Security Watch

Are You Happy With Your Antivirus?

Thu, 02 Sep 2010 15:15:56 +0000

Thursday September 2, 2010

Most antivirus products run on a yearly subscription model. At the end of the year, you either re-up or start looking for a replacement. Is that anniversary coming up for you? Will you stay with the same security vendor, or are you itching for a change? Smart users keep up with the competition even when that Day of Reckoning is months away.

It's true that quite a few significant security vendors haven't yet released their 2011 editions. Last year's Norton Internet Security 2010 is still current - until next week anyway. Trend Micro Internet Security Pro (version 3) also gets replaced by an update next week, and Spyware Doctor with AntiVirus 2010 the following week. Updates from F-Secure, ZoneAlarm, McAfee and others are further off.

Even so, quite a few of the major and minor players have already stepped up with new and innovative versions for 2011. In The Best Antivirus Software for 2011 (So Far) I've rounded up six commercial antivirus utilities and four free ones, all with new versions from this summer. Look for new roundups as more contenders enter the ring.

This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read our FAQ page at fivefilters.org/content-only/faq.php
Five Filters featured article: "Peace Envoy" Blair Gets an Easy Ride in the Independent.

iTunes 10 Adds TV Rentals, Security Fixes

Thu, 02 Sep 2010 13:21:06 +0000

Thursday September 2, 2010

There's a new version of iTunes out to provide lots of new features and services from Apple, but it's got another surprise under the covers: security vulnerability fixes.

iTunes 10 for Windows includes a new version of the Webkit web browser which fixes 13 security vulnerabilities, the same fixes recently provided in Safari 5.0.1. Many of these are critical remote code execution vulnerabilities or information disclosure bugs.

Oddly, the iTunes update says that only Windows is affected, but the CVE vulnerability descriptions (such as this one) say that both the Windows and OS X versions are affected. The Safari updates were also listed both for Windows and OS X. It makes sense that iTunes for OS X is also vulnerable but not yet fixed. In all likelihood, the earlier fixes to Safari in OS X fixed the installation of Webkit used by iTunes on that platform.

Snoop Dogg Says "Hack is Wack!"

Wed, 01 Sep 2010 18:41:48 +0000

If you read PCMag regularly you know more than the average Jo about how to protect your computer and your personal information from all kinds of cyber-attacks. That puts you way ahead of the crowd, but you'd be even safer if everybody took proper precautions. To reach a wider audience with their security message the techies at Symantec are enlisting some new help - hot rapper Snoop Dogg and YOU. Yes, you can be part of their new "Hack is Wack" initiative by submitting your own rap video for a chance to win awesome prizes.

The contest runs from now until September 30th at the web site www.hackiswack.com. Use your musical skills to create a rap video on the subject of staying safe from identity theft, viruses, hack attacks, or any aspect of cybercrime. Check the HackIsWack web site for a full listing of the rules. When your video is done to perfection upload it to the site. Or, if your talent runs more to listening than rapping, visit the site to view and rate the videos.

Making a video, even a short one, takes some serious time and effort. Why would you bother? Prizes and recognition, that's why. Symantec will fly the winner and a friend to Los Angeles and put them up in a hotel for two nights. The winner will "meet with Snoop's management, learn more about his business and get tips on how to make it to the top". Also included are two tickets to a Snoop Dogg concert and a shiny new laptop loaded with the Norton Internet Security 2011.

Again, the contest ends September 30th, so get busy writing those rhymes and laying down your tracks. Once the entry period closes Symantec and Snoop's management team will select the winner, to be announced on October 20th. Will it be you?

Microsoft Updates DLL Advisory, Adds "Fix It" Tool

Wed, 01 Sep 2010 02:43:00 +0000

Microsoft has updated their advisories and issued a new tool for the vulnerability in many Windows apps that could lead to the unwitting execution of a malicious DLL. This story has been developing for a couple weeks now and this is not the last we'll hear of it.

When a Windows program loads a DLL (dynamic link library), assuming it doesn't give the specific DLL location, Windows will follow a set of rules for where to look for the file. Way down the list is the current working directory.

Recent research has that an attacker on a network share, by inducing a user to open a data file in a vulnerable application, trigger the application to load a particular DLL. If the attacker provides a malicious DLL in the same directory as the data file, which will have been set as the current working directory by Windows, and the DLL is not in any of the higher-priority locations, then the app will load the malicious DLL. The attack also works from a server on the Internet, although firewalls will typically block it by default.

The unfortunate situation seems to be that Microsoft will not be providing a patch of some kind which will fix the problem globally, at least not one which will go out as a critical update. The vulnerabilities are, for the most part (see below), being treated as individual vulnerabilities in specific applications. Since there could be hundreds, perhaps thousands of such applications, the potential for attacks is large.

Microsoft issued an advisory early this week discussing the issue and describing a tool and a set of procedures they released to help block the attack. They have now updated the advisory and added a new tool, a simplified "Fix it," which automates those procedures.

The tool previously released, described and linked to in Knowledge Base article 2264107, controls DLL loading through a new registry key. The KB article also describes the various settings of the registry key. The new Fix it automates those registry settings to block all DLL loading in the manner used by the attack.

Note that you still have to install the update first. It's possible this will cause incompatibilities with some non-malicious application configurations, but you'd best take those failures as a sign you should change your configuration.

Because some larger managed networks might want to deploy the update through WSUS (Windows Server Update Services) and then manage the registry settings through Active Directory, Microsoft is working to add the update to the Windows Update catalog.

At the same time Microsoft notes in a blog entry that the actual user experience for such an attack gives plenty of warnings and the user must click a lot in order for the attack to succeed. For example:

For this reason, when they issue fixes for their own applications they will classify them as no more than "Important" as opposed to "Critical."