Computer Viruses Evolve
New malware morphs into different shapes unattended by humans
Now this is quite a fascinating story, it seems the latest development is the accidental development of new super-malware strains created by viruses infecting executable files of worms. Worms are generally executable files and well, viruses infect executables – so you can imagine what happens.
Ten years ago, there was a clear-cut distinction between Trojans, viruses and worms. They all had their own features specific to one family of malware only. As more people connected to the internet, cyber-criminals started mixing ingredients to maximize impact. And here I’m thinking Trojans with worm capabilities or viruses with Trojan features, and so on. (more…)
No Recovery For You!
When consumers purchase personal computers, they should be given the means to restore/repair their operating system via an included LIVE CD/DVD, in NOT doing so by the OEM is just plain stupid. Bear in mind that as a Microsoft Windows licensee, meaning YOU, the thing with a Windows license is that you DO NOT OWN the software, you DO NOT OWN the product, that you are paying for and by receiving a license to use that software under the terms given, you must abide by them, whether you like it or not. That doesn’t sound to user friendly does it?
What you typically have included with you computer, is a recovery CD (best case), perhaps a recovery partition that just re-images your partition setting everything back to the way it was originally or nothing at all (worst case), none of these truly do fix anything. Normally the best way to accomplish this feat is to boot from a Linux LiveCD to recover your files. (more…)
Windows Patch Tuesday – January 2012
For the swiss cheese of operating systems, Microsoft plans to start 2012 with a surprisingly large Patch Tuesday that covers seven security bulletins which collectively address eight separate vulnerabilities. Previous January releases have normally featured only one or two bulletins. The solitary critical bulletin in the batch fixes a remote code execution issue in Media Player. The remaining six “important” bulletins due next Tuesday handle the BEAST SSL issue, which is short for Browser Exploit Against SSL/TLS. The stealthy piece of JavaScript works with a network sniffer to decrypt encrypted cookies a targeted website uses to grant access to restricted user accounts.
In the patch are other various information disclosure bugs, escalation of privilege issues and an update to Microsoft’s SEHOP (Structured Exception Handler Overwrite Protection) technology to enhance the defence-in-depth capability that it can offers to legacy applications. The first six bulletins affect various versions of the Windows Operating System, from XP SP3 up to the newest versions Windows 7 and Windows 2008 R2. The seventh bulletin covers Microsoft Developer Tools.
The “important” rather than critical status for the Beast SSL issue is at least debatable. The BEAST attack affects web servers that support SSLv3/TLSv1 encryption. Microsoft has already published a workaround, which involves using the non-affected RC4 cipher in SSL installations. A patch was originally promised in December but delayed until this month due to problems uncovered during testing. “Despite all of the hype over ‘The Beast’, attacks have simply never materialised and the issue has retained its ‘important’ classification from Microsoft,” notes Paul Henry, a security and forensic analyst at Lumension. Adobe and Oracle have both timetabled quarterly updates, on 10 January and 17 January, respectively in what promises to be a busy month for patching
Windows Patch Tuesday – December 2011
Patch up warmly this winter if you’re running Java, as Oracle’s software platform is the single biggest target for hackers. Java proved the single most popular target in the 12-month period to the end of June, according to Microsoft’s latest Security Intelligence Report has found here. Running Java as a Web-browser Plugin is much more dangerous than Flash, and you should disable the Java Applet Plugin.
Microsoft today issued software updates to patch at least 19 security holes in Windows XP, Vista, 2003 and 7 (no surprise there), including three flaws that earned the company’s most serious “critical” rating. Separately, Oracle released a security update that fixes several issues in its Java software. (more…)
Automatic Computer Malware
According to a Security Intelligence Report from Microsoft, AutoRun—the feature in Windows that automatically executes files when you plug in a USB or connect to a network—accounts for almost half of all malware infections. These are infections that don’t require any user-input from you, so it’s kind of not your fault that your computer gets infected. By turning off AutoRun, you’ll add an extra step to certain tasks, but it’s worth it to cut down on malware 50%.
This report states that Windows XP SP3 systems get infected about ten times as much as Windows 7 SP1 64-bit systems, and six times as much vs. 32-bit Windows 7 systems. That alone is one reason why you might want to upgrade your parents’ machines to Linux. bear in mind that Windows XP should have been mostly fixed back in February of 2011. See Microsoft Security Advisory 967940. The update does not disable auto-play for CD nor DVD media, but only USB drives, external hard drives and network shares. (more…)
Windows 8 Antivirus
In a move that is likely to anger the antivirus industry, Microsoft is adding security features from its Security Essentials program to Windows 8. This is good news for consumers, but bad news for the antivirus industry. Microsoft should have been doing this since the release of Windows 95. While many of us do simultaneous facepalms and giggle at a decade-late decision, others question the legality of doing so. A multi-billion dollar industry has grown, based on the absolute porous operating system that is Microsoft Windows.
That’s right. Microsoft this week began offering U.S. customers its free antivirus program via Windows’ built-in update service, a move one major security firm said may be anti-competitive. Microsoft is adding features from its Security Essentials program, which is currently available as a separate download for Windows users, to the Windows Defender package already built into Windows. This means that Windows 8 users will get out-of-the-box protection against malware, along with firewall and parental controls from within Windows without requiring users hunt down a separate download or buy new software. (more…)
Windows Patch Tuesday – November 2011
It is that time again! Adobe, Apple, Microsoft and Mozilla all released updates on Tuesday to fix critical security flaws in their products. Adobe issued a patch that corrects four vulnerabilities in Shockwave Player, while Redmond pushed updates to address four Windows flaws. Apple slipped out an update that mends at least 17 security holes in its version of Java, and Mozilla issued yet another major Firefox release, Firefox 8. If there have been 17 security holes in Java just since the last release If that doesn’t convince a person to uninstall Java, I’m not sure what will.
The only “critical” patch from Microsoft this month is a dangerous Windows flaw that could be triggered remotely to install malicious software just by sending the target system specially crafted packets of data. Microsoft says this vulnerability may be difficult to reliably exploit, but it should be patched immediately. Information on the other three flaws fixed this week is here. The fixes are available via Windows Updates for most supported versions of the operating system, including XP, Vista and Windows 7.
Adobe’s Shockwave update also fixes critical flaws, but users should check to see if they have this program installed before trying to update it. To test whether you have Shockwave installed, visit this page; if you see an animation, it’s time to update. If you see a prompt to install Shockwave, there is no need to install it. Mozilla Firefox users without Shockwave Player installed may still see “Shockwave Flash” listed in the “Plugins” directory of the browser; this merely indicates that the user has Adobe’s Flash Player installed.
The vulnerabilities fixed by this update exist in versions ofShockwave 11.6.1.629 and earlier. The latest version, v. 11.6.3.633, is available here. I’m sure it has its uses, but to me Shockwave is just another Adobe program that requires constant care and feeding. What’s more, like Adobe’s Flash Player, Shockwave demands two separate installation procedures for IE and non-IE browsers.
Hat tip to the SANS Internet Storm Center for the heads up on the Java fix from Apple. This update, available via Software Update or Apple Downloads, essentially brings Snow Leopard and Lion up to date with the Oracle patches released last month in Java 6 Update 29 (Apple maintains its own version of Java).
If you use Mozilla Firefox or Thunderbird, you may have noticed that Mozilla is pushing out another major upgrade that includes critical fixes to these programs; both have now been updated to version 8. If you’re still running Firefox version 3.6.x, Mozilla has updated that to3.6.24. Perhaps I’m becoming a curmudgeon, but I’m growing weary of the incessant update prompts from Firefox. It seems that almost every time I start it up it’s asking to restart the browser or to remove plugins that no longer work with the latest version. I’ve been gradually transitioning more of my work over to Google Chrome, which seems faster and updates the browser and any installed plugins silently (and frequently patches oft-targeted plugins like Flash Player even before Adobe officially releases the update).
I switched to Google Chrome when it first came out ago. I love it. It’s faster and makes updating easy and effortless. I still have Firefox, but Chrome is my default browser now on all my computers.
Windows PC Malware
The latest semi-annual Security Information Report (SIR) from Microsoft has been released, and its 232 pages carry reminders of some important facts about computer viruses, other malware and overall PC security.
Here is the link to their blog: http://blogs.technet.com/b/security/archive/2011/10/10/latest-microsoft-security-intelligence-report-now-available.aspx
When it comes to Windows, there are ten things that one should keep in mind:
Infections happen
According to the report, of all the computers that visited the Microsoft Malicious Software Removal Tool(MSRT) in the first half of 2009, 8.7 out of 1,000 (that is, not quite one percent) had some kind of malware infection identifiable by the tool.
The hot spots were Serbia and Montenegro, where the rate was 97.2 per thousand, Turkey with 32.3, Brazil with 25.4, Spain with 21.6, South Korea with 21.3, Saudi Arabia with 20.8, and Taiwan with 20.4.
The cleanest were computers in Finland with a rate of 1.9. The U.S. rate of 8.6 was nearly the same as the global average. (Other sources–typically malware protection vendors who see no reason to be coy–quote much higher infection rates.) Not mentioned by the Microsoft report is that Apple Macintosh infections remain rare.
Malware amounts to an ecosystem
There’s viruses that replicate themselves and spread to other computers, sometimes just for its own sake.
They’re called worms if they do it through e-mail or instant messaging. Trojans follow the metaphor of Homer’s Trojan Horse, whose occupants emerged in the night to open the Troy’s gates to a devastating attack. Spyware watches your actions for marketing purposes. Adware produces annoying popup ads. Malware, incidentally, is any software you didn’t ask for, especially software that has malicious intent. A bug, meanwhile, is any software that doesn’t work right–and may be preferable to malware.
Malware has many sources
You can get an infection by visiting a malicious Web site, or by clicking a file attached to spam e-mail, through a p2p file-sharing network, by downloading what you thought was free software, or by using an infected removable device like a USB memory stick. Intrusion attacks can come in over the Internet.
Malware can bite
Many trojans will download other malware that take root in our computer and start doing nasty things. These include password stealers and keyloggers that will try to swipe your account information so that someone else can swipe your money. Or they may turn your computer in to botnet node, under the remote control of a bot herder, who will typically use it to spew spam.
Trojans rule (in the U.S.)
If you’re going to get an infection, at least in the U.S. it’s likely to be some kind of Trojan. According to the SIR, 42 percent of the infections that the MSRT discovered were Trojans. Adware was also big at 16.3 percent. Nasty password stealers amounted to 4.1 percent. Elsewhere, infections are a toss-up. In Brazil, for instance, password stealers aimed at on-line banking predominate. Spain and South Korea have little in common, but both are afflicted by worms that target on-line gamers.
Vulnerabilities vary
Not all operating systems are equally vulnerable. Microsoft’s figures show that unpatched Windows XP has an infection rate of about 32.5 per thousand–about four times the global average. The rate falls to a sub-average 8 for thousand for Windows XP with Service Pack 3 (i.e., fully updated.) The rate for updated Vista machines was 3.1 per thousand for the 32-bit version, and 2 per thousand for the 64-bit version.
Patching works
Hackers have a reputation of being ahead of the software vendors, but in reality they often use vulnerabilities for which patches has already been issued. Even when the bad guys get the upper hand, it may not be for long. Microsoft likes to use the example of the “Reno” Trojan that was attacking Vista, causing Windows Explorer to generate trackable error reports. After Microsoft issued a patch, the reports fell from 1.2 million error reports daily to less than 100,000–in three days. Within a month it was off the chart.
Updating works
The rate of infection of 64-bit versions of software was usually a third lower than the rate of infection of the 32-bit version.
Malware is not the only danger
The big news is the rise in phishing–e-mail that tries to trick you into revealing information that could be used for ID theft or other fraud. The phishers have been going after denizens of social networking sites and even large corporations.
Upshot: Update your gray matter
Software can’t protect you against the phishing plague–only common sense can do that. If some random e-mail asks for your personal information because somehow otherwise your bank account, or our game subscription, or your corporate computer privileges will be suspended, delete it.
Yes, this is why I show people Linux all the time, where you do not put up with all this mess. Who has the time to keep up with all of this garbage? It’s a wonder anyone gets any work done using Windows. There are two lines that I carry with me and I use them often these days:
“In a world without walls and fences, who needs Windows and Gates?”
“I get paid to support Windows, I use Linux to get work done.”
Web Browser Defense
For most of us, the Web browser is the first application we use when we turn on a computer. It’s how we check email, read the news, chat with friends and do just about everything.
What many users don’t realize, however, is that the Web browser is the most important security defense our computers have — and yet 60 percent of the browsers accessing the Internet today are outdated. An outdated browser ends up impacting everyone’s security, privacy and performance.
I wrote about Microsoft warning us *rolls-eyes* last week, in that we were not using a “secure” browser like Internet Explorer” GASP!..the horror of us ignorant consumers!
To help users understand the importance of the browser you use, the Online Trust Alliance (OTA), a Web-industry trade group based in Bellevue, Wash., that promotes security and trust in online marketing and commerce, recently unveiled the “Why Your Browser Matters” initiative.
“The ‘Why Your Browser Matters’ initiative provides users overall recommendations to upgrade their out-of-date and legacy browsers for a more safe, more private and more compelling online experience,” said Craig Spiezle, executive director of OTA. “The Initiative is all about communicating with computer users to make them realize that an updated Web browser is one of the most important security steps you can take. It’s as important as running anti-virus/anti-malware software.”
Spiezle is quick to point out that while there is no magic bullet when it comes to computer security, the browser is on the front line of defense because it is used so frequently.
“Modern browsers detect malicious websites and phishing URLs, analyze downloads and support a broad suite of privacy features,” Spiezle said. “It’s critical to have these at your disposal when it comes to protecting yourself online, as well as protecting your machine in general.”
Modern browsers try to provide security for users in three different ways, explained Roger Thompson, chief emerging threats researcher for ICSA Labs in Mechanicsburg, Pa.
For example, said Thompson, all modern browsers have “blacklists” of known malware sites and try to prevent users from visiting them. This method works well if the malicious sites are well-known, but online criminals try to move websites around by changing domain names and IP addresses faster than security researchers can update the blacklists — so sometimes this doesn’t work.
Some browsers, such as Google Chrome, also run applets and executable code in a “sandbox,” meaning that the code and applets can’t affect other parts of the browser or the operating system. Again, this doesn’t always work.
And all modern browsers have a somewhat regular patch cycle, in which developers fix vulnerabilities to prevent direct attacks.
A good illustration of how a browser can act as the first line of defense is with regard to shortened URLs, or Web addresses.
URL-shortening services such as bit.ly, tinyurl.com or is.gd are handy to use when including links in instant messages, text messages or Twitter posts. Unfortunately, URL shorteners also mask the actual URLs they lead to, and give no warning that links might be drive-by downloads or exploits waiting for unsuspecting victims.
Fortunately, some enterprising software developers have created a way to find out where you’re going.
“There are plug-ins available for Chrome and Firefox that will automatically expand short URLs to their actual address when viewing pages containing such links,” said Harry Sverdlove, chief technology officer of Bit9, a Web security company in Waltham, Mass. “These are useful when using Facebook or Twitter from a browser, common places where malicious links are hiding in short URLs.”
How to protect yourself
As Thompson pointed out, browser vendors are good about providing updates and patches that improve security by fixing vulnerabilities that bad guys exploit. But after that, it’s up to the user himself to take action by actually downloading the updates, or upgrading the browser to the latest version.
You can check the version number of your browser by going to the Help button on your browser’s menu and checking the “About” section. (On a Mac, click the name of the application next to the apple icon in the upper left of the screen.) Often, the “about” pop-up window will prompt you to check where there might be updates available.
For those who use Internet Explorer, Spiezle has this important piece of advice: ”If it says Internet Explorer 6 … run, do not walk to the nearest free download of Internet Explorer 9.”
(If you’re still running Windows XP, update to Internet Explorer 8, the latest version you can install.) Which is the highest version you can run on Windows XP, unless someone figures out a hack for it, which they will. I rather you run Google Chrome.
Internet Explorer 6 has been the target of a number of malicious attacks over the past decade; newer versions of Internet Explorer are much more secure.
Does it matter which browser you use? Spiezle and Thompson disagree on that question.
While Thompson said that today’s browser upgrades have leveled the playing field when it comes to security, Spiezle pointed out that there still are differences among them, and each user has to assess which is best for his own uses.
“You need to look at not only the security features, but also privacy features, as well as support for the latest technologies,” Spiezle said.
Here is the link for a good start, https://otalliance.org/browser/ At first I was thinking that this was another Internet Explorer centered website, but at least they mention the alternatives.
Internet Safety: 7 tips
Don’t use a single, easy-to-remember password for everything you sign up for. It’s tempting because you’re always being asked to create another user name and password at one site or another.
“When criminals are able to get your password from one site that they’ve hacked into, they then take it and try to use it on other common services to see if they can get more access to your personal information,” said Chester Wisniewski, a security expert at security firm Sophos Ltd. “So they’ll go to Facebook and use the same password you used on [the site they hacked into] and they’ll go to your Gmail account.”
If it sounds too good to be true, it probably is. “We see all these survey scams on the Internet all the time where you’re asked to fill in all this personal and private information and enter to win an iPad,” Wisniewski said.
The problem is most of them are frauds and scams. “No one is getting an iPad,” Wisniewski said.
Instead of entering a sweepstakes, what you’re really doing is handing your information over to criminals who might sell it off to someone else or use it to commit identity theft.
Be cautious about sharing information, even if it seems harmless. Don’t give out information such as your birth date on social media or other sites that ask for it.
“Unfortunately, the way we work in the real world, these things may be used to identify you,” Wisniewski said.
Instead of giving away your identity, make another one up.
Keep your anti-virus software up to date. Anti-virus software comes pre-installed on most computers. But after the initial free trial period is over, either shell out for a subscription or install free anti-virus software. You’ll need it.
“It’s not a bulletproof answer because things still get by anti-virus software,” Wisniewski said. “But keeping it up to date improves your safety dramatically. And there are great free solutions out there — namely Linux.
Keep all regular software up to date to ensure it’s secure. If you do, you’ll lessen the chances of experiencing a security breach.
Trojan horses, viruses and other forms of malware evolve every day. When a bug or hole that could harm your computer or let in the bad guys is found in a piece of software, the software company will usually release an update. It’s very important that you run these updates to minimize the opportunities for criminals to steal or misuse your information.
“For example, if you get that little balloon in the tray in Windows, that says ‘Hey, there’s an Adobe update available,’ click ‘yes,’” Wisniewski said.
Keep your browser up to date. If you’re using an outdated browser, you’re also running the risk of being scammed or having your identity stolen. Up-to-date browsers have much better protection against cyberattacks than older versions.
Enable a firewall and configure it properly. A firewall is a system designed to prevent unauthorized access to your computer. Most current operating systems, such as updated versions of Windows XP, Vista and 7, as well as Mac OS X 10.4 and later, have one built in. Otherwise, you can get a inexpensive software firewall from your local computer store, software vendors or your Internet service provider.
“Turning the firewall on makes a big difference,” Wisniewski said, “because if something were to escape your anti-virus [software] and try to communicate with the Internet to send all your banking information, your firewall will stop that if it’s enabled and configured properly.”
