AuthorGregg Keizer

How your web browser tells you when it’s safe

Google last week spelled out the schedule it will use to reverse years of advice from security experts when browsing the Web - to "look for the padlock." Starting in July, the search giant will mark insecure URLs in its market-dominant Chrome, not those that already are secure. Google's goal? Pressure all website owners to adopt digital certificates and encrypt the traffic of all their pages.

The decision to tag HTTP sites - those not locked down with a certificate and which don't encrypt server-to-browser and browser-to-server communications - rather than label the safer HTTPS websites, didn't come out of nowhere. Google has been promising as much since 2014.

To read this article in full, please click here

Google details how it will overturn encryption signals in Chrome

Google has further fleshed out plans to upend the historical approach browsers have taken to warn users of insecure websites, spelling out more gradual steps the company will take with Chrome this year.

Starting in September, Google will stop marking plain-vanilla HTTP sites - those not secured with a digital certificate, and which don't encrypt traffic between browser and site servers - as secure in Chrome's address bar. The following month, Chrome will tag HTTP pages with a red "Not Secure" marker when users enter any kind of data.

Eventually, Google will have Chrome label every HTTP website as, in its words, "affirmatively non-secure." By doing so, Chrome will have completed a 180-degree turn from browsers' original signage - marking secure HTTPS sites, usually with a padlock icon of some shade, to indicate encryption and a digital certificate - to labeling only those pages that are insecure.

To read this article in full, please click here

FAQ: How Edge’s Application Guard and isolated browsing work

Microsoft two weeks ago quietly added a security feature to Windows 10 Pro that initially was available only in the operating system's most expensive edition.

To read this article in full, please click here

(Insider Story)

Microsoft cites 24% jump in tech support scams

Reports of tech support scams jumped by 24% last year, Microsoft said, with loses by the bilked averaging between $200 and $400 each.

"Scammers continue to capitalize on the proven effectiveness of social engineering to perpetrate tech support scams," Erik Wahlstrom, Windows Defender research project manager, wrote in a post last week to a Microsoft blog. "These scams are designed to trick users into believing their devices are compromised or broken. They do this to scare or coerce victims into purchasing unnecessary support services."

To read this article in full, please click here

Microsoft boosts anti-phishing skills of Chrome, the IE and Edge killer

Microsoft has ceded a major asset of its Edge browser to rival Google by releasing an add-on that boosts Chrome's phishing detection skills.

The Redmond, Wash. company had little choice, according to one analyst. "Phishing is a huge problem, and people are going to use the browser they use," said Michael Cherry of Directions on Microsoft. "They're doing this to protect the Windows ecosystem."

Dubbed "Windows Defender Browser Protection" (WDBP) the free extension can be added to Chrome on Windows or macOS, and after a post-launch fix, Chrome OS as well. Like the defenses built into Edge, the add-on relies on Microsoft's SmartScreen technology that warns users of potentially malicious websites that may try to download malware to the machine or of sites linked in email messages that lead to known phishing URLs.

To read this article in full, please click here

Microsoft lifts update embargo on Windows 10

Microsoft this week lifted the security update blockade on Windows 10 PCs that do not have approved antivirus software, but kept the no-patches-for-you rule in place for the more popular Windows 7.

The update roadblock was assembled in early January, when Microsoft issued mitigations against the Spectre and Meltdown vulnerabilities. Those vulnerabilities stemmed from design flaws in virtually all modern processors made by Intel, AMD and ARM. According to Microsoft, the security updates could brick PCs equipped with antivirus (AV) software that had improperly tapped into kernel memory.

To read this article in full, please click here