Thursday, March 20, 2008
Spyware Horror Story: Antispyware bog-down | Software news, tips, and opinions from Download.com editors - Download.com
Spyware Horror Story: Antispyware bog-down | Software news, tips, and opinions from Download.com editors - Download.com
Editor's response 
Using the silze filter on CNET Download.com can save you time finding apps with small footprints.
Read more ...
Published by Jack; Brisbane, Australia
I run Windows 2000 Professional and ran Ad-Aware SE with great success. Ad-Aware stopped updating this year, so had to then get Ad-Aware 2007. This did not work. It kept seizing up while scanning, so I got rid of it and then downloaded McAfee VirusScan from Download.com. This is when my worries began.
My PC just virtually seized up. Every task took 10 times longer to do. If I wanted to open a window or go onto the Internet, I had to click on the icon and go away for 5 minutes before it would come up. It was sooo frustrating. If I had maybe three programs running, then the machine would tell me that there wasn't enough memory and it would have to expand it. I checked the Task Manager and saw that the program running the most memory was "massrv.exe," which turned out to be McAfee. So, I've had to uninstall it. Even then it didn't want to be removed and it took three goes before it surrendered! Frustration!
Here's what I want to know: Is there any antispyware program around that works with 2KB without seizing up?
Editor's response 2KB, Jack? Two?! I hope you mean MB, for megabytes, because there are very few programs that do anything with fewer than even 20 kilobytes. In fact, in the antivirus category on CNET Download.com, there are precisely seven below 50KB in size.
You'd do better with a 2MB restriction. Zone Alarm Anti-virus and ProcessGuard are both high-rated products sliding in just shy of 2MB, and the new, promising Haute Secure just tops your upper limit at 3.45MB.
But really, this cute little scavenger hunt is beyond the point. Part of responsible PC ownership is investing in enough memory to support strong, smoothly functioning security. Period. Just check out some juicy Spyware Horror back stories to see the consequences.
But I won't leave you in a lurch. CNET Shopper is a great resource for pricing RAM before you buy, and there are certainly a few tricks on Download.com that can help you narrow your search for RAM-conscience apps with elusive Cinderella footprints. Every listings page on Download.com contains a drop-down menu for filtering a search; this includes OS, license (if the app is free or free to try,) and size. The memory requirements are also reproduced in the stats on every product page you open, so there's no excuse for downloading something too gargantuan for your computer to handle and then blaming the app for poor performance.
Using the silze filter on CNET Download.com can save you time finding apps with small footprints.
Read more ...
Set Internet Explorer and Firefox to maximize your security.
Modern browsers are much better than their predecessors at keeping your Web activity private and your data safe. Still, you may not have your browser configured to provide optimum security. Take a few minutes to give Internet Explorer 7 and Firefox 2 a safety check.
Batten down IE7's hatches
The version of IE7 for Vista adds the Protected Mode, which allows Web sites to access only the Temporary Internet Files folder on your PC. According to Microsoft, this feature is on by default for the Internet, Intranet, and Restricted zones, but disabled for the Trusted Sites and Local Machine zones. On my machine it was enabled for all zones. You'll see "Protected Mode: On" in the status bar when it's active, or click Tools > Internet Options > Security, and make sure "Enable Protected Mode (requires restarting Internet Explorer)" is checked at the bottom of each zone.
Maximize security in IE7 for Vista by making sure Protected Mode is enabled.
(Credit: Microsoft)
Batten down IE7's hatches
The version of IE7 for Vista adds the Protected Mode, which allows Web sites to access only the Temporary Internet Files folder on your PC. According to Microsoft, this feature is on by default for the Internet, Intranet, and Restricted zones, but disabled for the Trusted Sites and Local Machine zones. On my machine it was enabled for all zones. You'll see "Protected Mode: On" in the status bar when it's active, or click Tools > Internet Options > Security, and make sure "Enable Protected Mode (requires restarting Internet Explorer)" is checked at the bottom of each zone.
Maximize security in IE7 for Vista by making sure Protected Mode is enabled.(Credit: Microsoft)
There have been some reports of Protected Mode causing problems, so if a particular page won't load or run correctly, disabling this feature may solve the glitch, though I don't recommend keeping Protected Mode off. The Web's not getting any safer, and you need all the protection you can get.
Another great new feature in IE7--for XP and Vista alike--is the Phishing Filter. Why the filter is off by default I'll never know. To activate it, click Tools > Phishing Filter > Turn On Automatic Website Checking > OK. Unfortunately, choosing Tools > Phishing Filter > Phishing Filter Settings merely opens the Advanced Internet Options dialog box, where you can scroll down to the Phishing Filter section under Security, only to find that your only two options are to disable the filter, and to "turn off automatic website checking." But while you're in the Advanced Options settings, make sure "Automatically check for Internet Explorer updates" is checked in the Browsing section. Click OK when you're done. [...]
Download Blog, Download.com
Sunday, March 16, 2008
A free and easy way to test your Wi-Fi security
If you’re wondering just how secure your home network is, here’s an easy way to find out. Pure Networks, makers of the popular Network Magic management tool for home networks, has a free diagnostic scan that will deliver a scorecard on your network’s security status.
The Pure Networks Security Scan tool, which works only with Internet Explorer 6 or later, is clearly bait for Network Magic. But it’s a fun download that can provide insight into your network security in just a few minutes.Run the scan, and the resulting scorecard provides a summary status of network devices, the router and network, wireless security, and the computer on which you ran the scan. It advises you of the number of issues tested for each category, alerts you to any worrisome issues found. Click View and it gives you a detailed look within each category.
Some of the items it tests under Router and Network include whether you are running a hardware firewall, if your password is strong (and, of course, changed from the factory default), and whether your router firmware is up to date. Under the Wireless Security tab, the scan checks to ensure that you have changed the factory SSID, tells you what kind of wireless security you’re using, and whether there are any SSID name conflicts. [...]
Read more ...
Rik Fairlie, ZDnet.com
Six Degrees of E-Separation
If you've ever played the game "Six Degrees of Kevin Bacon," you know there's a lot of truth to it. It's based on the notion that any actor can be linked through his or her film roles to Mr. Bacon.
And if you've ever spent some significant time on social networking sites, it's pretty easy to see how this game can be applied to you or your friend's real connections.
So, it should come as no surprise that the same dynamic may work amongst victims of computer viruses.
I came up with the nutty idea for this experiment after stumbling upon a trove of data stolen by a single keystroke logger, which appeared to be in operation between June and September of 2007, according to the time- and date-stamped records. During that time, the criminal(s) responsible for distributing that keylogger ensnared some 10,000 victims, stealing more than 20 gigabytes worth of stored user names and passwords, as well as credentials passed when victims logged in to any sites that required credentials.
Security Fix has mined these types of data troves in previous posts, examining everything from the types of credit cards stolen to compromised businesses to mapping out victims by geographic region. In an effort to look at this data in a different light, I choose this time around to look at the relationships between all victims who had accounts with LinkedIn, a social networking site that caters to executives and the business community.
Out of those 10,000 victims, I was able to confirm that at least 100 were LinkedIn users. That is, only about 100 had either stored their LinkedIn credentials in Internet Explorer or had logged into their LinkedIn account while the keylogger resided on their PC. I was unable to positively identify about one-quarter of the 100 LinkedIn users in this set, most likely for one or more of the following reasons: their full name wasn't included in the rest of the stolen data; the victim's last name had changed since the data was stolen; they had closed their LinkedIn account since the data was stolen. [...]
Read more ...
Brian Krebs on Computer Security. The Washington Post Company.
And if you've ever spent some significant time on social networking sites, it's pretty easy to see how this game can be applied to you or your friend's real connections.
So, it should come as no surprise that the same dynamic may work amongst victims of computer viruses.
I came up with the nutty idea for this experiment after stumbling upon a trove of data stolen by a single keystroke logger, which appeared to be in operation between June and September of 2007, according to the time- and date-stamped records. During that time, the criminal(s) responsible for distributing that keylogger ensnared some 10,000 victims, stealing more than 20 gigabytes worth of stored user names and passwords, as well as credentials passed when victims logged in to any sites that required credentials.
Security Fix has mined these types of data troves in previous posts, examining everything from the types of credit cards stolen to compromised businesses to mapping out victims by geographic region. In an effort to look at this data in a different light, I choose this time around to look at the relationships between all victims who had accounts with LinkedIn, a social networking site that caters to executives and the business community.
Out of those 10,000 victims, I was able to confirm that at least 100 were LinkedIn users. That is, only about 100 had either stored their LinkedIn credentials in Internet Explorer or had logged into their LinkedIn account while the keylogger resided on their PC. I was unable to positively identify about one-quarter of the 100 LinkedIn users in this set, most likely for one or more of the following reasons: their full name wasn't included in the rest of the stolen data; the victim's last name had changed since the data was stolen; they had closed their LinkedIn account since the data was stolen. [...]
Read more ...
Brian Krebs on Computer Security. The Washington Post Company.
Wednesday, March 12, 2008
The Future of Anti-Virus Software
John Moore on March 11, 2008
Anti-virus software elicits a variety of responses from industry executives, analysts and users.
Some question the usefulness of the software and view signature-based offerings in a particularly dim light. Others cite the performance effects that anti-virus tools have on PCs. Anti-virus proponents, however, believe that the technology will endure as a component of a layered defense strategy, pointing to the addition of behavior-based scanning.
“As long as viruses exist, anti-virus programs will be designed to help protect users from online threats,” said Tim Rains, security response communications lead for Microsoft.
Rains pointed to data stemming from Microsoft’s Malicious Software Removal Tool as supporting the importance of running anti-virus software. The tool removed malware from 1 out of every 217 computers in the first half of 2007, compared with 1 out of every 409 computers in 2006 and 1 out of every 359 computers in the second half of 2005.
Network Distribution
But there’s another anti-virus issue to consider: Will anti-virus software continue to evolve as a third-party product, or will it become a feature embedded in OSes?
Rob Enderle, principal analyst at Enderle Group, said he believes basic security should be part of the OS platform.
“With IBM mainframes, the core security came from IBM, and for Unix, core security was provided by the platform owners,” he said. “If you needed extra, that could come from a number of sources. But basic security — and anti-virus is basic security — should be part of the platform in my view.”
David Lawson, director of risk management at Acumen Solutions Inc., a business and technology consulting firm, has a different take on where the anti-virus function will reside. He believes that anti-virus tools may end up embedded in the network, noting that the centralization of anti-virus technology would provide an efficiency boost.
“I would suggest we pull [anti-virus] away from the desktop and centralize it more,” Lawson said. Lawson said that he sees anti-virus software moving to network devices as part of rule-based forwarding and on application servers.
Enderle, meanwhile, said that user demands at the OS level will alter the anti-virus landscape. “I think we are seeing a trend where people who use … Windows, Apple and Linux expect the folks who supply it to provide for their basic security needs,” he explained. “This will likely change the anti-virus market dramatically.”
Key Differentiators
However, [...]
Read more ...
IT Security.com
Anti-virus software elicits a variety of responses from industry executives, analysts and users.
Some question the usefulness of the software and view signature-based offerings in a particularly dim light. Others cite the performance effects that anti-virus tools have on PCs. Anti-virus proponents, however, believe that the technology will endure as a component of a layered defense strategy, pointing to the addition of behavior-based scanning.
“As long as viruses exist, anti-virus programs will be designed to help protect users from online threats,” said Tim Rains, security response communications lead for Microsoft.
Rains pointed to data stemming from Microsoft’s Malicious Software Removal Tool as supporting the importance of running anti-virus software. The tool removed malware from 1 out of every 217 computers in the first half of 2007, compared with 1 out of every 409 computers in 2006 and 1 out of every 359 computers in the second half of 2005.
Network Distribution
But there’s another anti-virus issue to consider: Will anti-virus software continue to evolve as a third-party product, or will it become a feature embedded in OSes?
Rob Enderle, principal analyst at Enderle Group, said he believes basic security should be part of the OS platform.
“With IBM mainframes, the core security came from IBM, and for Unix, core security was provided by the platform owners,” he said. “If you needed extra, that could come from a number of sources. But basic security — and anti-virus is basic security — should be part of the platform in my view.”
David Lawson, director of risk management at Acumen Solutions Inc., a business and technology consulting firm, has a different take on where the anti-virus function will reside. He believes that anti-virus tools may end up embedded in the network, noting that the centralization of anti-virus technology would provide an efficiency boost.
“I would suggest we pull [anti-virus] away from the desktop and centralize it more,” Lawson said. Lawson said that he sees anti-virus software moving to network devices as part of rule-based forwarding and on application servers.
Enderle, meanwhile, said that user demands at the OS level will alter the anti-virus landscape. “I think we are seeing a trend where people who use … Windows, Apple and Linux expect the folks who supply it to provide for their basic security needs,” he explained. “This will likely change the anti-virus market dramatically.”
Key Differentiators
However, [...]
Read more ...
IT Security.com
Microsoft Patches 12 Office Security Holes
Microsoft today issued four updates to fix at least a dozen security vulnerabilities in its Office software products. All of the updates earned Microsoft's "critical" label, meaning attackers could exploit the flaws to break into Windows systems with little or no help from users.
Included in today's Patch Tuesday roundup are fixes for just about every Office suite or stand-alone product that Microsoft currently supports -- going back to Office 2000 and including Office for Mac software and various Office Viewer components.
One of the updates, which mends at least seven flaws in different Office titles, patches a security hole that hackers were exploiting as early as last week, according to reports from US-CERT and the SANS Internet Storm Center.
Interestingly, that patch and one other address security holes found in Office 2007, a product that underwent rigorous code review in an attempt to minimize the kinds of security weaknesses that were found to be pervasive in older versions of Office.
Office users can grab the latest patches from Microsoft Update. Office 2000 users, however, can only obtain them from Microsoft's Office Update. Office 2000 users may also need to have their Office installation CD handy in order to install these updates. [...]
Read more ...
Brian Krebs on Computer Security. The Washington Post Company.
Included in today's Patch Tuesday roundup are fixes for just about every Office suite or stand-alone product that Microsoft currently supports -- going back to Office 2000 and including Office for Mac software and various Office Viewer components.
One of the updates, which mends at least seven flaws in different Office titles, patches a security hole that hackers were exploiting as early as last week, according to reports from US-CERT and the SANS Internet Storm Center.
Interestingly, that patch and one other address security holes found in Office 2007, a product that underwent rigorous code review in an attempt to minimize the kinds of security weaknesses that were found to be pervasive in older versions of Office.
Office users can grab the latest patches from Microsoft Update. Office 2000 users, however, can only obtain them from Microsoft's Office Update. Office 2000 users may also need to have their Office installation CD handy in order to install these updates. [...]
Read more ...
Brian Krebs on Computer Security. The Washington Post Company.
Tuesday, March 11, 2008
When Ads Go Bad
A long-time trusted source recently alerted me that some inappropriate advertisements were running on Neopets.com, a Web site full of addictive Macromedia Flash games aimed at pre-teens. Surprisingly, the curators of Neopets.com -- major media conglomerate Viacom -- are disavowing responsibility for the racy ads, saying they did not exist on their network and instead were the result of adware or spyware on my source's computer.
"This appears to be a 'malicious' software program and we are aggressively investigating its origin," the company said in an e-mailed statement. "We would never accept this type of ad on any of our company's sites as it doesn't meet any of Neopet's standards."
Included is a screenshot taken of one of the multiple ads I found on the site, which linked back to Internet dating site True.com. A Neopets.com spokesperson said the ads could not have possibly have been served through its site, and that the ads must have been displayed by malicious software.
"This appears to be a 'malicious' software program and we are aggressively investigating its origin," the company said in an e-mailed statement. "We would never accept this type of ad on any of our company's sites as it doesn't meet any of Neopet's standards."Neopets could not specify any particular adware or software in existence today that exhibits this type of ad-swapping behavior, but offered to put me in touch with an expert who could talk about how it would be theoretically possible for such malware to exist. Scans with several anti-spyware and anti-virus products returned a clean bill of health on my source's PC. [...]
Brian Krebs on Computer Security. The Washington Post Company.
Friday, March 7, 2008
The FDIC Computer Intrusion Report
Last week, Security Fix featured the highlights from a non-public report by the Federal Deposit Insurance Corp. (FDIC) that examined a huge recent spike in the cost of computer intrusions for banks and consumers. I chose not to publish the report itself at the time, but due in part to the large number of requests I've received from people inside the financial sector who claim to have never seen such figures from the government before, I've decided to release a slightly redacted version of it (the original version contained a number of case studies that included potentially sensitive data about ongoing law enforcement investigations).
FDIC Division of Supervision and Consumer Protection: Cyber Fraud and Financial Crime Report, November 9, 2007 (as of June 30, 2007) (Doc). For those who don't have Microsoft Word, a less attractive HTML version of the report is available here.
I should note that while the report centers on cyber fraud, there are other aspects of bank fraud detailed in this report that may be of interest for reporters or fraud analysts in other sectors. For example, the study includes data showing a sizable increase in new account fraud using completely fabricated identities, which are turn used for check kiting and fraud "bustout" fraud schemes. Also, the report includes recent figures on mortgage fraud rates. [...]
Read more ...
Brian Krebs on Computer Security. The Washington Post Company.
The MonaRonaDona Extortion Scam
Online tech support forums are starting to light up over an increasing number of PCs sickened by something called the "MonaRonaDona virus," a piece of malware that threatens to trash host computers. As it happens, MonaRonaDona appears to be a relatively innocuous invader that was created to scare people into purchasing a fake new anti-virus product.
I first read about MonaRonaDona in a discussion thread over at the excellent DSL Reports Security Forum, where members traded tips on removing the bugger. Nobody seems to know how the thing wiggles into infected PCs in the first place, but the one thing that's clear is that this invader's primary purpose is to call as much attention to itself as possible (that kind of behavior is always a red flag, because most modern malware succeeds by being stealthy and unobtrusive). This piece of malware disables a number of programs on the victim's PC, changes the title of each Internet Explorer Window to include its name, and pops up the warning shown in the adjacent screenshot. [...]
Read more ...
Brian Krebs on Computer Security. The Washington Post Company.
Subscribe to:
Posts (Atom)
![[JP]Sec.](http://1.bp.blogspot.com/_w3x0VP6CzIc/RspuVwtFd1I/AAAAAAAABiI/VukcTNUqa2Y/s1600/MSNLogo.png)
