from the shades-of-internet-explorer dept.
CWmike writes "Microsoft has started adding Security Essentials to the optional download list seen by US Windows users when they fire up the operating system's update service, and antivirus rivals are crying foul. 'Commercializing Windows Update to distribute other software applications raises significant questions about unfair competition,' Carol Carpenter, a GM at Trend Micro, said on Thursday. 'Windows Update is a de facto extension of Windows, so to begin delivering software tied to updates has us concerned,' she added. 'Windows Update is not a choice for users, and we believe it should not be used this way.' If Windows doesn't detect working security software on the PC, Microsoft adds Security Essentials to the Optional section of Microsoft Update, a superset of the better-known Windows Update, or to Windows Update if it has been configured to also draw downloads from Microsoft Update. Microsoft made a point to say that it was not offering the software via Windows Update, but only through the Microsoft Update service, which also offers patches for new versions of non-operating system software, notably Office and Windows Media Player. But most users won't understand the distinction."
snydeq writes "A new breed of 'spear phishing' aimed at IT admins is making the rounds. The emails, containing no obvious malicious links, are fooling even the savviest of users into opening up holes in their company's network defenses. The authentic-looking emails, which often include the admin's complete name or refer to a real project they are working on, are the product of tactical research or database hacks and appear as if having been sent by the company's hosting provider. 'In each case, the victim remembered getting a similar sort of email message when they first signed on with a service and, thus, thought the bogus message was legitimate — especially because their cloud/hosting providers keep bragging about all the new data centers they're continuing to bring online.' The phishing messages often include instructions for opening up mail servers to enable spam relaying, to disable their host-based firewalls, and to open up unprotected network shares. Certainly fodder for some bone-headed mistakes on the part of admins, the new attack 'makes the old days of hoax messages that caused users to delete legitimate operating system files seem relatively harmless.'"