Computers running Windows XP Service Pack 2 are 15 times less likely than those running XP or XP SP1 to be infected by some of the most dangerous forms of malware, according to a Microsoft security guru. Jason Garms, who heads the company’s anti-malware product team, said this improvement had been revealed by an internal analysis of SP2’s performance. SP2–a major security update released in August–was designed to turn on auto-update by default and consolidate security controls into a "security center".

A laptop computer containing the names and Social Security numbers of about 16,500 current and former employees of MCI was stolen last month. The computer was stolen from a car that was parked in the garage at the home of an MCI financial analyst in Colorado. An MCI representative told the Journal that the laptop was password-protected but declined to say whether the employee information was encrypted or whether the employee whose car was burglarized was authorized to carry such information on a laptop.

In a new type of online attack, extortionists remotely encrypt user files and then demand money for the key to decode the information. In a case documented by San Diego-based Web security company Websense, the attack occurs after a user visits a Web site containing code that exploits a known flaw in Microsoft’s Internet Explorer Web browser. The flaw is used to download and run a malicious program that in turn downloads an application that encrypts files on the victim’s PC and mapped network drives, according to Websense. The program then drops a ransom note.

The U.S. House of Representatives on Monday voted to establish new penalties for purveyors of Internet "spyware" that disables users’ computers and secretly monitors their activities. By overwhelming majorities, the House passed two bills that stiffen jail sentences and establish multimillion-dollar fines for those who use secret surveillance programs to steal credit-card numbers, sell software or commit other crimes. Spyware has emerged as a major headache for computer users over the last several years.

There’s a major chink in Microsoft’s Windows XP anti-piracy armor, although Windows users are not at risk of security attacks. A security researcher in India has discovered an uncomplicated and easy-to-exploit weakness in Microsoft Corp.’s WGA (Windows Genuine Advantage), an anti-piracy initiative that checks whether consumer and small-business customers are running legitimately licensed copies of Windows XP. Debasis Mohanty, a private vulnerability researcher and analyst of malicious programs, published a detailed proof-of-concept demonstration to show how the WGA validation check can be defeated to generate key codes for use on illegal copies of Windows XP.

Microsoft and the European Commission will resolve their differences before the end of May over the remedies imposed on the software giant for violating antitrust laws, the European Union’s competition chief said Monday. The Commission could fine Microsoft up to $5 million daily for failure to comply with sanctions imposed on it. The Commission, which polices competition in the 25-nation European Union, fined the U.S. software giant a record 497 million euros ($624 million) on March 24, 2004, and ordered it to change the way it does business.

The $1.45 billion judgment against Morgan Stanley for deceiving billionaire Ronald Perelman over a business deal has a lesson all companies should learn–keeping emails is now a must, experts say. Banks and broker-dealers are obliged to retain email and instant messaging documents for three years under U.S. Securities and Exchange Commission rules. But similar requirements will apply to all public companies from July 2006 under the Sarbanes-Oxley corporate reform measures. At the same time, U.S. courts are imposing increasingly harsh punishments on corporations that fail to comply with orders to produce email documents.

A research study comparing patch management in Microsoft Windows client and server operating systems with open-source software systems alleges that the costs of patching vulnerabilities is roughly the same for each. The document states that the results go against a common perception in the IT community that total costs of ownership for open source, which include patching, are lower than for Windows. The study was sponsored by Microsoft and audited by the research firm Meta Group, and was conducted by consulting firm Wipro Technologies Ltd.

iambic announced the availability of an update to Agendus for Windows, Outlook Edition. This plug-in application for Microsoft Outlook works with the existing contact and schedule data to provide easy access to hundreds of powerful, custom features to help users improve how they organize their schedule, their contacts, and their life. Agendus for Windows, Outlook Edition delivers to users of Microsoft Outlook the critically acclaimed features of Agendus, such as customized categories, colors, and contact histories, which have been enabling handheld users to unlock the full potential or their devices. As a result, Outlook is much more functional and easy to customize to meet user’s specific needs.

AOL blamed an unnamed third-party security vendor for the embarrassing release of its Netscape 8 Web browser with several publicly known security flaws. Just hours after the security-centric browser shipped, the company was forced to rush out a patched version to correct the gaffe. Netscape 8 is based on the Mozilla Foundation’s Firefox code base, which means that security bugs in Firefox are likely to affect Netscape users. However, three critical flaws that were fixed in the Firefox 1.0.4 update released earlier this month were never added to Netscape 8.