Smokey's Security Weblog

veritas odium parit

Microsoft Security Bulletin MS13-008 – Out-Of-Band Critical Security Update for Internet Explorer (2799329)

Published: Monday, January 14, 2013 by Microsoft

Version: 1.0
General Information
Executive Summary

This security update resolves one publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 and Internet Explorer 10 are not affected. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by modifying the way that Internet Explorer handles objects in memory. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 2794220.

Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

Known Issues. None

Affected and Non-Affected Software: see the Security Bulletin.

Some Frequently Asked Questions (FAQ) Related to This Security Update, for all FAQ’s see the Security Bulletin.

Is this update, MS13-008, a cumulative security update for Internet Explorer?
No. This security update, MS13-008, only addresses the vulnerability described in this bulletin.

Do I need to install the last cumulative security update for Internet Explorer, MS12-077?
Yes. In all cases MS13-008 protects customers from the vulnerability discussed in this bulletin. However, customers who have not installed the latest cumulative security update for Internet Explorer may experience compatibility issues after installing the MS13-008 update.

Customers need to ensure that the latest cumulative security update for Internet Explorer, MS12-077, is installed to avoid compatibility issues.

If I applied the automated Microsoft Fix it solution for Internet Explorer in Microsoft Security Advisory 2794220, do I need to undo the workaround before applying this update?
Customers who implemented the Microsoft Fix it solution, “MSHTML Shim Workaround,” in Microsoft Security Advisory 2794220, do not need to undo the Microsoft Fix it solution before applying this update.

However, since the workaround is no longer needed, customers may wish to undo the workaround after installing this update. See the vulnerability workarounds in this bulletin for more information on how to undo this workaround.

Where are the file information details?
Refer to the reference tables in the Security Update Deployment section for the location of the file information details.

Where are the hashes of the security updates?
The SHA1 and SHA2 hashes of the security updates can be used to verify the authenticity of downloaded security update packages. For the hash information pertaining to this update, see Microsoft Knowledge Base Article 2799329.

How are Server Core installations affected by the vulnerability addressed in this bulletin?
The vulnerability addressed by this update does not affect supported editions of Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 as indicated in the Non-Affected Software table, when installed using the Server Core installation option.


The information provided in the Microsoft Knowledge Base is provided “as is” without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.


January 14, 2013 Posted by | Advisories, Alerts, Downloads, Vulnerabilities | , , , , , , , , , | Leave a comment

Microsoft Advance Notification for Out-Of-Band Security Update to Address Security Advisory 2794220

Microsoft Security Response Center – MSRCTeam | 13 Jan 2013 3:00 PM

Today, we are providing Advance Notification to customers that at approximately 10 a.m. PST on Monday, January 14, 2013, we will release an out-of-band security update to fully address the issue described in Security Advisory 2794220. While we have still seen only a limited number of customers affected by the issue, the potential exists that more customers could be affected in the future. The bulletin has a severity rating of Critical, and it addresses CVE-2012-4792. Internet Explorer 9-10 are not affected by this issue and as always, we encourage customers to upgrade to the latest browser version.

We recommend that you install this update as soon as it is available. This update for Internet Explorer 6-8 will be made available through Windows Update and our other standard distribution channels. If you have automatic updates enabled on your PC, you won’t need to take any action. If you applied the Fix it released in Security Advisory 2794220, you won’t need to uninstall it before applying the security update.

January 14, 2013 Posted by | Advisories, Alerts, Vulnerabilities | , , , , , , , | Leave a comment

Extremely critical vulnerability Samsung Android Exynos4 based devices [CONFIRMED]

ExynosAbuse Exploit: obtaining root on Exynos4 based Samsung Android devices without ODIN flashing, malicious apps will be able to gain total control over the device by gaining root without asking and without any permissions on a vulnerable device.

Source: XDA Developers (alephzain, Chainfire)

– alephzain:
– Chainfire:

Samsung solution status: unfixed

Vulnerable devices:

– Samsung Galaxy S2 GT-I9100

– Samsung Galaxy S3 GT-I9300
– Samsung Galaxy S3 LTE GT-I9305

– Samsung Galaxy Note GT-N7000

– Samsung Galaxy Note 2 GT-N7100
– Samsung Galaxy Note 2 LTE GT-N7105
– AT&T Galaxy Note 2 SGH-I317
– Verizon Galaxy Note 2 SCH-I605

– Samsung Galaxy Tab Plus GT-P6210

– Samsung Galaxy Note 10.1 GT-N8000, GT-N8010, GT-N8013, GT-N8020

Note: Google Nexus 10 not vulnerable, Exynos5.

Temporary patch (provided by Chainfire):

Note: Chainfire requested not to redistribute the patch, instead please link to

Update Dec 20 2012

Android Central | Dec 19 2012

Official Samsung Statement Exynos kernel vulnerability issue (in full)

“Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible.

The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications.

Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices”

Third-party fixes

I will only mention Chainfire’s fix. It’s the only one that is secure. Both Supercurio’s and RyanZA’s method leave you with easily exploitable holes any serious malware author will abuse.

About Chainfire’s fix

Chainfire: “This is an APK that uses the ExynosAbuse exploit (by alephzain) to be able to do various things on your Exynos4 based device.

Features for non-rooters:
– Securely patch the exploit

Features for rooters:
– Root the device (SuperSU v0.99)
– Enable/disable the exploit at will
– Enable/disable patching the exploit at boot
– Unroot and cleanup (optionally leaving the exploit patch at boot in place)

Please note that patching the exploit may break camera functionality, depending on device and firmware. Also note that if use the patch method without rooting, or keep patching the exploit at boot enabled when unrooting, you need an alternate method to re-root the device to disable this feature (like CF-Auto-Root) – you cannot use ExynosAbuse to do this since it patched the exploit. Unlike other patch authors, I do not believe in keeping an invisible rooted process running in the background while pretending you aren’t rooted, to be able to unpatch this way.

While the exploit patches work (aside from possibly disabling your camera), these are more work-around than actual fixes. A proper patch would be a kernel fix, either from a third party or Samsung themselves”

Download the fix here:

Note: please do not redistribute the fix!

December 17, 2012 Posted by | Advisories, Alerts, Anti-Virus, Malware, News, Vulnerabilities | , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

New major version of avast! Mobile Security / Anti-Theft released, v2 in development stage

As you probably will remember, December 2011 I posted a review concerning avast! Mobile Security (AMS) for Android phones, my verdict was (and still is): an excellent Security Suite, also very reliable and provided with a top-notch Anti-Theft module. For reason of the outstanding good test results AMS gained the Smokey’s 2011/2012 Choice Award, this Award will only be granted to the best among the best.

This week avast! company informed me that a new major version of the suite was released, v2, and this new version is in beta stage. They told me also that current stable v1 of the suite wasn’t updated since April 2012 for reason of development v2.

Like I told v2 is still beta but the new features sound very promising and will make the product even better, in this way protecting the user in a more solid way and providing him with additional useful features, time to provide you with a fast survey of v2 beta.

According to avast! company new features are:

* avast! Anti-Theft web portal integrated into the avast! Account
* Network Meter
* avast! widget
* Optimized UI for tablets
* Real-time protection (on-exec scanning) of apps
* Custom rules and log in the firewall
* The shield control UI to fine-tune on-access security setup
* avast! SiteCorrect for the Web Shield
* Scanning of incoming messages
* SMS/Call filter wildcards
* Greyscale notification icon

Adding all these new features to avast!’s already superb security suite will make it (again) the best security suite for android phones there is, and will put it again on top of all available suites. V2 beta avast! Mobile Security and avast! Anti-Theft are downloadable on avast! Forum, keep in mind that (like with all beta’s) use will be on your own risk. If you have the intention to download and install the beta please read the beta support thread before installing, in this way knowing what problems you can expect and current development stage of the beta.

To me it’s not clear v2 final will remain free, at the moment pricing info isn’t available.

System Requirements v2 beta avast! Mobile Security

Operating Systems Supported:

– Android 2.1.x
– Android 2.2.x
– Android 2.3.x
– Android 3.x
– Android 4.0.x
– Experimental support for Android 4.1.x


– Review v1 avast! Mobile Security for Android phones:
– About the Smokey’s Choice Awards:
– Downloadlinks v2 beta avast! Mobile Security and avast! Anti-Theft / v2 beta Support Forum:

August 11, 2012 Posted by | Anti-Spyware, Anti-Virus, Downloads, Malware, Phishing, Toolbarware, Uncategorized | , , , , , , , , , | 1 Comment

Webroot SecureAnywhere…. just an over-Inflated Bubble?

Isn’t it amazing how at once there is a superb anti-virus, smashing all competitors, established vendors included? The Anti-Virus Holy Grail so to speak, doing a fantastic job of keeping customers PC’s free of malware, this in contradiction of these competitors? At the same time an AV with great support, prepared to listen to customers and helping them in an adequate way, and also being realistic when it regards shortcomings (however see this as a joke… an AV Holy Grail that doesn’t have any shortcomings).

Don’t look any further, don’t try any other anti-virus…. but be smart and buy NOW the 2012 Super AV: Webroot SecureAnywhere.
Competitors are selling crap,anyway, this is Webroot’s opinion, so don’t hesitate and only be satisfied with the Best of the Best: WSA (Webroot SecureAnywhere).

Of course it is true what they say about other AV vendors, please don’t call this bashing, it’s just business, okay?! Yells like “Takes up 96% less space than Kaspersky”, “Uses 97% less memory than McAfee”, “Scans more than 3x faster than Kaspersky”, “Takes up 99% less space than McAfee”, “Uses 92% less memory than Norton”, “Installs 131x faster than McAfee”, “Scans nearly 4 times faster than Norton”. The Webroot website is overwhelmed with such yells, there is hardly room left to tell the customer some (true) facts about WSA. Personally I really like this Webroot yell: “Webroot vs.Symantec is like David vs. Goliath. Only this David has a much faster, lighter, easier-to-manage slingshot”. This all is dramatic pure for sure, a climax that can’t be beaten by anyone.

I can hardly imagine that there are people believing the Webroot PR yells, after all yelling is Webroot’s trademark. OTOH they are true masters of it…. hence making it very convincing.

It starts at the very bottom with a Webroot Support Forum Helper, a PR expert on his own and also a master in repeating what Webroot employees are saying, then continues with Webroot Support/Quality Assurance Staff yelling to customers they must believe whatever the helper say, (after all, customers are stupid and clearly show their stupidity!!), subsequently we then have Webroot Support Team Staff yelling what a great product WSA is…. and finally we have the Webroot website and Support Forums, the absolute Masters of the Yell.

I admit that WSA is really small in size and fast just like WSA yells at us, however there is also a downside: it does not have the (high) detection rates that several other AV’s have. This is not just a yell from me, AV Testing Organization AV-Comparatives proved it very well: in their Protection-Test March-June 2012 AV Webroot SecureAnywhere 2012 gained the lowest protection rate of just a very disappointing 90,9%. In the test participated by 21 AV vendors/products WSA reached rank 21., also an AV Testing Organisation, have tested WSA too. Talking again about detection rates, products like e.g. AVG’s Anti-Virus Free Edition 2012, AVG’s Internet Security 2012, BitDefenders Internet Security 2012, BullGuard’s Internet Security 12.0, F-Secure’s Internet Security 2012, G Data’s Internet Security 2012 and Kaspersky’s Internet Security 2012 were scoring better than WSA.

There is also issues false positives:

WSA gained the worst score according to AV-Comparatives False-Alarm-Test March 2012. We all know that false positives can really hurt your PC so FP’s can be dangerous just like malware is. When I have to choose between speed/used space and malware detection rates/amount FP’s ….I will choose the latter for sure.

Like I admitted before, WSA is really fast….. but regrettably not when regarding a full scan on demand, for example. Despite following Webroot’s promise: “After initial scan, full system scans typically take two minutes or less”. What Webroot don’t tell us is that a full scan will factually take hours. Furthermore, in my opinion they shouldn’t offer a ‘Full scan’ possibility at all to the customer if they are opinion it’s an unnecessary tool. After all their official POV is:

An actual full scan of the computer will both take hours in most cases and is also completely unnecessary for protecting the computer with WSA.

I clearly see here snake oil tactic of Webroot, with the aim to retain the claim of whopping fast scanning and at the same time putting other anti-virus vendors in a bad spotlight.

Webroot Inc. is also a damned well organised merchandising machine…. That they are heavily promoting their products on the Webroot (Prevx) support forums is fine, nothing wrong with that. The trick is to do the same on other forums without being provided with the spam label.

So how does the trick work? Almost every forum thread where a malware issue is discussed or advice is asked for on what AV to use…. will be provided with an urgent encouragement to use WSA. Surprisingly it’s almost always a Webroot Support Forum Helper encouraging the thread reader to do so. Final touch is then given by Webroot Support Team, praising the Webroot Support Forum Helper for his great advice and again encouraging the reader to use WSA. Finally the thread will end with a survey of where to obtain WSA good deals, the survey will be mostly offered by an anonymous user. I call this ordinary spam.
Common exception: if the thread is going ‘wrong direction’, Webroot Support Team is clever and don’t show up at all, instead the WSA Support Forum Helper will starting a tirade to the messenger of the ‘bad news’ and maintain the tactic to shoot the messenger by calling him e.g. a troll. This kind of ‘support’ can hardly be called decent and customer-orientated.


I don’t say Webroot SecureAnyWhere is a bad product, but it need much improvement.
I don’t say PR is condemnable, I just don’t like Webroot’s business practices.


I don’t like the way they provide support.
I don’t like the way the customer is treated.
I don’t like it when a product with very bad detection rates and lots of false positives is praised into AV heaven, please keep in mind there are better AV’s.
Last but not least, I don’t like spam.

July 22, 2012 Posted by | Anti-Spyware, Anti-Virus, Malware, Phishing | , , , , , , , , , | Leave a comment

Emergency Bulletin – Out-Of-Band Patch: Microsoft Security Advisory (2718704)

Microsoft Security Advisory (2718704)
Unauthorized Digital Certificates Could Allow Spoofing

Published: Sunday, June 03, 2012

Version: 1.0

General Information

Executive Summary

Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.

Microsoft is providing an update for all supported releases of Microsoft Windows. The update revokes the trust of the following intermediate CA certificates:

  • Microsoft Enforced Licensing Intermediate PCA (2 certificates)
  • Microsoft Enforced Licensing Registration Authority CA (SHA1)

Affected Software and Devices

This advisory discusses the following affected software and devices:

Operating System

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Server Core installation option

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Affected Devices

Windows Mobile 6.x
Windows Phone 7
Windows Phone 7.5


For supported releases of Microsoft Windows, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. For more information, see the Suggested Actions section of this advisory. For affected devices, no update is available at this time.

TechNet Blogs > MSRC > Microsoft releases Security Advisory 2718704

We recently became aware of a complex piece of targeted malware known as “Flame” and immediately began examining the issue. As many reports assert, Flame has been used in highly sophisticated and targeted attacks and, as a result, the vast majority of customers are not at risk. Additionally, most antivirus products will detect and remove this malware. That said, our investigation has discovered some techniques used by this malware that could also be leveraged by less sophisticated attackers to launch more widespread attacks. Therefore, to help protect both targeted customers and those that may be at risk in the future, we are sharing our discoveries and taking steps to mitigate the risk to customers.

We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft.

We are taking several steps to remove this risk:

• First, today we released a Security Advisory outlining steps our customers can take to block software signed by these unauthorized certificates.

• Second, we released an update that automatically takes this step for our customers.

• Third, the Terminal Server Licensing Service no longer issues certificates that allow code to be signed.

These actions will help ensure that any malware components that might have been produced by attackers using this method no longer have the ability to appear as if they were produced by Microsoft.

We continue to investigate this issue and will take any appropriate actions to help protect customers. For more information, please refer back to this site and check with your anti-malware vendor for detection support.

Mike Reavey
Senior Director, MSRC

June 4, 2012 Posted by | Advisories, Alerts, Malware, Vulnerabilities | , , , , , , , , , , , , , | Leave a comment

Smokey’s Security & Anti-Malware Software Updates Survey Forum Entirely Revamped

I’m pleased to announce that the Security & Anti-Malware Software Updates Survey Forum on Smokey’s Security Forums is entirely revamped. As you know, a safe surfing experience will only be possible when all (security)software on your box will be up-to-date, the Smokey’s Security & Anti-Malware Software Updates Survey Forum provides you with the possibility to stay current and to avoid outdated software.

The forum is rebuild from the scratch, all Security/Anti-Malware software is sorted now into alphabetical order and up-to-date. Additional features are sorting software by Category/Tag and to stay current by way of subscribing to the Security & Anti-Malware Update Topics.

The revamped Software Updates Survey Forum is entirely designed by Smokey’s new Team Leader of that forum: Creer. He invested lots of time in the design, I’m grateful for all his hard design work and continuous efforts to keep the forum up-to-date.

Like before, in case you need (of course free!) malware removal help please don’t hesitate to visit our Malware Analysis & Removal Help and Support Forum, fully trained/graduated/qualified malware removal staff will be pleased to clean your box/removing malware.

February 12, 2012 Posted by | Uncategorized | , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Last letter to Donna Buenaventura

Dearest Donna,

that’s no way to say goodbye, you incredibly shocked your husband, your family and me too. You leaved us so sudden, we had not the opportunity to say goodbye, we all are feeling deep sadness and desperation.

Dearest Donna,

many people are telling you are now in a much better place, but I don’t think you are. Your place is here on earth so we can still touch and reach you. You passed away and only leave memories, we are not able to accept.

Dearest Donna,

I remember so well the first time I met you, and the time that followed. You were caring for me in an unforgettable way, like you did with so many people. It was you showing me what a real, sincere friendship means, you was always there when I needed you. I owe you so much and will never be able anymore to make it up.

Dearest Donna,

you were such a wise and warmhearted woman, spending almost all of your available time to help others, it will be very tough to accept you are not here anymore to show us the right directions.

Dearest Donna,

I don’t say farewell because I know that some day I will meet you again, it’s my only consolation.


Rest in peace sweetie.


With Love,


February 11, 2012 Posted by | Uncategorized | , , , , , | Leave a comment

About the Smokey’s Choice Awards

Smokey's 2011-2012 Award

Like the Smokey’s Security Weblog Hall of Shame Awards, the Smokey’s Choice Award has the sole purpose to improve users experiences and interests. Where the intention of our “Hall of Shame” is to achieve a change of mind in positive way and improvements in behavior and procedures by the Awardees, the Smokey’s Choice Award will be granted to security (related) products that has proven to be the very best quality software available on the market. Issue ‘real security’ and ‘serious improvement’ should have highest attention of security vendors, this all in customer’s interest. The  Smokey’s Choice Award is our acknowledgement of products of outstanding quality and effectiveness, in this way we honor exceptionally well software development by some vendors which results in such top-notch products no matter it concerns free software or paid products.

All Smokey’s Choice Awarded software is thoroughly tested/reviewed, in the decision to provide a product with the Award we also include a judgment concerning the price of the software compared with the competition and what will be offered for the price. Only when we are fully convinced about quality, effectiveness and price / performance, a product will be granted the Smokey’s Choice Award. Hence we highly recommend all software provided with the Award.

Currently following products are provided with the Smokey’s Choice Award:

– avast! Mobile Security Android (recent test/review here)
– F-Secure Internet Security 2012
– MBAM – Malwarebytes Anti-Malware
– Symantec Norton Internet Security 2012
– VIPRE Internet Security 2012
– WinPatrol ‘Scotty’

Again our congratulations to all Awarded vendors!


December 30, 2011 Posted by | Anti-Spyware, Anti-Virus, Norton Internet Security | , , , , , , , , , , , , , , , | 1 Comment

Review avast! Mobile Security for Android phones


Testing period: 2011-12-10 / 2011-12-24
Phone: Samsung Galaxy S Plus (SGS+) non-rooted and rooted
OS: Android Gingerbread 2.3.5


Avast! Mobile Security for Android phones is an full featured Anti-virus and Anti-Theft security application for Android phones. It can protect your phone against malicious apps, hackers, infected-URLs and thieves.

Operating Systems Supported

Android 2.1.x
Android 2.2.x
Android 2.3.x

Hardware Requirements

Any phone capable of running a supported system.

Security Features

Antivirus: Performs on-demand scans of all installed apps and memory card content, as well as on-access scans of apps upon first execution. Options for scheduling scans, virus definition updates, uninstalling apps, deleting files, or reporting a false-positive to our virus lab.

Privacy Report: Scans and displays (grid) access rights and intents of installed apps, identifying potential privacy risks, so you know how much info you are really providing to each app.

SMS/Call Filtering: Filter calls and/or messages from contact list using set parameters based on day(s) of the week, start time, and end time. Blocked calls redirect to voicemail, while blocked messages are stored via filter log. Also possible to block outgoing calls.

App Manager: Similar to Windows Task Manager, it shows a list of running apps and their size (MB), CPU load, used memory, and number of threads and services – with an option to stop or uninstall.

Web Shield: Part of the avast! WebRep cloud, the avast! Web Shield for Android scans each URL that loads and warns you if the browser loads a malware-infected URL.

Firewall: Add a firewall to stop hackers. Disable an app’s internet access when on WiFi and 3G and roaming mobile networks. (Works only on rooted phones.)

avast! Anti-Theft Module Features

App Disguiser: After downloading avast! Anti-Theft, user can choose a custom name that disguises the app (e.g. call it “Pinocchio game”) so that it is even harder for thieves to find and remove.

Stealth Mode: Once anti-theft is enabled, the app icon is hidden in the app tray, leaving no audio or other trace on the target phone – the app is ‘invisible’, making it difficult for thieves to detect or remove.

Self-Protection: Extremely difficult for thieves to remove (especially on rooted phones), Anti-Theft protects itself from uninstall by disguising its components with various self-preservation techniques. On rooted phones it is able to survive hard-resets and can even disable the phone’s USB port.

Battery Save: Anti-Theft only launches itself and runs when it needs to perform tasks. This preserves battery life and makes it very difficult for thieves to shut it down.

SIM-Card-Change Notification: If stolen and a different (unauthorized) SIM card inserted, the phone can lock, activate siren, and send you notification (to remote device) of the phone’s new number and geo-location.

Trusted SIM Cards List: Establish a ‘white list’ of approved SIM cards that can be used in the phone without triggering a theft alert. You can also easily clear the trusted SIM cards list, to leave the one present in the phone as the only trusted one.

Remote Settings Change: A setup wizard guides the user through the installation process on rooted phones by either writing directly or by generating an update file. No command-line knowledge is necessary to install Anti-Theft rooted. Also supports upgrading the app.

Anti-Theft SMS Remote Features

Remote Siren: Option to sound a loud siren, which returns always to maximum volume if thieves try to silence. This siren sound can also be customized (e.g. record own siren sound or select siren sound from file).

Remote Lock: To protect your data, phone can be locked remotely and then cannot be accessed again without entering the password specified by the user.

Lock Phone Settings Access: Enables remote locking of the phone’s App Manager and/or phone settings.

Remote Display: Remotely send a customized message to locked or non-locked phone display (e.g. with a reward for its return).

Remote Locate: Remotely locate phone via GPS, WiFi, or mobile network – for maximum accuracy. Can locate either once or continuously (GPS can be auto-enabled on all rooted phones or non-rooted phones from Android 1.6 to 2.2).

Remote Memory Wipe: Remotely trigger a full, permanent wipe of all phone data (e.g. contacts, call log, SMS/MMS, browser history, apps, email accounts), including reliable, physical wipe of all memory cards from Android 2.2 on (limited functionality on older versions).

Remote Calling: Remotely have the phone call you elsewhere with screen blackened, so that thieves cannot see it. This way you can listen to the phone’s surroundings.

Remote Forwarding: Remotely activate/deactivate option to forward or copy call data and/or SMS messages to another device. Call data goes to remote device, but not the call itself. SMS messages, however, are forwarded in their entirety (“CC” copies also to original device).

Remote “Lost” Notification: Remotely send a “Lost” command to trigger same actions as SIM card change (e.g. phone lock, siren, or USB lock). “Found” command deactivates “Lost” command.

Remote SMS Sending: Remotely trigger phone to send an SMS to another phone. That way, if you forget the phone somewhere, you can reply nonetheless to incoming calls or SMS messages.

Remote History: Query the call log, contacts, and SMS messages remotely (with each forwarded as a separate SMS message, but able to be filtered).

Remote Restart: Reboot the phone by SMS command, which will lock the phone by asking for the SIM’s PIN code. (Works only on rooted phones.)

Low Battery Notification: Phone is able to send low battery notification to a secondary device.

Remote Settings Change: All of the Anti-Theft settings can be changed remotely.


To receive full protection by the app your phone should be rooted: the build-in firewall only works with rooted phones, and the Anti-Theft module will only be hard reset proof also on a rooted phone. We all know the discussions why to root and why not, personally I will not advise anybody to do such. It will weaken your phone’s build-in security mechanism, violates the warranty and there is also the risk of bricking the device.

Personally I’m also opinion that serious (security orientated) companies like avast! shouldn’t suggest/advise their customers to root their device, regrettably avast! factually does. OTOH the application will only be able to show it’s full potential on a rooted phone, keep in mind that a mobile OS has it’s limitations hence a security program can  only protect the customer in the best imaginable way when the phone is rooted. Summarizing there’s a contradiction that can’t be solved in a satisfying way.

Before installing the app please consider the cons and pros of rooting, these are mentioned before. Consider also that the app (of course) also can be installed on non-rooted devices but such will limit the possibilities of the app. If your phone is already rooted there is nothing to consider, install the app and enjoy it’s great possibilities and very good protection against malware, hackers, infected URLs and thieves.


Is straight forward, download/install the app from Android Market. After installing you are able to download/install the Ant-Theft module. During install the app will request several times Superuser permissions, please grant all these requests. Anti-Theft module will also demand to allow downloading from unknown sources, you must enable this option in your phone. Don’t worry about all mentioned/demanded settings, during install the app and Anti-Theft module will do all the necessary concerning phone settings and permissions, just grant all requests and you have nothing to care about at all.

The Menu’s

Are clear, structure is well organized and leaves no room for misunderstandings. Main menu of the Mobile Security suite contains chapters Virus Scanner, Privacy Adviser, Application Management, Web Shield, SMS and Call Filter, Firewall, and finally access to the Anti-Theft module. At the moment you access this module for the first time setup is peace of cake, the module will point out demanded settings, after completing you are done.

Anti-Theft module

Is the best part of the Security suite, and highly sophisticated. It can lock and send notification to remote device of the phone’s new number and geo-location when there’s a SIM-Card change. App Disguiser and Stealth Mode to make the module invisible to thieves. Remotely phone control by sending SMS commands, the list of possible commands is huge. They can lock the device, erase content, activating a siren, aso aso, to much to mention. An automatic weekly check of the module is possible, the check can also be done manually. An issue of criticism: avast! should offer (e.g. on their site) a survey of all possible remote SMS commands, at the moment such is not available.

Malware Detection Rates

Around 79% (PCSL Mobility Security Product Test and Certificate For Android April 2012). Anti-virus can be updated automatically or manually.

Device Battery Impact

No notable battery impact: very low power consumption.


Free. Despite the fact the Suited passed beta stage and is now Final, accordingly to the vendor they currently don’t plan to charge customers for it at all. It’s amazing this free product provides several useful and important features not offered by similar products of the competition, paid products included.


The Security Suite works flawlessly on my non-rooted as well rooted smartphone (SGS+), nevertheless the verdict must be separated into two parts: one part concerning the software installed on non-rooted phones, the other part on rooted devices.

Part 1: non-rooted phones.

On an ascendent rating scale of 1 to 5 I rate it with a 4. Reasons: no firewall, and Anti-Theft module not exercising it’s full potential (anti-theft hard reset protection). Hence on non-rooted phones I partially recommend avast! Mobile Security for Android, nevertheless the app offers decent protection.

Part 2: rooted devices.

On an ascendent rating scale of 1 to 5, I rate it with a 4,5.  An excellent Security Suite with tons of possibilities, everything is working just fine. An also very reliable Suite with a top-notch Anti-Theft module. I can recommend this Suite unconditionally to everybody with an already rooted Android device, despite the moderate malware detection rates to me it’s without any doubt the Best Android Security Suite there is. The overall exceptional good impression of the software on rooted phones and results of my tests is reason to provide avast! Mobile Security for Android phones on rooted phones with the  Smokey’s 2011/2012 Choice Award.


– at the moment no web interface, vendor informed me this will change in the beginning of 2012.


– avast! Mobile Security on Google play:
– avast! Anti-Theft SMS commands overview:
– avast! Mobile Security vendor site:
– avast! Support Forum:
– PCSL Mobility Security Product Test and Certificate For Android April 2012:

QR code Google play Avast! Mobile Security:

QR code avast! Anti-Theft SMS commands overview:


2011-12-25: review supplemented.
2011-12-26: recommendations added.
2011-12-28: app beta status removed because in the meanwhile the Suite is now Final.
2011-12-28: vendor contacted me to discuss parts of the review. Vendor had some valid points hence I adjusted the review concerning these points. This is also the reason I adjusted the rating for the Suite on non-roooted phones: was a 3 on a rating scale from 1 -5, is now a 4.
2011-12-30: link to Anti-Theft SMS commands overview added.
2012-03-11: QR codes added.
2012-30-04: applied Malware Detection Rates from PCSL Mobility Security Product Test and Certificate for Android April 2012.
2012-05-01: Malware Detection Rates from PCSL Mobility Security Product Test and Certificate For Android April 2012 are reason to adjust the score for rooted devices, was a 5, is now a 4,5

2012-08-11: New major version avast! Mobile Security / Anti-Theft released, v2 in development stage:

– o – o – o – o – o – o – o – o – o – o – o – o – o – o – o – o – o – o – o – o – o – o –

Smokey's 2011-2012 Award
Note: Awarded is avast! Mobile Security for Android on *rooted* phones
Despite the Award I don’t encourage nor recommend to root phones

December 24, 2011 Posted by | Anti-Spyware, Phishing | , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Smokey’s Security Forums will drop support for IE6 starting 2012-01-01

Internet Explorer 6 was released on August 27, 2001 so the browser is now 10 years old. Despite numerous campaigns to dissuade further use of IE6, 9% of the world is still using IE6 as browser.

The web has changed significantly over the past 10 years, regrettably IE6 not. It can’t handle new web technologies and is highly insecure. Besides, performance is really bad and there are also severe rendering issues.

It’s obvious that most of IE6 (corporate) users and IT Organizations aren’t interested at all to upgrade to a modern browser like IE8/IE9 or to use e.g. Opera 11, Firefox 7 or Chrome 15 browser instead. I know their argumentation to well however I can’t take it seriously anymore. Especially not because IE6 is End of Life (EOL) and the problems with the browser are on the rise.

Considering the never ending argumentation as well all con’s to use an outdated, insecure IE6 instead of a modern and safe browser, Smokey’s Security Forums will drop support for IE6 and will take the ultimate consequence by DENYING SITE ACCESS TO IE6 USERS STARTING 2012-01-01.


Owner Smokey’s Security Forums

October 30, 2011 Posted by | News | , , , , , , | Leave a comment

Breaking News: former Libyan leader Moammar Kadafi killed in Sirte, Libya

Sirte, Libya, October 20, 2011

According to the Libyan National Transitional Council (NTC), today former Libyan dictator Moammar Kadafi succumbed to gunshot wounds in his head and his legs. After his capture in Sirte, Libya, he was in critical condition carried off with an ambulance.

Kadafi was in a convoy trying to flee Sirte. NATO would have bombard the convoy. The death of the former dictator was confirmed by the Libyan top official Abdelmajid of the National Transitional Council.

U.S. President Barack Obama’s statement on Kadafi’s death:

“Today, the government of Libya announced the death of Moammar Gadhafi. This marks the end of a long and painful chapter for the people of Libya, who now have the opportunity to determine their own destiny and a new and democratic Libya. For four decades, the Gadhafi regime ruled the Libyan people with an iron fist. Basic human rights were denied, innocent civilians were detained, beaten and killed, Libya’s wealth was squandered. The enormous potential of the Libyan people was held back, and terror was used as a political weapon,. Today we can definitively say that the Gadhafi regime has come to an end. The last major regime strongholds have fallen. A new government is consolidating control over the country. One of the world’s longest serving dictators is no more.

“One year ago, the notion of a free Libya seemed impossible, but then the Libyan people rose up and demanded their rights. And when Gadhafi and his forces started going city to city, town by town to brutalize men, women and children, the world refused to stand idly by. Faced with the potential of mass atrocities and a call for help from the Libyan people, the United States and our friends and allies, stopped Gadhafi’s forces in their tracks. A coalition that included the United States, NATO and Arab nations persevered through the summer to protect Libyan civilians. Meanwhile, the courageous Libyan people fought for their own future and broke the back of the regime.

“This is a momentous day in the history of Libya. The dark shadow of tyranny has been lifted, and with this enormous promise, the Libyan people now have a great responsibility: to build an inclusive, tolerant and democratic Libya that stands as the ultimate rebuke to Gadhafi’s dictatorship. We look forward to the announcement of the
Country’s liberation, a quick formation of an interim government, and a stable transition to Libya’s first free and fair election. And we call on our Libyan friends to continue to work with the international community to secure dangerous materials and to respect the rights of all Libyans, including those who’ve been detained.

“We are under no illusions. Libya will travel a long and winding road to full democracy. There will be difficult days ahead. But the United States, together with the international community, is committed to the Libyan people. You have won your revolution. Now we will be a partner as you forge a future that provides dignity, freedom and opportunity. For the region, today’s events prove once more that the rule of an iron fist inevitably comes to an end. Across the Arab world, citizens have stood up to claim their rights. Youth are delivering a powerful rebuke to dictatorship. And those leaders who try to deny their human dignity will not succeed.”

Update 10-20-2011: according to the News Channel al-Arabiya is the body of Kadafi transferred to the city of Misurata.
Update 10-20-2011: Anees al-Sharif, spokesman for Tripoli’s military council, said Gadhafai’s son Muatassim and his chief of intelligence, Abdullah al-Senussi, also were killed.
Update 10-20-2011:  statement U.S. President Barack Obama on Kadafi’s death.

October 20, 2011 Posted by | News | , , , , , , , , , , , , , | Leave a comment

Norton 360 v5.1.0.29 (patch 5.1) released – ENGLISH ONLY

Symantec/Norton released Norton 360 v5.1.0.29 (patch 5.1). Note: the patch is currently available to ENGLISH users ONLY. Norton will release the patches in other regions soon. You can also receive the update by running LiveUpdate and download the update. A reboot will be required.

All downloads are originating directly from the Symantec/Norton servers, for security reasons I strongly advise only to download from these vendor servers.

Fixes and improvements patch 5.1

This patch contains many changes and fixes from the previous version. Some of these changes include:

– Added Firefox 4 Support
– Added New TidSrv detection & notification
– Improved Activation Process
– Corrected an issue where your product may report a loss of subscription days after upgrading from a previous version.
– Added performance improvements for IE 9 plugins.
– Fixed some Registry Cleaner hangs that may have previously occurred.
– Online Backup & Restore fixes for very large (> 4GB) files.
– Fixed compatibility issues with 3rd party software such as Corel Paint Shop Pro & Max SEA.

Downloadlinks full version / update / trial / Norton 360 v5.1.0.29 (patch 5.1)

– Norton 360 Standard edition English version 5.1:

– Norton 360 Premier edition English version 5.1:

May 12, 2011 Posted by | Advisories, Alerts, Anti-Spyware, Anti-Virus, Downloads, Malware, Norton Internet Security, Phishing, Vulnerabilities | , , , , , , , , | Leave a comment

Norton Internet Security 2011 and Norton Antivirus 2011 v18.6.0.29 (patch 18.6) released – ENGLISH ONLY

UPDATE May 12, 2011: Norton 360 v5.1.0.29 (patch 5.1) released – ENGLISH ONLY


Symantec/Norton released v18.6.0.29 (patch 18.6) Norton Internet Security 2011, Norton Antivirus 2011 and Norton Internet Security Netbook Edition 2011.  Note: the patch is currently available to ENGLISH users ONLY. Symantec/Norton will release the patches in other regions soon. You can also receive the update by running LiveUpdate and download the update. A reboot will be required.

The new NIS/NAV/NIS Netbook Edition 2011 v18.6.0.29 as offered for download in this blog can be installed over the top of existent version (, the update will not deliver any problem, all previous 2011 settings will remain unaltered after the update. The update will be accomplished within 1 minute, reboot is required. All downloads are originating directly from the Symantec/Norton servers, for security reasons I strongly advise only to download from these vendor servers.

Fixes and improvements patch 18.6

– Added Firefox 4 Support
– Added New TidSrv detection & notification
– Improved Activation Process
– Corrected an issue where your product may report a loss of subscription days after upgrading from a previous version.
– Added performance improvements for IE 9 plugins.
– Fixed compatibility issues with 3rd party software such as Coral Paint Shop Pro & Max SEA.

This patch also contains fixes from previous patch 18.5. Some of those changes included:

– Fixed an issue where Norton Insight might falsely report 0% trusted when Performance Monitoring was disabled.
– Fixed an issue with the Activity Map might not update when Smart Definitions are enabled.
– Improved instances where the Norton AntiSpam Toolbar might be erroneously disabled (or “grayed out”) in Microsoft Outlook 2007 and Microsoft Outlook 2010.
– Corrected an issue where “Custom UI Runtime Error in Norton AntiSpam Outlook Plugin” might display when using Microsoft Outlook.
– Fixed an issue where the option to “run” an executable was missing from a File Insight/Download Insight window.
– Corrected an issue where Idle Full System Scans would show report inconsistent amounts of Scanned Files.
– Fixed an issue where Full System Scans would not run continuously, including when the machine is left idle.
– Fixed an issue where the Norton Product may display “Subscription Expired” after updating from a previous version.
– Fixed Internet Explorer crashes that were due to Intrusion Prevention.
– Performance Enhancements were made on the Norton Toolbar for Internet Explorer 9 Beta.
– Enhanced Settings migration when updating from an older version.
– Usability and Performance improvements to the support experience.
– Added better Norton AntiSpam support for Microsoft Outlook configured with multiple accounts.
– Corrected a few instances of 8504 errors that may appear when the Norton product is launched.
– Fixed a Registry Leak issue that may occur during shutdown.

Downloadlinks full version / update / trial / Norton Internet Security 2011, Norton Antivirus 2011 and NIS Netbook Edition v18.6.0.29 (patch 18.6)

– Norton Antivirus 2011 English version:

– Norton Internet Security 2011 English version:

– Norton Internet Security Netbook Edition 2011 English version:

May 9, 2011 Posted by | Advisories, Alerts, Anti-Spyware, Anti-Virus, Downloads, Malware, Norton Internet Security, Phishing, Vulnerabilities | , , , , , , , , , , , , , | 2 Comments

Osama Bin Laden death related malware expected: be careful

(CNN – May 2, 2011) — Osama bin Laden, the mastermind of the worst terrorist attacks on American soil, is dead, officials said — almost 10 years after the attacks that killed about 3,000 people.

The founder and leader of al Qaeda was killed by U.S. forces Monday in a mansion in Abbottabad, north of the Pakistani capital of Islamabad, along with other family members, a senior U.S. official told CNN.

In an address to the nation Sunday night, U.S. President Barack Obama called bin Laden’s death “the most significant achievement to date in our nation’s effort to defeat al Qaeda.”

“Today, at my direction, the United States launched a targeted operation against that compound in Abbottabad, Pakistan,” Obama said. “A small team of Americans carried out the operation with extraordinary courage and capability. No Americans were harmed. They took care to avoid civilian casualties. After a firefight, they killed Osama bin Laden and took custody of his body.”

To satisfy the curiosity of many people, here the location of Osama bin Laden’s compound on Google Maps. The compound is located at 34°10′9″N 73°14′33″E, 2.5 miles (4 km) northeast of the center of Abbottabad and three-quarters of a mile (1.3 km) southwest of the Pakistan Military Academy (PMA).

Expect a flurry of e-mails, and likely black hat search engine operations trying to take advantage of the event to distribute malware. Be aware for the dangers of emails proclaiming to have information and searching for websites about his death. If you look-out for news about the death of Bin Laden and related issues, please only visit trusted news sites, also don’t click blindly on images related to the news.

Update May 2: there are reports the Bin Laden death scams are already all over Facebook.
Update May 3: malware is found on numerous sites optimized to show up on Web searches related to the event, also in scams on social networks like Facebook, Twitter & Co.

May 2, 2011 Posted by | Advisories, Alerts, Malware, News | , , , , , , , , , , , , , , , , , , , | Leave a comment