According to the report BeyondTrust, more than half of all vulnerabilities of the official Microsoft Security Bulletin for 2009 can be eliminated by simply working from a simple user account without administrative rights.

For Windows 7, the figure is 57% (according to the list of vulnerabilities for March 2010) for Windows 2000 – 53% for XP – 62% for Server 2003 – 55, Vista – 54%, Server 2008 – 53%. Most of all pleased Office and Explorer 8: They can be closed so all 100% of vulnerabilities.

In general, all Windows-based vulnerabilities number of solved borrow 64%, and if we take only critical, they will be much 81%. Overall, for all the products Microsoft statistics is 90%.

In the Microsoft Security Bulletin for 2009 lists 166 vulnerabilities, 133 of which belong to different versions of Windows.

As is known, many users Windows operating from the administrator account: so it is easier and familiar. The same often happens in companies where IT departments look the other way at such a flippant attitude to safety. As you see, simply by limiting user rights can be significantly – and totally free – to solve many problems.

Via Ars Technica

The company nCircle interviewed security professionals, some smart, they are most vulnerable for use in the enterprise. 57% of respondents named the iPhone, 39% – the device on Android, 28% – BlackBerry, 13% – Symbian.

Leadership iPhone in this list is especially strange, given that Apple is constantly working on the corporate appeal of his brainchild. In the iPhone 3GS been added hardware encryption, and various administrative functions, including remote. However, according to COO nCircle Andrew Storms (Andrew Storms), all this is ineffective and insufficient.

"Many agree that Apple is still doing only the bare minimum in matters of corporate security … Hardware encryption is almost immediately was broken. This is not a course of action that security professionals expect from the suppliers.

In the camp Android Not everything is in order. Signing the application is not necessarily, often they can provide access to the file system. As for BlackBerry, these smart phones are quite safe, thanks largely to a robust hardware encryption.

Many companies in the U.S. do not advise their employees bring to the work of iPhone , and some specifically prohibit doing it.

Via Electronista

Federal Office for Information Security in Germany issued a statement which strongly recommended to use the browser Firefox 3.6 , as it found a critical vulnerability that could allow an attacker to run code on users' computers. This error discovered Russian specialist Eugene Legerov in February.

For its part, Mozilla has acknowledged the existence of this vulnerability and quickly released version 3.6.2, in which it is resolved. Initially this version scheduled for release March 30, but in this context, Mozilla decided to hurry.

Via ZDNet

At the RSA Conference, the representative of Google Dryuri Will (Will Drewry) reported that in 2011 will be issued a business version of the operating system for netbooks Chrome OS. The consumer version of the OS will be available later this year.

According Dryuri, the system will get a powerful integrated security to protect against various threats. In the notebooks will work hardware module Trusted Platform Module (TPM), providing secure data storage and multi-factor authentication. The system will provide automatic updates and run applications in the sandbox, it will warn the user when it comes to dangerous sites. It is noteworthy that the security can be disabled using a switch under the battery, then you can freely visit any sites.

A Google spokesperson said the openness of the platform: the developers will be able to study its source code and create their own applications.

Via Electronista

The French government announced plans for a gradual departure from the practice of personal passwords to web sites. They plan to replace more secure, believed in the government system of digital certificates on hardware tokens. It can be USB-media, SIM-card, smart card. The user need not enter any of the information: it is recorded on a digital hardware key.

Under this system, now employs about 20% of all French sites: to access them, you must log in and receive a certificate. Among these sites such landmark sites as the site of the French Banking Federation, the Federation of French insurers and the postal service "La Post.

Via TechRadar