Windows Patch Tuesday – October 2011

Windows, insecure by design. How else can you explain that all supported versions of Internet Exploiter have the same vulnerability to injection of malware?

Microsoft and Apple today released security updates to fix a slew of critical security problems in their software. Microsoft’s patch batch fixes at least 23 vulnerabilities in Windows and other Microsoft products. Apple’s update addresses more than 75 security flaws in the Windows versions of iTunes.

Nine of the 23 flaws Microsoft fixed with patches today are rated “critical,” meaning attackers could exploit them to break into vulnerable systems with little or no help from users. Eight of the nine critical bugs are in Internet Explorer. The remaining critical flaw is corrected in an update for the .NET Framework. Three of the vulnerabilities fixed with these updates were disclosed publicly prior to today, including a flaw in Windows Media Center that Microsoft believes crooks are likely to soon figure out how to reliably exploit.

The iTunes update brings the music player software to version 10.5, and is available for Microsoft systems running Windows 7, Vista, XP SP2 and later. Two new features of iTunes deserve mentioning: Apple says iPhone and iPad users who upgrade to iOS 5 when it is released later this week will be able to sync with iTunes wirelessly. More importantly from an update perspective, Apple has at long last untethered iTunes from QuickTime.

Users can download the update by opening iTunes; if you’re not directed to download iTunes 10.5 when you start the program, click “Help,” and then “Check for Updates.” Some OS X users may be wondering how many of these flaws exist in the Mac version of iTunes. According to the SANS Internet Storm Center, Mac users can expect some of these problems to be fixed inSecurity Update 2011-006 and in OS X Lion v. 10.7.2. For the time being, however, neither of those updates appear to have been released.

The latest Windows patches are available through Windows Update or via Automatic Update.

October’s Patch Tuesday release resolved issues in Internet Explorer versions 6 through 9, all versions of Microsoft Windows from XP through 7, .NET and Silverlight, Microsoft Forefront Unified Access Gateway and Host Integration Server, Microsoft said Oct. 11. Two of the patches are rated “critical,” and six are rated “important,” Microsoft said.

Microsoft recommended that organizations apply the Internet Explorer and .NET/Silverlight patches first as attackers are likely to come out with a reliable exploit within 30 days. Malware developers often reverse-engineer the patches after they are released to develop exploits that target unpatched systems.

Kaspersky Lab senior security researcher Kurt Baumgertner said that reliable exploitation will lead to remote code execution across a wide variety of Windows versions because Internet Explorer and Silverlight are heavily used software clients.

“It would be surprising to not see related exploits added to packs and widely used in attack attempts over the coming months,” Baumgartner wrote on the Securelist blog.

The critical update for Internet Explorer fixed at least eight known security flaws in all versions of Microsoft’s Web browser, including the latest Internet Explorer 9. The bugs were in the way IE handled objects in memory and the way memory was allocated and accessed.

If exploited, the bugs in Internet Explorer would expose the user to drive-by download attacks just by merely browsing to a booby-trapped site, according to Microsoft. The attacker can gain the same user rights as the user, but users who have accounts with fewer user rights are likely to be less impacted than those who have administrative rights.

“Patching browsers will be top priority because the vulnerabilities fixed with each security bulletin release in browsers are top exploit targets for attackers,” Jason Miller, manager of research and development at VMware, told eWEEK.

The second critical update fixed a remote code execution flaw in .NET Framework and Silverlight. Users could be compromised just by viewing a malicious page specifically running XAML Browser Applications or Silverlight applications, Microsoft said. The vulnerability would also allow remote code execution on a server running IIS if that system allowed processing ASP.NET pages and specially crafted ASP.NET pages are uploaded to the server and executed. The .NET issue also affects Mac OS clients, according to Dave Marcus, director of security research and communications at McAfee Labs.

The .NET framework class inheritance vulnerability is “complex to exploit” but can be exploited in a “number of ways,” including traditional downloads, drive-by-downloads and by hosting a malicious .NET application, said Joshua Talbot, security intelligence manager at Symantec Security Response.

Microsoft fixed five privately reported vulnerabilities in Microsoft Forefront Unified Access Gateway. The cross-site scripting vulnerability in Microsoft Forefront, if exploited, will allow attackers to steal log-in credentials used for VPN access and gain access to sensitive data. The patch for Microsoft Forefront will likely affect the “smallest number” of organizations because Microsoft generally doesn’t have a big presence in corporate security infrastructure, Marcus Carey, a security researcher at Rapid7, told eWEEK.

Microsoft has two bulletins to fix the DLL preload vulnerabilities in Windows Media Center and Microsoft Active Accessibility. Microsoft has released a patch 17 times to close this issue in various programs since it was first identified Aug. 23, 2010, according to Miller.

“Overall this Patch Tuesday is fairly moderate. Three of the included vulnerabilities have been previously disclosed, and there is an available proof-of-concept code,” Marcus said.

October is often the last month in which administrators at financial and retail organizations apply patches before going into “lock-down” mode for the holiday shopping season, according to Andrew Storms, director of security operations at nCircle. “Enterprise IT teams should get ready to pull out all the stops,” Storms said.

How Windows gets malware

When a Microsoft Windows machine gets infected by viruses/malware it does so mainly because users forget to update the Java, Adobe Reader/Acrobat and Adobe Flash. This is revealed by a survey conducted by CSIS Security Group A/S. This group has been collecting data for 3 months on actual infections of computers by drive-by attacks on browsers.  Drive-by attacks are when you go to an innocent website and get a virus anyway.  This is typically from ads or hacked links.

Basis of the study

CSIS has over a period of almost three months actively collected real time data from various so-called exploit kits. An exploit kit is a commercial hacker toolbox that is actively exploited by computer criminals who take advantage of vulnerabilities in popular software. Up to 85 % of all virus infections occur as a result of drive-by attacks automated via commercial exploit kits.

The purpose of this study is to reveal precisely how Microsoft Windows machines are infected with malware and which browsers, versions of Windows and third party software that are at risk.

CSIS monitored more than 50 different exploit kits on 44 unique servers / IP addresses. Figures come from the underlying statistical modules, thereby ensuring an as precise overview of the threat landscape as possible. The statistical material covers all in all more than half a million user exposures out of which as many as 31.3 % were infected with the virus/malware due to missing security updates.

Among the vulnerabilities we have observed abused by the monitored exploit kits, we find:

CVE-2010-1885 Microsoft Help & Support HCP
CVE-2010-1423 Java Deployment Toolkit insufficient argument validation
CVE-2010-0886 Java Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE
CVE-2010-0842 Java JRE MixerSequencer Invalid Array Index Remote Code Execution Vulnerability
CVE-2010-0840 Java trusted Methods Chaining Remote Code Execution Vulnerability
CVE-2009-1671 Java buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll
CVE-2009-0927 Adobe Reader Collab GetIcon
CVE-2008-2992 Adobe Reader util.printf
CVE-2008-0655 Adobe Reader CollectEmailInfo
CVE-2006-0003 IE MDAC
CVE-2006-4704 Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
CVE-2004-0549 ShowModalDialog method and modifying the location to execute code

The report above describes those operating systems, browsers, and applications that are vulnerable in the real world scenarios they have observed.  Here it is slimmed down:

Internet Explorer is the worst offending browser. Mozilla is second.
Windows XP, Windows 7, and Windows Vista are the worst offending operating systems.
Java, Adobe Reader, and Adobe Flash are the worst offending applications.

Salient point is that, fully updated and patched installs let 70% of the infections through. Mainly because the technology is reactive. Even more salient is that only 13% of the successful infections relied on software that was Windows only (10% were IE exploits, 3% were Windows Help exploits) All you folks encourgaging your friends and families to buy Macs for the specific reason of their security are in for a world of hurt in a few years when Mac hits ~30+% market share. Kits are already starting to appear.

Conclusion: 99.8 % of all virus/malware infections caused by commercial exploit kits are a direct result of the lack of updating five specific software packages:

Java JRE 37%
Adobe Reader/Acrobat 32%
Adobe Flash 16%
MS Internet Explorer 10%
Windows HCP (Help) 3%
Apple Quicktime 2%

For the sake of security, I would not run Java, Adobe anything or Internet Exploiter.

We don’t want you getting viruses because it’s difficult to remove and more importantly, expensive and time consuming.

1. Uninstall java. Most end users never have a need for it and don’t update it.

2. Use Chrome to read PDFs or use Foxit. No need for Adobe, but to be fair Adobe’s new sandbox model in version X is resistant to viral infections and exploits.

3. Update flash as often as it says or switch to Chrome.

4. Use ESET NOD32 & HitmanPro for protection

Software updates: Adobe

Adobe is a vendor that often plays catch-up with security exploits; issuing emergency patches issued to fix zero-day vulnerabilities. But Adobe, like Microsoft, also has a regular Patch Tuesday update cycle. This regularly scheduled update is a way to give users and enterprises a predictable and stable timetable for Adobe updates.

For August’s Patch Tuesday, Adobe has issued update advisories covering to fix a slew of critical security flaws in its products, including Flash, Shockwave Player and Adobe AIR.

The Flash update corrects at least 13 critical vulnerabilities present in versions 10.3.181.36 and earlier for Windows, Mac, Linux and Solaris machines (the bugs exist in Flashversions 10.3.185.25 and earlier for Android devices). Windows, Mac, Linux and Solaris users should upgrade to version 10.3.183.5, and Android users should update to v. 10.3.186.2. According to Adobe, they are not aware of any exploits “in the wild” for the issues addressed in the update. Digging into the vulnerabilities, the vast majority are for memory and five buffer overflows, four memory corruption and three integer overflow issues. There is also a single cross-site information disclosure issue that is fixed that could have potentially led to arbitrary code execution.

To find out which version of Flash you have, visit this page. Windows users who browse the Web with anything other than Internet Explorer will need to apply the Flash update twice, once using IE and again with the other browser (Google Chromeusers should already have the latest version of Flash). To avoid using Adobe’s annoying Download Manager, IE users can grab the latest update directly from this link; the direct link for non-IE browsers is here.

Windows users can furthermore use the Flash Player Settings Manager that is part of the Windows Control Panel to check for updates. Here it is furthermore possible to check the Flash Player version that is installed on the system. The path is Control Panel > Flash Player (32-bit) > Advanced. Users with a 64-bit version of Flash Player installed need to change the 32-bit to 64-bit in the path.

The same flaws exist in Adobe AIR for Windows, Mac and Android. Using an application that requires Adobe AIR (Tweetdeck or Pandora, for example) should prompt you to update to the latest version, AIR 2.7.1. If you don’t see a prompt to update the program, the latest version of AIR is available here.

Adobe also shipped an update to its Shockwave Player that fixes at least seven critical vulnerabilities in the media player program. Adobe is urging users of Adobe Shockwave Player 11.6.0.626 and earlier  update to Adobe Shockwave Player 11.6.1.629.

I should note that you may not have or want Shockwave installed. I haven’t had it on my Firefox installation for some time now and don’t seem to have missed it. I’m sure it has its uses, but to me Shockwave is just another Adobe program that requires constant care and feeding. What’s more, it demands two separate installation procedures for IE and non-IE browsers.

To test whether you have Shockwave installed, visit this page; if you see an animation, it’s time to update. If you see a prompt to install Shockwave, there is no need to install it. Mozilla Firefox users without Shockwave Player installed may still see “Shockwave Flash” listed in the “Plugins” directory of the browser; this merely indicates that the user has Adobe’s Flash Player installed.

Comcast – Xfinity malware

Comcast says that it is re-engineering it’s software for new customers, for installation and to start new service with the ISP. The software is unfriendly to computer users in general as it changes the browser’s homepage to comcast.net, and blocks users from changing it to anything else. I have encountered “mandatory” software from ISPs before and have always skipped it to no ill effect. I have always hated these “internet installation disks.” Every time I have signed up for internet service, I throw the CD right into the trash. The CDs are worthless and anything but “necessary.” If you’re lucky, they simply connect to a web interface and register your router’s MAC address with the system. But nearly every one of these disks also throws in a bunch of crap that is annoying, unnecessary, and very frustrating. In my experience, the following things have been done by various “installation disks” handed out by ISPs:

• Changing your browser’s homepage
• Changing the suffix on Internet Explorer (i.e. every IE window title is “Internet Explorer — brought to you by Comcast”)
• Installing bloatware (such as “diagnostic tools” or various anti-virus and anti-spyware — not a problem unless you like to choose these products yourself and/or already have some installed and/or just don’t want them)

Those are just the things I remember seeing and it’s impossible to know what else they might be doing. They never ask permission for anything and always imply that using the disk is required to get your service working. I have never found an ISP that I couldn’t get my computer working on without their installation disk. In one case, I had to check the default gateway assigned to my router by DHCP and try connecting to it with a web browser in order to register my router. But that was many years ago. I haven’t had anything so complicated since. These days, you just need to plug in and you’re generally good to go (assuming you make use of an ISP provided modem, as I do — your mileage nay vary with your own modem, but it shouldn’t require the installation disk). In general, I consider these disks to be malware, as I do any application that makes changes to your computer under false pretense or without your express permission. I’ve helped a lot of Comcast customers — including myself — set up their new service or replace their cable modem. Activating a new modem with Comcast is still necessary to get out of the “walled garden,” from which any DNS query returns the address of the Comcast modem activation page. However, you have at least two available ways to get out of this:

• Choose the “installer” option, and provide your address and other account information. Comcast will activate the modem without a software installation, although you won’t generate a Comcast Email address (as if you care).
• Call Comcast. Tell them that you only have a work PC, and you cannot install software on it because you are not local Administrator. They will activate your modem and create an Email address for you.

My reaction would be “It’s a $25 fee to install software on my PC and $15 per month to rent the space. I take cash or credit cards, otherwise I’ll need your social security number to verify your credit.”

I heard from someone who’d just signed up for Comcast’s Xfinity high-speed Internet service and soon discovered some behavior on his Mac that is akin to Windows malware — something had hijacked his Internet settings. The technician who arrived to turn on the service said that a software package from Comcast was necessary to complete the installation. My friend later discovered that his homepage had been changed to comcast.net, and that Comcast software had modified his Firefox profile so that there was no way to change the homepage setting. Here is the result.

Comcast initially blamed the problem on a bug in Firefox. Mozilla denies this, and says it’s Comcast’s doing.

“This is NOT a Firefox bug or issue,” a Mozilla spokesperson wrote in an email. “It is a Comcast method that applies preference changes to Firefox.”

Comcast spokesman Charlie Douglas acknowledged that the Xfinity software hijacks Firefox’s settings. He said the problem is limited to Mac users, and that permanency of the change was unintentional. He added that the company is in the process of correcting the installation software.

“Customers absolutely should be able to change their preferred homepage anytime,” Douglas said. “We’re obviously apologizing for any inconvenience we’ve caused users.”

I just tell them I’m not going to put their software on my computer, and insist they do it manually. You just have to remind them who the boss is, in this little endeavor. Firefox appears to be the only browser severely affected. Interesting. Even more interesting is how quickly they deleted my comment from the Facebook fanpage. This is the homepage Comcast insists I enjoy. Luckily Ryan Parman of ryanparman.com figured out what Comcast was doing and how to reclaim your homepage in Firefox. Here is the fix which worked for me. Please note the following about different browsers and what I’ve witnessed with Comcasts little sneak attack. Opera – did not show any signs that Xfinity/Comcast installed any malware on my computer nor did their installer change the home page. Safari – easily fixed by setting the home page back to the URL of your choice. Chrome – easily fixed as well by going into your preferences and simply changing the home page URL.

Word to the wise – Do not install any Comcast offered software, most specifically Constant Guard, Nortons or Symantec as you do not need it.

Google Chrome at 20%

Google Chrome’s rise in popularity has been remarkably fast and it has just hit a new milestone. More than 20% of all browser usage has hit 20 percent market share, according to StatCounter. Net Applications has Chrome cracking 13 percent. Either way, Chrome is growing fast versus IE and Firefox.

Chrome rose from only 2.8% in June 2009 to 20.7% worldwide in June 2011, while Microsoft’s Internet Explorer fell from 59% to 44% in the same time frame. Firefox dropped only slightly in the past two years, from 30% to 28%.

Most Internet researchers agree that Google’s Chrome Web browser is steadily gaining market share at the expense of established rivals, Microsoft Internet Explorer and Mozilla Firefox.

Two top browser researcher disagree on just how much market share Chrome has worldwide. StatCounter said Google claimed 20.7 percent browser share for June, up from 2.8 percent a year ago. Net Applications claimed Chrome actually corralled 13.1 percent, up from 12.5 percent through May.

More broadly, StatCounter said Firefox is next in line to be passed by Chrome at 28.3 percent, with IE at 43.6 percent. On the (much) lower end of the scale, Safari is at 5 percent, with Opera claiming 1.7 percent through the month. Net Applications meanwhile has IE at 53.7 percent, Firefox at 21.7 percent, Safari at 7.5 percent and Opera at the same 1.7 percent. While there is a wide differential between both firms’ figures, it’s clear Chrome is gaining share and momentum.

From Google Chrome officials own lips at Google I/O in May, Chrome had racked up more than 160 million users, up from 120 million in December. If that trend holds true, Chrome should crack the 200 million mark in October. Looking at some numbers based on StatCounter’s stats and guessed Chrome could pass Firefox this November and IE by June 2012. Assuming Chrome’s ascent continues at its average growth rate over the past six months (consider that it took Chrome only two years to hit 10 percent share) Chrome could even hit 50 percent share by November 2012.

Chrome first hit 10% in August 2010 and was still at 19% in May before surpassing 20% in June. If Chrome’s numbers seem a bit high that’s because StatCounter’s method of tracking highlights Google’s strength: attracting power users. Net Applications, another usage tracker, shows Chrome rising fast as well, up to more than 13% usage compared to Microsoft’s 54% and Firefox’s 22%.

“It is a superb achievement by Google to go from under 3% two years ago to over 20% today,” StatCounter CEO Aodhan Cullen said in a press release. “While Google has been highly effective in getting Chrome downloaded the real test is actual browser usage which our stats measure.”

But the groups count differently. While Net Applications tracks a browser’s total number of users, StatCounter measures the total number of website clicks. That means a Chrome user who surfs the Web more often than an Internet Explorer user has more weight in the StatCounter ranking. The discrepancy between the two groups’ findings suggests that users who spend the most time online have switched from Internet Explorer to Chrome or Firefox. There are many reasons for Chrome’s upswing and accelerated release cycles, which means Google is putting snazzy new features that other browsers lack in front of users faster. Case in point: the Chrome Speech capabilities to enable voice search on the desktop.

Chrome advertising and marketing for the browser and Chrome Operating System have also been playing their parts in the growth. Google last year began advertising Chrome on ESPN.com, the New York Times and other high-profile Websites for a year. In May, Google began pushing Chrome as the center of users life experiences, planting a marketing seed for Chrome OS notebooks.

The first Samsung Series 5 Chromebook launched June 15, while it’s unclear how many Series 5 Samsung sold through Amazon.com and Best Buy online. Google made Series 5 Chromebooks vailable for flights as well now. Virgin America is maintaining its reputation as the darling airline of the tech sector, and today it announced a new partnership with Google that will give travelers the option to test Google’s Chromebooks in their flight beginning tomorrow.

The promotion will last until September 30, and passengers will be able to check out a Chromebook at their departure gate and use it freely with Gogo in-flight Internet on their whole flight. In addition to the currently available Chrome apps, Virgin America has co-developed a special Chrome app with Google that includes discussion boards about Virgin America’s trip destinations, city guides based upon data from UrbanDaddy, and information about packing and travel planning. The app will be available in the Chrome Web Store later this month.

Chrome’s rise has been most pronounced in South America where it is the second-most used browser ahead of Firefox and behind Internet Explorer. In the United States, “Chrome has risen to 16% behind market leader IE on 46.5% and Firefox on 24.7%,” StatCounter said. StatCounter measures 15 billion page views per month, including 4 billion from the United States across a network of more than three million websites. Data from Net Applications, which tracks unique visitors to 40,000 websites, show that IE usage dropped from 60.5% in August 2010 to 53.7% in June 2011, while Chrome rose from 7.5% to 13.1% in the same period.

Net Applications also tracks usage of mobile devices, and has found that more than 5% of all Web browsing is now occurring from smart-phones and tablets. The trend toward mobile browsing is even more pronounced in the U.S., where 8.2% of all browsing takes place on mobile devices. Of that, 2.9% of U.S. Web browsing comes on the iPhone, 2.6% on Android devices, and 2.1% on the iPad with BlackBerry next at 0.57%.

That means Apple’s iOS accounts for 5% of U.S. Web browsing, making it the most popular mobile platform.

Microsoft updates Windows 7 flaws

Microsoft on Tuesday released 16 software updates to fix at least 34 security vulnerabilities in its Windows operating systems and other software. More than half of the updates address flaws Microsoft rates “critical,” meaning the bugs can be exploited with little to no user interaction.

Only 9 of the 16 updates will be marked ‘critical’, which is the highest threat level in Microsoft’s scoring system. The rest of the updates will be marked ‘important’, which is the second highest level. This month’s Patch Tuesday has the second highest number of bugs compared to April, when Microsoft squashed 64 flaws.

Internet Explorer 9 will feature its first update since the browser debuted in mid-March and the update is marked as ‘critical.’ “So, basically it had a critical bug the day it shipped,” said Andrew Storms.

One of the updates will also fix the “cookiejacking” issue in Internet Explorer, a flaw that could enable hackers to steal cookies from a user’s PC and then use those cookies to log onto password-protected websites.

Windows 7 will be featured in several of the updates. Windows 7 now accounts for 26% of all operating systems in use, according to web metrics company Net Applications. We are expecting to see updates for Silverlight, .Net, and Visual Studio to fix a few GDI vulnerabilities.

This month’s security updates target a total of 10 different vulnerabilities, eight of which directly affect Windows 7. The number of fixes for Windows 7 aren’t surprising, however. A lot more people are moving to Windows 7, and the bugs are going to follow the user base.

All Versions of Windows are Affected by this Patch Release

The focus on Windows 7 doesn’t mean Vista and XP users are immune: the updates affect all three Windows operating systems. Surprisingly, this isn’t the largest Patch Tuesday this year. Back in April the company addressed 64 flaws in its various products.

For organizations that need to test patches before deploying them, Microsoft said four of the updates deserve priority:

MS11-042 (DFS). This bulletin resolves two privately reported issues affecting all versions of Windows.
MS11-043 (SMB Client). This bulletin resolves one privately reported issue affecting all versions of SMB Client on Windows.
MS11-050 (Internet Explorer). This security bulletin resolves 11 privately reported issues in Internet Explorer.
MS11-052 (Windows). This bulletin resolves one privately reported issue in Windows and is also Critical.
Another update, labeled “important,” fixes at least eight security problems in all versions of Microsoft Excel, including Office for Mac.

More information on this week’s updates is available at this summary. Updates are available from Windows Update and via Automatic Updates. You may want to set aside some time for this update package.

Due to a past blue-screen-lockup during the reboot/installation phase, I use to manually install updates, one at a time. That way, if something goes wrong, only one update needs to be uninstalled, increasing the chances of a successful recovery and to ensure everything is smooth and preventing BSOD. However, I ignored this due to the time for my computer to create a restore point was taking too long and as I DO NOT use Windows anymore. The list of patches got to be so long, that it was taking forever for me to completely update Windows.

Java 6 Update 26 available

Oracle today released an update to its ubiquitous Java software that fixes at least 17 security vulnerabilities in the program.

The company is advising users to apply this update as soon as possible; it looks like most — if not all — of the vulnerabilities addressed by this new version may be exploited remotely without authentication.

The latest version is Java 6 Update 26 (v. 1.6.0.26), and is available either through the updater built in to Java (accessible from the Windows control panel) or by visiting java.com. If you’re not sure which version you have or whether you’ve got the program installed at all, click the “Do I have Java” link below the red download button on the Java homepage.

Java’s broad install base has made it a major target for computer crooks. It certainly does not help that so many users fail to keep this very powerful program updated. If you have no use for Java, my advice is to get rid of it.

If you can’t bring yourself to do that, consider disabling the Java plug-in(s) in your browser of choice unless and until you need  the program.

Windows security wanes, while Malware waxes on four million websites

For Windows users there is a another problem that has been circulating around the web of late. Yea what else is new. I find these reports rather comical, as being a Linux user they do not apply to me period. Out of the three big browsers out on the block, Google Chrome, Firefox and Internet Exploiter. Google Chrome should be the safest one to use these days on the web.

If you are however a strict user of Firefox already, then I highly recommend the use of Firefox and the NoScript addon and your problem will be fixed. You’ll never even see the attack page in the first place. It’ll just be blank. Note to first-time users of NoScript: It is a WHITELIST, not a blacklist. Some sites are programmed into it, but 90% of them are not. You will have to approve various sites yourself. Yes this may seem like a pain, but 5-seconds of pain beats a being infected.

You can also disable proxies in the connections tab of your browser under advanced settings. LizaMoon uses a proxy server to redirect your browser. Disabling the proxy eliminates the popups and allow you to download a scanning tool like ESET’s online scanner tool or HitManPro’s scanner.

A new bit of malware has been making headway across the Internet, but is it really that big of a deal? You’ve probably seen the news that “Lizamoon,” an SQL injection attack designed to point your browser to a piece of fake security malware, had infected hundreds of thousands of pages across the Internet. And this includes links found within Apple’s iTunes itself… to a degree.

But here’s the deal: In order for the script to have any noticeable effect on your computer, you have to agree to allow it to work its unhealthy magic on your system, according to WebSense (video below).

LizaMoon example video and explanation

Simply visiting a site with injected code only redirects your browser to another site, and the social engineering takes over from there.

The simple solution: Don’t install unknown files! The more complex solution: Know what antivirus programs already exist on your system, and know what they look like when they scan for and find files. If something says you have malware on your system, and this something looks nothing like applications you already have on your system, be suspicious!

In this case, a successful Lizamoon redirect takes you to a dummy pages that looks as if a large antivirus/anti-malware scan is taking place on your computer. Go figure, the scan finishes quite quickly, and a user is alerted that his or her machine might be compromised by various Trojan horse attacks and other cleverly titled malware. If a user is still playing ball, he or she can click on the simulated option to “remove” these malware apps, which then pulls up a simple download window for a “malware-removing” executable.

Still with us? Here’s the deal: If you push some common sense into the mix, you’ll notice that this entire process seems a bit fishy to begin with. Step one: A virus scan for Windows Explorer appears in your browser window. Step two: It finishes in lightning speed. Step three: You have to download a file–apparently via Windows Explorer, but using your browser’s standard download file prompt–to finish the deal.

In short, Lizamoon can’t do a thing to your system unless you let it. So if you see sort of popup like the one’s I am showing here, do not click on anything! Just turn off your computer and reboot. If your already running a ESET NOD32 and or OpenDNS then you shouldn’t be able to visit any site that is compromised.

The SQL injection attack on the initial site you were visiting, which itself prompts the redirect to the bogus scanning site, only works on this first web site. Lizamoon doesn’t hang out in your browser, or continually redirect you to fake sites, or install itself on your computer in a manner that doesn’t first require you to perform the action yourself.

So what has Lizamoon taught consumers? Don’t let your browser con you into thinking that some kind of action is magically happening on your system, don’t trust this magical action if it takes less than 30 seconds to do or looks otherwise unknown to you, and run an up-to-date virus-scanner in the background of your system. Ta-da: Lizamoon defeated.

When you get hit by the infected website and are referred two things happen, you get hit with a popup box, and you lose control of both your browser and ctrl+alt+del functions. As with all browser windows you have the option to hit the red X to close everything down, but not this baby, touch anything on this baby and you spark up what is now a computer hijackers website. For those few moments the only solution is a log off or reboot. Blocking the hijacker with your firewall is a waste of time. The infection is designed to refer you to several thousand backup addresses that refers you to thousands of ever changing country specific domains like .ms, or .uk. The worst part is the address in the browser address bar is not the address of the web page you are looking at, the web page isn’t in .uk or .us but in Russia. The penultimate hop to the hijacker is a secure firewall server in the USA. The only way of shutting these hijackers out of your computer is by blocking the CIDR address of 212.124.96.0/19 with your firewall.

Don’t know which bothers me the most; the problem or people trying to turn a profit from it. If you run Windows simply hit the power button; after shut down, restart in safe mode and run restore. The malware is gone.

Those who want a secure operating system are better off just leaving Microsoft altogether, not to mention cost savings and other commonly-stated advantages as you do NOT have to purchase additional software to make Windows function safely. Windows does not seem to impress people all that much.

Linux is becoming dominant not just in phones but on desktops too. One adoption curve drives the other and people who own an Apple or Google phone sooner or later rethink their desktop operating system (a personal observation).

Win $20,000.00 *IF* you can exploit Google Chrome

Google will pay $20,000 to the first researcher to exploit its Chrome browser. The award is the largest ever for the annual challenge, which will kick off for the fifth time at this year’s Pwn2Own hacking contest at CanSecWest in Vancouver, BC, on March 9.

This contest is a nice cheap way to find problems with your browser. You end up getting lots of very talented people to look at your code for you. They have the additional benefit of not being the original programmers. This helps them have a new perspective on the code.

Note: Two things that bother me is that they do not include any popular Linux distributions, nor do they offer the Opera browser as a contender. An inquiry to the organization provided a response that, “Linux and Opera, do not hold significant market share.” I am still scratching my head with that statement. Anyways, here are the details.

Target: Web Browsers

This year the web browser targets will be the latest release candidate (at the time of the contest) of the following products:

• Microsoft Internet Explorer
• Apple Safari
• Mozilla Firefox
• Google Chrome

Each browser will be installed on a 64-bit system running the latest version of either OS X or Windows 7.

At this year’s Pwn2Own, researchers will pit exploits against machines running Windows 7 or Mac OS X as they try to bring down Microsoft’s IE, Mozilla’s Firefox, Apple’s Safari and Chrome. The first researchers to hack IE, Firefox and Safari will receive $15,000 and the machine running the browser. The prizes are $5,000 more than those given for exploiting browsers at the last Pwn2Own contest, and three times more than the 2009 awards. ‘We’ve upped the ante this time around and the total cash pool allotted for prizes has risen to a whopping $125,000,’ said Aaron Portnoy, the manager of the sponsor, HP TippingPoint’s security research team, which set the contest’s rules Wednesday in a blog post written by Portnoy.

New this year is Google’s participation. The company is the first browser vendor to put money into the prize kitty. “Kudos to the Google security team for taking the initiative to approach us on this,” Portnoy said.

The rules for Chrome are slightly different than for the other browsers because it’s the only one of the four that uses a “sandbox,” an anti-exploit defense. A sandbox isolates system processes, preventing or at least seriously hindering malware from escaping an application — in this case Chrome — to wreak havoc on the computer.

To exploit a sandboxed program like Chrome, researchers require not one but two vulnerabilities: The first to allow their attack code to escape the sandbox, and a second to exploit a Chrome bug.

Other software developers have followed in Chrome’s footsteps to try to make their applications more secure. Last year, for example, Adobe added a sandbox — derived in part from Google’s work — to its popular Reader program.

To walk off with Google’s $20,000 on Pwn2Own’s first day, a researcher must find and exploit two vulnerabilities in Google’s code. Only on the second and third days of the contest can researchers employ a non-Chrome bug, say one in Windows, to break out of the sandbox. A successful attack on the second and third days will still put $20,000 in the researcher’s pocket, but only $10,000 of that will come from Google; TippingPoint will pony up the other $10,000.

Google’s participation in this year’s Pwn2Own may be a mark of its confidence that Chrome can’t be hacked. Although Chrome has been one of the browser targets at Pwn2Own since 2009, no researcher has exploited the browser and grabbed the cash.

IE, Firefox and Safari have fallen to attackers each of the last two years, sometimes in an embarrassingly short amount of time. In 2009, one researcher — a German computer science major who gave only his first name, Nils – hit the trifecta by exploiting all three browsers and taking home $15,000 total, $5,000 for each hack.

Charlie Miller, the only researcher to have won Pwn2Own prizes three consecutive years, wouldn’t commit last week to trying again, but on Wednesday he noticed the $20,000 for Chrome.

“Pwn2own now offering 20k for attack on Chrome,” said Miller on Twitter. “Must be hard, glad Mac OS X doesn’t sandbox their browser.”

Miller is a Mac hacking authority — he co-authored The Mac Hacker’s Handbook with Dino Dai Zovi, a 2007 Pwn2Own winner — and has exploited Safari each of the last three years. As he pointed out, Safari is not sandboxed.

TippingPoint will also run a mobile hacking track at Pwn2Own next month that will let researchers try to exploit smartphones running Apple’s iOS, Google’s Android, Microsoft’s Windows 7 Phone and RIM’s BlackBerry OS.

Successful smartphone attacks will be awarded $15,000.

Migration from Windows and six ways to ensure it sticks

Summary: Moving a business from Windows to desktop Linux can be scary for some users. Here are some tricks for smoothing the transition.

With all the many compelling reasons for a company to switch to Linux on the desktop, it’s no wonder that businesses large and small are increasingly relying on the free and open source operating system. After all, it’s free, flexible, reliable, and highly secure–to name just a few of the most attractive features.

No matter how good your reasons for switching from Windows to Linux, however, the fact remains that most of us don’t like change. That–more than anything else–is why migrations of any kind can be painful.

One of the most common mistakes new desktop Linux users make is to give up too easily, often citing the frequently heard myth that “It’s too hard.” The truth, however, is that it’s just different. It may be difficult to remember at this point, but Windows took some getting used to, too.

How can you make the desktop Linux migration process as easy as possible in your business? Here are a few suggestions.

1. Get Buy-In at the Top

This probably goes without saying, but executive buy-in is essential to business migrations of just about any kind. Users need to know that the change has been mandated from the top or they won’t feel motivated to go along with it

2. Choose the Right Distribution

Before the migration even begins, it’s critical that you choose the right Linux distribution from among the many hundreds that are out there. As I’ve outlined before, this is primarily a question of the skills of your users, the focus of your business, your hardware and software needs, and the kind of support you hope to get.

Assuming your users haven’t been on desktop Linux before, I’d be inclined to steer you toward either Ubuntu or Linux Mint, unless you have compelling reasons to do otherwise. To help convert real Windows aficionados, there’s also Zorin OS, which is designed to mimic Microsoft’s graphical user interface. You should definitely avoid some of the more expert-oriented distros such as Arch Linux or Slackware.

If you want a little extra online help in making your decision, check out the zegenie Studios Linux Distribution Chooser or polishlinux.org’s distro chooser, both of which can be useful.

3. Choose a Familiar Desktop

One of the nicest things about Linux is that it’s so flexible and customizable, and that’s particularly useful when it comes to introducing new users to the operating system. In addition to choosing your distribution carefully, I’d also encourage you at least to check out a few different desktop environments.

I outlined a few of these not long ago within the context of Ubuntu–which has traditionally come with GNOME by default–and there are many more. Pick one that seems relatively similar to what your users are familiar with.

4. Begin with Key Apps

Because so many of the apps your employees will likely need are cross-platform, one good hurdle to jump ahead of time is getting them used to any new key applications. If they’re used to Internet Explorer, for example, you can start them on Firefox or Chrome while they’re still on Windows.

If they’ve been using Microsoft Office, you can get them used to OpenOffice.org or LibreOffice ahead of time, too. That way, when it comes time to make the switch in operating systems, they’ll have some familiar territory–it won’t all be new.

5. Remove the Pressure

Before you’re aiming to make the switch, set up a Linux box in your office using the distribution, desktop and apps you’ve chosen. Make sure there are some games on there too, and offer it as an option for break time. There’s nothing like no-pressure time with a new technology to make people open-minded and quick to learn.

6. Make a Cheat Sheet

Because the lion’s share of any difficulty in switching to Linux is simply getting used to something different, it can be a real help for users if you give them a quick, post-training “cheat sheet” to remind them how to get at the tools they need once the switch is made.

It could be worded like, “Instead of… (Internet Explorer, for example) Use… (Firefox, say).” It could also outline the first few clicks to get users where they need to go. They’ll probably be fine once they’re in the applications they need–more often than not, it will simply be the process of getting there that they need help remembering.

Here is an up to date wiki with information: http://wiki.linuxquestions.org/wiki/Linux_software_equivalent_to_Windows_software