Smokey's Security Weblog

veritas odium parit

Microsoft Update Quietly/Unsolicited Installs Firefox Extension via .Net Framework Service Pack

Washington Post
By Brian Krebs | May 29, 2009

A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla’s Firefox Web browser.

Earlier this year, Microsoft shipped a bundle of updates known as a “service pack” for a programming platform called the Microsoft .NET Framework, which Microsoft and plenty of third-party developers use to run a variety of interactive programs on Windows.

The service pack for the .NET Framework, like other updates, was pushed out to users through the Windows Update Web site. A number of readers had never heard of this platform before Windows Update started offering the service pack for it, and many of you wanted to know whether it was okay to go ahead and install this thing. Having earlier checked to see whether the service pack had caused any widespread problems or interfered with third-party programs — and not finding any that warranted waving readers away from this update — I told readers not to worry and to go ahead and install it.

I’m here to report a small side effect from installing this service pack that I was not aware of until just a few days ago: Apparently, the .NET update automatically installs its own Firefox add-on that is difficult — if not dangerous — to remove, once installed.

Annoyances.org, which lists various aspects of Windows that are, well, annoying, says “this update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC.” I’m not sure I’d put things in quite such dire terms, but I’m fairly confident that a decent number of Firefox for Windows users are rabidly anti-Internet Explorer, and would take umbrage at the very notion of Redmond monkeying with the browser in any way.

Big deal, you say? I can just uninstall the add-on via Firefox’s handy Add-ons interface, right? Not so fast. The trouble is, Microsoft has disabled the “uninstall” button on the extension. What’s more, Microsoft tells us that the only way to get rid of this thing is to modify the Windows registry, an exercise that — if done imprecisely — can cause Windows systems to fail to boot up.

Txs Brian for spreading the word!
Txs to Tommy, staff on my board Smokey’s Security Forums, for attending me to Brian’s article.

Article source: Washington Post

Advertisements

May 31, 2009 Posted by | Alerts, Downloads, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , | Leave a comment

AV-Comparatives Review DefenseWall HIPS: 100% Detection Score

Past week the acknowledged testing organization AV-Comparatives published a comprehensive DefenseWall HIPS test/review.
The program is the most important product of SoftSphere Technologies, a company primarily active in the field of information security and its mission is to develop reliable means of protection against existing and future threats, such as viruses, spyware or rootkits.

AV-Comparatives tested the software on 100 current Malware Samples (Adware, Spyware, Viruses, Trojan Horses, Backdoors, etc.) that were not detected by other major Anti-Virus products at time of testing. All the samples were detected or executed as being untrusted or without compromising the system. Excellent test result: a protection rate of 100%!

My congratulations to SoftSphere Technologies, this result underline again that DefenseWall HIPS is a top-notch Host Intrusion Prevention System.

Please keep in mind that the software should be regarded as being a supplement to an Anti-Virus product and not as a replacement.

The full review is available in English and German language.

Links:

AV-Comparatives Softsphere DefenseWall HIPS Review
SoftSphere Homepage
SoftSphere Technologies Support Forums

May 29, 2009 Posted by | Advisories, Anti-Spyware, Anti-Virus, Malware, News, Recommended External Security Related Links, Toolbarware | , , , , , , , , , , , | 1 Comment

AV-Comparatives Review IT Security Suites for Corporate Users, 2009

Review: IT Security Suites for Corporate Users, 2009
Test institution: AV-Comparatives
Last revision date: 2009-27-05

Following vendors participated in the review and tests:

Avira, Eset, G-Data, Kaspersky, Sophos, Symantec, TrustPoint.

AV-Comparatives / Reviews Main Page: http://www.av-comparatives.org/comparativesreviews >> click submenu Corporate Reviews *

* For copyright reasons, no direct clickable destination link provided

May 28, 2009 Posted by | Advisories, Anti-Spyware, Anti-Virus, Friends, Malware, Phishing, Recommended External Security Related Links | , , , , , , , , , , , , | Leave a comment

ESET is Smokey’s Security Weblog 2009 Hall of Shame Awardee

May 28, 2009

To me it is a pleasure to annouce that ESET, a company that develop software protection against computer security threats, is Smokey’s Security Weblog 2009 Hall of Shame Awardee.

The Hall of Shame Award is seldom granted, therefore all Awardees need our unlimited attention. Yesterday I already mentioned in short that ESET is Awarded, but till yet I hadn’t the time make an official announcement.

I will refrain the motivation to Award ESET;

– not reacting in an adequate way regarding Service Pack 2 Windows Vista and Windows Server 2008 issues, like system crashes and BSODs with ESET NOD32 V4.x Antivirus products, this after install of SP2.
– till today no fix available to solve the SP2 related occurances.
– condemnable lack of communication to their customers.
– an incredible attitude of arrogance and ignorance.

It is clear, that ESET really deserve this prestigious Award, my sincere congrats!

Smokey

Update 2009-06-03: ESET removed from the Hall of Shame

With the same pleasure I announced that ESET is Smokey’s Security Weblog 2009 Hall of Shame Awardee, I can annouce that ESET is removed from this Hall.

Before I mention the reasons to remove ESET from the Hall of Shame (and that within such a short period!) I will refrain the purpose of  The Hall:

“The attentive reader of this blog will have noticed the existence of Smokey’s Security Weblog Hall of Shame Awards. Sole purpose of these Awards is, to improve users experiences and interests concerning all security related issues. Experiences that are many times not satisfying and even really disappointing: users are treated in a way that isn’t acceptable, e.g. by (government) instances and institutions, security vendors, aso aso. The list is long.The intention of our “Hall of Shame” is to achieve a change of mind in positive way and approvements in behavior and procedures by the Awardees. This all in such way that users interests are served well with it. Therefore the “stay” in the Hall of Shame isn’t by definition for always, all Awardees will have a fair opportunity to make approvements concerning points of critism and to show their good intentions to learn from mistakes made in the past. At the moment this all is accomplished in a satisfying way, the Awardee will be removed from The Hall. The removal will be announced in public, with motivation for the why. A fresh, clean “restart” and opportuntiy for the former Awardees so to speak. OTOH, Awardees that are not willing to learn or refuse cooperation will be marked with the label “bad” and stay forever in The Hall.”

Motivation to remove ESET from the Hall of Shame

Within an astonishing fast period (1 week!) after ESET was Hall Awardee, they corrected/fixed all issues that were reason to Award this vendor. To me it seem that the Service Pack 2 Windows Vista and Windows Server 2008 noise, present all around in the community, waked them up and forced them to improve fast. To be honest, they improved in a great way.

Congrats ESET!

Smokey

May 28, 2009 Posted by | Anti-Virus, Friends, News, Recommended External Security Related Links | , , , , | 1 Comment

[UPDATED 2010-09-04] Warning: don’t use any ESET NOD32 V4.x Antivirus product together with Windows Vista SP2 or Windows Server 2008 SP2

The story: numerous ESET NOD32 V4.x Antivirus product customers reported severe problems after install of Service Pack 2 Windows Vista and Windows Server 2008. First reports showed up begin of May 2009, and at the moment I write this post these reports still continue. Embarrassing: the total lack of feedback from ESET regarding the issue. Like I today already wrote on DSLReports, looking at all the threads and posts in their own support forums regarding the severe Service Pack 2 related problems, like e.g.system crashes, BSODs aso, and the fact that (apparently) ESET refuse to communicate with their PAYING customers about the SP2 related occurances, it is evident that ESET will lose customers. Even worse, their name and products will be scratched. It is a pity because ESET have fine products.

Finally today an ESET employee made a short statement on their support forum, almost 1 month after the first reports were produced:

“An issue with ESET’s V4 software and Service Pack 2 for Microsoft Windows Vista and Windows 2008 has been identified and the developers are working on a solution for it. Currently, I do not have any information about when it will be available or what form it will take, but as soon as more information is available it will be provided.”

Again, 1 month after the first reports were produced. And, even more embarrassing, Service Pack 2 RTM for Windows Vista and Windows Server 2008 are released and ESET is not able to offer fixed software that will solve the severe problems related to Service Pack 2.

ESET, this is bad, really bad. You can’t treat your customers with such incredible arrogance and ignorance.

Considering all disgraceful facts, to me it is a pleasure to grant you the famous Smokey’s Security Weblog 2009 Hall of Shame Award.

My sincere congratulations with this valuable Award!

Smokey

Update 2009-05-30, additional info provided by ESET

“Just to let you know, the web pages ESET posted on the matter have been revised, problem explanation and FAQ (Newsbulletin): http://kb.eset.com/esetkb/index?page=content&id=NEWS30

Provides workarounds (Knowledge Base article): http://kb.eset.com/esetkb/index?page=content&id=SOLN2254

You may want to bookmark these web pages and check them periodically as they will be updated iwth additonal information as it becomes available.”

Update 2009-06-02: ESET patch available to solve the ESET NOD32 V4.x Antivirus products compatibility issues related to Service Pack 2 Windows Vista and Windows Server 2008

A spokesman of ESET just informed me they have a patch (an updated Anti-Stealth module, v1012, build date 20090526) ready to solve the ESET NOD32 V4.x Antivirus products compatibility issues related to Service Pack 2 Windows Vista and Windows Server 2008. According to ESET, right now it is still being tested but they are not aware of any issues or problems from users who have installed it on their Microsoft Windows Vista/Microsoft Windows 2008 systems with SP2 on them.

To obtain the patch, open the ESET user interface, press F5 to open the Advanced Settings window, select Update in the left pane, then Advanced Update Setup in the right pane and check Enable Test Mode at the bottom of the window.

The next time the client performs an virus signature database update, it will also download the updated Anti-Stealth module. If you are running ESET Smart Security, an updated Firewall module will also be downloaded for testing (it contains some other fixes and updates unrelated to the SP2 issue).

Update 2009-06-04: ESET Smart Security v4 and and ESET NOD32 Antivirus v4.0 compatibility update for Vista/Server 2008 SP2 – The fix has moved into production

Statement ESET

Testing of the new Anti-Stealth module to improve compatibility between ESET Smart Security and ESET NOD32 Antivirus v4.0 and Microsoft Windows Vista / Windows Server 2008 Service Pack 2 has successfully completed and distribution has begun. The updated module will be downloaded automatically when a virus signature database update occurs in ESET Smart Security and ESET NOD32 Antivirus.

After the update is downloaded, the entry for the Anti-Stealth module in the About window for ESET Smart Security and ESET NOD32 Antivirus v4 will appear as Anti-Stealth support module: 1012 (20090526). The update is also installed if your Anti-Stealth module has a newer version or release date.

If Anti-Stealth was disabled as a temporary workaround, re-enable it by opening the ESET Graphic User Interface, pressing the F5 key to open the Advanced Setup window, selecting Antivorus and Antispyware in the left navigation pane and enabling (checking) the Enable Anti-Stealth Technology option in the right pane.

Source: Wilders

2010-09-04: Post enlarged with information about a newly occurred severe NOD32 definition update(s) problem

From ESET NOD32 Support Forum on Wilders Security:

after update to v. 5418, you might have encountered a problem with any of the following symptoms:

– ekrn crashed
– system stopped responding
– administrators might have received threat notifications with a blank threat name field

The problem was discovered in update 5417 and exhibited after an update to a newer version. To protect our users, we stopped the update as soon as the problems were reported to us.

A newer update 5419, which fixes the problems, has just been released. Note that ekrn may crash once more during update to the latest version due to the problem present in the previous versions 5417/5418.

SOLUTION FOR USERS:
Update to v. 5419 and restart the computer. Ekrn.exe will start and function properly then.

SOLUTION FOR SERVER SYSTEMS:
Update to v. 5419 and run “net start ekrn” to start ekrn.exe after a crash.

Signed: Marcos, ESET Moderator

See also an ESET kb article about the issue: http://kb.eset.com/esetkb/index?page=content&id=NEWS101

May 26, 2009 Posted by | Advisories, Alerts, Downloads, Friends, News, Recommended External Security Related Links | , , , , , , , , , , , , , , , , , , , , , , , , , | 17 Comments

Windows Server 2008 Service Pack 2 and Windows Vista Service Pack 2 RTM Released

Windows Server 2008 Service Pack 2 and Windows Vista Service Pack 2 – Five Language Standalone DVD ISO Released.

This is a DVD ISO image that contains Service Pack 2 for Windows Server 2008 SP2 for x86, x64, IA-64 and Windows Vista for x86, x64. This image is only applicable to computers that have one or more of the following languages: English, German, French, Japanese, or Spanish.

File Name: 6002.18005.090410-1830_iso_update_sp_wave0-RTMSP2.0_DVD.iso
Version: 948465
Knowledge Base (KB) Articles: KB948465
Date Published: 5/25/2009
Language: English, German, French, Japanese, Spanish.
Download Size: 1376.8 MB
Microsoft download page: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=9f073285-b6ef-4297-85ce-f4463d06d6cb

Supported Operating Systems:

Windows Server 2008; Windows Server 2008 for Itanium-based Systems; Windows Vista; Windows Vista Business 64-bit edition; Windows Vista Enterprise 64-bit edition; Windows Vista Home Basic 64-bit edition; Windows Vista Home Premium 64-bit edition; Windows Vista Ultimate 64-bit edition.

Non-DVD versions:

32-bit: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=a4dd31d5-f907-4406-9012-a5c3199ea2b3
64-bit: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=656c9d4a-55ec-4972-a0d7-b1a6fedf51a7

Programs that are known to experience a loss of functionality after you install Service Pack 2 for Windows Vista or for Windows Server 2008: http://support.microsoft.com/kb/969707

Warning: ESET NOD32 Anti-Virus v4.x programs can cause severe problems (e.g. BSODs) after Service Pack 2 install. More info on the official ESET Support Forum: http://www.wilderssecurity.com/showthread.php?t=241025

May 26, 2009 Posted by | Uncategorized | , , , , , , , , , , , , , , , | Leave a comment

Reminder: Windows 7 Beta Build 7000 Ready to Be Killed Off on June 1, 2009

“On June 1, 2009, the PC you’re using to test the Beta Build 7000 will begin shutting down every two hours. Rebuild your test PC with a non-expired version of Windows 7, such as the RC or Windows Vista. This will be a clean installation, so be ready to reinstall your programs and data.

If you are running Windows 7 Beta Build 7000 you’ll need to back up your data (preferably on an external device) and then do a clean install of the Windows 7 Release Candidate. After installing Windows 7, you will need to reinstall applications and restore your files.

There’s another expiration date you need to keep in mind: Windows 7 RC will expire on June 1, 2010, and you’ll need to either upgrade to the final release of Windows 7 or a prior version of Windows before then.”

Source: Softpedia
32-bit and 64-bit Windows 7 (Release Candidate) RC Build 7100.0.090421-1700 is available for download here.

May 25, 2009 Posted by | Friends, News | , , , , , , | 1 Comment

Just released: Windows 7 Upgrade Advisor Beta (Overview & Download)

Overview

Windows 7 Upgrade Advisor scans your PC’s system, programs and devices to check if it’s able to run Windows 7. After a few minutes, the report will let you know if your PC meets the system requirements, if there are any known compatibility issues with your programs and devices, and will also provide guidance on your upgrade options to Windows 7.

System Requirements

– Supported Operating Systems: Windows 7; Windows Vista; Windows XP Service Pack 2
– .NET 2.0 Framework or higher if running on Windows XP

Beta Release Notes

– The upgrade paths are currently not given for N, K, and KN editions of Windows.
– Any language packs you have installed on your PC will have to be reinstalled after upgrading to Windows 7.
– If you’re running Upgrade Advisor inside Virtual PC or Remote Desktop, Windows Aero capability may not be detected properly.

Remarks Windows Client Communications Team

Windows 7 Upgrade Advisor examines a PC’s processor, memory, storage, and graphics capabilities, identifies known compatibility issues with installed software and devices and finally provides guidance on how to resolve those issues if possible. Please also note: Windows XP users are required to do a clean install of the Windows 7 RC as well as the final product. Only PCs with Windows Vista can be upgraded to Windows 7.

The Windows 7 Upgrade Advisor measures a PC’s ability to upgrade to Windows 7 based on the following final system requirements for Windows 7: 1 GHz or faster 32-bit (x86) or 64-bit (x64) processor; 1GB RAM (32-bit) / 2GB RAM (64-bit); 16GB available disk space (32-bit) / 20GB (64-bit); DirectX 9 graphics processor with WDDM (Windows Display Driver Model) 1.0 or higher driver.

Download the Upgrade Advisor: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=1b544e90-7659-4bd9-9e51-2497c146af15

May 8, 2009 Posted by | Downloads, News | , , , , | Leave a comment

Watch your steps: Leaked copies of Windows 7 RC contain Trojan…..

By ComputerWorld – Gregg Keizer 05 May

Pirated copies of Windows 7 Release Candidate (RC) on file-sharing sites contain malware, according to users who have downloaded the upgrade. Some of the pirated builds include a Trojan horse, numerous users said in message forums and in comments on BitTorrent sites such as Mininova.org.

“Just a warning for anyone downloading the new RC builds of windows 7. Quiet [sic] a lot of the downloads have a trojan inbedded [sic] in the setup EXE,” said someone identified as Frank Fontaine on a Neowin.net discussion thread. “The Setup EXE is actually a container, it appears to be a self-extracting EXE. There are 2 files inside, Setup.exe and codec.exe.”

Source:  ComputerWorld

Get the official Windows 7 RC download:

The 32- and 64-bit versions of Windows 7 RC are available in five languages: English, German, Japanese, French, and Spanish. Just choose the version that fits the system you’ll be using, pick your language, and click go to register for and download the RC.

Downloading the Windows 7 RC could take a few hours. The exact time will depend on your internet provider, bandwidth, and traffic. The good news is that once you start the download, you won’t have to answer any more questions – you can walk away while it finishes. If it gets interrupted, it’ll restart where it left off. (txs NICK_ADSL_UK!)

Official downloadlink Windows 7 RC: Microsoft

May 6, 2009 Posted by | Uncategorized | , , , , , , , , , , | Leave a comment

Matousec’s New Moves to Recapture the label “Trustworthy”

The faithful reader of my blog will probably remember the critical article I wrote about Matousec and his Firewall Challenges, “Matousec’s Firewall Challenge wrinkle: conflict of interests?” and the honor I granted him to add his Challenges to “Smokey’s Security Weblog Hall of Shame”.

Matousec’s Firewall Challenges are continiuos subject of critism, not only be me but by many other people also. It was clear that Matousec was looking for ways to control reputation damage. We also remember well the possibilty of a re-test of vendors product by Matousec, of course after paying for such favor. In this way, a “bad” test could be curved into a “good” test.

Apparently Matousec is opinion to shut the mouth of criticasters by renaming past month his “Firewall Challenges” into “Proactive Security Challenges”. Almost at the same time he surprised us with the announcement that DIFINEX acquired Matousec.

I have my own ideas about DIFINEX and this sudden move of Matousec. According to Matousec, “DIFINEX is a new company with an interest in Internet projects and online services. DIFINEX focuses on creating, financing and covering projects with medium-sized and large Internet audience”. Matousec is always yelling about “Transparent security”. This is in contradiction with his mysterious explanation about DIFINEX. To earn the label “Trustworthy” it is a must to be open and honest about everything, not only tests and methodics but also about the people that finance these tests: DIFINEX. At the moment this is a Ghost Company.

To me it is obvious that Matousec’s recent moves confirm my negative feelings about him and his tests. More questions raised instead of satisfying previous ones. His tests wrinkle even more than before.

May 3, 2009 Posted by | Friends, News, Recommended External Security Related Links | , , , , , , , | 1 Comment