc., Cenzic Inc., Secure Ideas and Forensics Strategy Services LLC will present popular security issues such as Web application security, malware prevention and forensics. ITSA Day is targeted at professional IT workers and others who need to learn current security trends.

ITSA Day is free and open to the public. No advance registration is required. Information about speakers and other details will be updated periodically at www.itsa.ufl.edu.

An optional live stream will be available at http://video.ufl.edu/wmstream.html.

Link here.

I was sent this story by a couple of people here and wasn’t going to bother to say much, until I saw this:

We recently discovered that a small number – less than 1% – of the Video iPods available for purchase after September 12, 2006, left our contract manufacturer carrying the Windows RavMonE.exe virus. This known virus affects only Windows computers, and up to date anti-virus software which is included with most Windows computers should detect and remove it. So far we have seen less than 25 reports concerning this problem. The iPod nano, iPod shuffle and Mac OS X are not affected, and all Video iPods now shipping are virus free. As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.

Careful Apple… remember that whole “stones, glass houses thing”.  

And as the folks at F-Secure said this morning “Whom do you think the people that bought those iPods will be more upset with?” 

Sunbelt writeup here on the Ravmone.exe trojan.

Alex Eckelberry

This is cool — a new website dedicated to all the agreements you “consent to”.

http://smallprint.netzoo.net/ via BoingBoing.

Alex Eckelberry

IE 7 readiness toolkit
Many of us have been using IE 7 in its various beta incarnations for many months, but it’s set to be released in final form within the next month, and if you create web sites, you’ll want to make sure they work properly with the new browser – especially since it’s planned to be an automatic update. You can get the IE 7 Readiness Toolkit to help you do that. For more info and the free download, click here.

Welcome to Windows Meeting Space in Vista
Windows Meeting Space is a cool new feature in Vista that replaces the old Microsoft NetMeeting application, with a spiffier and more professional- appearing interface. With WMS, you can have meetings with up to ten participants, where you can share your desktop or applications, connect to a network projector to view presentations, and pass notes privately to other participants. You can even distribute documents as handouts, and any participant can edit them with the changes automatically propagated to each particpant’s copy (while leaving the original unchanged). Unfortunately, it can’t be installed on pre-Vista operating systems, as it depends on Vista’s People Near Me peer-to-peer networking functionality and uses IPv6, which is installed and enabled by default in Vista. But it’s an easy, cost effective way to conduct small virtual meetings. For more about WMS, click here.

How to make XP launch Windows Explorer instead of IE from the Accessories menu
We’ve had a couple of instances where readers tell us that when they click Programs | Accessories | Windows Explorer, instead of launching Windows Explorer, Internet Explorer starts. That happens because the path in the program shortcut is incorrect. Here’s how you can fix it:

1. Click Start | All Programs | Accessories
2. Right click Windows Explorer
3. Select Properties
4. Click the Shortcut tab
5. In the “Target” field, type: %SystemRoot%explorer.exe

This also affects what program launches when you hit the Windows key + E.

What happened to the file names in Thumbnail view?
If you see thumbnails of pictures but not the file names when viewing the contents of a folder, you can do the following: Change to a different view, such as List or Details, and then hold down the Shift key while you click View | Thumbnails to switch to the Thumbnail view. Your file names should be back. You can toggle between displaying or not displaying them this way.

How to remove invalid entries from Add/Remove Programs
If you use the Add/Remove Programs applet in Control to remove a program, but there are still references to the program in the Currently Installed Programs dialog box, you can edit the registry to remove these invalid entries. As always, be careful when using the registry editor as incorrect use can render your computer unbootable. For step by step instructions on how to perform this registry edit, see KB article 310750.

Registry keys and values for System Restore
Want to know which registry keys and values contain information about the System Restore utility in Windows XP? Note that there are some values in these keys that should not be modified under any circumstances, but there are others you can change without harming your computer, including specifying how much disk space System Restore can use, the minimum amount of free space System Restore needs to function, and the amount of time System Restore waits before creating automatic computer checkpoints for elapsed time. To find out more, see KB article 295659.

How to turn on Remote Desktop automatic logon
By default, for security purposes Windows XP Pro asks users for a name and password when connecting to the Remote Desktop service to access its desktop from a remote computer. For convenience, you can allow automatic logon so that it’s not necessary to enter credentials, by editing the local Group Policy. For step by step instructions on how to do so, see KB article 281262.

Until next week,

Deb Shinder,

A reader recently suggested that I write an editorial about the psychology of returning emails. In other words, why is it that some people always seem to respond quickly to your email messages, while others wait a week or more to answer?

Most of us who send and receive a lot of email know plenty of people in both camps. For instance, one of the guys at Sunbelt I work with on the newsletter consistently answers my messages so instantaneously that I’ve accused him of being an “always on” artificial intelligence instead of a real person (Hi, Dan). No matter what time of the day or night I send a message, his response seems to pop up within a minute. On the other hand, there’s a guy I work with at another company who invariably takes days or weeks to write back. If I need info for an important matter, I often have to resend my message two or three times. While the “next moment” responders may be a little scary, the email procrastinators are downright frustrating, especially when you need their input to get your work done.

Of course, some folks have good reasons for their less-than-timely replies. They might have suddenly been taken ill or be on vacation, traveling on business, or having an Internet service outage. In today’s netcentric world, many of us have people we “know” only through the ‘net. We may work with them online on a frequent basis and even feel close to them, but we don’t even have phone numbers or physical addresses for them, may not know what state (or even what country) they live in, their race/ethnicity, how old or young they are, or in some cases even what gender they are if they have names that can be either male or female. I worked with an editor for one online publication for several years, all that time thinking I was dealing with a man, only to find out accidentally that “he” was actually a “she.” Oops. Because our online relationships are so compartmentalized, we don’t necessarily know what’s going on in a person’s “real life” that prevents him/her from answering the mail.

Another reason people sometimes don’t respond is because they never got our message in the first place. With unwanted commercial email posing such a big problem, almost every ISP or corporate mail server implements some type of spam filtering, and many computer users have their own client-side anti-spam software running, as well. Unfortunately, none of these spam filters are perfect, and there are always some “false positives” – email messages that get blocked by the spam filters even though they aren’t spam. If you don’t get an answer from someone you’ve emailed, you always have to consider the possibility that your message didn’t get through.

On the other hand, the spam filtering problem also presents a handy excuse for those who forgot or were too lazy or avoidant to answer messages. They can just claim to have never received the mail, and who can tell the difference? One solution to that problem is to request a receipt when the person receives or opens your message. Most mail clients make this easy to do.

Unfortunately, it’s not the greatest solution. In most cases, the recipient can choose not to send the receipt even though you’ve requested it, and many people find read receipts highly annoying. Even if you intend to answer, you may not have time to answer immediately, and you don’t necessarily want the sender to know that you read the message today at 8:00 a.m. if you may not get around to answering it until tomorrow afternoon.

And delaying a response isn’t the only way our email contacts can annoy us. Thinking about all this led me to the broader question of email etiquette in general. Sometimes the measures we take to try to avoid annoying others end up being annoyances themselves. For instance, if you’re going to be cut off from your email for a few days, should you set up an autoresponder to send a canned message telling those who write to you that you’re not in? Many people hate those “out of office” messages – especially when the recipient is on an email list and the autoresponder sends an OoO message to the list in response to every post. But is it more or less rude than just letting people think you’re ignoring their messages?

And just how long should you wait after getting no response until you try contacting the person again? A day? A week? Should you just resend the message as if it were the first time, or should you mention that this is the second (or third, or whatever) time you’ve sent it? Obviously, the correct answer may depend on your relationship with the recipient and the urgency (or lack thereof) of the message content.

Then there are those people who respond to your email message by calling you on the phone – without emailing back to say they’re going to call. That’s one of my pet peeves, but no doubt they believe they’re being especially responsive. And they probably think I’m rude for not answering the phone if I don’t recognize the number on Caller ID.

Which brings me to another issue. Many of us were conditioned, as we were growing up, to believe that if the phone rang, we had an obligation to answer it – even though we were the ones paying the phone bill, presumably to have a communications tool for our own use and convenience, not as a means for others to invade our homes when we didn’t want to be invaded. Answering machines came along and changed our attitudes somewhat; now we could “screen” our calls (although few would admit to doing so) and pick up only the ones we wanted to take. Caller ID took that even further – even if the caller chooses not to leave a message, we can see who’s calling (or at least, the number from which he/she is calling) before the call even goes to voicemail. With new technology, we can even program certain numbers to go directly to voicemail, or be blocked altogether, or to have a distinctive ringtone so we know instantly that it’s someone whose call we want to take.

I suspect it’s this relatively new “pick and choose” attitude that’s spilled over to email, and may explain why so many people respond slowly, or not at all. Just as they no longer feel an obligation to answer the phone just because it rings, they feel no obligation to send a reply just because they get an email message. And the sheer volume of email reinforces those feelings.

What do you think? Are you an email procrastinator or an instantaneous responder, or somewhere in between? Do you use OoO messages when you’re going to be out or just keep ’em guessing? Do you get annoyed when you get back an Out of Office notice, or do you like knowing why your message is going unanswered? Do you ever pretend a message was “eaten” by your spam filters when you just didn’t answer? Do you request read receipts? Do you click “Yes” or “No” when asked if you want to send a receipt? What are your pet email etiquette peeves? 

Deb Shinder, MVP

The issue of PatchGuard is a vitally important one, and we’re as concerned as the rest of the security community about what exactly will be available from Microsoft.

My post yesterday on Symantec VP Rowan Trolloppe’s comments on PatchGuard garnered interesting responses (I also received an email from a CEO of another security company, quite confused).

Trollope responds as follows:

1. Patchguard prevents security vendors from patching into the OS.  
2. Microsoft says that if you want to patch the OS, you should only use supported APIs.  
3. We use all APIs available to us, but there are still areas where MS has not provided APIs.
4. Therefore, with Patchguard, security technologies which rely on patching the operating system will no longer work.

So the next question is WHAT security relies on patching the OS?  The simplest example is a technology we call Tamper Protection.

So what is Tamper Protection, and why is it important?  A couple of year ago, hackers realized that the best way to be effective on a system was to first shut down the security software, then go about business.  Symantec created a feature called Tamper Protection to protect our application against attack from these retro-viral threats.  Because there were (and are) no available APIs to do this sort of thing, we had to patch the Kernel.  We have done so, and it is working very well.  

However, Tamper Protection is just one example which is easy to explain.  We presently have other technologies such as Behavior Blocking and HIPS which rely on patching the OS.  The more general problem illustrated by the Tamper Protection example is as follows:  Currently when a security company needs to provide security against a certain class of threat, we are able to do so even if Microsoft does not offer an API.  With PatchGuard Microsoft is stepping in and changing the rules.  Adding insult to injury, they haven’t even provided APIs for all the security that we have today.

Next, can Symantec get around Patchguard?  Of course we can, in fact we have already published a whitepaper on the subject.  Here is the problem: Microsoft has told us that IF we put in code to circumvent Patchguard, they will release a patch which will go out through Windows Update which will cause our workaround to bluescreen the computer.

We of course cannot pursue a path when Microsoft tells us that they will bluescreen our customers machines.  Hackers on the other hand have no such issues.  Once they workaround patchguard (which they already have), they don’t really care if the system becomes unstable or bluescreens or anything else.  So in fact Patchguard works in favor of hackers in this case.

Folks, this is a real issue.  Microsoft has created a PR coup by “agreeing” to give APIs to security companies.  It’s a red herring.

The security industry needs full access to the kernel.  Period.

Alex Eckelberry

Readers of this blog have no doubt heard about the battles between the security community (vocalized through the efforts of Symantec and McAfee) and Microsoft on the issue of PatchGuard.

Believe me: It’s a serious issue.  

PatchGuard effectively locks out the kernel, ostensibly to hackers, but also to other vendors.  As security vendors, it is absolutely vital that we have access to the kernel.  And considering that the chances are high that hackers will break PatchGuard, security companies need access even more urgently.

Rowan Trollope, Symantec’s VP of Consumer Products and Solutions has strong words on this issue. Trollope is the guy in charge of all the development of products like Norton Antivirus, Norton Internet Security and the like. 

If anyone has to deal with this problem, it’s him.

And he doesn’t mince words. I’ve had some email traffic with him, and he was kind enough to allow me to reprint some of his comments:

On PatchGuard:

“PatchGuard hamstrings security providers, and leaves customers exposed to many of today’s scariest threats.  These threats, such as Infostealers, Backdoors and Trojans are built to disable security products.”

So, really, which threats specifically will customers potentially be exposed to with Microsoft’s Patchguard policy?

“Well, I have a list here of 25 recent malware samples just from the last few months.  To name just a few: Infostealer.Wowcraft, Backdoor.Beasty.J and Trojan.Rootserv.  Today, Norton Antivirus and Norton Internet Security protect customers against these types of threats with advanced protection technology.  On Vista 64-bit, Patchguard disables this advanced technology, leaving customers exposed.”

Have you been working with Microsoft on this, and what do you want them to do about it?

“On behalf of our customers, we have made this clear to Microsoft for well over two years.  While it has been made painfully clear that customers will be exposed to these nasty threats by Microsoft’s choices, they continue to dig in their heels and refuse to work with the security industry.    We have proposed alternative, specifically, we do NOT want Patchguard removed or disabled; we have asked Microsoft to provide security vendors with a secure API which allows Patchguard to function as designed, but allows us to do our jobs as well.  With this API, customers will be allowed to choose best of breed security technology, and continue to enjoy the same level of protection they have come to expect.”

But hasn’t Microsoft said that with Patchguard, they are simply asking for Security companies to use the supported security related APIs, and not undocumented system hooks?

“There has been a lot of confusion based on what Microsoft has said publicly. 

First, to be clear, Symantec already uses all available security related APIs provided by Microsoft. 

The key word here is “available”; there are no available APIs for these advanced protection technologies we offer today.  

Second, Microsoft has said that this is not anti-competitive behavior since they themselves are also limited to the supported APIs.  This is a convenient position since Microsoft themselves do not offer any of the advanced protection technologies which go above and beyond the available APIs. 

If and when they get around to protecting customers against today’s threats, they alone can add the APIs necessary.”

So what happens when 64-bit Vista comes out?

“Unfortunately for customers, this will be too little too late.  When Vista 64 gets released, we will not have the APIs we need, and Microsoft expects customers to stand-by, unprotected, waiting for “multiple upcoming Windows releases as we understand the exact requirements”.  

In summary, this issue is simple and the facts speak for themselves; Patchguard hamstrings security providers, and leaves customers exposed.”

Believe me, this thing ain’t over. 

Alex Eckelberry