Tag Archives: Security

Mac Security Brags Busted at EICAR

David Harley, Research Fellow & Director of Malware Intelligence at ESET Antivirus has presented a report at the EICAR conference held this month outlining virus security details of the Mac OS.

This coupled with positive feedback from his co-workers shows that Macs are even less secure than Windows PCs. They are of the opinion that,

While Mac users – with the exception of those making significant use of Windows on Macs – operate in an environment prowled by infinitely fewer predators, Microsoft and its more savvy customers are to some extent shielded by a more accurate assessment of the risks to which Windows users are exposed.

As evident from here, the only reason Mac viruses are not that popular is because the fraction of people using Mac is negligible as compared to Windows PC users. That leaves us with far less data to claim a virus free OS.

Another common misconception is that since Mac is based on BSD, it is safe. We must understand that every BSD fork will not have the security features of BSD by default. It can be easily overridden by the modifications made while creating this fork.

This combined with the absence of a proper antivirus on Mac leaves Mac users totally unaware of any running exploits.

About EICAR

The  European  Institute for  Computer  Anti-Virus  Research  (EICAR) has been founded in 1991 and is representing an independent and impartial platform for IT-Security experts in the field of science, research, development, implementation and management.

(Via: Enterprise Networking Planet)

Microsoft Will Soon Discontinue Security Support For Windows XP Service Pack 2

XP users, heads up ! Microsoft is soon going to discontinue support for security updates of Windows XP service pack 2. If you’re running one of these versions after support ends, you won’t get security updates for Windows after July 13, 2010.

The security updates for users who are using Windows Vista without any service packs has already been stopped on April 13, 2010. However, Microsoft will provide the necessary security updates to XP users using service pack 3 as usual.

If you are not sure which version or service pack of Windows you are using, click the start menu button, type winver in the search box, and then press “Enter”.

It’s very clear that Microsoft want the users to upgrade to a better and current version of Windows (read Windows 7). But this decision, will surely have an impact on a lot of organizations around the world, assuming that they regularly install the latest updates from Windows.

There are still thousands of homes, offices, schools and other corporate organizations who use Windows XP regularly and stopping the security updates will leave them with no option other than to upgrade to a newer version of Windows.

On this issue, this site has put together some interesting verdicts by security experts. Here is an excerpt:

Companies choosing to not adhere to vendor support lifecycles presents a risk to a network as vulnerabilities exist that can lead to virus outbreaks, breaches in security and potential loss of data

The longer Microsoft continues to support legacy products and applications, Microsoft and its customers will suffer as they will spend effort and energy supporting legacy code instead of ultimately developing new technologies and security measures.

Do you use Windows XP and install the latest Windows updates? Are you going to upgrade to a current version of Windows? Share your thoughts in the comments section.

Protect Your Portable Files with USB Safeguard

usbsafeguard-ico Traveling around with a USB flash drive full of your personal files is often very useful. However, it can also be risky. These little thumb drivescan easily be lost or stolen. If you have personal information on them, the loss could cause you plenty of trouble. Fortunately, there are several free utilities designed to keep your personal files protected (encrypted) with a password.   USB Safeguard is a good option.

USB Safeguard is available as a single executable file named usbsafeguard.exe’. It’s only about 736k, so it will fit easily on most current USB drives. You’ll find that you actually have to move the usbsafeguard.exe file onto the flash drive before it will run. Once it’s started for the first time, you’ll see the following prompt for a password:

usbsafeguard-1

You can type in your password, or you can use the built in on-screen keyboard by clicking the tiny keyboard icon just above the first password field. You’ll have to enter the password twice to confirm it’s typed correctly.

Next you’ll be asked to save the password in a text file on your hard drive. This is a precaution you might want to take, just in case you forget the password later.

usbsafeguard-2

After that, you’ll get the main interface where you can add files from your flash drive that you want to encrypt. You can add files by dragging and dropping them into the large empty area, or you can use the Encrypt Allbutton to grab everything on the flash drive.

usbsafeguard-3

If you’ve added files by dragging and dropping, you’ll need to hit the Encryptbutton to move to the next step. Here’s what it looks like while it’s encrypting your files.

usbsafeguard-4

After it’s finished encrypting, the original files will need to be removed. The following screen gives you several options for dealing with them.

usbsafeguard-5

Here’s what it looks like when you are deleting files:

usbsafeguard-6

Now when you look at the files on the flash drive, you’ll only see the usbsafeguard.exe file and the encrypted archive named image.dsk. That single image file could contain hundreds of files if that’s what you want in it. The size of you flash drive is the only limitation.

usbsafeguard-7

In order to get your files back out, all you have to do is run the usbsafeguard.exe file and supply the password. You’ll see all the files listed and you can select them and decrypt(unpack) the ones you want.

Here are three other file encryption tools we’ve written about:

Keep USB Data Encrypted With SafeHouse Explorer
Encrypt and Hide Data on Flash/USB Drive with Rohos Mini Drive
TrueCrypt | A FREE file encryption utility that is useful too

Techie Buzz Verdict:

This is a good solution for protecting files. I’m not very happy with the main interface that’s used to drag and drop files into. I think it might be more useful if it was more like a Windows Explorer file browser. That said, I plan to keep a copy of it.

Techie Buzz Rating: 3/5 (Good)

Quickly Scan Any File with 40 Different Antivirus Engines

VirusTotal-icoThere are several online services that will allow you to check files for viruses or malware by uploading the files from your computer. One reason you might use one of these services is that you have downloaded a new program and you want to know if it’s safe to install on your computer. One of the services that I use most often is called Virus Total’.

Virus Total is a free, independent service that will analyze uploaded files with around 40 different antivirus engines. Here is the current list:

AhnLab (V3)
Antiy Labs (Antiy-AVL)
Aladdin (eSafe)
ALWIL (Avast! Antivirus)
Authentium (Command Antivirus)
AVG Technologies (AVG)
Avira (AntiVir)
Cat Computer Services (Quick Heal)
ClamAV (ClamAV)
Comodo (Comodo)
CA Inc. (Vet)
Doctor Web, Ltd. (DrWeb)
Emsi Software GmbH (a-squared)
Eset Software (ESET NOD32)
Fortinet (Fortinet)
FRISK Software (F-Prot)
F-Secure (F-Secure)
G DATA Software (GData)
Hacksoft (The Hacker)
Hauri (ViRobot)
Ikarus Software (Ikarus)
INCA Internet (nProtect)
K7 Computing (K7AntiVirus)
Kaspersky Lab (AVP)
McAfee (VirusScan)
Microsoft (Malware Protection)
Norman (Norman Antivirus)
Panda Security (Panda Platinum)
PC Tools (PCTools)
Prevx (Prevx1)
Rising Antivirus (Rising)
Secure Computing (SecureWeb)
BitDefender GmbH (BitDefender)
Sophos (SAV)
Sunbelt Software (Antivirus)
Symantec (Norton Antivirus)
VirusBlokAda (VBA32)
Trend Micro (TrendMicro)
VirusBuster (VirusBuster)

They keep those engines up to date with the latest virus signatures, and they also offer detailed results from each engine in their reports. Virus Total is available in nearly two dozen languages.

To use this service, you simply visit the web page, click on the file upload button, select the file and wait for it to upload. Once the file is uploaded, you will often have to wait a few minutes for the scan results to appear. If you think that sounds pretty easy to do, you are correct. However, Virus Total now offers an even easier method, the Virus Total Uploader.

After you install the Virus Total Uploader [Windows Only] on your PC, you can right click on a file, then Send tothe Virus Total site.

virus-total-uploader-context-sendto-menu

After a few seconds, your web browser will open up to show you the results of the antivirus tests from Virus Total.

That’s not the only trick that the Uploader has for you. When you launch it from your Start menu, you’ll see three other upload options in it’s interface:

virus-total-uploader-main-interface

  • upload a file by choosing it’s process name
  • select a file by browsing to it’s location
  • type in the URL of a file on the web

Go to the Virus Total Uploader page to get it.

Techie Buzz Verdict:

Having a good antivirus program installed on your PC is a must have. The ability to double check files using 40 different antivirus engines is not required, but it sure is nice to have. If you’d like to try this application, I recommend it.

techiebuzzrecommendedsoftware1

Techie Buzz Rating: 4/5 (Excellent)

Encrypt Your Files Quickly with AxCrypt

axxcrypt-ico [Windows Only] ÀxCrypt is a free and open source (FOSS) application that lets you quickly encrypt multiple files with a password. There are many free encryption utilities out there and some of them may be as good or better. However, AxCrypt is sure to be handy even if you don’t use encryption very often, since it comes with a portable version named AxCrypt2Go. You can always use the portable version on any PC without the need to install it.

For those who need to encrypt files often, AxCrypt integrates it’s actions into the Windows right click menus. It also allows you to create self-decrypting executable files (encrypt copy to EXE). The self-decrypting files allow anyone to open them up, as long as they have the correct password. It’s safe to send AxCrypt files using email, since AES-128 encryption is used, and it’s not likely that anyone will be able to crack your files open.

Here are some snapshots and descriptions of AxCrypt:

1. When you start installing AxCrypt, you will first have to agree to the GPL license.

axcrypt-snaphot1

2. You can disable any features you don’t want, using the custom setup screen.

axcrypt-snaphot2

3. One drawback at this point is that I didn’t see any way to tell the app where I wanted it to install at on my hard drive.

axcrypt-snaphot3

4. Once it’s installed, the first thing it shows is a prompt asking for an email address. Don’t worry, you don’t have to if you don’t want to. So far, AxCrypt has over 1,805,250 registered users.

axcrypt-snaphot4

5. Now it nags you if you didn’t supply an email address. Did they learn this trick from Microsoft? I wonder how many software engineers think that this really adds any value to the application.

axcrypt-snaphot5

6. Nothing seems to happen after that, but now whenever you right click on a file or folder, you’ll see that you have more options under the "AxCrypt" menu item. Everything needed to use AxCrypt is in there. As you can see, it has some very nice features and functions.

axcrypt-snaphot6

7. If you select "Encrypt", you’ll be prompted for a password.

axcrypt-snaphot7

8. If you select either of the two check-boxes, AxCrypt will remember your password when it’s encrypting or decrypting files.

axcrypt-snaphot8

9. Here you can see me getting ready to encrypt two music files.

axcrypt-snaphot9

10. Once they are encrypted, the files will have an "AXX" file extension.

axcrypt-snaphota

11. If you right click on them again and choose "Rename" in the AxCrypt menu, it will rename them so that nobody can figure out what was in those files. When you decrypt those files using AxCrypt, it remembers what the file names were and puts them back the way they were before.

axcrypt-snaphotb

12. To get the portable version of AxCrypt, I opened up the Program folder and copied the AxCrypt2Go.exe file onto my flash drive. In order to test it, I un-installed AxCrypt from my PC and tried to use AxCrypt2Go to decrypt some files. It worked fine, and now I don’t need to keep AxCrypt installed on my computer. I will simply keep AxCrypt2Go stored away until I need it. It’s only 486k in size.

axcrypt-snaphotc

AxCrypt will work on most PCs running Windows 2000/XP/Vista or later. AxCrypt has built in translations for English, Danish, Swedish, German, Dutch, Hungarian, Spanish, French, Italian and Norwegian.

Download AxCrypt

Techie Buzz Verdict:

I discovered that AxCrypt is very easy to use when it’s installed on your PC. However, the portable version definitely needs work. You can only navigate from the left folder view. If you click on any file or folder in the main (right hand) view, it opens the file or folder in it’s associated program. To encrypt or decrypt, you have to right click on the files. Once you’ve figured that out, I think you’ll find that it’s worth keeping.

Techie Buzz Rating: 3/5 (Good)

India: a Potential and Emerging Cybercrime Hub and Target

“Symantec Global Internet Security Threat Report” collects cybercrime and vulnerability data from across the globe and analyzes it to produce near-perfect cybercrime reports. The 100 page report generated from 2009 just came in and the most pressing issue according to it is that criminal activities over the Internet, termed as cybercrime has started moving to emerging countries.

Two countries in focus in these reports are Brazil and India. The Internet is a global entity and the lack of awareness has put India into that report. China, which was included in the last report has evolved and is now much more aware regarding the Internet.

Not only this, India is also a soft target in cybercrime. India serves as the best testing bed for hack attacks and more than 4/5th of hacks in India originated in other countries. There is a high broadband penetration but the awareness of safe usage is absolutely zero. People are still happy winning those lotteries and screensaver and are willingly giving away potential personal information.

India ranks #5 in cybercrime and serves 788 bots each day.  Out of these, Mumbai, India’s largest city also claimed the largest bot activity of 50% in the country. Also, there are at least 62,623 bot infected computers in India.
(Via: PCMag)

Flawed MacAfee Update Kills Windows XP Systems Worldwide

Windows XP users, be warned. If you are using McAfee Antivirus, then do not apply DAT update 5958. Apparently, this update causes McAfee to delete svchost.exe, which in turn sets off a chain of events that ends up messing up Windows XP installations. Affected systems will display the following error message and automatically initiate a system restart.

McAfee-XP-ShutDown

If you have already installed DAT update 5958, then it is best to perform a rollback (from Tools–>Rollback DAT). In the meantime, exercise caution if you get any alerts related to the detection of W32/Wecorl.a. In all likelihood, it is a false positive that can brick your system. If case your system has already been affected, you can stop the infinite restart loop by entering shutdown a in the Run command box (Win+R).

Bungled McAfee updates are nothing new. However, this is obviously a big screw up. At the moment, McAfee is undoubtedly working behind the scenes to rush through a fix. However, even that may be too late, as possibly thousands of perplexed users worldwide have already been affected by this glitch.

image courtesey: ChevyGuys.com

Update: The update has now been pulled from McAfee’s servers. Here is the statement McAfee issued to Engadget:

McAfee is aware that a number of customers have incurred a false positive error due to incorrect malware alerts on Wednesday, April 21. The problem occurs with the 5958 virus definition file (DAT) that was released on April 21 at 2.00 PM GMT+1 (6am Pacific Time).

Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3.

The faulty update has been removed from McAfee download servers for corporate users, preventing any further impact on those customers. We are not aware of significant impact on consumer customers and believe we have effectively limited such occurrence.

McAfee teams are working with the highest priority to support impacted customers and plan to provide an update virus definition file shortly. McAfee apologizes for any inconvenience to our customers

According to early speculation, the number of affected system should be in hundreds of thousands. At the moment, the very least McAfee can do is acknowledge the gravity of their mistake. Bricking a system is not equivalent to causing moderate to significant performance issues.

Facebook Fails What.app Stanford Test, Twitter and iPhone Pass

In a recent study conducted by What.app, Facebook fails in maintaining standard privacy of its users.

WhatApp is a site that rates the privacy, security and openness of web and mobile applications as well as the various platforms they run on.

What.app uses various analysis tools to rate apps and websites and Twitter and iPhone apps fared well with good scores whereas Facebook was slapped on the face with a score of 2. The total score was five. The results obtained are extrapolated from data obtained from individual apps running on platforms. Facebook was rated based on its apps.

The co-founder of What.App Ryan Calo, who is also a Stanford University Law fellow  says,

I think people are upset because when you download an app, you don’t have any control over what the app developer sees on your profile,says Calo. There’s the perception among users that they don’t need to give away so much information to have the apps do the same thing as they are currently doing.

There were three areas of analysis, namely privacy, security and openness. Facebook scored two in all three. This should not come as a surprise as it simply justifies Mark Zuckerberg’s earlier statement of “privacy is no longer a social norm”.

(Via:Forbes)

Facebook Launches Safety Center For Teens, Parents, Educators and Law Enforcers

Facebook has launched a safety center as part of creating more awareness among it’s users on social security. The safety center has some good tips for teenagers, kids, parents, law enforcers and educators. The purpose of the “Safety Center” section is to educate the users on their profile security, responding to objectionable content and teach the kids to use Facebook in a safer way.

Basically, it’s a “Question Answer board” where users can find answers to common privacy issues and tweaking their profile or application settings. This is how the safety center looks:

facebook-safety-center

Important Facebook Privacy Issues

Profile Personification: This is one of the most common “unfair use” of Facebook. If someone is pretending to be “You” on Facebook and trying to personify your profile, head over to this page at the Facebook Safety center and you will see the step by step procedure to take action.

Photos: Suppose someone posted or tagged you in a photo but you don’t like the image and want to remove it from Facebook. The person who tagged you never responds to your request to remove a particular image from his/her profile. In such situations, here is the help page to get started.

facebook-help-page

Inappropriate Content: Suppose an unknown friend starts posting objectionable photos or started an abusive group about you or your organization. The first step to be done is to delete the person from your friend list. However, to ensure that the profile is completely removed and the group is shut down, head over to this page and take the required actions as described.

The safety center acts as a knowledge base on the serious security and privacy issues of Facebook users. Sure, it’s a positive step taken to encourage and respect personal privacy of users and looks like Facebook wants no stone unturned to deliver maximum user satisfaction.

Firefox 3.6.3 Patches Pwn2Own Flaw, Back to Security

Mozilla has released a quick update to its flagship Firefox Browser. This release 3.6.3 fixes the security flaws exploited at the Pwn2Own contest. The security flaw discovered at Pwn2Own affected only Firefox 3.6and later versions directly.

firefox-logo

The Mozilla Security Advisor had added this flaw to their website writing,

A memory corruption flaw leading to code execution was reported by security researcher  Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint’s Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object.

This flaw was address on April 1st, 2010 by Nils who also happens to be a security researcher. Mozilla has been quick in responding to this zero day exploit. The exploit of this flaw was a big challenge in itself, it being a zero day flaw.

To get the latest secure version of Firefox which has a fix for this flaw, go to Help -> Check for Updates and install the latest suggested release.

Google Chrome – The Last Browser Standing

The Hackathon is over and the only browser left standing is Google Chrome. This is the second consecutive year that Google has managed to leave the competition unscathed. In fact, according to TheNextWeb, this time around no one even attempted to hack Chrome.

Google obviously went into the competition well prepared. It fixed as many as 11 flaws just ahead of the competition. However, so did Apple, which recently pushed through 16 patches for Safari. Safari’s fall also proves that there is more to Google’s success than its lowly market share.

In fact, given that Google Chrome had managed to survive last year’s Pwn2Own, most people expected hackers to be gunning for it this time around. Google credits its sandboxingtechnique , which forces processes to run in a restricted environment, for Chrome’s success. While, sandboxing might be the key behind Chrome’s outstanding security track record, it definitely isn’t the sole contributor. Even Internet Explorer 8 utilizes sandboxing (Protected Mode), yet it fell quite easily.

Google-Chrome-Sandboxing

Google built Chrome from the ground up with focus on security and speed and their efforts are certainly paying off. It is the only major browser, which is yet to be surmounted in the Pwn2Own contest. That alone is a laudable feat.

New Free Virus Removal Tool from McAfee – Fake Alert Stinger

flying_wasp [Windows Only] McAfee is well known for it’s antivirus software, and you usually have to pay for their protection. They offer the free Stinger tool to help people clean out PCs that have been crippled by virus and trojan attacks.

fake-alert-scanner

There is no installation required. Just download it and run it. It works on all Windows PCs as far as I know.

I normally download a fresh copy of Stinger onto a USB flash drive or CD before I go off to help my friends with bug problems.

In addition to the standard Stinger, there’s a new version of Stinger out now called FakeAlert Stinger. It’s designed to specifically target multiple varieties of the FakeAlert trojans, such as, Kryptik, AVP Security, Fakespypro, Winwebsec, Antivirus Soft and XPSpy.

FakeAlert applications are a form of ScareWare that pop up fake warnings which attempt to trick you into running their scans and buying their premium products. It’s a huge money-making scam that’s been very effective against new PC users.

Download McAfee Stinger and FakeAlert Stinger

Notes: There are many other antivirus and anti-malware tools that can help you clean up an infected PC. Last year, Keith wrote about an application which will Remove Fake Antivirus from Your System. If all else fails and the PC is really trashed, I’ve got an article describing how to Run AntiVirus on a PC That Will Not Boot.

Techie Buzz Verdict:

techiebuzzrecommendedsoftware1 There are two versions of McAfee Stinger. Both are very good, and there’s no reason not to use both of them when you need to clean up an infected PC. I have used Stinger for years and I’ve never had an issue with it. I only wish it was Open Source, so that more people could contribute to it’s effectiveness.

Techie Buzz Rating: 4/5 (Excellent)

100,000 People Are Now Using Immunet Protect AntiVirus

Is 100,000 a big number by the standards of the Internet? No, it’s not. However, the people at Immunet might disagree. To them, this is very likely a much anticipated milestone.

My fellow author Tehseen first wrote about the Immunet Protect service in August of last year. At the time, only a few thousand people were using it. Immunet is a cloud (internet based) service that is constantly connected and stays up to date against the most recent bugs. Here’s what Immunet says about it:

Imagine for a moment that you could leverage the computers of your friends, family and a worldwide global community to harness their collective security. Every time someone in this collective community encounters a threat everyone else in the community gains protection from that same threat in real time.

I recently wrote about trying Immunet as an addition to your regular antivirus. Since then, I’ve started using it as my only active antivirus. I do occasionally run ESET’s online scanner.

This afternoon when I booted up my netbook, this is what I saw above my task tray.

immunet-protect-100k

Congratulations to the Immunet Protect team on crossing 100,000 users. You can tweet them at @immunet to offer your toasts to them as well.

Note: I only recommend this free AntiVirus service as an addition to your existing protection. That said, I don’t always take my own advice.

More information:  https://immunet.com/protect

Vodafone Admits That 3000 HTC Magic Handsets Were Distributed With Virus

Vodafone has finally decided to come clean. In a stark departure from their original claim, Vodafone has now admitted that as many as 3000 brand new HTC Magic handsets (sold in Spain) might be infected with Mariposa bot client.

Mobile-Virus The incident first came to light when Panda Security spotted Mariposa bot clients in the memory card of a HTC Magic set sold by Vodafone. Initially, the telecom giant tried to dismiss the event as an isolated incident. However, that theory was blown to shreds when Panda Security identified malware infections in another brand new HTC Magic handset purchased from Vodafone’s online website.

Vodafone has promised to get in touch with affected customers and will be providing them a new memory card. It will be providing instructions for how customers can access the free Panda online scan. Additionally, if will offer security suites to anyone whose system has been infected due to the memory device.

Mistakes can happen, but as far as mistakes go, distributing malware to thousands of users is amongst the more serious kind. It is nice to see Vodafone taking responsibility for their mistake and trying to redeem the situation. However, they still have some explaining left to do. What we really want to know is – How did this happen?

Image credit: Novarider.com

Hey Vodafone! You Better Buy a Virus Scanner

Vodafone, you screwed up. And, it was not an isolated incidence, as you would have us believe. Now admit it, and get your act together.

Mobile-VirusEarlier in the month, Panda Research had uncovered a Mariposa bot client in a brand new handset delivered by Vodafone. This unsettling revelation received widespread media coverage and prompted an employee of the Spanish IT security company S21Sec to scan his own phone. You have probably guessed the result by now. Yeah, much to his surprise, he found malwares on his own phone.

The HTC Magic handset in question is brand new and was ordered from the official Vodafone website. Analysis by the Panda Research team revealed that the handset was infected on March 1st, 2010, approximately a week before the handset was delivered by Vodafone.

A second occurrence is particularly unsettling because it indicates that the problem might be more widespread than initially reported. Vodafone has already pulled the HTC Magic, but they still have plenty of explaining to do.

Image credit: Novarider.com