Smokey's Security Weblog

veritas odium parit

Smokey’s Security Forums now on ‘Facebook’ and ‘Twitter’

To keep up with technology and as additional service to the community, from now on you can keep up with the latest posted and/or reproduced on Smokey’s Security Forums on Facebook and Twitter.

Smokey’s on Facebook:
Smokey’s on Twitter:

New content will be added regularly.
Feel free to ‘Become a Fan’ or to ‘Follow’.  🙂

August 15, 2009 Posted by | Advisories, Alerts, Anti-Spyware, Anti-Virus, Bundleware, Friends, Malware, Phishing, Recommended External Security Related Links, Toolbarware, Vulnerabilities | , , , , , , , , | Leave a comment

Out-of-band Microsoft Security Bulletin Advance Notification for July 2009

Published: July 24, 2009

Microsoft Security Bulletin Advance Notification issued: July 24, 2009
Microsoft Security Bulletins to be issued: July 28, 2009

This is an advance notification of two out-of-band security bulletins that Microsoft is intending to release on July 28, 2009. One bulletin will be for the Microsoft Visual Studio product line; application developers should be aware of updates available affecting certain types of applications. The second bulletin contains defense-in-depth changes to Internet Explorer to address attack vectors related to the Visual Studio bulletin, as well as fixes for unrelated vulnerabilities that are rated Critical. Customers who are up to date on their security updates are protected from known attacks related to this out-of-band release.

This bulletin advance notification will be replaced with an update to the Microsoft Security Bulletin Summary for July 2009 on July 28, 2009. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

While this release is to address a single, overall issue, in order to provide the broadest protections possible to customers, we’ll be releasing two separate security bulletins as mentioned already before:

1. One Security Bulletin for Visual Studio

2. One Security Bulletin for Internet Explorer

While we can’t go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications. The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin. The Internet Explorer update will also address vulnerabilities rated as Critical that are unrelated to the Visual Studio bulletin that were privately and responsibly reported.

Customers who are up to date on their security updates are protected from known attacks related to this Out of Band release.

A reminder that this information is subject to change and that when we do release the security bulletins, we’ll let you know through the MSRC weblog.

Signed: Microsoft Corp. – Mike Reavey

Sources of this Out-of-band Microsoft Security Bulletin and more info:

Microsoft TechNet
Microsoft Security Response Center (MSRC)

July 25, 2009 Posted by | Advisories, Alerts, Downloads, Friends, Recommended External Security Related Links | , , , , | Leave a comment

Alert: Microsoft DirectShow vulnerability used in 0-Day drive-by-download attacks

The Tech Herald | Jul 6 2009

CSIS Security is reporting the discovery of a new vulnerability within Microsoft DirectShow. The 0-Day attack is a part of a massive website hijacking operation, where exploited domains are injected with code that attempts to exploit the DirectShow vulnerability as well as other known flaws.

According to CSIS, the attacks start by compromising a legitimate website, where malicious JavaScript is embedded into the site’s code. Once the compromised page loads, the injected JavaScript forces the user to visit a sub-domain on At the time this article was published, The Tech Herald could not confirm that the sub-domain listed by CSIS was still malicious, as it was unavailable. However, is online, and should be considered suspect if not blacklisted altogether.

The 0-Day vulnerability, which is a stack overflow in DirectShow MPEG2TuneRequest, can be mitigated by setting the kill bit on msVidCtl.dll. CSIS has provided the solution on their site. [Google Translated] However, this is just one of several vulnerabilities the drive-by-download attack is attempting to exploit. Once the system is compromised, a keylogger is installed, as well as a “cocktail of malicious code” CSIS said.

Microsoft Windows 2000, 2003, and XP are listed as vulnerable. No word on if Vista or Windows 7 are at risk. We have asked Microsoft for comment and will update this story as more news comes in.

For now, CSIS is reporting that thousands of sites are using this new attack, and the ultimate landing points are starting to grow in number thanks to the exploit code being published online.

SANS is offering the best advice to IT this morning, “Please keep a watchful eye on your AV and IDS/IPS vendors updates to ensure coverage as early as possible on this exploit as it is likely to be widely deployed with the code being available.”

Update: Microsoft have released an advisory for the exploit:

Microsoft Security Advisory (972890)
Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution
Published: July 06, 2009

Version: 1.0

Microsoft is investigating a privately reported vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

We are aware of attacks attempting to exploit the vulnerability.

Our investigation has shown that there are no by-design uses for this ActiveX Control in Internet Explorer which includes all of the Class Identifiers within the msvidctl.dll that hosts this ActiveX Control. For Windows XP and Windows Server 2003 customers, Microsoft is recommending removing support for this ActiveX Control within Internet Explorer using all the Class Identifiers listed in the Workaround section. Though unaffected by this vulnerability, Microsoft is recommending that Windows Vista and Windows Server 2008 customers remove support for this ActiveX Control within Internet Explorer using the same Class Identifiers as a defense-in-depth measure.

Customers may prevent the Microsoft Video ActiveX Control from running in Internet Explorer, either manually using the instructions in the Workaround section or automatically using the solution found in Microsoft Knowledge Base Article 972890. By preventing the Microsoft Video ActiveX Control from running in Internet Explorer, there is no impact to application compatibility.

Microsoft is currently working to develop a security update for Windows to address this vulnerability and will release the update when it has reached an appropriate level of quality for broad distribution.

Mitigating Factors:

•  Customers who are using Windows Vista or Windows Server 2008 are not affected because the ability to pass data to this control within Internet Explorer has been restricted.

• By default, Internet Explorer on Windows Server 2003 and 2008 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted Web content on a server. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See also Managing Internet Explorer Enhanced Security Configuration.

•  By default, all supported versions of Microsoft Outlook and Microsoft Outlook Express open HTML e-mail messages in the Restricted sites zone. The Restricted sites zone helps mitigate attacks that could try to exploit this vulnerability by preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario.

•  In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.

•  An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

July 6, 2009 Posted by | Advisories, Alerts, Anti-Spyware, Anti-Virus, Friends, Malware, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , , , | Leave a comment

McAfee VirusScan false-positive glitch fells PCs worldwide

TheRegister | 3rd July 2009

“IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program attack their core system files. In some cases, this caused the machines to display the dreaded blue screen of death.

Details are still coming in, but forums here and here show that it’s affecting McAfee customers in Germany, Italy, and elsewhere. A UK-based Reg reader, who asked to remain anonymous because he was not authorized by his employer to speak to the press, said the glitch simultaneously leveled half of a customer’s 140 machines after they updated the latest virus signature file.

“Literally half of the machines were down with this McAfee anti-virus message IDing valid programs as having this trojan,” the IT consultant said. “Literally half the office switched off their PCs and were just twiddling their thumbs.”

When the consultant returned to his office he was relieved that his own laptop, which also uses VirusScan, was working normally. Then, suddenly, when it installed the latest McAfee DAT file, his computer was also smitten. The anti-virus program identified winvnc.exe and several other legitimate files as malware and attempted to quarantine them. With several core system files out of commission, the machine was rendered an expensive paperweight.

A McAfee representative in the US didn’t immediately respond to phone calls seeking comment. Friday is a holiday for many US employees in observance of Saturday’s Independence Day.

Based on anecdotes, the glitch appears to be caused when older VirusScan engines install DAT 5664, which McAfee seems to have pushed out in the past 24 hours. Affected systems then begin identifying a wide variety of legitimate – and frequently crucial – system files as malware. Files belonging to Microsoft Internet Explorer, drivers for Compaq computers, and even the McAfee-associated McScript.exe were being identified as a trojan called PWS!, according to the posts and interviews.”

Fix/solution: McAfee Support Forum

July 4, 2009 Posted by | Advisories, Alerts, Anti-Virus, Friends, Malware, Recommended External Security Related Links | , , , , , , , , , , | 1 Comment

Profound Malwarebytes’ (MBAM) Anti-Malware Scanner Review

Test organization: Softpedia | Ionut Ilascu, Editor, Software Reviews
Date: 2nd of June 2009
Version reviewed: Malwarebytes’ Anti-Malware 1.37

Program description

Malwarebytes’ Anti-Malware is a full-blown anti-malware program that can be considered the next step in the detection and removal of malware. It uses a new technology that was especially designed to quickly detect, deter and destroy any malware that could reside in your computer.


– Malware scanner
– Malware remover
– File unlocker
– Threat quarantine
– Quick and full system scan
– Ignore list
– Logging

The test results

The Good

Easy installation, fast scans, daily updates, detects what other security software misses, ease of use, light footprint on system resources and it can be used free of charge; these are the very attributes of Malwarebytes’ Anti-Malware.

The application can cohabit with other anti-malware products, thus adding another layer of defense against threats. Although there is a paid version that includes real-time protection, the free one does not prevent the user from removing the nasties.

The Bad

Its database contains signatures mostly for threats that evade most of the security products on the market, so it cannot yet be used as the only protection for the system.

The FileASSASSIN tool has not quite reached full maturity and has yet to learn to unlock files before removing them. In our testing Unlocker did a better job.

The interface should be improved aesthetically given the trends soon to be set by the upcoming Windows 7 and even the current Vista.

The Truth

One seldom meets an application that can do what others can’t. In our case Malwarebytes’ Anti-Malware proved that it could discover what others missed. It does not provide the most complete signature database and it may not protect against the largest pool of malware, but it works great as a “wingman” for the security app you decide to use. Thus is enforces better protection and keeps you safe from some of the less known threats on the market.

You can try it for free and scan the system from time to time using the quick option to scan for the most common types of malware. It won’t take long and system resources will be used responsibly.

Extended/full review: Softpedia

June 2, 2009 Posted by | Advisories, Anti-Spyware, Anti-Virus, Bundleware, Downloads, Friends, Malware, Phishing, Recommended External Security Related Links, Toolbarware | , , , , , , , , , | 1 Comment

AV-Comparatives Review IT Security Suites for Corporate Users, 2009

Review: IT Security Suites for Corporate Users, 2009
Test institution: AV-Comparatives
Last revision date: 2009-27-05

Following vendors participated in the review and tests:

Avira, Eset, G-Data, Kaspersky, Sophos, Symantec, TrustPoint.

AV-Comparatives / Reviews Main Page: >> click submenu Corporate Reviews *

* For copyright reasons, no direct clickable destination link provided

May 28, 2009 Posted by | Advisories, Anti-Spyware, Anti-Virus, Friends, Malware, Phishing, Recommended External Security Related Links | , , , , , , , , , , , , | Leave a comment

ESET is Smokey’s Security Weblog 2009 Hall of Shame Awardee

May 28, 2009

To me it is a pleasure to annouce that ESET, a company that develop software protection against computer security threats, is Smokey’s Security Weblog 2009 Hall of Shame Awardee.

The Hall of Shame Award is seldom granted, therefore all Awardees need our unlimited attention. Yesterday I already mentioned in short that ESET is Awarded, but till yet I hadn’t the time make an official announcement.

I will refrain the motivation to Award ESET;

– not reacting in an adequate way regarding Service Pack 2 Windows Vista and Windows Server 2008 issues, like system crashes and BSODs with ESET NOD32 V4.x Antivirus products, this after install of SP2.
– till today no fix available to solve the SP2 related occurances.
– condemnable lack of communication to their customers.
– an incredible attitude of arrogance and ignorance.

It is clear, that ESET really deserve this prestigious Award, my sincere congrats!


Update 2009-06-03: ESET removed from the Hall of Shame

With the same pleasure I announced that ESET is Smokey’s Security Weblog 2009 Hall of Shame Awardee, I can annouce that ESET is removed from this Hall.

Before I mention the reasons to remove ESET from the Hall of Shame (and that within such a short period!) I will refrain the purpose of  The Hall:

“The attentive reader of this blog will have noticed the existence of Smokey’s Security Weblog Hall of Shame Awards. Sole purpose of these Awards is, to improve users experiences and interests concerning all security related issues. Experiences that are many times not satisfying and even really disappointing: users are treated in a way that isn’t acceptable, e.g. by (government) instances and institutions, security vendors, aso aso. The list is long.The intention of our “Hall of Shame” is to achieve a change of mind in positive way and approvements in behavior and procedures by the Awardees. This all in such way that users interests are served well with it. Therefore the “stay” in the Hall of Shame isn’t by definition for always, all Awardees will have a fair opportunity to make approvements concerning points of critism and to show their good intentions to learn from mistakes made in the past. At the moment this all is accomplished in a satisfying way, the Awardee will be removed from The Hall. The removal will be announced in public, with motivation for the why. A fresh, clean “restart” and opportuntiy for the former Awardees so to speak. OTOH, Awardees that are not willing to learn or refuse cooperation will be marked with the label “bad” and stay forever in The Hall.”

Motivation to remove ESET from the Hall of Shame

Within an astonishing fast period (1 week!) after ESET was Hall Awardee, they corrected/fixed all issues that were reason to Award this vendor. To me it seem that the Service Pack 2 Windows Vista and Windows Server 2008 noise, present all around in the community, waked them up and forced them to improve fast. To be honest, they improved in a great way.

Congrats ESET!


May 28, 2009 Posted by | Anti-Virus, Friends, News, Recommended External Security Related Links | , , , , | 1 Comment

[UPDATED 2010-09-04] Warning: don’t use any ESET NOD32 V4.x Antivirus product together with Windows Vista SP2 or Windows Server 2008 SP2

The story: numerous ESET NOD32 V4.x Antivirus product customers reported severe problems after install of Service Pack 2 Windows Vista and Windows Server 2008. First reports showed up begin of May 2009, and at the moment I write this post these reports still continue. Embarrassing: the total lack of feedback from ESET regarding the issue. Like I today already wrote on DSLReports, looking at all the threads and posts in their own support forums regarding the severe Service Pack 2 related problems, like e.g.system crashes, BSODs aso, and the fact that (apparently) ESET refuse to communicate with their PAYING customers about the SP2 related occurances, it is evident that ESET will lose customers. Even worse, their name and products will be scratched. It is a pity because ESET have fine products.

Finally today an ESET employee made a short statement on their support forum, almost 1 month after the first reports were produced:

“An issue with ESET’s V4 software and Service Pack 2 for Microsoft Windows Vista and Windows 2008 has been identified and the developers are working on a solution for it. Currently, I do not have any information about when it will be available or what form it will take, but as soon as more information is available it will be provided.”

Again, 1 month after the first reports were produced. And, even more embarrassing, Service Pack 2 RTM for Windows Vista and Windows Server 2008 are released and ESET is not able to offer fixed software that will solve the severe problems related to Service Pack 2.

ESET, this is bad, really bad. You can’t treat your customers with such incredible arrogance and ignorance.

Considering all disgraceful facts, to me it is a pleasure to grant you the famous Smokey’s Security Weblog 2009 Hall of Shame Award.

My sincere congratulations with this valuable Award!


Update 2009-05-30, additional info provided by ESET

“Just to let you know, the web pages ESET posted on the matter have been revised, problem explanation and FAQ (Newsbulletin):

Provides workarounds (Knowledge Base article):

You may want to bookmark these web pages and check them periodically as they will be updated iwth additonal information as it becomes available.”

Update 2009-06-02: ESET patch available to solve the ESET NOD32 V4.x Antivirus products compatibility issues related to Service Pack 2 Windows Vista and Windows Server 2008

A spokesman of ESET just informed me they have a patch (an updated Anti-Stealth module, v1012, build date 20090526) ready to solve the ESET NOD32 V4.x Antivirus products compatibility issues related to Service Pack 2 Windows Vista and Windows Server 2008. According to ESET, right now it is still being tested but they are not aware of any issues or problems from users who have installed it on their Microsoft Windows Vista/Microsoft Windows 2008 systems with SP2 on them.

To obtain the patch, open the ESET user interface, press F5 to open the Advanced Settings window, select Update in the left pane, then Advanced Update Setup in the right pane and check Enable Test Mode at the bottom of the window.

The next time the client performs an virus signature database update, it will also download the updated Anti-Stealth module. If you are running ESET Smart Security, an updated Firewall module will also be downloaded for testing (it contains some other fixes and updates unrelated to the SP2 issue).

Update 2009-06-04: ESET Smart Security v4 and and ESET NOD32 Antivirus v4.0 compatibility update for Vista/Server 2008 SP2 – The fix has moved into production

Statement ESET

Testing of the new Anti-Stealth module to improve compatibility between ESET Smart Security and ESET NOD32 Antivirus v4.0 and Microsoft Windows Vista / Windows Server 2008 Service Pack 2 has successfully completed and distribution has begun. The updated module will be downloaded automatically when a virus signature database update occurs in ESET Smart Security and ESET NOD32 Antivirus.

After the update is downloaded, the entry for the Anti-Stealth module in the About window for ESET Smart Security and ESET NOD32 Antivirus v4 will appear as Anti-Stealth support module: 1012 (20090526). The update is also installed if your Anti-Stealth module has a newer version or release date.

If Anti-Stealth was disabled as a temporary workaround, re-enable it by opening the ESET Graphic User Interface, pressing the F5 key to open the Advanced Setup window, selecting Antivorus and Antispyware in the left navigation pane and enabling (checking) the Enable Anti-Stealth Technology option in the right pane.

Source: Wilders

2010-09-04: Post enlarged with information about a newly occurred severe NOD32 definition update(s) problem

From ESET NOD32 Support Forum on Wilders Security:

after update to v. 5418, you might have encountered a problem with any of the following symptoms:

– ekrn crashed
– system stopped responding
– administrators might have received threat notifications with a blank threat name field

The problem was discovered in update 5417 and exhibited after an update to a newer version. To protect our users, we stopped the update as soon as the problems were reported to us.

A newer update 5419, which fixes the problems, has just been released. Note that ekrn may crash once more during update to the latest version due to the problem present in the previous versions 5417/5418.

Update to v. 5419 and restart the computer. Ekrn.exe will start and function properly then.

Update to v. 5419 and run “net start ekrn” to start ekrn.exe after a crash.

Signed: Marcos, ESET Moderator

See also an ESET kb article about the issue:

May 26, 2009 Posted by | Advisories, Alerts, Downloads, Friends, News, Recommended External Security Related Links | , , , , , , , , , , , , , , , , , , , , , , , , , | 17 Comments

Reminder: Windows 7 Beta Build 7000 Ready to Be Killed Off on June 1, 2009

“On June 1, 2009, the PC you’re using to test the Beta Build 7000 will begin shutting down every two hours. Rebuild your test PC with a non-expired version of Windows 7, such as the RC or Windows Vista. This will be a clean installation, so be ready to reinstall your programs and data.

If you are running Windows 7 Beta Build 7000 you’ll need to back up your data (preferably on an external device) and then do a clean install of the Windows 7 Release Candidate. After installing Windows 7, you will need to reinstall applications and restore your files.

There’s another expiration date you need to keep in mind: Windows 7 RC will expire on June 1, 2010, and you’ll need to either upgrade to the final release of Windows 7 or a prior version of Windows before then.”

Source: Softpedia
32-bit and 64-bit Windows 7 (Release Candidate) RC Build 7100.0.090421-1700 is available for download here.

May 25, 2009 Posted by | Friends, News | , , , , , , | 1 Comment

Matousec’s New Moves to Recapture the label “Trustworthy”

The faithful reader of my blog will probably remember the critical article I wrote about Matousec and his Firewall Challenges, “Matousec’s Firewall Challenge wrinkle: conflict of interests?” and the honor I granted him to add his Challenges to “Smokey’s Security Weblog Hall of Shame”.

Matousec’s Firewall Challenges are continiuos subject of critism, not only be me but by many other people also. It was clear that Matousec was looking for ways to control reputation damage. We also remember well the possibilty of a re-test of vendors product by Matousec, of course after paying for such favor. In this way, a “bad” test could be curved into a “good” test.

Apparently Matousec is opinion to shut the mouth of criticasters by renaming past month his “Firewall Challenges” into “Proactive Security Challenges”. Almost at the same time he surprised us with the announcement that DIFINEX acquired Matousec.

I have my own ideas about DIFINEX and this sudden move of Matousec. According to Matousec, “DIFINEX is a new company with an interest in Internet projects and online services. DIFINEX focuses on creating, financing and covering projects with medium-sized and large Internet audience”. Matousec is always yelling about “Transparent security”. This is in contradiction with his mysterious explanation about DIFINEX. To earn the label “Trustworthy” it is a must to be open and honest about everything, not only tests and methodics but also about the people that finance these tests: DIFINEX. At the moment this is a Ghost Company.

To me it is obvious that Matousec’s recent moves confirm my negative feelings about him and his tests. More questions raised instead of satisfying previous ones. His tests wrinkle even more than before.

May 3, 2009 Posted by | Friends, News, Recommended External Security Related Links | , , , , , , , | 1 Comment

[UPDATED] Comodo Software Removed from Softpedia due to Adware/Spyware issues with CIS

Kudos to Softpedia! After reading their statement concerning Comodo Software, I can only tell Softpedia from this place: you have my full support. Pre-ticked boxes that will provide the user with crapware (adware/spyware) during the install of software is simply not done. It is sneeky behavior. Even worse, CIS – Comodo Internet Security install third-party software (SafeSurf), irrelevant to the main product’s functionality, without leaving room for option. Very indecent, especially because CIS is security software. This kind of software should protect the user, not to fool them with premeditation.

Softpedia article:

Stefan Fintea, Software News Editor
28th of April 2009

As all our regular users know, programs awarded by Softpedia with the 100% Clean and 100% Free awards have been thoroughly checked by our team of editors and passed several tests. Aside from the fact that all programs on Softpedia are scanned with world-renowned security products, all awarded programs are installed by our team and checked for any spyware or adware components.

We make sure the program doesn’t fall under any of the six cases mentioned on our adware definition page. Please be advised that this definition is our creation and has not been “borrowed” from an online or offline source. It was created by our team of specialists to ensure that it covers all cases that may result in the legitimate dissatisfaction of our users. Therefore, if we find adware in a program it will be listed accordingly, regardless of the license it’s listed under on the producer’s website.If the application has been found free of viruses/spyware and neither the installation process nor runtime experience reveal any unpleasant surprises, the program receives the 100% Clean award or, if it’s free for both personal and commercial use, the 100% Free award.A program will not receive any award (or even be published on Softpedia) if it’s impossible to successfully pass through all of the above steps. But if it is possible, as you can see, the rules are very strict and no exception will ever be made. If a program fails to pass the adware test, it will be immediately marked as Adware, regardless of its popularity, developer or current user rating on Softpedia.Now that we’ve cleared this up, you might be asking yourselves ‘OK, but what does this have to do with Comodo?” Well, if you had searched Softpedia for Comodo in the past week, you would have surely noticed that the company’s flagship programs were no longer listed on Softpedia.This was not our decision, of course, but let’s start with the beginning.On April, 15th, Softpedia received an official cease and desist letter from the Comodo legal team requesting us to “discontinue all references on Softpedia identifying CIS as adware” within seven days, because Comodo Internet Security is not adware.The first thing we did was, of course, to double-check the license, but, as we’ve tried explaining to the Comodo team, CIS is indeed adware.Why? Well, for starters, because the installer attempts to change both the browser’s homepage and search engine. As if that wasn’t a good enough reason, the setup also offers to install SafeSurf. Here’s what the official Comodo letter states: “SafeSurf is optional and does not display unsolicited advertisements on a user’s computer, nor does it hijack browser settings or perform search overriding or home page changing without the user’s consent.” Aside from the fact that SafeSurf is a component that the program (CIS) does not require to fully function, therefore it alone would be a good reason to mark CIS as adware, this utility also installs Ask Toolbar without asking for the user’s permission. This type of behavior is clearly not the one described in the Comodo email and could be easily classified as spyware (since adware would imply prior user consent).

Update: It was brought to our attention that users installing SafeSurf are informed in the utility’s EULA regarding the inclusion of software in their browser. Informing the user that third-party software irrelevant to the main product’s functionality will be installed without leaving room for option is not, by far, normal behavior. That would practically imply that producers can force users into installing any third-party software or changing their homepage or search engine and get away with it, because a notification was made in the EULA. Furthermore, the graphic provided in the setup window is clearly deceiving as it does not show the toolbar that is installed along SafeSurf.

Well said Softpedia, I have nothing to add.

Interesting read: “Current Practices of IAC/ Toolbars by Benjamin Edelman”

Softpedia invite you to provide their article with your opinion here.

Update, 3th of January 2009

This is interesting: by coincidence I noticed today that Softpedia removed their article regarding CIS (Comodo Internet Security) and also all comments on it. We can only guess for the why of this Softpedia trash action, but I don’t like this  suprising hide action at all…

I traced reactions of the Softpedia community on the trash action:

Interesting comment of one of these people, he wrote in bold so it seem he is not happy at all with the Softpedia ‘we-didn’t-wrote-anything-action’:

“Why did Softpedia remove all the pages, dedicated to this topic? I know that Comodo IS has been re-listed again on Softpedia, but all the articles ARE to be and should have been archived, but NOT simply deleted – the way Softpedia did.
Now I can’t comprehend whether the information and conclusions, issued by Softpedia’s staff can be trusted or, may be, that is a way of blackmailing software developers? I still don’t understand why all the articles with negative claims towards Comodo were removed from Softpedia. It’s abnormal – Softpedia has outraged our rights for information. Would be grateful for explanation from the Softpedia’s representatives.”

FWIW, a recent post on DSLR attented me again on the issue Comodo/Softpedia, thanks folks for waking me up!

Additional Update, 3th of January 2009

Here the opinion of loyal Comodo Trooper Endymion on the issue, posted May 06, 2009 in the Comodo forum:

“How nice for softpedia to withdraw some far-fetched claims. (ATM it should be still possible to read the previous revision form google cache before it will be wiped out.) Guess they still forgot to mention that there are other criteria for adware other than the ones which Softpedia Awards are based on and likewise that eventual FPs about legitimate toobars are usually corrected by many AV vendors.Nevertheless they made at least an attempt to remove some mistakes.”

and Comodo Chief Melih’s reaction on it:

“That was after our 2nd legal letter we sent this week!We asked them to remove all the statements that were defamatory. They seem to have a habit of changing stuff without explanation. Its very underhanded to change stuff and pretend that it didn’t exist and without explaining why they changed it.”

A certain darkwraith007 provide the Comodo community subsequent with his POV:

“[at] Comodo Devs:You have lost my respect. Be glad that your product comes without a monetary cost. I may still be needing to use it if only until Steve Gibson finishes his firewall (whenever that is) and it gets put to the test. Hopefully it’ll be free, but that’s doubtful.I can’t believe there’s so much back and forth between the meaning of this word and that word and so forth.PEOPLE DO NOT WANT THE ASK.COM TOOLBAR OR OTHER CHANGED BROWSER SETTINGS, DO YOU UNDERSTAND THAT?I hope you all can understand that and repair the reputation you have tarnished among your users. I miss the days of the Kerio Personal Firewall…now its a paid product. >_>If you respond to crticism of your product by sending legal letters, then perhaps I’m not wanted here.”

Stay tuned!

April 30, 2009 Posted by | Anti-Spyware, Anti-Virus, Bundleware, Downloads, Friends, Malware, News, Recommended External Security Related Links, Toolbarware | , , , , , , , , , , , | Leave a comment

PCMag Avira Premium Security Suite 9 Review: product “fair” rated

Here a resume of a recent PCMag Avira Premium Security Suite 9 Review, with a disappointing “fair” rating:

Bottom Line

Avira’s suite needs a complete makeover, starting with the UI. Testing revealed a serious bug in the on-demand malware removal scanner—a bug that can leave ordinary users unprotected. The spam filter, while accurate, slowed e-mail downloading to a huge degree.


Firewall successfully protects against hack attacks and exploits. Good accuracy in spam filter. Small impact on system performance. Strips malware from incoming Web and e-mail streams.


Malware protection is intrusive, complex. Serious bug in on-demand malware scan. WebGuard failed to block phishing sites. Spam filter slows e-mail downloading to an unacceptable extent. Rudimentary backup and parental control.

Read the full Review and make up your own mind: PCMag

April 9, 2009 Posted by | Advisories, Anti-Spyware, Friends, News, Recommended External Security Related Links, Vulnerabilities | , , , , | Leave a comment

Pirate Bay News Flash: planned to launch a secure paid VPN service

Published by ars techinca.

March 26, 2009

The Pirate Bay is planning to launch a paid VPN service for users looking to cover their tracks when torrenting. The new service will be called IPREDator, named after the Swedish Intellectual Property Rights Enforcement Directive (IPRED) that will go into effect in April. IPREDator is currently in private beta and is expected to go public next week for €5 per month.

IPREDator is clearly a response to the introduction of IPRED in Sweden, which will allow law enforcement and copyright holders to request the personal details of suspected infringers. The copyright holders will then be able to make direct contact with the accused users and presumably threaten them with lawsuits.

If users connect to The Pirate Bay through something like Tor or VPN, however, they’re less likely to be tracked. IPREDator’s website says that it won’t store any traffic data, as its entire goal is to help people stay anonymous on the web. Without any data to hand over, copyright owners won’t be able to find individuals to target.

Source/full article: ars technica

Update: Pirate Bay Torrents Spread Via Facebook

March 29, 2009

With the recent trial out of the way, it seems The Pirate Bay team have had more time for development of the site.

The team has recently rolled out a new feature which is almost guaranteed to spark controversy. Visitors to a torrent details page on the site will notice the addition of a brand new button labeled ‘Share on Facebook’.

Users clicking this button will be taken to the Facebook where the torrent will be added to the user’s profile. Anyone browsing the user’s profile page can simply click on the torrent and provided a torrent client is installed, download begins straightaway with no need to visit the Pirate Bay site.

The entertainment industries are obviously not amused by this new feature. A representative from the IFPI told the Swiss newspaper 20 Minuten that offering links to torrents that point to copyright works is illegal in Switzerland, while referring to the ShareReactor case .

Increasingly, social networking sites such as Facebook are used to share files with users linking to BitTorrent sites or file-hosters such as Rapidshare and Megaupload. Anti-piracy outfits see this as a new threat and request the site’s operators to remove the links.

Source/full article: TorrentFreak

Again an Update: Facebook Divorces Pirate Bay

April 08, 2009

Facebook is blocking Pirate Bay torrents from being shared on the popular social-networking site, a week after Pirate Bay unveiled a feature to allow Facebook users the ability to link torrents on their profiles.

Facebook spokesman Barry Schnitt told TorrentFreak on Wednesday that the social-networking site “respects copyrights and our Terms of Service prohibits placement of ‘Share on Facebook’ links on sites that contain any content that is infringing. Given the controversy surrounding The Pirate Bay and the pending lawsuit against them, we’ve reached out to The Pirate Bay and asked them to remove the ‘Share on Facebook’ links from their site. The Pirate Bay has not responded and so we have blocked their torrents from being shared on Facebook.”

The development came the same day that The Pirate Bay announced more than 100,000 users of the world’s most notorious BitTorrent tracker have signed up for its new $6-monthly anonymity service designed to hide IP addresses from the authorities.

Source/full article: WiredBlog

April 9, 2009 Posted by | Friends, News, Recommended External Security Related Links | , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Official Jetico Inc. Support Forums have new URLs

Like you have read here, I have migrated my board Smokey’s Security Forums to SMF – Simple Machines Forum baord software.

For technical reasons it wasn’t possible to use the URLs of the “old” board anymore, so all forums on my board have new ones.

– Index Smokey’s Security Forums:

– HijackThis & OTListIt2 Log Analysis and Malware Hunting, Removal & Cleaning (English language):,5.0.html and in German – Deutsch language:,205.0.html

Concerning the Official Jetico Inc. Support Forums please update these bookmarks also:

– Jetico Personal Firewall v2 Support Forum:,51.0.html
– Jetico Personal Firewall v2 Knowledge Base:,60.0.html
– Jetico Personal Firewall v2 Bug Reports:,63.0.html

– Jetico Personal Firewall v1 Support Forum:,52.0.html

– Jetico BestCrypt for Windows Support Forum:,70.0.html
– Jetico BestCrypt for Linux Support Forum:,152.0.html
– Jetico BCVE BestCrypt Volume Encryption Support Forum:,75.0.html

– Jetico BCArchive Support Forum:,73.0.html

– Jetico BCWipe for Windows Support Forum:,138.0.html
– Jetico BCWipe for UNIX Support Forum:,153.0.html

Support, Help and advice will only be provided to registered board members.
You are invited to register (for free) here.



April 7, 2009 Posted by | Advisories, Anti-Spyware, Anti-Virus, Bundleware, Downloads, Friends, News, Phishing, Recommended External Security Related Links, Toolbarware, Vulnerabilities | , , , , , , , , , , , , , , , | Leave a comment

Smokey’s Security Forums will migrate to SMF – Simple Machines Forum

News Flash regarding my board Smokey’s Security Forums:

within a couple of weeks, maybe even next weekend, I will migrate my current board/forum software phpBB3 to SMF – Simple Machines Forum software. Reasons are severe, phpBB3 don’t accomplish today’s demands anymore.

After testing all available board software, I decided to choose SMF. A highly sophisticated piece of software, armed for the future, secure and easy in maintenance. And, very important: fast!

My gratitude to Simple Machines LLC for offering this great software for free!

You will understand that migration is a serious and complicated job, therefore I can’t predict the time it will take. It will be somewhere between 12 hours and two days.

Important: for technical reasons it is not possible to keep the current board URL, after migration the board URL will change into:

Please update your bookmarks accordingly. Notice the “s” in forums!

Stay tuned, begin and progress of migration will be reported here.
During migration process my board will be offline.


Site Owner Smokey’s Security Forums

Migration Report

All times are UTC +1 hour

2009-04-03 / 04:00 PM: migration preparations started.
2009-04-03 / 05:30 PM: Board closed/migration started.
2009-04-03 / 06.10 PM: MySQL database preparations.
2009-04-03 / 07:05 PM: major problems appeared during convertion.
2009-04-03 / 07:55 PM: errors not repairable, starting from the scratch.
2009-04-03 / 09.20 PM: again major problems during convertion.
2009-04-03 / 10:20 PM: problems solved and board partial migrated.
2009-04-03 / 11:10 PM: board migrated.
2009-04-03 / 11:50 PM: necessary database modifications accomplished.
2009-04-04 / 00:25 AM: converting all URLs into SEF URLs.
2009-04-04 / 00:40 AM: building the search index.
2004-04-04 / 01:30 AM: time to go into bed, board migration will be continued ASAP.
2004-04-04 / 08:30 AM: adjusting board core settings.
2004-04-04 / 01:40 PM: applying all board and member settings/privileges.
2004-04-04 / 04:05 PM: creating sitemap.

2009-04-04 / 04:15 PM: board migration soon ready, stay tuned!

2009-04-04 / 06:00 PM: board re-opened and solving small bugs, welcome back to Smokey’s Security Forums!

Again, please update your bookmarks…..

March 30, 2009 Posted by | Friends, News, Recommended External Security Related Links | , , , , , | 3 Comments