Monday, July 26, 2010

New Webroot SpySweeper stimulates reviewers to consider the general nature of today's threats

Neil J. Rubenking of PC Magazine has a review of Webroot AntiVirus with SpySweepr 2011 here.

He discusses the design (in terms of the stoplight green-yellow-red items) in terms of user friendliness, and then discusses performance in terms of time for sweeps on clean machines, and effectiveness in finding and cleaning threats.

But the most interesting part of his review is general : he discusses whether keyloggers are always malicious (employers and parents can install them), and talks about scareware and rogue antivirus stuff, as well as unwanted adware. The newer threats tend to be more subtle than in the past.

His article compares SpySweeper to Malwarebytes-Antimalware, and Ad-Adware Total Security.

What needs more attention is how to integrate Webroot's firewall, as if is often sold without it, leaving the user to depend of Windows Firewall, which may not be sufficient in wireless environments with data leaving the computer.

Monday, July 19, 2010

Trojan can infect webcams, invading privacy and maybe framing users

The Register” has a report about a Trojan from Germany spread by ICQ which can control webcams and can spy on people when they are at their home computers, possibly for voyeuristic purposes. The story by John Leyden is here.

A webcam Trojan could be dangerous for another reason. Conceivably it could be used to implicate a home user in photographing and distributing “illegal content” himself.

Some family computing security authorities say that parents should not allow kids to have webcams, as they have little real legitimate use (a whole subplot of “Days of our Lives” a few years ago was based on one). New York Times reporter Kurt Eichenwald said that a few years ago after the case of Justin Berry. However, many modern laptops come equipped with webcams.

The report link was distributed today by a Webroot tweet.

Thursday, July 15, 2010

Mozilla pulls add-on that could steal logon passwords

In an article by Brian Prince, Eweek reports that Mozilla had to pull a Firefox add-on for stealing passwords, called Mozilla Sniffer, which had been loaded about 1800 times since June 6. It also pulled an add-on called CoolPreviews.

Sniffer could detect Mozilla logon’s to any website and send them to a remote location, possibly for use in manipulating financial accounts, identity theft, or spoofing.

Add-ons are analyzed for known viruses, but some kinds of malicious code can be detected only by reviewing code, which is more likely to happen in the user community.

Mozilla users are advised to check their add-on lists and make sure they did not use add-ons that have been removed, possibly compromising passwords or other security concerns.

The story would seem to contradict conventional wisdom that Mozilla is always safer than IE. Microsoft has been saying that IE8 (under Windows 7) is three times safer than any competitor.

The link is here and was included in Webroot tweet today.

Monday, July 12, 2010

Windows 7 said to be more secure than Vista for businesses

Today Webroot gave us a tweet to another e-Security article, this one, by Lisa Phifer, giving us ten security reasons to go to Windows 7 (probably from Vista, as some customers have the right to free upgrade).

Most of the reasons are more applicable to networked computers in shops than to home users, but the tips on safer browsing (especially in IE8), and safer use of applications and Active X features, parsed down to individual users, are worth noting.

Another advantage is easier data recovery, in conjunction with the volume shadow copy (VDC). Many machines in Vista were locked in to an imaging configuration of the Recovery Disk and recovery points.

The link is here.

CNET has published an article b Robert Vamosi on Windows 7 Security back in October 2008 here.  There is an improved ability to selectively turn and off Windows Firewall components with third party firewall products, making it easier to user third party packages. User Account Control is also much more fine-tuned.

Thursday, July 08, 2010

E-Security has an article on wireless router security

E-Security has an article, broadcast in a tweet today from Webroot, about wireless security, “7 things hackers hope you don’t know”, link (web url) here.

The article is detailed, and explains the various levels of wireless encryption and security methods. Netgear recommends WPA-PSK (TKIP) + WPA2-PSK (AES). It prompts you for a passphrase and stores it in a web address tied to your IP address at routerlogin.net. However, you can use a log on for Internet access only if your broadband ISP has provisioned you or set you up that way. If you try to set one up yourself, Internet connectivity will drop, even for the main PC through the router.

It’s probable that ISP’s will have to pay more attention to helping home users tighten their wireless security, since routers can sometimes have ranges of a few hundred yards, opening them up to possible wardriving.

Picture: unrelated to article, but broadcasting an "inconvenient truth."

Wednesday, July 07, 2010

Microsoft will end automatic update support for most XP users with "only" SP2

Owners of older PC’s should know that Microsoft will end automatic update support for XP systems with “only” service pack 2 on July 13, 2010. Users need to install service pack 3 to continue automatic update support, which may be necessary to protect even older machines from new vulnerabilities. (There is an exception for users running 64-bit XP with SP2 as there is no SP3 for them.)

Users with older machines less frequently used (as only for travel laptops, second homes, or for emergency use) should be careful with this.

Online service pack updates are large, tend to take about 45 minutes to download in broadband, and require multiple reboots and restarts.

The ITP story is here.

Sunday, July 04, 2010

Would a "voluntary" ID mechanism serve as an "Internet driver's license"? Goodbye, anonymity?

Here’s an important story that brushes on the “Internet driver’s license” proposal in the New York Times today (July 4) in the Review Section), p 3, “Taking the Mystery Out of Web Anonymity,” link (web url) here. The article calls it the Web’s “Dog Problem”: a dog can be impersonated by a cat. (Sounds like Twilight, doesn’t it?)

I probably overreach by mentioning the license issue, but so does the article. But the bigger idea is the idea of a “voluntary” scheme (a kind of “Web-of-trust” approach, borrowing from the name of an increasingly popular website rating facility now built into Mozilla). That is, you have some kind of ID card or key, linkable to a fingerprint perhaps, but not easily linked to your name and home address if you don’t want it to be. It’s hardly clear to me that this is feasible or realistic.

But the Obama administration is somewhat pushing this as more tasty than a government issued “Internet driver’s license”. But there is a problem in that any such scheme brings up the question as to what responsibilities the individual has to keep his “ID key” or license. Does he have to pass a test demonstrating knowledge of Internet safety and use of antivirus software? Does he have to indemnify others against downstream liability? Could he be suspended if he were somehow “framed” for a spam attack?

Also, how do you move the ID key to a different computer? Do you have the same key at home as at work? What about public computers at libraries or Kinkos?

Friday, July 02, 2010

Rube Goldberg trojan is the reverse of a DOS attack! (Vietnam-war era domino theory in action)

Here’s a new wrinkle: an atracker tries to drive traffic toward a site, a kind of reverse of the denial of service attack. A particular Trojan replaces a file suffix (with “.nak”) on any shortcut pointing to the Internet Explorer or Firefox browser (it could obviously be any browser). The result is that when the user clicks on the shortcut, the user winds up at a portal for a particular Chinese site, regardless of his own default home page settings. But of course the home user has an easy workaround immediately: just go to the command line. The article points out that shortcut files normally have extensions.

The Webroot Threat Blog article is called “Rube Goldberg Trojan Works Hard for the Hijack”, by Andrew Brandt, link here.

Rube Goldberg was a cartoonist, inventor and engineer who lived from 1883-1970, biographical link here.

You can entertain yourself with a Rube Goldberg dominion-spanning “domino theory” machine here. Maybe the worldview of Buckminster Fuller comes through here.