Wednesday, April 28, 2010

Adobe downloads "free McAfee" on an XP machine already protected by Kaspersky

Here’s an oddity. My rebuilt Dell 8300 (new hard drive) with “just” Windows XP Home and Kaspersky Internet Security (favored by Best Buy – maybe “Chuck’s” nerd herd at “Buy More”) the other day finally needed Adobe Acrobat Reader again (that shows I don’t use it that much, mainly for “reference”) and the free Adobe download also downloaded free McAfee Security Scan Plus, which Kaspersky put into a “Low Restricted” applications list (with a yellow caution) after it reloaded its engine today. However “mcAfee” itself was listed under Trusted Applications.

I tried to run the Kaspersky Anti-Malware report and Kaspersky hung and was locked by the Windwos XP, which had to be restarted (a second time) to clear the lock.

Monday, April 26, 2010

Comodo Internet Security says it protects against "zero day attacks"

Today, I got an email from another Internet security company, “Comodo”, which offers some "cloud" products here, with that link here. (The company name and trademark reminds me of the musical term in Italian, “commodo”, which means, “comfortably”.)  The company says that it's wordmark should be associated with "creating trust online."
The product offered in the email is Comodo Internet Security Complete Version 4.0.

A portion of the email that really caught my eye is worth quoting: “It automatically addresses all potentially unsafe files by running a user's questionable files in a restricted virtual environment, without ever impeding the PC user's activities. Now users are automaticallyprotected from Zero Day attacks and threats that have not yet even been identified.” Richard A. Clarke talks a lot about “zero day attacks” in his new book on Cyber War which I will review soon.

Wednesday, April 21, 2010

McAfee "false positive" locks up many corporate users; other vendors have had false positive problems

Peter Svensson of the AP has an important story today about a bad update from McAfee that reportedly caused corporate customers (but apparently not home users) to identify a harmless Windows file as a virus, causing some computers to get caught in repeated reboot cycles. Some hospitals and police departments were reportedly disrupted. The AP link is here.


McAfee has posted instructions on a file called “False positive detection of W32/Wecorl.a in 5958 DAT” on KB68780, here.

There is a detailed technical story on PCWorld by Tom Bradley, “Recovering from the flawed McAfee update”  here.

The affected file was apparently svchost.exe. However, corporate customers who left “Scan Processes on Enable" in McAfee VirusScan Enterprise disabled, as it is by default, were not affected, according to mcAfee.

According to the AP story, other false positives have occurred with other companies, sometimes with consequences. In March 2010 antivirus software Bitdefender locked up computers of some Windows users.

Update: April 23

Today, McAfee started its scheduled scan on an older Inspiron laptop (XP Pro), stalled, and flashed a yellow box warning me that I needed to check for updates to fix the problem noted above. Apparently I had never installed the bad update.  After the check, the manual scan ran normally.

Switched an AOL offer some novel PC security tips

Switched has a list of “10 Security Tips” to protect your PC, available on AOL this morning, link here.  The article is called “The 10 Biggest Security Risks, and How to Fix Them.”


Some of the recommendations are well known, but interesting is their suggestion not to use Administrator logons at home for any purpose other than security, and not to password protect hardware.

It also recommends using travel email addresses and not using public PC’s (or booting from a Linux-operating USB device if you do).

It provides some usual discussion of WiFi weaknesses and firewalls.

Tuesday, April 20, 2010

NYTimes, ABC News, Richard Clarke point to hazards that hostile foreign governments (China) pose to US corporate networks; a coming cyber war?

I don’t like to bite the hand that feeds me, but for completeness sake, it’s important to give reference to a New York Times story by Jeff Markoff, reproduced on MSNBC about the recent problems at Google, with link here.

The issue concerns that Gaia signon system at Google, which is described in the article in detail. The story refers to a compromise that occurred in December 2009, apparently related to China, as reported in the media at the time.

The article explains the attack in December as having started “with an instant message sent to a Google employee in China who was using Microsoft’s Messenger program”, followed by an associate’s clicking on a link and connecting to an unsafe Web site, the employee inadvertently permitting the intruders to gain access to his (or her) work computer. It’s generally much harder to gain access to computers in a secure network in a corporation or government without a very skilled attacker (but the FTC and several government agencies were attacked in mid 2008).

Occasionally, Webroot Spysweeper, Kaspersky and McAfee will warn me that a website is dangerous (McAfee has Site Advisor; another similar service is Web of Trust). Webroot will warn of a site associated with spyware. But on one occasion Webroot warned me that a website located by a search engine was trying to load a fake antivirus software similar to the “Gray Lady” virus. A virus scan found four closely related Trojans that were quarantined. A few years ago, people were trying to put links to fake antivirus sites in comments on Blogger.

Richard Clarke appeared on Good Morning America on April 20 and discussed the New York Times article. He discussed his new book “Cyber War: The Next Threat to National Security and What to Do About It”, from Ecco, which I ordered from Amazon this morning. He said that the biggest threat comes from hostile governments, especially China, maybe North Korea or Iran, rather from teenage hackers. He said that a foreign government could enslave ordinary OC’s and launch attacks against critical infrastructure – although that begs the question as to why the power grid is connected to the public Internet in the first place.

The link at ABC News to Geroge Stephanopoulos’s interview with Richard Clarke today is here.

Both articles are very detailed and should be studied carefully.

Picture (unrelated): Credit card capital Wilmington DE from Amtrak.

Friday, April 16, 2010

Email circulates today about the postcard virus; may be a hoax, but users should remain careful

I got an email today about a virus purported one of the most destructive ever released, destroying your C drive.

What I was able to find out so far is that in 2007 there was a legitimate virus warning about emails with words to this effect: 'You've received a postcard from a school-mate!' or 'You've received a Hallmark E-Card,”. The explanation is on about.com (web url) here

Apparently there has also circulated an “urban legend” about a similar story that is not true, with an about.com explanation dating back to Feb. 2008 here. Hallmark has, of course, issued press statements disconnecting itself from such emails and taken action against the perpetrators.

Common sense says that the user should be vary of any emails like this, not click on attachments or embedded links (or preferably not allow your email viewer to enable the links).

I’ll watch this story to see if there is more to it.

Maximum PC evaluates 10 major anti-virus products, but leaves out Geek Squad's favorites

The May 2010 issue of “Maximum PC” has a “Security Software Showdown” (or maybe it’s more like a Suze Orman smackdown) on p. 22, by Paul Lily, called “for the Kill!” on that page. The article tests and rates (1-10) ten anti-virus packages.


The reviews of both Norton and McAfee are underwhelming. Norton claims the most features but the test team was able to fool it. Right now the favorite seems to be Eset Smart Security 4.

Best Buy’s Geek Squad is always telling customers that the best anti-virus software changes all the time, about every six months. But neither Webroot Spysweeper nor Kaspersky were selected for review by Maximum. I don’ know whether to make anything of that.

The online article seems to be a bit different, but has lots of reader comments, with link here.

The print article has a couple sidebars, particularly the about folly of relying on free “Cloud computing” for anti-virus protection at home. The Cloud (even of the Stephen King kind) won’t stop your PC from getting infected in the first place.

There’s another sidebar that talks about “new threats” and the need for a new kind of AV software, based much more on heuristics – but it seems that most AV vendors are doing that already.

Picture: Building above Best Buy store at Union Square in NYC has interesting construction, art.

Tuesday, April 13, 2010

Odd experience in mozilla with possible "spy cookies"

Today, while I worked on a older XP desktop, I went to click on a link to my older website, and suddenly an ad for a Chevy Malibu popped up. This older website does not have any advertising. I was in Mozilla Firefox, and had recently looked at one of my blogs. I tried looking at the blog again, and Mozilla crashed and then was restarted. Then the computer and browser operated normally.


I ran the Kaspersky full scan, which found only the known vulnerabilities in an older Microsoft Office installed in this machine.

An examination of Mozilla history was interesting. It showed accesses to an icon called “click.ic” which mapped to urls on doubleclick.net and interclick.net. On my Vista laptop, when I run Webroot spysweeper, doubleclick always gets flagged as potential spyware, although as far as I know it is actually harmless. But Kaspersky did not flag anything as spyware.

Perhaps I accidentally passed the mouse over something on the Firefox tool bar that invoked the tracking websites. I had looked at Car & Driver Monday and maybe the Chevrolet ad came back from a cache relating to that activity.

Saturday, April 10, 2010

Koobface is back, now trying to be sneaky with fake Facebook password resets

NBC Washington and Brandon Benavides report that the “Koobface” virus is back, in a story here. The title of the story is “Internet virus targets Facebook, Twitter; tech virus could ruin your computer”. Fake emails multiply into millions from users who click on certain links in bogus messages appearing to come from Facebook friends. One of the emails now has the subject line “Facebook password reset confirmation!” The virus also steals passwords from your computer, as to bank accounts. Much of the latest report comes from McAfee. The link is here.

Wednesday, April 07, 2010

Anger over teen text messages leads to beatings; same risk for social networking posts

The NBC Today show this morning broadcast a story over a brutal beating of a teenage girl in Florida over a text message that she sent that apparently “insulted” another teen.


The video focuses on the victim’s condition, but the attorneys are pointing out that cell phone texts and social networking site messages can sometimes provoke the same security problems for people in the real world that in-person and handwritten confrontations used to.




The same advice would apply in the workplace. Text messages and Facebook posts could lead to hostile workplace or sexual harassment claims, and disciplinary action, firings or lawsuits.

Thursday, April 01, 2010

Social networking site privacy continues to generate controversy; MA. teen's Facebook invitation leads to wilding party

Doug Gross has a more detailed article on CNN on April 1 on the Facebook and other social networking site privacy issues, “Sharing vs. your privacy on Facebook”, link here.

Users of Facebook applications are finding that “friends” sometimes have access to important personal information when the friends use the same games or applications. Developers also may have sometimes gotten access to personal information, especially second and third hand developers. The company has had to put in a lot of effort to rethink and tweak its policies.

Recently, we reported a case were a “friend” burglarized a home after learning that someone was going to be out. On Good Morning America today, there was a report of a family that had its home vandalized while parents were away when their teenager advertised himself on Facebook, and other teens used Facebook to “invite” others to the “wilding” party, which they publicized on the Internet for their 15 minutes of fame, na├»ve as to police consequences. The ABC News story by Lee Ferran is here  (“How to Prepare Your Teen for Being Home Alone: After Party Caused $45K in Damage at a Mass. Home, Here's What You Can Do”. I’m a little surprised that you can’t trust an older teen “home alone”.



Update: April 13

Check a May 5 Time article by Claire Suddath, "The Downside of Friends: Facebook's Hacking Problem", link here.