Thursday, July 30, 2009

Web of Trust announces alliance with Panda Security


The Web of Trust is a website advisory facility, fed by inputs from users, that this blog has covered before. It is driven by site reputation with users. WOT has joined forces with Panda Security, and there is a recently provided weblink that explains this alliance:

WOT sent out a press dated July 30, from Helsinki.

I tried the Firefox download on Vista and Firefox would not allow me to pursue it. I will have to look in to this. With a different box it gave me an unknown file type. I’ll have to check into this also.

I have quite a bit of experience with McAfee site advisor, which sometimes causes “false positives.”

I haven’t noticed a specific website rating facility being offered by Webroot yet. However Webroot Spysweeper does flag sites it knows to be associated with distributing malware when the sites are visited or linked in emails.

Wednesday, July 29, 2009

Microsoft offices "sandbox" to make Office applications more secure, for the time being


Gregg Keizer has a column today in PC World on Microsoft Office file formats and their supposed vulnerability that hackers find by “fuzzing” Office file formats, the dropping of random streams into applications to cause lockups and breakdowns. It seems that some people like to break things for the fun of it! Microsoft will offer a “sandbox”, a read-only environment for companies to isolate Office documents in a read-only environment where they can’t be surreptitiously updated.
The PC World story July 26 is here.

Microsoft has a company blog to discuss its security enhancements for Office products here.

Back in 1997, I had trouble with some large, heavily footnoted Word documents for my first book going "bad" and Kinkos claimed that this was a virus; it wasn't, it was just instability.

Tuesday, July 28, 2009

Hand print technology could make computers more secure as well as entire workplaces


A Tampa FL-based technology company, Identica ("undeniable identity"), has developed a biometric scanning device now reading the vein patterns on the backs of peoples’ hands. The technology has become popular for security in Asian banks, but now at least one pre-school in Loudoun County, Lola’s Place, VA uses it.

It seems to be a technically controversial alternative to retinal scanning. But off hand, it would sound more prone to physical changes in a person.

It would also sound like an appealing technology for workstation security in the workplace, or even at home with a PC or laptop, more reliable than webcams and photos. This sounds like a security technology to watch.

The story is in the Metro Section of the July 28 Washington Post, by Emma Brown, p B1"Va. Preschool’s Security Is More than Skin-Deep”, link here.

Monday, July 27, 2009

Do McAfee and Spysweeper conflict? (wrLZMA)


This morning, Monday July 27, on a quick scan by McAfee of an older Dell 8300 from 2003 (XP Home) with Spysweeper anti-spy (but not antivirus) added on, the scan hung on module wrLZMA.dll, twice. I disconnected the Internet and tried again and got the same result. The full scan had run successfully without incident Saturday morning.
In a scheduled run last night, Spysweeper went into a loop and never started, on the same machine.

I have been having trouble with slow performance on this machine, as noted earlier; sometimes it gets better for a while, after running RegCure (which always finds at least two HKLM errors).

I found the report above from 2008 about a possible conflict between Spysweeper and McAfee over a Spysweeper module by this name. But a search shows other modules purported to be Trojans with this name masquerading as this file. However, a Dell search of the local machine showed that the module was last loaded and updated the day that I installed Spysweeper.

I think this is a “false positive” and an artifact of my performance problem, not a cause. In the meantime, I’m moving work over to a new Vista XPS laptop (I explained on another blog why Apple wouldn’t quite work for me). Needless to say, the new laptop runs about ten times as fast.

Out of caution, I disconnected the old machine from the Internet, and changed critical passwords under the firewall protection of the new one. It’s hard to prove with an old slow machine that the anti-virus and firewall actually work.
If someone knows more about wrLZMA, I would appreciate comments – moderated but quickly reviewed and approved. I guess the old machine will find its way to the Best Buy repair desk soon.

Picture: from the DC Metro, and prescient.

Update: Aug. 1, 2009

Now, in a full McAfee scan, it gets stuck on webroot "settings.dat"

Wednesday, July 22, 2009

Paper (from Tech Repubic) surveys malware and rootkits


On Wednesday July 22 Tech Republic offered a download link for a white paper “The Ten Faces of Computer Malware”. I know, Tech Republic likes these variations on the 2001 movie “13 Conversations about One Thing.” The link takes you to a download available to free registrants, and a number of the “faces” are about rootkits, which can operate at the user, kernel or firmware level – the last being essentially impossible to move. The paper makes the astonishing statement that all anti-malware applications (including professional anti-virus programs) are destined to fail or be defeated eventually, and all computer users (that means almost everybody) needs to take more ownership of the risks that others can put them in (sounds like a contradiction).

Tuesday, July 21, 2009

New warnings on infected videos (Erin Andrews; Georgia c.p. case)


Several major media outlets are reporting that hackers have tricked computer users into downloading a video supposedly “showing” ESPN host (illegally) Erin Andrews but actually infected with malware. The malware apparently involves popups with spyware that will later be used to record keystrokes. The WJZ story is here.

The Georgia Bureau of Investigation is reporting an old email phishing scam that involves an unidentified man engaging in child pornography. Theoretically, a user who downloaded the video being offered (as an attachment) could be guilty of possessing c.p., although it’s not clear how knowing the possession would have to be (could depend on the state). The story is here.

Monday, July 20, 2009

Scientific American has article on real world computer security


The May 2009 issue of Scientific American has a “Security” article on p 56, “How to steal secrets without a network: information thieves can now do an end run around encryption, networks and the operating systems,” by W. Wayt Gibbs. The URL link is here.

The article describes old-fashioned “real world” hacking, as from reflections from an eyeball or from the sounds of a dot-matrix printer (yes, like Okidata in the 80s). Each key on a leyboard emits a unique radio frequency that can be tracked (it is said that the CIA could spy on individual home computers before there was a public Internet as a result). A determined hacker could subvert a built in webcam, used by many new laptops to identify users, to track keystrokes. It sounds like the kind of spying of the great James Bond movies of the 60s, those with a hairy Sean Connery. The general impression is that from determine spies, these threats are still serious matters for government or high-value targets, probably much less so for ordinary users, when compared to the more familiar threats of spam, phishing, viruses, Trojans and worms.

This same issue of Scientific American has an article (“airless”) about how planets lose their atmospheres!

Wednesday, July 15, 2009

Vista with Webcam acts like "HAL" in "2001" or "Moon"; does facial recognition help or hinder security?


Well, more “Adventures in a perambulator” (with Windows Vista, that is). I let the laptop go into sleep mode, and it used the webcam to recognize me. It said “not enough detail” and asked me to create a password, which I did. It seems that it has given me the default user name of “owner”. When I went back in, it recognized me (glasses included) and would not give me time to use the password, which I prefer. Microsoft calls this heavily trademarked process "FastAccess".

Yes, I saved the password on a file and printed it out.

I found the facility to create users under the Control Panel, and it is not totally logical. You have to go into “change users” to see all the users, and yet it lets me add an “Administrator” that way, and recommends I make a backup floppy for the administrator to avoid losing encrypted logons. It’s all a bit confusing.

I think people change appearance more than webcams (especially those on “Days of our Lives”) recognize. And some parental safety advocates say no kid should have a webcam on his computer (because of misuse – the Justin Berry case reported in the New York Times). It seems like higher end Vista laptops have them built in.

The laptop is a bit like “HAL” in the movie “Moon.”

Update: July 16

This morning, in daylight, the webcam facial recognition software did not recognize me. I had to use the password.

Tuesday, July 14, 2009

Dell XPS with Vista: Why doesn't Microsoft Security Center track Webroot Spysweeper?


Okay, I’ve broken down and gotten Vista, and a free Windows 7 upgrade, a Dell XPS laptop, all with the nice keyboard lights for night games (or to take with you on a spaceship if you’re abducted).

The Vista security center was on the Control Panel. I had Best Buy install the full Webroot Spysweeper, and the Windows Security Center says it cannot monitor my malware protection. It lists a number of products, including McAfee and Norton and some others, but oddly enough it doesn’t list Webroot. I don’t know why Dell and Microsoft don’t have a partnership with it; maybe someone does.

The Spysweeper does seem to be working properly, and the Windows Firewall works separately. I don’t know if adding McAfee or Norton is necessary, or just complicates things. I find on another machine that Spysweeper identifies and quarantines many “spy cookies” that McAfee lets pass.

Of course, there are other things to get on – if not McAfee Site Advisor, maybe Web of Trust. But this is Day 1 of the new laptop.

Does anyone know what the deal is with Spysweeper and Vista Security Center?

Also, Microsoft seemed to issue its patch tonight for the serious vulnerability reported earlier this month.


Update: July 17

Well, it turns out I had a wrong model. I had intended to get the wider screen XPS 1640, not the 1340. I swapped it out at Best Buy, and on this machine the Windows Vista Security Center does show Webroot Spyweeper as a "legitimate" anti-virus program. But I cannot explain why the other model did not show it as legitimate.

Update: July 18

Well, here we go again. Spysweeper won't start on its own; it warns you with a widget "X" on the task bar, and the Microsoft Security Center beckons you to start it. It still takes about 30 seconds then for Webroot's "12 of 12 recommended sweeps" to start in real time.

Update July 27:

Now even if you leave it alone, Vista starts Spysweeper within a minute of flashing the warning. Spysweeper loves to flash alerts (missed sweeps when computer turned off, missed backups).

Update: August 20

Spysweeper does tend to load very slowly at Vista startup. That may explain some of the symptoms noted in this post.

Also, once a day Spysweeper sends an error report back to its own servers.

Monday, July 13, 2009

Child internet safety group says "'just say no' to chatrooms!"


Rebecca Hagelin has an eye-catching column on p A18, “Culture”, in the Monday July 13 2009 Washington Times, “’Just say no’ to chat rooms”. Sure, she echoes Nancy Reagan (and maybe better times, in the minds of some). She calls chat rooms “the culture challenge of the week”. The link is here.

She refers to Donna Rice Hughes, president of “Enough Is Enough”, as recommending that parents ban all online chat rooms as too difficult to monitor. The website is here. The group offers an Internet Safety DVD at this link. Hagelin is willing to accept the idea that large companies like Facebook may offer acceptable safety if parents insist that their kids mark their profiles as private.

The Times story and EIE website do talk about the ease with which predators can impersonate kids, with all the security problems, some of which were documented in NBC Dateline’s “To Catch a Predator” with Chris Hansen. A summary episode from that series was rerun last night on MSNBC.

I guess for safety, some advice is "go outside into the real world. Climb a mountain." The picture comes from the W-WVa border on an obscure mountain trail.

Saturday, July 11, 2009

Internet safety requires leadership, but also competition


The Washington Post today (July 11) has an editorial “Securing the Internet: Recent cyber-attacks highlight the need for administrative action”. It starts with “where is our cyber-czar?” and ends well with “All the more reason to make someone accountable for striking the right balance between liberty, security and openness.” The URL for the link is here.

The scale of the denial of service attacks, and the lack of any coherent plan in the administration to protect all agencies against them, does deserve such a comment.

But the public focus on the style and substance of government leadership misses a major point. The vulnerability of the Internet – both private (sometimes very and micro-private) and public (government) components, is a function of three major factors: (1) a lack of sufficient competition among service providers, particularly of operating systems (2) asymmetry, which means that a bad actor with no commitment to “social contract” and do enormous damage, (3), a combination of the first two: sustainability, which means that the sorts of grudges that can lead to these attacks somehow get addressed.

When we speak of competition, we have precedents. IBM came to control the mainframe market in the 1970s and 1980s, and in some critical areas, Microsoft still dominates the PC market too much. Despite all the advances with the MacIntosh and Linux machines, there are some parties that need what (and all) that Microsoft can do in their I.T. setups. Furthermore, a lot of times, these same parties often tend to attract grudges (all the lines of “social contract”) and mischief. With so much concentration on Microsoft as the dominant player, parties – even whole governments -- make easier targets. Even miniscule vulnerabilities, such as the reported overflow problem in Micorsoft Internet Explorer ActiveX, can suddenly have large global consequences, or can lead to subtle social and political problems by the targeting of specific interest.

There is another factor, too, that so much youthful programming talent seems to go toward bringing things down. A lot of that is explained by economic and social circumstances overseas, in places like Russia and some of eastern Europe, especially during severe recession. All of this seems to make North Korea sound like a sideshow, and perhaps become less likely to be the sole culprit last week.

Update: July 12, 2009

The Washington Times, on p A5 of the Sunday paper, carried a CBN story by Hyung-jin Kim, "North Korea army linked to cyber-attacks", in slightly different text online here. The report points to five specific IP addresses used to distribute the attacks. The atory identifies Kim as an AP writer, but curiously this story did not appear on the AP site, even though other similar stories by him do.

Picture: from Digital Media Conference, Tysons Corner VA, June 25, 2009

Wednesday, July 08, 2009

DC Metro operator filmed texting while operating subway


A Metro transit operator in Washington DC was suspended for texting on the job while operating a train on June 5, about two weeks before the fatal Metro crash.

The YouTube video URL is here.
The embed code was disabled.

There is a detailed story on the DC Examiner here which does have the video embedded in the story.

Other transportation accidents, such as in California, have occurred because of texting or cell phone use on the job.

Personal transportation safety and technology safety intermingle.

Tuesday, July 07, 2009

Serious ActiveX vulnerability in Microsoft IE reported; no patch yet


Terrence O’Brien at Switched.com has a story today about a serious vulnerability in Active X controls of Internet Explorer that would allow hackers to control the PC’s of people who had visited certain infected websites, usually supplied with links in spam. The link for O'Brien's story is here. The problem seems to affect Windows XP users but not Vista; this may be a reason to upgrade; are “newer” operating systems always safer? They usually are. Internet Explorer 8 may have less vulnerability than earlier versions, according to Symantec.

Media reports did not immediately identify which versions of IE are affected (7 or 8), or whether all are affected.

Microsoft is planning an emergency patch soon, but in the mean time it has actually been encouraging visitors to disable ActiveX, generally necessary for watching video on some sites (such as Netflx, which, it would seem, could see a drop in visits to instant play because of this problem). The disabling procedure seems to require a bit of knowledge of the operating system, particularly knowledge of the registry.

Surfers may prefer to use Firefox or Google Chrome for browsing until a fix is found. It isn’t absolutely known yet if McAfee, Norton or Spysweeper could intercept the problem. However McAfee has an information page “Microsoft DirectShow MPEG2TuneRequest Stack Overflow Vulnerability” here. McAfee also says that coverage is provided in DAT 5668, as of July 6, 2009. (As of July 7, DAT 5669 was available.) McAfee users might want to consider running manual scans after such updates. It wasn’t clear from the documentation if the McAfee Firewall would prevent the remote exploit.

Microsoft has a security bulletin advisory (972890) here.

A group called Sans.org has a technical description of the ("drive-by") vulnerability (in msvidctl.dll) here. I don't know how many visitors know how to read this kind of code!

The problem has been known since about beginning of July.

Monday, July 06, 2009

Can Microsoft "compete" as a security vendor for its own operating systems


Brian Krebs has a recent story in the Washington Post on Microsoft Security Essentials. The underlying question, it seems to me, would be: if you buy a modern PC with Vista, will it really come equipped properly with what it takes to maintain safe computing. Do you still have to go to major outside vendors (McAfee, Norton, or the upstart Webroot Spysweeper, which is starting to look good to me)

Brian Krebs (in his "Security Fix" online column) writes in a story of Microsoft Security Essentials from late June (24), here, and leaves unresolved whether it will affect the anti-virus market as a whole.

Krebs is still critical of Microsoft (“Microslop”), for introducing software that the bad guys can always find holes in. There are probably some legitimate questions about the constant proliferation of very large automatic updates, any one of which could introduce a problem inadvertently. This raises an existential question about “conflict of interest” and whether Microsoft can be “trusted” do defend its own products.

There is a lot of advice going on that it is safer to switch to the Mac and use Boot Camp or multiple sessions to run things that really require Microsoft operation systems (like most of Expression Web). But that would seem to put the PC owner in a position of still needing all the attention to security as before. Therefore, someone in the market for a “modern” business or entertainment PC (even, say, a filmmaker or film editor, or a business envisioning a web application that benefits from Expression Web) still could do well to consider staying in the PC world and just “doing it right.”

I checked the Microsoft Beta site and right now it is not accepting more participants.

There is a related story July 1 on my "Information Technology Job Market" blog here.

Picture: notice the "Streetcar Named Desire" on the glassware.

Thursday, July 02, 2009

"Myspace case" conviction "tentatively" overturned


A federal judge “tentatively” overturned the conviction of Lori Drew in the Myspace suicide case.

Judge George Wu said that if the conviction could stand, then anyone could be prosecuted ex post facto for a minor terms of service violation with his or her ISP.

This seems to have constituted a case of “creative prosecution”, no matter how objectionable the defendant’s behavior was.

States will be busy passing cyberbullying laws given this tragedy, and they should be.

The CNN story is here.