Windows OneCare Beta Is Ready to Roll

The consumer PC security bundle is on the verge of being rolled out to a broader public audience; Windows Defender, the anti-spyware client, has also been refreshed.

Microsoft Corp.s Windows OneCare beta is finally ready for public consumption.

The consumer-facing PC security bundle, which is being tested in a private, invite-only manner, is on the verge of being rolled out to a broader public audience.

In an e-mail to beta testers, Microsoft said the Windows OneCare Live Beta will be opened to the public "very soon," but, officially, the company isnt offering a specific ship date.

/zimages/3/28571.gifWill enterprises care about Windows OneCare? Click here to read more.

"Windows OneCare Live is currently in a limited, managed external [public] beta. We expect to release our beta more broadly for consumers later this year, which is consistent with the prior timing guidance we have shared to date," a Microsoft spokesperson said in a statement.

Ziff Davis Internet News has learned that the public release is "imminent" and could come as early as next week.

The program, which bundles virus scanning, firewall protection, data backup and PC cleanup tools, was recently refreshed to add new features for file scanning and data backup.

The tool, which will eventually be a paid product under the Windows Live brand, can now handle automatic scans of files received from the MSN Messenger IM client and offers the ability to back up computer data to external hard drives. Windows OneCare has also been tweaked to perform on-demand virus scans.

/zimages/3/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

The software giant has also released a minor refresh of Windows Defender (formerly Windows AntiSpyware) to extend the expiration date to July 31, 2006 and provide new spyware signature updates.

The latest beta refresh, build 1.0.701, will be distributed to existing users via a software update. It is also available directly from Microsofts AntiSpyware Web site.

Microsoft also confirmed that the anti-spyware client is vulnerable to a security vulnerability flagged by researchers at iDefense Inc.

According to an advisory from iDefense, Windows AntiSpyware is one of several applications that insecurely call the "CreateProcess()" and "CreateProcessAsUser()" functions.

"This creates a scenario whereby arbitrary code could be executed," iDefense warned, noting that the attack scenario would involve some form of social engineering to get the arbitrary code installed in the correct location.

Microsoft has confirmed that the Beta 2 version of the anti-spyware product, targeted for release later this year, will include a patch for the bug.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.