Smokey's Security Weblog

veritas odium parit

New flash attack has no real ‘fix’: ‘everyone is vulnerable’

We all know Adobe Flash, it’s the most widely installed software product possibly in the Internet environment. And of course, the internet-creeps abuse that fact and misuse flash to drop their malicious crap on PC’s that are not well protected against flash attacks.

Past week I stumbled (again) over an article that describe the dangers of flash very well, I will share an excerpt of that article with my blog readers, to warn them and do the necessary to defend them against the dangers of flash.

New flash attack has no real ‘fix’: ‘everyone is vulnerable’
Dark Reading | nov 12, 2009

Researchers have discovered a new attack that exploits the way browsers operate with Adobe Flash — and there’s no simple patch for it.

The attack can occur on Websites that accept user-generated content — anything from Webmail to social networking sites. An attacker basically takes advantage of the fact that a Flash object can be loaded as content onto a site and then can execute malware from that site to infect and steal information from visitors who view that content by clicking it.”Everyone is vulnerable to this, and there’s nothing anyone can do to fix it by themselves,” says Michael Murray, CSO for Foreground Security, which today posted demonstrations of such an attack against Gmail, SquirrelMail, and cPanel’s File Manager. “We’re hoping to get a message out to IT adminstrators and CIOs to start fixing their sites one at a time.”An attacker could upload malicious code via a Flash file attachment or an image, for instance, and infect any user that clicks on that item to view it. “If I can trick a system to let me upload anything, I can run code in any browser, and Adobe can’t fix this,” Murray says. “If I can upload a picture to a site and append it with Flash code to make it look like an image, once a user views that, the code executes and I can steal your cookies and credentials.”

The only thing close to a “fix” is for the Website to move its user-generated content to a different server, according to Michael Bailey, the senior researcher for Foreground Security who discovered the attack.

Bailey says the attack is similar to a cross-site scripting attack. “This is very easy to perform,” he says.

The researchers don’t expect Adobe to issue any fixes to Flash’s origin policy, mainly because it would affect so many applications.

Web application developers could help prevent the attack by denying Flash content by default, which isn’t a very realistic option: “Doing that will break a lot of applications,” Bailey says. “And that’s the problem.”

For end users, the Firefox browser add-in NoScript provides some protection from this attack, as does Toggle Flash for Internet Explorer, the researchers say.

 

I produced the same article on DSLReports, feel free to join the DSLR-discussion, and to look for suggestions how to protect yourself.

November 15, 2009 Posted by Smokey | Advisories, Alerts, Anti-Spyware, Anti-Virus, Bundleware, Downloads, News, Security, Vulnerabilities | , , , , , , , , , , , , | No Comments Yet

What is it with MSN Space?

I am Starbuck, substitute site owner at ‘Smokeys’ and will sometimes blog here.

For a few days i’ve been unable to get into my Msn Space. so i emailed them to see if the ‘Spaces’ were down.
this is the reply i had from them:

Hello Peter,

Thank you for writing to Windows Live Spaces Customer Support.

My name is Joy and I acknowledge that you are unable to access your Space, starbuck50. I know how inconvenient this may have been for you and I am here to assist you.

We have found your Space, starbuck50, to be in violation of the Windows Live Spaces Code of Conduct as it has inappropriate content. As this violation is serious in nature, we were forced to close down your Space.

Please note that there is no Adult rating for Windows Live Spaces. Posting of profane messages, pornographic, sexually suggestive or provocative images is not allowed in our service, even if your Space is set to Private or Messenger.

Also, if your Space is disabled, you will not be able to access your Windows Live SkyDrive and Windows Live Profile accounts.

We encourage you to review the Windows Live Spaces Code of Conduct by visiting this link:

http://help.live.com/help.aspx?mkt=en-us&project=tou&querytype=keyword&query=coc

Windows Live Spaces has comprehensive online help available to you. For more information, click the “Help” button at the top of any Spaces page.

Thank you for using Windows Live Spaces.

Sincerely,

Mary Joy
Support Specialist
Windows Live Support Team

My Msn Space is all about helping people and providing help on ‘Pc Security’ matters.
If there’s anything ‘Pornographic’ on my Space, i’d love to see it!!!
Why are these replies from MSN always sent using ‘Canned speeches’…. i wanted a reply from a human.

The reply i received didn’t actually explain what the problem was.
If MS and MSN want to convey a good working relationship with people, then start by answering questions and problems using normal speech and explain things to members.
I still don’t know what the problem is!

The ridiculous reply didn’t even say how to correct things!
How can i even think about correcting things if i can’t even get into my Msn Space? … or even see what they are talking about.

Starbuck

November 14, 2009 Posted by starbuck50 | Security, Uncategorized | , , , , , , , | 1 Comment

Windows 7 Review by Softpedia

Windows 7 Review by Softpedia
By Marius Oiaga, Technology News Editor
17th of October 2009

On October 22nd, 2009, Microsoft will reboot Windows. Next week, just five days from now, Windows 7 will hit store shelves worldwide. And yet, there already are millions of users currently running Windows 7, including the gold version of the operating system. For the early adopters that have embraced Windows 7 since before Milestone 3 approximately a year ago, through the Beta Build 7000 and Release Candidate (RC) Build 7100, and every other leaked interim development release of the OS, the Windows reboot has already taken place. A new apex of Windows is now booting on production environment computers on a daily basis, including a few of the machines I’m using.

On October 22nd, 2009, Microsoft will reboot its operating system to the best Windows client the company has developed since MSDOS. Some might be fooled into thinking that Windows 7 was a less ambitious project than Vista, and only a minor upgrade. I disagree. To put it simply, Windows 7 is a result of realistic strategy, made public only in bite-size chunks with the tactic to underpromise and overdeliver. And make no mistake about it, Steven Sinofsky, now president, Windows and Windows Live Division, together with Jon DeVaan, senior vice president, Windows Core Operating System Division, and the thousands of developers on the Windows team, have indeed overdelivered.

The legacy

Windows 7 is so far from the mess that was Vista that it is hard to believe that it is the successor of Windows XP that acted as the foundation of the latest iteration of the Windows client. Vista debuted to a barrage of criticism, some of which originated with the platform’s own testers slapping Microsoft for the release of what they believed to be an OS still far from being finalized. Appearing aimless, bloated and plagued with problems, Vista was only fixed with Service Pack 1, as far as end users are concerned.

But the fact of the matter is that Vista deserves a lot more credit than given. After all, make no mistake about it, dig just a little under the new, shiny Windows 7 surface and you will find Vista. And yet Windows 7 is getting nothing but love and accolades, while Vista got the boot. On numerous occasions I’ve had to sit through anti-Vista diatribes from users who had never used the operating system at all.

But in a sense, Vista also acted as the perfect buffer for Windows 7. Users transformed Vista into a punching bag, and relentlessly took swings at the operating system. Vista simply absorbed a lot of frustration from consumers, albeit it also generated more than its fair share, but it managed to give Microsoft a quasi-clean slate for Windows 7. I don’t care what your perspective on Windows 7 is, but the platform shines when you compare it to Vista, no matter how you look at it.

Conclusion

The way I planned the final thoughts initially was to offer an answer to “Should I buy Windows 7?” After all, the scope of every good review is to make it clear whether a product is worth your money. If it’s worth a computer upgrade or buying a new machine. If it’s worth your time and trouble. If it’s better than its precursor.

Well, let me start with the last question. As I’ve said at the start of this piece, Windows 7 is a reboot for the Windows client. A reboot that introduces customers to the evolution of Microsoft’s proprietary operating system. Projects from Microsoft Research such as Midori, Singularity and Barrelfish will feed the imagination of geeks everywhere, but Windows 7 is already palpable and almost here.

This time around there are no more excuses for waiting for Windows Next, which as far as codenames go is Windows 8. Windows 7 is hands down better than Windows Vista, and I have no hesitation in saying this, despite the Windows 6.0 to Windows 6.1 evolution. And while incomparably superior to Vista, Windows 7 makes Windows XP feel old and obsolete, just like an OS released in 2001 should feel.

This time around there aren’t any excuses for waiting around for Windows 7 SP1. Think of Vista SP1 and SP2 as all the service packs Windows 7 has ever needed. And while perfecting the operating system is a path Microsoft has embarked on already, Windows 7 is also ready for prime time and mainstream adoption from the get go.

For me, Windows 7 was more than worth the trouble of what must be approximately 100 upgrades and clean installs. Windows 7 was also worth the money I paid recently for a new laptop. I have already run Windows 7 for the most part of 2009 and when using Vista or XP I find myself searching for the Show Desktop shortcut in the bottom right hand side corner, trying to arrange windows side by side with Aero Snap, right-clicking icons while searching for JumpLists. For me it’s clear, I’m never going back to Vista or XP, as Windows 7 offered me a superior experience to both, and to any Linux distribution as well as Mac OS X release I’ve ever used.

Source/full review: Softpedia

October 17, 2009 Posted by Smokey | Advisories, Security | , , , , , , | No Comments Yet

Important notification about F-Secure hotfix fsav840-02

Important F-Secure Announcement

F-Secure released the hotfix fsav840-02 on 15th of October for F-Secure Client Security 8.00 – 8.01, Anti-Virus for Workstations 8.00 and Anti-Virus for File Servers 8.00 – 8.01. We have after that discovered that this hotfix will cause the product to be put in network quarantine mode in systems this feature is enabled. Practically, it means that clients has connections only to Policy Manager and update servers. We instruct all users who have downloaded this hotfix to delete the file and refrain from installing it on any computers. Network connectivity can be restored for computers with this hotfix installed by following the instructions below:

if you already installed the problematic hotfix in systems which has Network Quarantine feature enabled, disable it on Policy Manager console:

F-Secure Internet Shield / Settings / Network Quarantine /

> Network Quarantine Enable -> No

And distribute policies again.

The new hotfix will be published as soon as possible, estimate is end of the week 43.

October 17, 2009 Posted by Smokey | Advisories, Alerts, Anti-Virus, Security | , , , , , , , , , , | No Comments Yet

Front USB ports not recognized: How-To-Fix

Some time ago I posted how to fix Windows Vista / USB device detection problems. Because till today this how-to is one of the best readed posts on my blog it is clear that numerous people suffer from problems with USB devices.

Some investigation learned me that a huge amount of people also have problems with the front USB ports. In this particular case it regard a recognition problem. On internet I found a possible solution:

1- Remove the side panel (with the computer off)
2- Follow the cables from the back of the front I/O ports where your front USB is located (maybe on the memory card reader)
3- Follow those cables to where they connect to a header (a set of pins) on the motherboard
4- Disconnect the cables from the motherboard but leave them connected to the front
5- Turn on the computer and wait till Windows fully boots
6- After the full boot turn off the computer
7- Reboot one more time Windows in the same manner
8- Turn off the PC, plug the cables back to the motherboard, replace the side panel
9- Turn on the PC

Enjoy yourself :)

September 13, 2009 Posted by Smokey | Advisories, Uncategorized | , , , , | No Comments Yet

Sunbelt’s ‘Vipre Antivirus + AntiSpyware program’ with 20% discount for members of Smokey’s

Sunbelt have very generously offered all members of Smokey’s Security Forums a 20% discount on their ‘Vipre Antivirus + AntiSpyware program’. To take advantage of this offer please follow these instructions: http://www.smokey-services.eu/forums/index.php/topic,42891.0.html
Our gratitude and thanks to Sunbelt and to Kara Kritzer for this offer to our members!

VIPRE Antivirus + Antispyware

VIPRE combines antivirus, antispyware, anti-rootkit and other technologies into a seamless, tightly-integrated product. Built with next-generation technology, VIPRE (Virus Intrusion Protection Remediation Engine) gives you powerful antivirus and antispyware software in-one that protects you against today’s highly complex malware threats including viruses, adware, spyware and rootkits.

Features:

High performance threat protection with low impact to system resources.
User surveys show the biggest frustration with existing antivirus programs is bloat and high resource usage. VIPRE Antivirus runs seamlessly without significantly impairing system performance and is designed for an unobtrusive user experience, keeping notification pop-ups and warnings to a minimum.

All-new technology delivers a unique antivirus and antispyware engine

At VIPRE’s core is an antivirus and antispyware engine that merges the detection of all types of malware into a single efficient and powerful system. The new technology was developed exclusively by Sunbelt, without building on older generation antivirus engines. VIPRE uses next-generation technologies making it the future of antivirus programs!

Advanced anti-rootkit technology

VIPRE’s all-new anti-rootkit technology finds and disables malicious hidden processes, threats, modules, services, files, Alternate Data Streams (ADS), or registry keys on a user’s system.

VIPRE is Checkmark Anti-Virus Desktop certified by West Coast Labs and will receive additional certifications through other certifying bodies in the coming months.

Removing rootkits is supplemented by VIPRE’s FirstScan™ which runs at the system’s boot time. FirstScan bypasses the Windows operating system, to directly scan certain locations of the hard drive for malware, removing infections where found.

Real-time monitoring with Active Protection™

VIPRE’s Active Protection delivers real time monitoring and protection against known and unknown malware threats. Active Protection works inside the Windows kernel (the core of the operating system), watching for malware and stopping it before it has a chance to execute on a user’s system.

Active Protection incorporates three methods to protect the user:

* Signature matching, comparing a file for an exact match against VIPRE’s definition database
* Heuristic analysis, which looks at the internal characteristics of a file to determine the likelihood that it is malware;
* Behavioral analysis, observing the actual actions of a program to determine if it is possibly malware.

Full protection against email-borne threats

VIPRE Antivirus includes comprehensive protection against email viruses, with direct support for Outlook, Outlook Express and Windows Mail; and support for any email program that uses POP3 and SMTP (Thunderbird, IncrediMail, Eudora, etc.).

System Requirements

* At least an IBM Compatible 400MHZ computer with minimum 512MB RAM
* At least 150MB of available free space on your hard drive
* All Internet browsers are supported for Active Protection, scanning, and removal of threats. Internet Explorer 6 or higher must be installed for VIPRE to function properly; however IE does not have to be your default browser.
* Supported Operating Systems: Windows 2000 SP4 RU1, Windows XP and higher (32 and 64-bit), Windows Vista and higher (32 and 64-bit)
* Supported Email Applications: Outlook 2000 and higher, Outlook Express 5.0 and higher, Windows Mail on Vista, and SMTP and POP3 (Thunderbird, IncrediMail, Eudora, etc.)

August 22, 2009 Posted by Smokey | Anti-Spyware, Anti-Virus, Malware, Security | , , , , | No Comments Yet

Smokey’s Security Forums now on ‘Facebook’ and ‘Twitter’

To keep up with technology and as additional service to the community, from now on you can keep up with the latest posted and/or reproduced on Smokey’s Security Forums on Facebook and Twitter.

Smokey’s on Facebook: http://www.facebook.com/pages/Smokeys-Security-Forums/151174745864
Smokey’s on Twitter: http://twitter.com/SmokeysSecurity

New content will be added regularly.
Feel free to ‘Become a Fan’ or to ‘Follow’.  :)

August 15, 2009 Posted by Smokey | Advisories, Alerts, Anti-Spyware, Anti-Virus, Bundleware, Friends, Malware, Phishing, Security, Toolbarware, Vulnerabilities | , , , , , , , , | No Comments Yet

Surf Smokey’s with confidence: all external links in posts are checked and rated by WOT – Web of Trust

Being a serious security board, we take our members web safety very seriously. This is why we have integrated the WOT (Web of Trust) feature on our board Smokey’s Security Forums.
All members will now be able to view the safety of any link provided on our site and will be able to see the trustworthiness, vendor reliability, privacy, and child safety of any site before clicking the link. More about WOT below.

WOT- Web of Trust

WOT warns you about risky websites. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. This is the reason that all external links in posts on Smokey’s Security Forums are from now on checked by WOT and therefore guarantee safe surfing via our board.

WOT is also available as free Internet security addon for your browser. We advice you to download and install this useful addon. It is an free, extra layer of defense against risky websites.

WOT is available as addon for Firefox and Internet Explorer.

System requirements

- WOT Firefox addon:

Operating system: Windows (all), Mac OS X, or Linux
Browser: Mozilla Firefox 1.5 or newer (3.0 recommended)

- WOT Internet Explorer addon:

Operating system: Windows 2000 / XP / Vista (XP or Vista recommended)
Browser: Microsoft Internet Explorer 6.0 or newer (8.0 recommended)

More info about WOT- Web of Trust and addon download: http://www.mywot.com/

Happy surfing, :)

Smokey

August 8, 2009 Posted by Smokey | Advisories, Anti-Spyware, Anti-Virus, Bundleware, Downloads, Malware, Phishing, Security | , , , , , , , , , , , , , | 3 Comments

Out-of-band Microsoft Security Bulletin Advance Notification for July 2009

Published: July 24, 2009

Microsoft Security Bulletin Advance Notification issued: July 24, 2009
Microsoft Security Bulletins to be issued: July 28, 2009

This is an advance notification of two out-of-band security bulletins that Microsoft is intending to release on July 28, 2009. One bulletin will be for the Microsoft Visual Studio product line; application developers should be aware of updates available affecting certain types of applications. The second bulletin contains defense-in-depth changes to Internet Explorer to address attack vectors related to the Visual Studio bulletin, as well as fixes for unrelated vulnerabilities that are rated Critical. Customers who are up to date on their security updates are protected from known attacks related to this out-of-band release.

This bulletin advance notification will be replaced with an update to the Microsoft Security Bulletin Summary for July 2009 on July 28, 2009. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

While this release is to address a single, overall issue, in order to provide the broadest protections possible to customers, we’ll be releasing two separate security bulletins as mentioned already before:

1. One Security Bulletin for Visual Studio

2. One Security Bulletin for Internet Explorer

While we can’t go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications. The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin. The Internet Explorer update will also address vulnerabilities rated as Critical that are unrelated to the Visual Studio bulletin that were privately and responsibly reported.

Customers who are up to date on their security updates are protected from known attacks related to this Out of Band release.

A reminder that this information is subject to change and that when we do release the security bulletins, we’ll let you know through the MSRC weblog.

Signed: Microsoft Corp. – Mike Reavey

Sources of this Out-of-band Microsoft Security Bulletin and more info:

Microsoft TechNet
Microsoft Security Response Center (MSRC)

July 25, 2009 Posted by Smokey | Advisories, Alerts, Downloads, Friends, Security | , , , , | No Comments Yet

Alert: Microsoft DirectShow vulnerability used in 0-Day drive-by-download attacks

The Tech Herald | Jul 6 2009

CSIS Security is reporting the discovery of a new vulnerability within Microsoft DirectShow. The 0-Day attack is a part of a massive website hijacking operation, where exploited domains are injected with code that attempts to exploit the DirectShow vulnerability as well as other known flaws.

According to CSIS, the attacks start by compromising a legitimate website, where malicious JavaScript is embedded into the site’s code. Once the compromised page loads, the injected JavaScript forces the user to visit a sub-domain on 8866.org. At the time this article was published, The Tech Herald could not confirm that the sub-domain listed by CSIS was still malicious, as it was unavailable. However, 8866.org is online, and should be considered suspect if not blacklisted altogether.

The 0-Day vulnerability, which is a stack overflow in DirectShow MPEG2TuneRequest, can be mitigated by setting the kill bit on msVidCtl.dll. CSIS has provided the solution on their site. [Google Translated] However, this is just one of several vulnerabilities the drive-by-download attack is attempting to exploit. Once the system is compromised, a keylogger is installed, as well as a “cocktail of malicious code” CSIS said.

Microsoft Windows 2000, 2003, and XP are listed as vulnerable. No word on if Vista or Windows 7 are at risk. We have asked Microsoft for comment and will update this story as more news comes in.

For now, CSIS is reporting that thousands of sites are using this new attack, and the ultimate landing points are starting to grow in number thanks to the exploit code being published online.

SANS is offering the best advice to IT this morning, “Please keep a watchful eye on your AV and IDS/IPS vendors updates to ensure coverage as early as possible on this exploit as it is likely to be widely deployed with the code being available.”

Update: Microsoft have released an advisory for the exploit:

Microsoft Security Advisory (972890)
Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution
Published: July 06, 2009

Version: 1.0

Microsoft is investigating a privately reported vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

We are aware of attacks attempting to exploit the vulnerability.

Our investigation has shown that there are no by-design uses for this ActiveX Control in Internet Explorer which includes all of the Class Identifiers within the msvidctl.dll that hosts this ActiveX Control. For Windows XP and Windows Server 2003 customers, Microsoft is recommending removing support for this ActiveX Control within Internet Explorer using all the Class Identifiers listed in the Workaround section. Though unaffected by this vulnerability, Microsoft is recommending that Windows Vista and Windows Server 2008 customers remove support for this ActiveX Control within Internet Explorer using the same Class Identifiers as a defense-in-depth measure.

Customers may prevent the Microsoft Video ActiveX Control from running in Internet Explorer, either manually using the instructions in the Workaround section or automatically using the solution found in Microsoft Knowledge Base Article 972890. By preventing the Microsoft Video ActiveX Control from running in Internet Explorer, there is no impact to application compatibility.

Microsoft is currently working to develop a security update for Windows to address this vulnerability and will release the update when it has reached an appropriate level of quality for broad distribution.

Mitigating Factors:

•  Customers who are using Windows Vista or Windows Server 2008 are not affected because the ability to pass data to this control within Internet Explorer has been restricted.

• By default, Internet Explorer on Windows Server 2003 and 2008 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted Web content on a server. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See also Managing Internet Explorer Enhanced Security Configuration.

•  By default, all supported versions of Microsoft Outlook and Microsoft Outlook Express open HTML e-mail messages in the Restricted sites zone. The Restricted sites zone helps mitigate attacks that could try to exploit this vulnerability by preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario.

•  In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.

•  An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

July 6, 2009 Posted by Smokey | Advisories, Alerts, Anti-Spyware, Anti-Virus, Friends, Malware, Security, Vulnerabilities | , , , , , , , , , , , , , , | No Comments Yet

McAfee VirusScan false-positive glitch fells PCs worldwide

TheRegister | 3rd July 2009

“IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program attack their core system files. In some cases, this caused the machines to display the dreaded blue screen of death.

Details are still coming in, but forums here and here show that it’s affecting McAfee customers in Germany, Italy, and elsewhere. A UK-based Reg reader, who asked to remain anonymous because he was not authorized by his employer to speak to the press, said the glitch simultaneously leveled half of a customer’s 140 machines after they updated the latest virus signature file.

“Literally half of the machines were down with this McAfee anti-virus message IDing valid programs as having this trojan,” the IT consultant said. “Literally half the office switched off their PCs and were just twiddling their thumbs.”

When the consultant returned to his office he was relieved that his own laptop, which also uses VirusScan, was working normally. Then, suddenly, when it installed the latest McAfee DAT file, his computer was also smitten. The anti-virus program identified winvnc.exe and several other legitimate files as malware and attempted to quarantine them. With several core system files out of commission, the machine was rendered an expensive paperweight.

A McAfee representative in the US didn’t immediately respond to phone calls seeking comment. Friday is a holiday for many US employees in observance of Saturday’s Independence Day.

Based on anecdotes, the glitch appears to be caused when older VirusScan engines install DAT 5664, which McAfee seems to have pushed out in the past 24 hours. Affected systems then begin identifying a wide variety of legitimate – and frequently crucial – system files as malware. Files belonging to Microsoft Internet Explorer, drivers for Compaq computers, and even the McAfee-associated McScript.exe were being identified as a trojan called PWS!hv.aq, according to the posts and interviews.”

Fix/solution: McAfee Support Forum

July 4, 2009 Posted by Smokey | Advisories, Alerts, Anti-Virus, Friends, Malware, Security | , , , , , , , , , , | 1 Comment

Adobe Security Bulletin Advance Notification: critical fixes/patches

Announcement Adobe Product Security Incident Response Team (PSIRT)

June 4, 2009

Adobe expects to deliver security updates for Adobe Reader and Acrobat versions 7.x, 8.x, and 9.x for Windows and Macintosh on Tuesday, June 9. This is the first quarterly security update for Adobe Reader and Acrobat as described in the May 20 blog post, and incorporates the initial output of code hardening efforts.

Adobe considers this a critical update and recommends users be prepared to apply the update for their product installations. Details of where to download updates will be posted to Adobe’s Security Bulletins and Advisories support page on June 9.

Details regarding security updates for the UNIX platform will be communicated when available.

Source: Adobe Blog

June 5, 2009 Posted by Smokey | Advisories, Alerts, Security, Vulnerabilities | , , , , , , , , , , | No Comments Yet

Profound Malwarebytes’ (MBAM) Anti-Malware Scanner Review

Test organization: Softpedia | Ionut Ilascu, Editor, Software Reviews
Date: 2nd of June 2009
Version reviewed: Malwarebytes’ Anti-Malware 1.37

Program description

Malwarebytes’ Anti-Malware is a full-blown anti-malware program that can be considered the next step in the detection and removal of malware. It uses a new technology that was especially designed to quickly detect, deter and destroy any malware that could reside in your computer.

Features

- Malware scanner
- Malware remover
- File unlocker
- Threat quarantine
- Quick and full system scan
- Ignore list
- Logging

The test results

The Good

Easy installation, fast scans, daily updates, detects what other security software misses, ease of use, light footprint on system resources and it can be used free of charge; these are the very attributes of Malwarebytes’ Anti-Malware.

The application can cohabit with other anti-malware products, thus adding another layer of defense against threats. Although there is a paid version that includes real-time protection, the free one does not prevent the user from removing the nasties.

The Bad

Its database contains signatures mostly for threats that evade most of the security products on the market, so it cannot yet be used as the only protection for the system.

The FileASSASSIN tool has not quite reached full maturity and has yet to learn to unlock files before removing them. In our testing Unlocker did a better job.

The interface should be improved aesthetically given the trends soon to be set by the upcoming Windows 7 and even the current Vista.

The Truth

One seldom meets an application that can do what others can’t. In our case Malwarebytes’ Anti-Malware proved that it could discover what others missed. It does not provide the most complete signature database and it may not protect against the largest pool of malware, but it works great as a “wingman” for the security app you decide to use. Thus is enforces better protection and keeps you safe from some of the less known threats on the market.

You can try it for free and scan the system from time to time using the quick option to scan for the most common types of malware. It won’t take long and system resources will be used responsibly.

Extended/full review: Softpedia

June 2, 2009 Posted by Smokey | Advisories, Anti-Spyware, Anti-Virus, Bundleware, Downloads, Friends, Malware, Phishing, Security, Toolbarware | , , , , , , , , , | 1 Comment

Microsoft Update Quietly/Unsolicited Installs Firefox Extension via .Net Framework Service Pack

Washington Post
By Brian Krebs | May 29, 2009

A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla’s Firefox Web browser.

Earlier this year, Microsoft shipped a bundle of updates known as a “service pack” for a programming platform called the Microsoft .NET Framework, which Microsoft and plenty of third-party developers use to run a variety of interactive programs on Windows.

The service pack for the .NET Framework, like other updates, was pushed out to users through the Windows Update Web site. A number of readers had never heard of this platform before Windows Update started offering the service pack for it, and many of you wanted to know whether it was okay to go ahead and install this thing. Having earlier checked to see whether the service pack had caused any widespread problems or interfered with third-party programs — and not finding any that warranted waving readers away from this update — I told readers not to worry and to go ahead and install it.

I’m here to report a small side effect from installing this service pack that I was not aware of until just a few days ago: Apparently, the .NET update automatically installs its own Firefox add-on that is difficult — if not dangerous — to remove, once installed.

Annoyances.org, which lists various aspects of Windows that are, well, annoying, says “this update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC.” I’m not sure I’d put things in quite such dire terms, but I’m fairly confident that a decent number of Firefox for Windows users are rabidly anti-Internet Explorer, and would take umbrage at the very notion of Redmond monkeying with the browser in any way.

Big deal, you say? I can just uninstall the add-on via Firefox’s handy Add-ons interface, right? Not so fast. The trouble is, Microsoft has disabled the “uninstall” button on the extension. What’s more, Microsoft tells us that the only way to get rid of this thing is to modify the Windows registry, an exercise that — if done imprecisely — can cause Windows systems to fail to boot up.

Txs Brian for spreading the word!
Txs to Tommy, staff on my board Smokey’s Security Forums, for attending me to Brian’s article.

Article source: Washington Post

May 31, 2009 Posted by Smokey | Alerts, Downloads, News, Security, Vulnerabilities | , , , , , , , , , | No Comments Yet

AV-Comparatives Review DefenseWall HIPS: 100% Detection Score

Past week the acknowledged testing organization AV-Comparatives published a comprehensive DefenseWall HIPS test/review.
The program is the most important product of SoftSphere Technologies, a company primarily active in the field of information security and its mission is to develop reliable means of protection against existing and future threats, such as viruses, spyware or rootkits.

AV-Comparatives tested the software on 100 current Malware Samples (Adware, Spyware, Viruses, Trojan Horses, Backdoors, etc.) that were not detected by other major Anti-Virus products at time of testing. All the samples were detected or executed as being untrusted or without compromising the system. Excellent test result: a protection rate of 100%!

My congratulations to SoftSphere Technologies, this result underline again that DefenseWall HIPS is a top-notch Host Intrusion Prevention System.

Please keep in mind that the software should be regarded as being a supplement to an Anti-Virus product and not as a replacement.

The full review is available in English and German language.

Links:

AV-Comparatives Softsphere DefenseWall HIPS Review
SoftSphere Homepage
SoftSphere Technologies Support Forums

May 29, 2009 Posted by Smokey | Advisories, Anti-Spyware, Anti-Virus, Malware, News, Security, Toolbarware | , , , , , , , , , , , | No Comments Yet

« Previous Entries