"Cybercriminals are shifting their attacks from operating systems such as Windows to media players and other applications," and the latest player to be found vulnerable is QuickTime: "a security flaw in Apple Computer's popular iTunes and QuickTime software that could put systems running Windows and Mac OS X at risk of attack." c|net
A minority of Firefox users seem to be having problems with the latest version of Firefox. InternetWeek
Believe it or not, internet browsers stir up a lot of passion in some people. The Author of the rather good Secure XP site I link to in the menu on the right has published an article which puts him very clearly in the anti-Firefox/pro IE camp. I've always tried to remain unbiased here, so I will give links to the article and the rebuttal which came from one of the sources used to support an argument in the article, who said (despite some changes) "The article is still full of nonsense and deliberately misleading statements." (Oops, that wasn't really unbiased, was it.)
Firefox Myths
Re: Firefox Myths
17/12/2005
Firefox has been updated to version 1.5. This version is said to have automatic incremental updates- The previous version required a manual download and full re-installation to update. This should improve the security of the browser, because as mentioned below, many users do not update to latest versions and become vulnerable to security exploits. Malware is now emerging which exploits vulnerabilities in older versions of Firefox, so if you use Firefox and have not updated to version 1.5, do so now. c|net.
Sun Java has been updated to Version 5.0 Update 6, available for Windows users here.
Kerio firewall has been bought by Sunbelt Software, who promise to continue to make available a basic free version for home users. Sunbelt Software Press Releases.
Rootkits are becoming increasingly common: about 20% of malware removed from Windows XP2 machine is now stealth rootkits. eWeek.
Rootkits hide malware on an infected machine and are very difficult to remove- if of course they are detected in the first place. (c|net)
The increasing prevalence is driven both by commercial and criminal use: adware and spyware developers want to hide and protect their installations, as do the criminal gangs infecting computers to establish botnets to be used in extortion attempts. eWeek.
Anti-virus and anti-spyware programs are currently lagging behind in the malware arms race: Most will not remove rootkits. Microsoft is attempting to tackle the problem by introducing rootkit removal to its Malicious Software Removal tool (which runs when you update your computer.) Microsoft Anti-Spyware will have rootkit removal in the future. (eWeek) F-Secure anti-virus claims to remove rootkits at this time. Sadly avast! (my current free AV of choice) will not.
Some anti-spyware companies are beginning to respond to the rootkit threat. In the future, both anti-spyware and anti-virus products will need to become more sophisticated, burrowing deep into Windows 'kernel' level. Possible conflicts between AV and anti-spyware applications both trying to protect a computer in this way are predicted. eWeek.
The best advice as always remains to avoid infection in the first place. Obey the The 10 Net Commandments.
Latest anti-spyware application reviews: ZDNet.
20/11/2005
A critical security update is available for RealPlayer, and can be obtained by using the program's update feature. Details here.
12/11/2005
Critical security updates are available for Quicktime media player and the Macromedia Flash plug-in.
Apple have decided to bundle iTunes with updates of Quicktime. I installed iTunes in this way, had a quick look and decided I wasn't interested in paying 79p to download music tracks. Upon uninstalling iTunes, I found my CD/DVD drive was no longer working, and a system restore was required to undo the damage. For anybody wanting just to update Quicktime (7.0.2 is the latest Windows version) and not install iTunes, Apple have a stand-alone version of Quicktime in a rather hard-to-find corner of their site here.
The Flash player update is available here. Firefox users with Adblock may not be able to view Flash content if Obj-Tabs is ticked in Adblock Options. (This option puts a tag on Flash objects on the screen which can be used to block them.)
23/10/2005
Firefox is up to 1.0.7, after several security updates. The update process itself remains entirely manual. (I.e. most people won't do it, making claims of greater security somewhat dubious. The fact that a ByteVerify exploit remains the seond most common malware in the world according to Trend Micro proves that if updating isn't automatic, it won't get done- the ByteVerify exploit was patched in IE in 2002.) Apparently the next major release, Firefox 1.5, now out in Beta, will fix this.
My favourite free firewall, Kerio, is to be discontined. Intrigingly, 'Kerio has not yet decided what to do with its desktop firewall technology once its stops selling the product'. ZDNet.
10/07/2005
Java JRE has been updated to version 1.5.0_5, available here.
New varieties of stealth malware are becoming increasingly common. These are worms and Trojan horses partially or even completely concealed from anti-virus and anti-Trojan programs, and almost impossible to remove without reformatting the hard disk. At the moment, anti-virus programs are flagging some rootkits used to conceal malware, but are unable to remove them. In the future, anti-virus programs may not even spot that there is anything concealed. The best cure for this stealth malware is not to get infected: update Windows to fix security holes, and ensure you have good spam filtering to weed out attachments carrying new and dangerous worms and Trojans. Here are some people having a nightmare with a rootkit at dslreports.com.
Is spyware good? Eric Goldman (assistant professor at Marquette University Law School in Milwaukee, Wisconsin) has said in an interview that "adware could substantially improve our social welfare." He means that adware could show you an advert for a product which could change you life for the better. Apparently Microsoft have been toying with the same idea. They are rumoured to have been considering buying an adware company. eWeek. Other rumours suggest factions at Microsoft may think this a bad idea. eWeek.
Even if you were happy to accept adware on your computer if it brought you adverts you wanted to see (personally the idea makes me laugh) the truth is the adware/spyware is so venal bordering on criminal that the ads don't stop until your computer is so full of spyware it won't function and your kids are seeing pop-up ads for porn. benedelman.org.
Are adverts on the internet good? Eric Goldman says: "I don't have a property right in my attention," meaning, seemingly, that marketers have the right to get his and other computer users' attention by means of adware pop-ups. Your jaw has dropped at this, hasn't it? Yes, mine did too. Sorry, I kill adware and and block pop-ups: I decide what gets my attention.
I also filter ads from web pages using Firefox's Adblock feature, but am I harming the future of the internet here? Advertising supports some web pages, and if I filter it out, I'm depriving that site of income. Well, yes, true. But it's like watching a film on video that you recorded from commercial TV. Do you watch the adverts because they paid for the film, or press fast forward? Advertisers have made internet adverts far too intrusive, and as blocking them is as simple as pressing fast forward on the video, some will choose to ignore any moral obligation to view the adverts and block them. zdnet.com.
15/06/2005
Sun microsystems have this week told us that some updates that were issued in the past few weeks patch critical security flaws. Details from c|net, Secunia, and Sun Microsystems. If you haven't got the latest version of Java JRE (1.5.0_03), download it here.
Virus writers seem to be developing two very different strategies. While some are deliberately limiting outbreaks of infection from new viruses, others are swamping us with new variations: both in an attempt to avoid detection by anti-virus programs.
Some virus writers are now limiting their viral creations to the number of computers they infect. A global epidemic means anti-virus programs add the virus to their definitions but a limited outbreak means the virus remains undetected by most anti-virus programs. Why is this important? Because virus writers now work for criminal organisations and try to create zombie computers to do their masters' evil bidding. 5000 computers is quite enough to carry out a DDOS attack for example in punishment for non-payment of a blackmail demand. Those who work for anti-virus programs now have to go out and seek new malware where it is spawned in the stygian depths of the internet. c|net
Others have adopted a different tactic: "Instead of releasing Windows viruses intermittently, many creators of worms and trojans are pumping them out with increasing frequency." The idea is create new viruses, or variations of viruses, faster than anti-virus companies can produce definitions for these viruses. bbc.co.uk
See for example the Mytob virus: "The Mytob author(s) have been very busy recently, releasing multiple variants a day. There are now some 96 different 'versions' known to exist." McAfee
Latest anti-spyware comparative reviews at download.com, and also some spyware horror stories.
22/05/2005
Microsoft has set 'honey monkeys' to trawl the web for new Windows exploits. The honey monkeys, which are in fact virtual Windows machines, hop from web site to web site. If any malware breaches their security, MS can issue a patch for the exploit used. In other words, MS is actively going out and looking for problems with Windows, rather than waiting for a malware epidemic to reveal a new security hole.
The anti-spyware company Webroot is doing the same thing with spyware: sending out virtual machines across the web to replicate the behaviour of human web browsers: any previously unknown spyware which infects the machine is automatically analysed and added to Webroot Spy Sweeper's spyware definitions. Security Focus News .
Honey monkeys are named after 'honey pots', which are unprotected computers connected to the internet by security companies to see what malware attacks them. Many computer users carry out the same experiment of course, by simply connecting to the internet without any security. You can see what happens when an unprotected computer is connected to the internet here: bbcworld.com.
16/5/2005
There have ben several Firefox updates recently, patching critical security vulnerabilities, the latest found by a 16 year old boy: "The incident is the latest black eye for the open-source software project's security image." Security Focus News
PC World says: "Don't go ripping out Microsoft's Internet Explorer just yet... our testing of both browsers shows that choosing one is not an easy decision--particularly in an enterprise environment." Should IE stay or should IE go? pcworld.com
An anti-virus review shows that free anti-virus programs have a slightly lower detection rate than the best fee programs: the good news is that you can have the same detection rate usung a free anti-virus and a free anti-Trojan program like Ewido. techsupportalert.com
21/3/2005
Would you click 'yes' if you saw the pop-up below on your screen? To find out if you made the right choice, visit edbott.com, where you can see an example a Java pop-up which attempts to install spyware, as mentioned below, plus a legitimate Java pop-up. You can also see an example of the so-called social engineering used to try to con people into accepting a dodgy ActiveX installation. Expect to see this sort of thing with attempts at spyware installation by Java in the future, and be ready to click 'no'.
Is your PC a zombie? If you have no firewall and especially if your have a broadband connection, be afraid, be very afraid! Up to a million PC's in the Zombie army. pcpro.co.uk.
19/3/2005
A security update is available for the RealOne media player, which you will have if you listen to or watch streaming media from the BBC website, for example. (The update facility is found in the about tab of the help menu.)
The anti-virus company F-secure has released a rootkit detection and removal program (the rootkit threat is mentioned below.) The program, called Blacklight, is available free until the end of April. Details here.
More on Microsoft Internet Explorer's non-compliance with web standards mentioned below at microsoft-watch.com.
Details of the Firefox security update mentioned below at eweek.com.
More on the spyware which infects IE via alternative browsers at eweek.com. This is sometimes talked about as a problem with firefox, but as the article at spywareinfo.com below makes clear, this is an issue with Java's browser plug-in, and users ignoring security warnings about installing programs.
Firefox continues to have its advocates and detractors, some of whom are quoted below. Another story from eweek.com has both praise and criticism.
16/3/2005
This page has now been updated to a table-free design which complies with W3C (World Wide Web Consortium) standards. The interesting thing is that Microsoft's Internet Explorer does not comply with these standards: the page looked fine in Firefox but a bug in IE meant the margins were not displayed correctly. Thanks to positioneverything.com for a solution. (The site illustrates many IE CSS bugs.)
On the subject of Firefox, a story doing the rounds is that firefox allows the installation of spyware. The truth of this story is that the spyware is installed by Java, a browser plug-in found in almost all browsers. The spyware is only installed if the user explicitly allows the installation of software despite security warnings by the Java plug-in. Details of the story at spywareinfo.com.
The story does highlight the importance of heading security warnings from the Java plug-in: Java applets downloaded from a web site are run by the Java plug-in in a security sand box, but the web site can request to install software on your computer. It is up to the user to consider whether the web site has a legitimate reason for installing software and to consider the security information presented by the Java plug-in before giving permission.
5/3/2005
The update for Firefox is now available for the British English version. This update is classed as critical as it addresses security issues. Argument continues on the net as to whether Firefox is more secure than Internet Explorer. Andrew K is somebody who argues that IE is as secure as Firefox when running under XP SP2. (See the Internet section of his excellent Secure XP) page. Daniel Miessler and the CERT organisation would disagree.
From computerworld.com "Microsoft Corp. security researchers are warning about a new generation of powerful system-monitoring programs, or rootkits, that are almost impossible to detect using current security products and could pose a serious risk to corporations and individuals".
Microsoft's Antivirus Defense-in-Depth Guide suggests that the only way to clean a compromised system (i.e. one to which a hacker has gained access) might be to reformat and reinstall the operating system- the so-called nuke and pave approach.
3/3/2005
An update is available for some versions of Firefox addressing the security vulnerability mentioned immediately below. The new version is 1.01, but as of today it is not available in the British English version, which is still at 1.0.
An update is also available for the Java plug-in, plus an entirely new version, somewhat confusingly called version 5. (The latest update for the old version is 1.4.2_7. The new version is referred to as 1.5 or version 5.) It is said to be faster at running applets. Details at theinquirer.net.
More on Microsoft's new antiSpyware program at computershopper.co.uk. I was looking at the real-time protection features of Microsoft's program the other day: it does lock down a lot of Windows settings to prevent the installation of spyware. It seems to me that Microsoft is entitled to offer this facility for free, indeed is obliged to ensure the security of its operating system. However, I would hate to see Microsoft's entry in the market have a negative effect on companies like Lavasoft, who have been so important in the fight against spyware, and whose free program removed my first infestation of spyware three years ago.
Having said this, I'm now using the Microsoft real-time spyware protection rather than the Lavasoft Ad-Watch program which I paid for a couple of years ago.
The people at Avast! seem to be working hard to keep their virus definitions up to date: three automatic updates came through the other day!
21/2/2005
In an update to the story below, IE 7.0 will only be available to users of XP SP2. If you're using an earlier operating system than XP, Firefox is a more secure option.
A recent story in Computer Shopper highlights vulnerabilities in IE6, some now patched in SP2, but one still unpatched. (Hyperlink to follow when this story goes on-line- seems to take a couple of months.)
Unfortunately the unpatched vulnerability also affects Firefox: URL's displayed in the address bar may be faked, so a link in a phishing email may not take you where it says it will. More information and a demonstration here.
An article in eWeek suggests that the era of the small anti-spyware company is coming to an end. The author thinks that anti-spyware protection will be integrated into existing protection, in the way that anti-virus programs already protect against Trojan horses, which may be used in spyware and targeted by anti-spyware programs.
The author acknowledges the argument that adware is ambiguous in nature: the users agrees to have the adware on their system when they install the utility, game or toolbar that attracts them. The term 'Spyware' is indeed used to cover a range of 'unsolicited software': Trojan horses, keyloggers, diallers, browser hijackers, programs which monitor browsing habits to support targeted advertising, and adware which displays ads, usually ads which are thought likely to be of interest as the result of information gleaned by spyware. Some of these are genuine malware- they are malicious, even criminal, and there is no argument that they should be removed. Others may be seen as a legitimate product, to which the consumer has consented to have on their computer.
Anti-spyware companies will and are having problems at the grey end of this spectrum: companies like Yahoo! and Microsoft, who recently produced anti-spyware products, have faced accusations of failing to target spyware because of fear of lawsuit or conflict of interest.
Adware marketers who see themselves as ethical and legitimate* have been trying to get into bed with the anti-spyware companies. The first anti-spyware company to object to this bedfellow hopped out over a year ago, and recently just about all the others have left. (Antispyware consortium implodes.)
*COASTS definition is avoiding unfair, deceptive or devious practices
(These unfair, deceptive and devious practices, employed by some spyware companies, are detailed by Ben Edelman at his excellent site.)
Personally, I say long live Spybot Search & Destroy, long live Lavasoft, long live Javacool software!!!
20/2/2005
Avast! free anti-virus has been updated to version 4.6. It now has a module called 'Web Shield', which monitors internet traffic for web nasties. One web nasty I have seen before is a Microsoft Java Virtual Machine (MS JVM) exploit which downloads a Trojan horse on unpatched versions of MS IE with the MS JVM. I now have the Sun Microsystems Java Run Time Environment, which also does the same job of implementing Java applets, but is said to be more secure.
These exploits and Trojans used to end up in the Java cache, were they didn't do any harm because I was not using MS JVM. However, AVG anti-virus used to find them and warn that they were malware (As did various online scans) but not be able to remove them. (Delete the cache from the Java Plug-in option in Control Panel.)
Avast! 4.5 would warn when one of these exploits or Trojans arrived in the Java Cache, and suggest moving them to the virus vault. It would do so, but then often crashed Firefox,
So today I went off in search of a dodgy website (ahem!) to test Avast 4.6 and the new Web Shield. This module intercepted the malware before it could get onto my disk. It did crash Firefox again once while doing so, but the malware did not get into the Java cache. It seems that the Web Shield is a partial success, offering protection against internet-borne malware which might exploit as yet unpatched vulnerabilities.
There also seem to be other developments in the pipeline at Avast!WebForum, and Avast!Pro (same scanning engine) has passed the latest 100% anti-virus detection test at Virus Bulletin, so I'm sticking with the program for a while: Avast! now seems to be rivalling AVG for the title of best free anti-virus.
18/2/2005
Bill Gates has announced that Mirosoft AntiSpyware (see below) will continue to be free after July. Good news as it provides free real-time anti-spyware protection, something which you generally have to pay for, and another free scanner to find spyware missed by the other free anti-spyware programs. (See below.)
Another Gates announcement is that there will be a new version of Internet Explorer, with emphasis on security to counter moves to Firefox, seen as a more secure browser. Have to say I use Firefox as my main browser now (sorry Bill) but I'll be downloading the new Explorer to use with sites that use ActiveX.
An interesting link here which partly explains why I use Firefox: no ActiveX. (From Ben Edelman's site, which contains many investigations into the subject of spyware.)
11/2/2005
A recent article in pcmag.com quotes some interesting statistics: 15% of computer users don't use an anti-virus program (and of those that did, 71% thought that they were updating their anti-virus program at least weekly, but only half this number actually were), 19% of computers are virus infected, and 80% infected by spyware. I've quoted this research on my site, but have never found it on the web. Apparently it was by AOL.
I'm happy to report that the Avast! anti-virus program I'm testing at the moment does an excellent job of updating itself: It does it entirely automatically, and them announces "virus database has been updated." I mean, a voice like a computer in some sci-fi movie says this to you. Some aspects of the Avast! screens and menus seem counterintuitive to me, but this is one aspect of the program I like. Yes, computer, talk to me!
I've just downloaded the trial version of SpySubtract who have now incorporated CWShredder, a program developed to remove a particularly malicious piece of spyware. It found some spyware which none of the other anti-spyware programs I use and recommend had found, and reported a file which another of my anti-spyware programs had said was a Trojan horse was in fact spyware. I deleted all of the files. I hadn't deleted the suspected Trojan before because it was an uninstall file, and I thought it might be a false positive, but this time I didn't want to take the risk.
This goes to show that no one anti-spyware program can delete every spyware program, as many reviews have said. Until one program is shown to remove 100% of spyware I will continue to use as many programs as I can: free programs regularly, and trial programs as a double-check.
8/2/2005
A couple of recent reviews* have rated Webroot's Spy Sweeper 3.5 as the best anti-spyware utility, both in terms of spyware removed and spyware blocking. The program costs $29.95 for one year's subscription. However, the trial version will remove spyware it finds, so it's worth downloading if you are removing spyware, or just want to check that your system is clean- whether you decide to pay for it after that is up to you. Fortunately, a combination of free anti-spyware programs will do a good job of removal (even Spy Sweeper isn't perfect) and for manual removal of stubborn spyware, and spyware blocking, there are free utilities like BillP Studios' Winpatrol below.
*PCMag.com and computershopper.co.uk (It's impossible to link to individual pages on this site. so enter Spy Sweeper 3.5 into the search pane.
BillP Studios' Winpatrol is a utility I've downloaded before and uninstalled because it didn't impress me too much, but following a recent review in Computer Shopper magazine (can't find it on the site yet) I've downloaded it again and I'm more impressed this time. I've noticed some very useful features, so it's now included on the Spyware and Adware page.
On the Blocking Bad Sites page I've added a method of blocking sites responsible for pushing spyware. This is done using the hosts file, which can also be used by spyware to divert typed URL's to a bogus address. There is information about how to use the hosts file to block sites, and how to prevent spyware using the hosts file.
7/02/2005
I recently found a comprehensive guide to malware on the Microsoft website. It gives a lot of excellent information on the characteristics, history, cure and prevention of malware.
31/1/2005
I've recently been trying out version 4.5 of Avast! anti-virus, which I recommend on my anti-virus page. I usually use AVG, but I thought I'd give the new Avast! a whirl - literally, as its icon spins round in the notification area. There's a new silver control panel, and email integration is now straightforward. It required some setting up before, which was 'the main gripe' that a recent review of the previous version of Avast! by Computer Shopper magazine in the UK had with the program - it managed to detect all the viruses and Trojans thrown at it. It did not detect malicious scripts, so if you're using the free version of this program, install a script blocker to block scripts from running automatically, and do not allow any to run that you are not expecting. (Some Microsoft applications use scripts- such a legitimate program will probably tell you beforehand to turn off anti-virus programs before installing, so don't forget to turn off this script blocking program too.) There is one here and the Microsoft Antispyware program also includes one.
Users of Avast! who have expressed their opinions on download.com and snapfiles.com are generally keen about the program, which is a good sign. This program therefore stays on my list of recommended freeware security programs.
27/1/2005
Licensing information contained in Windows Media Video files (.wmv) downloaded from peer-to-peer networks may have links to websites which attempt to download malware. Anybody not using XP SP2 or Media Player 10 is especially vulnerable. The issue is discussed on the following sites:
doxdesk.com has a video which demonstrates the aggressive tactics of the website concerned. (Please note the warning about content before viewing.)
27/1/2005
Users of AVG Free anti-virus will be happy to know that it came out well in a recent test by Computer Shopper magazine in the UK, stopping all viruses and Trojans thrown at it in a test. The program was only criticised for its old fashioned appearance.
I have been using AVG Free for more than six months now without any problems, except for getting updates during the last month. I think the program must be quite popular and the AVG servers busy because the update connection often times out before the program has checked for or downloaded updates.
9/1/2005
Microsoft has acquired a recent but respected arrival on the anti-spyware scene (Giant) and released it under their own name. It's available for free (at least until July) and offers protection from the installation of spyware, as well as scanning and removing it. More info.In a similar fashion, Yahoo! have licensed anti-spyware software from Pest Patrol, an established and respected ant-spyware company, and their toolbar now comes with an anti-spyware program. More info.
I have seen questions raised on the net about how rigorous these programs will be in removing spyware, because of unwillingness to label software as spyware for fear of lawsuit or, in the case of Yahoo!, because of a possible conflict of interest. However, as no one anti-spyware program can remove all spyware (see the test results below), both are useful additions to the anti spyware arsenal.
Giant becomes Micro doxdesk.com
Yahoo Plays Favorites with Some Adware eweek.com
Anti-spyware testing spywarewarrior.com
27/12/2004
Phishing attacks are on the increase: I regularly get them in my email junk mail box, which I look at occasionally before deleting everything without opening, unless I notice something which is obviously not spam, usually because it is something I was expecting. My ISP certainly does a good job of separating out all the spam with virus ridden attachments and now these emails from banks I don't use which I know are fake and which would just like me to enter my passwords if I did use them and steal all my money.
I know this because of a very useful site which tests your ability to distinguish between real and phoney web sites, which you can find here. Worryingly, a recent report says that 10% of people will rescue phoney emails from their junk mail folders even after they have been warned not to open them because they are deceitful and a security risk. Details here.
19/12/2004
A hole has been found in the Sun Java sandbox, which potentially allows downloaded malicious computer programs access to your computer while web browsing. The problem affects computers manufactured after Microsoft agreed to stop supplying its own Java Virtual Machine and to supply the Sun Java plug-in. If you have bought your computer recently, or have installed the Sun Java plug-in, you must uninstall the old version with the bug and install the new patched version- The Sun Java plug-in automatic update will not install the new version or remove the old. More info
There also seem to be computers around with an old and unpatched version of Microsoft Java Virtual Machine which allows malicious websites to download a Trojan horse. The patch for this vulnerability was released two years ago, yet I know of a computer in a major UK computer company which remained unpatched until this month and fell victim to such a Trojan. More info and how to update Microsoft products.