Some good news:
Some bad news:
Here is what SANS says about Internet Explorer and Firefox:
Mozilla Firefox is the second most popular web browser after Internet Explorer. It also has a fair share of vulnerabilities. In 2007, it has released several updates to address publicly disclosed vulnerabilities. Similarly to Internet Explorer, unpatched or older versions of Firefox contain multiple vulnerabilities that can lead to memory corruption, spoofing and execution of arbitrary scripts or code. The web sites exploiting the browser vulnerabilities typically host a several exploits, and even launch the appropriate exploit(s) based on which browser the potential victim is using.
Although this may read like very bad news for web browsing, the key words here are Unpatched or older versions. If you've been keeping Internet Explorer and Firefox up to date, then you won't have been affected. Contrast this with the SANS 2006 update, which reported vulnerabilities in fully patched and up-to-date versions of Internet Explorer:
So the important point for home users is, keep all applications up to date: falling behind with updates leaves you at risk. Internet Explorer and Firefox are self-updating; other applications may not be. Even if an application checks for updates, the update function may have been blocked or disabled, or a previous version of software may have been left installed alongside the newer version.
To give your system a thorough check for out-of-date and vulnerable software, run a scan with the Secunia Software Inspector. It will detect vulnerable applications whic are a security risk and give a download location for an update.
19/5/2007
More feedback from Secunia on the results obtained by their Software Inspector scanner:
Since its release in December of last year, the free, online Secunia Software Inspector has conducted over 350,000 inspections. These inspections have identified 4.9 million popular applications (as listed here), and out of those, 1.4 million applications were found to be lacking critical security patches from the vendors.
While most people are aware of the need to update their anti-virus patterns and to raise their firewall shields, it appears that too many users either don't know that their systems are vulnerable to significant issues or that they simply don't want to spend the necessary time scouring for vulnerability information and the relevant vendor patches to properly address the issues.
This fact is further highlighted if we dig deeper into the figures behind the fact that 28% of all detected applications by the Software Inspector are vulnerable. Secunia
Ensure every program on your computer is up to date or risk being infected by malware exploiting vulnerabilities in older versions of software, because one in 10 web pages contain malicious code that could infect your PC. BBC News
What's most alarming in the Secunia report is that some people still aren't patching their web browser, as New Scientist puts it, the 'new frontline in internet war' NewScientistTech
Apart from drive-by downloads, a major source of infection is the fake codec, a type of Trojan horse that uses social engineering to prompt the user into downloading or installing it, promising the ability to view videos. Examples of these scams can be found here. If you have a video file you are unable to view, the most common genuine codecs you may need to download and install are DivX and Xvid. Video using the RealVideo codec require the installation of the RealPlayer product.
Rootkit removal: rootkits have been in the news for a long time, and anti-virus companies have been working on removal tools. The leader in the field was F-Secure whose removal tool BlackLight was for a long time the only free and reasonably user-friendly anti-rootkit remover available, but now a new crop of anti-rootkit products has arrived:
A modern antispyware utility is a ruthless killer. The moment it sees a malicious program that matches one of its virus or spyware signatures, it terminates the process and deletes all file and Registry traces. But what if the malware is completely invisible to the antispyware program? Hackers and virus wizards don't have to go to Hogwarts for a cloak of invisibility. All they need is a little dose of rootkit magic.
On a Windows system, rootkit refers to a process that subverts the operating system to hide its activities. If an antispyware program checks for the presence of a rootkit-hidden file using ordinary Windows functions, the rootkit intercepts the function call and changes the results, eliminating any reference to the malware's protected files. Similar techniques hide Registry entries, processes, network connections, and so on. PC Magazine
Reviewed products are AVG Anti-Rootkit, Sophos Anti-Rootkit, and Panda Anti-Rootkit.
The clear winner is Panda:
Bottom Line: Panda Anti-Rootkit digs deeper than any other anti-rootkit tool I've seen, telling you exactly what it found. For safety it won't delete files digitally signed by Microsoft—smart! And it wiped out every one of my test rootkits.
Pros: Detects rootkit activity in file system, Registry, processes, drivers, and Alternate Data Streams. Offers very detailed reports. Eliminates known and unknown rootkits.
7/4/2007
How effective is an anti-virus product? At best, never 100%, and often less, seems to be the answer. The Computer Shopper review from last month suggested that the best anti-virus product only detected around 90% of new viruses. Here are some more staistics that seem to prove the point that if you rely on an anti-virus to protect you from viruses, eventually something is going to get through your defences.
The statistical results displayed are representative of the ability of each antivirus system's ability to deal with early (near 0-day) infection outbreaks. Antivirus Performance Statistics Antivirus Performance Graphs
These reports are a summary of the types what the different malware that we intercept. Note that we may have had more malware than is indicated in these tables, these are only the ones that were able to be identified. Each AV vendor has different capabilities and success in detecting malware that we collect. No single vendor detects 100%, nor can they ever. To expect complete protection will always be science-fiction. Shadow Server Foundation- Stats- Viruses
A couple of rootkit detectors have just come out of beta. Some rootkit detectors are more user-friendly than others- some produce a long list of items and leave the user to decide which if any are rootkits; others produce no warnings on a clean system. In between, some rootkit detectors will warn about hidden registry entries and processes which may belong to legitimate applications. On a clean system, AVG Anti-Rootkit produced no warnings. Panda AntiRootkit thought a Zone Alarm driver and registry entry were a rootkit. Other rootkit detectors are available at antirootkit.com.
13/3/2007
Here are the results from the invaluable Secunia Software Inspector scanner from the last week:
At the time of writing, Sun Java JRE, Flash (whether from Adobe or Macromedia) and Apple Quicktime were the applications most often found to be insecure.
Apple has recently patched security holes in Quicktime, highlighting the need to keep this and other applications up to date.
Computer Shopper magazine in the UK has published a new review of anti-virus software. The results are alarming: the best anti-virus product will only detect 90% of e-mail viruses; the worst only 60%. This probably reflects the malware writers' use of multiple variants of viruses to avoid detection by AV products. It is not possible to expect an AV product to catch all e-mail bourne malware anymore: users must avoid this malware by filtering spam and by not opening e-mail attachments from unknown sources, or even attachments from known sources which are not expected.
Brian Krebs at Security Fix has a story about an epidemic of data theft being fueled by password-stealing viruses, spread most often by e-mail attachments:
Of the free anti-virus products, I think it's fair to say that AVG performed a lot better than avast!
"In contrast to Avast!, the other free scanner here, AVG is accurate in detecting viruses and spyware. Its email virus detection rate is not great, but it beats PC-cillin and Avast!, and it's not far off BitDefender's result. In total, it found 67 per cent of our email viruses and a staggering 49 per cent of the web-based threats. That makes it the most accurate product on test when protecting against spyware and similar programs, just beating its closest rivals Kaspersky Anti-Virus and NOD32. It roundly thrashes expensive products such as Norton AntiVirus and McAfee VirusScan.
Even considering the lacklustre email detection, AVG is better than its free rival Avast! and beats many paid-for options with the notable exceptions of Kaspersky Anti-Virus, Steganos AntiVirus, F-Secure Anti-Virus and NOD32. We would pick one of these four to install on a system but, if you really can't afford them and choose AVG, you can take comfort in the fact that your free software is better than the less accurate and more hardware-demanding offerings you'll find on the high street."
In the latest AV-Comparatives test (February 2007), avast! gained a respectable 'advanced' award, although its overall detection rate of 93.86% is lower than that of some rivals. A direct comparison with AVG FRee is no longer possible because AV-Comparatives now tests AVG Anti-Malware, an amalgam of AVG and the former ewido scanner.