Smokey's Security Weblog

veritas odium parit

Ad Muncher ad- and poupup blocker will become completely free for everyone shortly

Today Murray Hurps, the Ad Muncher developer, announced that with upcoming Ad Muncher v5 the software will be free for everyone.

Murray Hurps: “Ad Muncher is normally available for $29.95, plus $19.95 per year after that, but will soon be available in exactly the same form as a completely free product. All users will receive the daily premium filter list updates, including users who were previously using Ad Muncher Basic”.

This is of course fantastic news, Ad Muncher is one of  (probably even the best) of the ad- and popup blockers and advertising removers there is so we all can be very pleased about Murray’s announcement. Nevertheless we all should keep in mind that Murray’s decision to make Ad Muncher a free product wasn’t easy, it’s very generous: besides his own need for earnings he have to pay salaries for three people and it’s going along with usual expenses.

We can expect that Ad Muncher will become free at the moment version 5 will be released, according to Murray version 5 release will happen shortly.

Finally, Murray also explained that those who have recently purchased Ad Muncher can ask for a refund if they’re still covered by the 30-day refund policy, but he explains too that every refund will reduce the chances of Ad Muncher surviving as a fee product. So please people, those who purchased recently Ad Muncher please support Murray and his Team and don’t ask for a refund.

From me a well-meant Thank You Murray, you are a great guy!

June 26, 2014 Posted by | Downloads, News | , , , , , | Leave a comment

Microsoft released emergency out-of-band update fixing IE zero day vulnerability

Today Microsoft have released an emergency out-of-band update (2965111) to fix a zero day publicly disclosed vulnerability in Internet Explorer (Microsoft Security Advisory 2963983). The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.

More info about the fix here: MS14-021 :Security update for Internet Explorer: May 1, 2014 The advance notification of the update lists Windows XP as among the affected platforms, indicating that it will be among the platforms patched, in spite of its support period ending weeks ago.

Users with Automatic Updates enabled do not have to do anything, although running Windows Update will apply the fix immediately.

May 1, 2014 Posted by | Alerts, News, Vulnerabilities | , , , , , , , , , | Leave a comment

How to enable LTE/4G on Samsung Galaxy Note 3 (SM-N9005)

Like me you have a fancy and expensive International Samsung Galaxy Note 3 SM-N9005 that conform specifications should be LTE/4G capable and nevertheless no LTE/4G ? It’s probably making you angry and mad, I assume you damn Sammy (again) for delivering a mobile phone that doesn’t do what it should do. Of course you have installed Android KitKat 4.4.2 but still no LTE option available via Start Screen > Apps > Settings > More Networks > Mobile Networks > Network Mode.

Normally in that Network Mode menu should be following options visible/available:

- LTE/WCDMA/GSM  (auto connect)
– WCDMA/GSM (auto connect)
– WCDMA Only
– GSM only

At the moment the mentioned  LTE/WCDMA/GSM  (auto connect)” option is missing you have a problem, you aren’t able to use LTE/4G. Don’t worry. there are several solutions/fixes to solve the lack of LTE/4G. Keep in mind that the solutions will only work with a rooted phone (up to you to take the risk of rooting, you will lose probably phone-guarantee because Knox counter will be tripped and security-wise there are also reservations).

The solutions (again, keep in mind my reservations about rooting your phone):

1. Change with a root explorer of your choice (e.g. Root Explorer, Solid Explorer or EF File Explorer) the value “false” in file persist.radio.lteon into “true” by way of build-in text editor of the root explorer. The file is located in root/data/property. Be sure permissions of  persist.radio.lteon are set to rw, after altering the file save the file and make it read-only. Reboot your phone, now you will see and be able to pick the option  “LTE/WCDMA/GSM  (auto connect)” in Network Mode menu. Important: before altering ANY file on your phone be sure you have a copy of the original, unaltered file!!! Advantage of this solution: even after a phone reboot the option  “LTE/WCDMA/GSM  (auto connect)” will remain visible/activated.

2. When you are afraid or not tech-savvy enough to alter phone files you can download “Advanced Signal Status” on Google Play. Start the app, go into Advanced Info located on bottom of the app and subsequent choose  LTE/GSM/CDMA auto (PRL) in the first sub-menu of Advanced Info. In phone Network Mode menu option  “LTE/WCDMA/GSM  (auto connect)” will still not be visible but nevertheless you will be able to use LTE/4G. Disadvantage of this solution will be that after every phone reboot you have to start “Advanced Signal Status app” and reactivate LTE/GSM/CDMA option.

Please remember that LTE/4G will only work in area’s with LTE and your phone data-plan includes the use of LTE. Good luck and have fun!

April 6, 2014 Posted by | Advisories, News | , , , , , , , , , , , , | 6 Comments

Windows XP data transfer tools: Laplink PCmover Express for Windows XP and PCmover Professional

After April 8, 2014, technical assistance for Windows XP will no longer be available, including automatic updates that help protect your PC. Microsoft will also stop providing Microsoft Security Essentials for download on Windows XP on this date. (If you already have Microsoft Security Essentials installed, you will continue to receive antimalware signature updates for a limited time, but this does not mean that your PC will be secure because Microsoft will no longer be providing security updates to help protect your PC.)

If you continue to use Windows XP after support ends, your computer will still work but it might become more vulnerable to security risks and viruses. Also, as more software and hardware manufacturers continue to optimize for more recent versions of Windows, you can expect to encounter greater numbers of apps and devices that do not work with Windows XP.

To help customers on Windows XP prepare to move to a new PC, Microsoft announced a free transfer tool. They partnered with Laplink to provide Windows XP users with a free data migration tool called PCmover Express for Windows XP which copies your files and settings from your Windows XP PC to a new device running Windows 7, Windows 8 or Windows 8.1. This tool will copy your files, music, videos, email and user profiles and settings from your old PC to your new device, transferring across your home or work network, and even enables Windows XP users to customize exactly what they want to bring over to their new device. The free data transfer will NOT migrate your apps. Learn more and download the free version of Laplink PCmover Express for Windows XP here.

For Windows XP users wanting to transfer applications from their old computer, Laplink is also making available its software that migrates apps, files and settings called PCmover Professional at a special price – see here for details.

Sources: Microsft and Laplink

March 22, 2014 Posted by | Advisories, Alerts, Downloads, News | , , , , , | Leave a comment

RIP ASAP – Alliance of Security Analysis Professionals: 2004-2013

Regrettably I have to tell you that Smokey’s Security Forums isn’t ‘Site Member ASAP – Alliance of Security Analysis Professionals’ anymore, reason is simple: ASAP died.

I want to express my thanks to all the people dedicated to ASAP, this includes common and VIP-members as well ASAP Counsel and Site Owners.

A special Thank You to Corrine, (former) ASAP Secretary, she was the one keeping ASAP alive till the unavoidable happened.

August 9, 2013 Posted by | News | , , , , | Leave a comment

How to Get MSN (Live) Messenger Back and beating Microsoft’s Skype

It’s obvious that countless people are very disappointed that Microsoft has substitute MSN (Live) Messenger by Skype, most people just want to chat and don’t need all the whistles and bells of Skype at all.

Past days Messenger users received one of following messages:

A newer version is available. You must install the newer version in order to continue. Would you like to do this now?

or

A newer version has been downloaded and is available. You must install this newer version in order to continue. Would you like to do this now?

This is just an ordinary Microsoft attempt to force MSN Messenger users to what Microsoft is calling an ´upgrade´ to Skype, majority of the MSN Messenger users see it entirely different and are pissed they are not able anymore to use Messenger, the ´upgrade´ is a nightmare to them.

Don´t worry and be happy again, there´s a nice little piece of software that will allow you to use Messenger again: Messenger Reviver 2 by Jonathan Kay. I have tested the software on multiple PC’s and it will do what it promise: getting MSN (Live) Messenger back. To reach the aim of getting Messenger back, Messenger Reviver 2 will make some changes to your computer. These changes are harmless and can’t hurt your PC so use it without any risk.

Some info about Messenger Reviver 2 (grabbed from author’s weblog)

Messenger Reviver 2 automatically installs, repairs and/or modifies Windows Live Messenger 2012, 2011, 2009, and 2008 as well as Windows Messenger to continue signing in despite being blocked by Microsoft.

Reviver 2 supports modifying all language versions and can automatically install either 2009 or 2012 versions in 47 different languages.

Reviver will automatically attempt to detect if Messenger is still installed, which versions are eligible for modification and if you need to run a repair or new installation to bring Messenger back (if Skype has removed it).

System Requirements

Windows XP, Windows Vista, Windows 7 or Windows 8.
.NET Framework 2.0 or higher (included with Windows Vista or newer), .NET 3.5 or 4.0 recommended

How-To

To revive Messenger, click Start in the Messenger Reviver 2 Screen and the process will automatically modify Messenger and restart it.

If Windows Live Essentials is not installed, you will presented with options to either install Messenger 2009 or 2012 in the language of your choosing. Reviver will attempt to guess which language you prefer based on your prior Windows and Essentials language settings.

Additionally if Essentials is still installed, but Skype has removed it, you will be offered to just repair your Essentials install.

Advanced

If you wish to do a manual re-install or repair, you can select these options by clicking the Advanced button and choosing the function you would like.

I want to make clear again that the use of Messenger Reviver 2 will not damage your PC. Also that you have to say ‘Thank You’ to the author of the application, Jonathan Kay. His weblog and Reviver Support can be found here.

Downloadlinks Messenger Reviver 2 (0,5 MB, zipped)

Link 1

Link 2

Link 3

Please report broken links, thanks in advance!

May 1, 2013 Posted by | Downloads, News | , , , , , , , , , , , , , | Leave a comment

[UPDATED / SOLVED] Be aware: malware removal program ComboFix probably infected with Sality virus

According to Marcos, employee of security solutions vendor ESET, the well-known malware cleaning/removal program ComboFix created by sUBs is infected with the Sality virus. It seems that the current installer ComboFix contains an infected file, namely iexplore.exe

I haven’t checked the issue, however have to assume that ComboFix is indeed infected with the Sality virus, especially because other security vendors have confirmed the infection.

Please don’t download and use ComboFix until the author, sUBs, remedies the issue.

UPDATE 1: Infection is confirmed by a reliable source.

UPDATE 2: To be 100% sure I checked the issue by myself, ComboFix is indeed infected by Sality.

UPDATE 3: Added a temporary Google Drive downloadlink to obtain most recent CLEAN ComboFix.exe

Data of this clean version:

Combofix.exe
Version 13.1.28.1
Copyright sUBs
5.028.179 bytes

MD5 CHECKSUM: 0F6D28A70471051C4C7785335ACBA626

SHA256 CHECKSUM:

hex: 361548f74415a41f00d5345b3e3c489b3282b302c0c51266880eda586db01a12
HEX: 361548F74415A41F00D5345B3E3C489B3282B302C0C51266880EDA586DB01A12
h:e:x: 36:15:48:f7:44:15:a4:1f:00:d5:34:5b:3e:3c:48:9b:32:82:b3:02:c0:c5:12:66:88:0e:da:58:6d:b0:1a:12
base64: NhVI90QVpB8A1TRbPjxImzKCswLAxRJmiA7aWG2wGhI=

Download: removed

UPDATE  4 / FINAL UPDATE / 2013-01-30 22:00: problem infected ComboFix solved, clean ComboFix.exe is now live again, and available to download from its normal Bleeping Computer downloadlink here.

Because the problem is now solved I have removed the temporary downloadlink clean ComboFix.exe

January 29, 2013 Posted by | Advisories, Alerts, Anti-Virus, Malware, Vulnerabilities | , , , , , , | 4 Comments

Windows 8 Acronis True Image 2013 customers misguided by Acronis GmbH: software is unusable

It’s just ‘great’, you are relying on a well-known company selling Backup & Recovery software, Acronis GmbH. On their website they are promising potential customers that their Acronis True Image 2013 software is fully compatible with Windows 8, so you are buying or upgrading a previous version of the software in full faith and trust, assuming that Acronis will save you in case an disaster will happen with your PC and you will be able to boot from a recovery image in case of an disaster.

Well better forget efforts to restore the Acronis image, Acronis will let you down without mercy, your Windows 8 system will tell you: “Selected boot image did not authenticate. Press ‘Enter’ to continue”. So now you have a serious problem…

Cause of the failure message is Secure Boot, a Windows 8 Anti-Rootkit feature that will prevent the PC from booting an unrecognised operating system. Unpleasant side effect: it will also blocking Linux-based recovery environments, such as Acronis Start Up manager.

Despite the fact that Acronis is informed about the issue, they still sell Acronis True Image 2013 as being Windows 8 Compatible. I call this product sale scam. My advise to Windows 8 users: don’t buy the Acronis crap, on your Windows 8 PC it’s a useless piece of emergency software.

January 17, 2013 Posted by | Advisories, Alerts | , , , , , , , , , | 1 Comment

Microsoft Security Bulletin MS13-008 – Out-Of-Band Critical Security Update for Internet Explorer (2799329)

Published: Monday, January 14, 2013 by Microsoft

Version: 1.0
General Information
Executive Summary

This security update resolves one publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 and Internet Explorer 10 are not affected. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by modifying the way that Internet Explorer handles objects in memory. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 2794220.

Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

Known Issues. None

Affected and Non-Affected Software: see the Security Bulletin.

Some Frequently Asked Questions (FAQ) Related to This Security Update, for all FAQ’s see the Security Bulletin.

Is this update, MS13-008, a cumulative security update for Internet Explorer?
No. This security update, MS13-008, only addresses the vulnerability described in this bulletin.

Do I need to install the last cumulative security update for Internet Explorer, MS12-077?
Yes. In all cases MS13-008 protects customers from the vulnerability discussed in this bulletin. However, customers who have not installed the latest cumulative security update for Internet Explorer may experience compatibility issues after installing the MS13-008 update.

Customers need to ensure that the latest cumulative security update for Internet Explorer, MS12-077, is installed to avoid compatibility issues.

If I applied the automated Microsoft Fix it solution for Internet Explorer in Microsoft Security Advisory 2794220, do I need to undo the workaround before applying this update?
Customers who implemented the Microsoft Fix it solution, “MSHTML Shim Workaround,” in Microsoft Security Advisory 2794220, do not need to undo the Microsoft Fix it solution before applying this update.

However, since the workaround is no longer needed, customers may wish to undo the workaround after installing this update. See the vulnerability workarounds in this bulletin for more information on how to undo this workaround.

Where are the file information details?
Refer to the reference tables in the Security Update Deployment section for the location of the file information details.

Where are the hashes of the security updates?
The SHA1 and SHA2 hashes of the security updates can be used to verify the authenticity of downloaded security update packages. For the hash information pertaining to this update, see Microsoft Knowledge Base Article 2799329.

How are Server Core installations affected by the vulnerability addressed in this bulletin?
The vulnerability addressed by this update does not affect supported editions of Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 as indicated in the Non-Affected Software table, when installed using the Server Core installation option.

Disclaimer

The information provided in the Microsoft Knowledge Base is provided “as is” without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

January 14, 2013 Posted by | Advisories, Alerts, Downloads, Vulnerabilities | , , , , , , , , , | Leave a comment

Microsoft Advance Notification for Out-Of-Band Security Update to Address Security Advisory 2794220

Microsoft Security Response Center – MSRCTeam | 13 Jan 2013 3:00 PM

Today, we are providing Advance Notification to customers that at approximately 10 a.m. PST on Monday, January 14, 2013, we will release an out-of-band security update to fully address the issue described in Security Advisory 2794220. While we have still seen only a limited number of customers affected by the issue, the potential exists that more customers could be affected in the future. The bulletin has a severity rating of Critical, and it addresses CVE-2012-4792. Internet Explorer 9-10 are not affected by this issue and as always, we encourage customers to upgrade to the latest browser version.

We recommend that you install this update as soon as it is available. This update for Internet Explorer 6-8 will be made available through Windows Update and our other standard distribution channels. If you have automatic updates enabled on your PC, you won’t need to take any action. If you applied the Fix it released in Security Advisory 2794220, you won’t need to uninstall it before applying the security update.

January 14, 2013 Posted by | Advisories, Alerts, Vulnerabilities | , , , , , , , | Leave a comment

Extremely critical vulnerability Samsung Android Exynos4 based devices [CONFIRMED]

ExynosAbuse Exploit: obtaining root on Exynos4 based Samsung Android devices without ODIN flashing, malicious apps will be able to gain total control over the device by gaining root without asking and without any permissions on a vulnerable device.

Source: XDA Developers (alephzain, Chainfire)

- alephzain: http://forum.xda-developers.com/showthread.php?t=2048511
– Chainfire: http://forum.xda-developers.com/showthread.php?t=2050297

Samsung solution status: unfixed

Vulnerable devices:

- Samsung Galaxy S2 GT-I9100

- Samsung Galaxy S3 GT-I9300
– Samsung Galaxy S3 LTE GT-I9305

- Samsung Galaxy Note GT-N7000

- Samsung Galaxy Note 2 GT-N7100
– Samsung Galaxy Note 2 LTE GT-N7105
– AT&T Galaxy Note 2 SGH-I317
– Verizon Galaxy Note 2 SCH-I605

- Samsung Galaxy Tab Plus GT-P6210

- Samsung Galaxy Note 10.1 GT-N8000, GT-N8010, GT-N8013, GT-N8020

Note: Google Nexus 10 not vulnerable, Exynos5.

Temporary patch (provided by Chainfire): http://forum.xda-developers.com/showthread.php?t=2050297

Note: Chainfire requested not to redistribute the patch, instead please link to http://forum.xda-developers.com/showthread.php?t=2050297

Update Dec 20 2012

Android Central | Dec 19 2012

Official Samsung Statement Exynos kernel vulnerability issue (in full)

“Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible.

The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications.

Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices”

Third-party fixes

I will only mention Chainfire’s fix. It’s the only one that is secure. Both Supercurio’s and RyanZA’s method leave you with easily exploitable holes any serious malware author will abuse.

About Chainfire’s fix

Chainfire: “This is an APK that uses the ExynosAbuse exploit (by alephzain) to be able to do various things on your Exynos4 based device.

Features for non-rooters:
– Securely patch the exploit

Features for rooters:
– Root the device (SuperSU v0.99)
– Enable/disable the exploit at will
– Enable/disable patching the exploit at boot
– Unroot and cleanup (optionally leaving the exploit patch at boot in place)

Please note that patching the exploit may break camera functionality, depending on device and firmware. Also note that if use the patch method without rooting, or keep patching the exploit at boot enabled when unrooting, you need an alternate method to re-root the device to disable this feature (like CF-Auto-Root) – you cannot use ExynosAbuse to do this since it patched the exploit. Unlike other patch authors, I do not believe in keeping an invisible rooted process running in the background while pretending you aren’t rooted, to be able to unpatch this way.

While the exploit patches work (aside from possibly disabling your camera), these are more work-around than actual fixes. A proper patch would be a kernel fix, either from a third party or Samsung themselves”

Download the fix here: http://forum.xda-developers.com/showthread.php?t=2050297

Note: please do not redistribute the fix!

December 17, 2012 Posted by | Advisories, Alerts, Anti-Virus, Malware, News, Vulnerabilities | , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

New major version of avast! Mobile Security / Anti-Theft released, v2 in development stage

As you probably will remember, December 2011 I posted a review concerning avast! Mobile Security (AMS) for Android phones, my verdict was (and still is): an excellent Security Suite, also very reliable and provided with a top-notch Anti-Theft module. For reason of the outstanding good test results AMS gained the Smokey’s 2011/2012 Choice Award, this Award will only be granted to the best among the best.

This week avast! company informed me that a new major version of the suite was released, v2, and this new version is in beta stage. They told me also that current stable v1 of the suite wasn’t updated since April 2012 for reason of development v2.

Like I told v2 is still beta but the new features sound very promising and will make the product even better, in this way protecting the user in a more solid way and providing him with additional useful features, time to provide you with a fast survey of v2 beta.

According to avast! company new features are:

* avast! Anti-Theft web portal integrated into the avast! Account
* Network Meter
* avast! widget
* Optimized UI for tablets
* Real-time protection (on-exec scanning) of apps
* Custom rules and log in the firewall
* The shield control UI to fine-tune on-access security setup
* avast! SiteCorrect for the Web Shield
* Scanning of incoming messages
* SMS/Call filter wildcards
* Greyscale notification icon

Adding all these new features to avast!’s already superb security suite will make it (again) the best security suite for android phones there is, and will put it again on top of all available suites. V2 beta avast! Mobile Security and avast! Anti-Theft are downloadable on avast! Forum, keep in mind that (like with all beta’s) use will be on your own risk. If you have the intention to download and install the beta please read the beta support thread before installing, in this way knowing what problems you can expect and current development stage of the beta.

To me it’s not clear v2 final will remain free, at the moment pricing info isn’t available.

System Requirements v2 beta avast! Mobile Security

Operating Systems Supported:

- Android 2.1.x
– Android 2.2.x
– Android 2.3.x
– Android 3.x
– Android 4.0.x
– Experimental support for Android 4.1.x

Links

- Review v1 avast! Mobile Security for Android phones: http://smokeys.wordpress.com/2011/12/24/review-avast-mobile-security-for-android-phones/
– About the Smokey’s Choice Awards: http://smokeys.wordpress.com/2011/12/30/about-the-smokeys-choice-awards/
– Downloadlinks v2 beta avast! Mobile Security and avast! Anti-Theft / v2 beta Support Forum: http://forum.avast.com/index.php?topic=101642

August 11, 2012 Posted by | Anti-Spyware, Anti-Virus, Downloads, Malware, Phishing, Toolbarware, Uncategorized | , , , , , , , , , | 1 Comment

Webroot SecureAnywhere…. just an over-Inflated Bubble?

Isn’t it amazing how at once there is a superb anti-virus, smashing all competitors, established vendors included? The Anti-Virus Holy Grail so to speak, doing a fantastic job of keeping customers PC’s free of malware, this in contradiction of these competitors? At the same time an AV with great support, prepared to listen to customers and helping them in an adequate way, and also being realistic when it regards shortcomings (however see this as a joke… an AV Holy Grail that doesn’t have any shortcomings).

Don’t look any further, don’t try any other anti-virus…. but be smart and buy NOW the 2012 Super AV: Webroot SecureAnywhere.
Competitors are selling crap,anyway, this is Webroot’s opinion, so don’t hesitate and only be satisfied with the Best of the Best: WSA (Webroot SecureAnywhere).

Of course it is true what they say about other AV vendors, please don’t call this bashing, it’s just business, okay?! Yells like “Takes up 96% less space than Kaspersky”, “Uses 97% less memory than McAfee”, “Scans more than 3x faster than Kaspersky”, “Takes up 99% less space than McAfee”, “Uses 92% less memory than Norton”, “Installs 131x faster than McAfee”, “Scans nearly 4 times faster than Norton”. The Webroot website is overwhelmed with such yells, there is hardly room left to tell the customer some (true) facts about WSA. Personally I really like this Webroot yell: “Webroot vs.Symantec is like David vs. Goliath. Only this David has a much faster, lighter, easier-to-manage slingshot”. This all is dramatic pure for sure, a climax that can’t be beaten by anyone.

I can hardly imagine that there are people believing the Webroot PR yells, after all yelling is Webroot’s trademark. OTOH they are true masters of it…. hence making it very convincing.

It starts at the very bottom with a Webroot Support Forum Helper, a PR expert on his own and also a master in repeating what Webroot employees are saying, then continues with Webroot Support/Quality Assurance Staff yelling to customers they must believe whatever the helper say, (after all, customers are stupid and clearly show their stupidity!!), subsequently we then have Webroot Support Team Staff yelling what a great product WSA is…. and finally we have the Webroot website and Support Forums, the absolute Masters of the Yell.

I admit that WSA is really small in size and fast just like WSA yells at us, however there is also a downside: it does not have the (high) detection rates that several other AV’s have. This is not just a yell from me, AV Testing Organization AV-Comparatives proved it very well: in their Protection-Test March-June 2012 AV Webroot SecureAnywhere 2012 gained the lowest protection rate of just a very disappointing 90,9%. In the test participated by 21 AV vendors/products WSA reached rank 21.

AV-Test.org, also an AV Testing Organisation, have tested WSA too. Talking again about detection rates, products like e.g. AVG’s Anti-Virus Free Edition 2012, AVG’s Internet Security 2012, BitDefenders Internet Security 2012, BullGuard’s Internet Security 12.0, F-Secure’s Internet Security 2012, G Data’s Internet Security 2012 and Kaspersky’s Internet Security 2012 were scoring better than WSA.

There is also issues false positives:

WSA gained the worst score according to AV-Comparatives False-Alarm-Test March 2012. We all know that false positives can really hurt your PC so FP’s can be dangerous just like malware is. When I have to choose between speed/used space and malware detection rates/amount FP’s ….I will choose the latter for sure.

Like I admitted before, WSA is really fast….. but regrettably not when regarding a full scan on demand, for example. Despite following Webroot’s promise: “After initial scan, full system scans typically take two minutes or less”. What Webroot don’t tell us is that a full scan will factually take hours. Furthermore, in my opinion they shouldn’t offer a ‘Full scan’ possibility at all to the customer if they are opinion it’s an unnecessary tool. After all their official POV is:

An actual full scan of the computer will both take hours in most cases and is also completely unnecessary for protecting the computer with WSA.

I clearly see here snake oil tactic of Webroot, with the aim to retain the claim of whopping fast scanning and at the same time putting other anti-virus vendors in a bad spotlight.

Webroot Inc. is also a damned well organised merchandising machine…. That they are heavily promoting their products on the Webroot (Prevx) support forums is fine, nothing wrong with that. The trick is to do the same on other forums without being provided with the spam label.

So how does the trick work? Almost every forum thread where a malware issue is discussed or advice is asked for on what AV to use…. will be provided with an urgent encouragement to use WSA. Surprisingly it’s almost always a Webroot Support Forum Helper encouraging the thread reader to do so. Final touch is then given by Webroot Support Team, praising the Webroot Support Forum Helper for his great advice and again encouraging the reader to use WSA. Finally the thread will end with a survey of where to obtain WSA good deals, the survey will be mostly offered by an anonymous user. I call this ordinary spam.
Common exception: if the thread is going ‘wrong direction’, Webroot Support Team is clever and don’t show up at all, instead the WSA Support Forum Helper will starting a tirade to the messenger of the ‘bad news’ and maintain the tactic to shoot the messenger by calling him e.g. a troll. This kind of ‘support’ can hardly be called decent and customer-orientated.

Summarizing:

I don’t say Webroot SecureAnyWhere is a bad product, but it need much improvement.
I don’t say PR is condemnable, I just don’t like Webroot’s business practices.

Furthermore,

I don’t like the way they provide support.
I don’t like the way the customer is treated.
I don’t like it when a product with very bad detection rates and lots of false positives is praised into AV heaven, please keep in mind there are better AV’s.
Last but not least, I don’t like spam.

July 22, 2012 Posted by | Anti-Spyware, Anti-Virus, Malware, Phishing | , , , , , , , , , | Leave a comment

Emergency Bulletin – Out-Of-Band Patch: Microsoft Security Advisory (2718704)

Microsoft Security Advisory (2718704)
Unauthorized Digital Certificates Could Allow Spoofing

http://technet.microsoft.com/en-us/security/advisory/2718704

Published: Sunday, June 03, 2012

Version: 1.0

General Information

Executive Summary

Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.

Microsoft is providing an update for all supported releases of Microsoft Windows. The update revokes the trust of the following intermediate CA certificates:

  • Microsoft Enforced Licensing Intermediate PCA (2 certificates)
  • Microsoft Enforced Licensing Registration Authority CA (SHA1)

Affected Software and Devices

This advisory discusses the following affected software and devices:

Operating System

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Server Core installation option

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Affected Devices

Windows Mobile 6.x
Windows Phone 7
Windows Phone 7.5

Recommendation

For supported releases of Microsoft Windows, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. For more information, see the Suggested Actions section of this advisory. For affected devices, no update is available at this time.

TechNet Blogs > MSRC > Microsoft releases Security Advisory 2718704

http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx

We recently became aware of a complex piece of targeted malware known as “Flame” and immediately began examining the issue. As many reports assert, Flame has been used in highly sophisticated and targeted attacks and, as a result, the vast majority of customers are not at risk. Additionally, most antivirus products will detect and remove this malware. That said, our investigation has discovered some techniques used by this malware that could also be leveraged by less sophisticated attackers to launch more widespread attacks. Therefore, to help protect both targeted customers and those that may be at risk in the future, we are sharing our discoveries and taking steps to mitigate the risk to customers.

We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft.

We are taking several steps to remove this risk:

• First, today we released a Security Advisory outlining steps our customers can take to block software signed by these unauthorized certificates.

• Second, we released an update that automatically takes this step for our customers.

• Third, the Terminal Server Licensing Service no longer issues certificates that allow code to be signed.

These actions will help ensure that any malware components that might have been produced by attackers using this method no longer have the ability to appear as if they were produced by Microsoft.

We continue to investigate this issue and will take any appropriate actions to help protect customers. For more information, please refer back to this site and check with your anti-malware vendor for detection support.

Mike Reavey
Senior Director, MSRC

June 4, 2012 Posted by | Advisories, Alerts, Malware, Vulnerabilities | , , , , , , , , , , , , , | Leave a comment

Smokey’s Security & Anti-Malware Software Updates Survey Forum Entirely Revamped

I’m pleased to announce that the Security & Anti-Malware Software Updates Survey Forum on Smokey’s Security Forums is entirely revamped. As you know, a safe surfing experience will only be possible when all (security)software on your box will be up-to-date, the Smokey’s Security & Anti-Malware Software Updates Survey Forum provides you with the possibility to stay current and to avoid outdated software.

The forum is rebuild from the scratch, all Security/Anti-Malware software is sorted now into alphabetical order and up-to-date. Additional features are sorting software by Category/Tag and to stay current by way of subscribing to the Security & Anti-Malware Update Topics.

The revamped Software Updates Survey Forum is entirely designed by Smokey’s new Team Leader of that forum: Creer. He invested lots of time in the design, I’m grateful for all his hard design work and continuous efforts to keep the forum up-to-date.

Like before, in case you need (of course free!) malware removal help please don’t hesitate to visit our Malware Analysis & Removal Help and Support Forum, fully trained/graduated/qualified malware removal staff will be pleased to clean your box/removing malware.

February 12, 2012 Posted by | Uncategorized | , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Follow

Get every new post delivered to your Inbox.