The phrase download internet security takes on a new meaning every month when Patch Tuesday comes around and people can see how alert Microsoft is when it comes to combating the latest virus threats.

And the latest Patch Tuesday, which allows computer users to download internet security patches in order to correct bugs, has proved a particularly big one. In this set, 14 alerts have been issued, with eight being rated ‘critical’ and the other six as ‘important’.

The most significant of these alerts that have been announced, affect Word, .NET, SMB Server, , MPEG Codecs and XML Core Services. As usual, the latest release also includes the most recent number of fixes that have been issued for Internet Explorer. Also included in this latest bulletin was a fix to solve the vulnerability with .lnk files, that has been causing a number of problems.

Coinciding with the release of the entry, Microsoft also wrote a blog entry describing and covering each of the most important fixes that were issued.

Adobe has also released some fixes; out of the three that were released, two were rated as ‘critical’ and one as ‘important’. This release – which had been timed to arrive at the same time as Patch Tuesday – was vital for fixing risky problems with Flash Player and Flash Media Server. As well as this, they release an important HotFix for ColdFusion.

Reader, a piece of software from Adobe, will have an emergency update released for it next week. Users will have to wait until this is issued before the vulnerabilities can be dealt with. In the mean time, any user who wishes to chose the alternative for viewing PDFs – Foxit Software – will have to update for a vulnerability that has affected a number of Apple iPhone users. The vulnerability is not, however, extended to Adobe users.

Users that download internet security patches are doing so to ensure that their computers remain safe from the host of vulnerabilities and dangers that are being created and released constantly.

Guest Article by Neil Camp

Software giant Microsoft has been accused of making a stealth download via one of its recent security patches.

Stealth downloads involve an unwitting computer user downloading code onto their machine without knowing of its transmission. It is sensitive subject in the computer security industry, as this is one of the main ways that malware is delivered onto people’s computers. It is a practice abhorrent in the industry and so for a leading company like Microsoft to be accused of such actions, has caused some embarrassment.

Allegedly, along with its regular Patch Tuesday security update, Microsoft bundled a Bing toolbar add-on. The stealth download adds the Bing toolbar to both the Mozilla Firefox and Internet Explorer browsers. And it does so without the users permission.

News of the stealth download was reported by technology blog Ars Technica. It stated that the Search Enhancement Pack update actually loaded the Bing toolbar onto those users who had installed the Windows Live Toolbar, or MSN bar, onto their Firefox and Internet Explorer browsers.

An apparently unabashed Microsoft told another tech news site, The Register, when questioned about the stealth download, that the problem arose because of a bug in the update file. It has, said Microsoft, now been fixed. They went on to explain the update, via the Search Enhancement Pack, was only supposed to work on those users with a Windows Live toolbar, MSN toolbar and a Bing Bar.

A spokesman said:
“We fixed the update so that going forward folks who still have only the older Windows Live Toolbar or MSN Toolbar will not see this behaviour anymore.”

So that’s alright then! Industry experts are a little less understanding and some have questioned Microsoft’s real intentions behind their stealth download tactics.

Microsoft was also in the news for suing an alledged spammer. Target of the lawsuit is Connecticut spammer Boris Mizhen. He is alledged to have sent unwanted emails to Microsoft customers and for gaming Hotmail’s spam filter. Mizhen is named in the legal action, as are several of his companies.

This is not the first time that Mizhen and Microsoft have locked horns. He was sued by the Seattle software giant in 2003 for sending spam to the web-based Hotmail service. The case then ended in a settlement with Mizhen paying out a reported $2 million and an agreement not to send anymore spam to Hotmail customers.

As regards the new, alledged campaign, Mizhen’s associates are keen to point out that these new messages were not spam and that many Hotmail users had moved them from their junk folders to their inboxes. Fair enough, although it’s thought by some that Mizhen and his companies alledgedly created the accounts which did this.

This has opened up the whole debate as to how successful spam filters are, especially those that rely on user feedback to judge the criteria of spam. Such techniques as whitelisting, blacklisting and Bayesian filtering are some of the ones used to recognize and filter out spam. Because these techniques are well known, they can be abused by spammers intent on ‘fixing’ the system and allowing their spam to get through.

Guest Article by Neil Camp

Microsoft has been busy issuing security patches (also known as security bulletins) in a fast and furious way over the last few days, with security patches also coming from Adobe and Apple.

Microsoft sent out ten alerts which covered 34 separate vulnerabilities and these came together with a number of other updates and additional fixes. Only three of these security patches were ‘critical’ and they affected media decompression, ActiveX and their web browser, Internet Explorer.

Adobe has recently had to fix a long line of weaknesses with security patches in their product line-up and the latest was uncovered in the Flash Player. This effects multiple platforms and will also create impacts on the Adobe Reader and version Nine of the Acrobat. Although a fix has been issued, not all elements are covered and some platforms will have to wait for help.

Security patch experts say that the older versions of the PDF handling software are safe from the problems. Those users of Reader and Acrobat are being told they can work around the problem, but they have to make inoperative, delete, or rename the component called ‘authplay.dll.’ This provides the Flash function within the PDF documents.

As well as Microsoft and Adobe, Apple has also had its fair share of security patch problem fixing. They have had some problems with their latest version of the Safari browser which is said to have numerous issues inherited from older versions. Not least is a long-discovered weakness which enables malicious sites to harvest history data from the Safari browser.

Computer security officials are again warning computer users to accept security patches sent by the creator of the software in order to protect themselves against all manner of malware programmes.

And they stress that only those security patches from reputable, known companies should be downloaded. A common tactic is to trick computer users into thinking that they need a patch, only to find that it is in effect a malicious programme.

Guest Article by Neil Camp

Top malware in May according to computer security company BitDefender is an Autorun trojan.

May’s top malware goes by the name of Trojan.AutorunInf.Gen and represents just over 13% of all global malware. It’s designed to use external hard drives, memory cards and flash drives to spread malware. And although Microsoft may have discarded its Windows Autorun feature from its latest operating systems and from Vista SP2, early versions are still vulnerable.

Next on the top malware list for May is the infamous Kido, or Conficker, which goes by the tag of Win32.Worm.Downadup. This nasty virus takes a bow for around 6% of global infections and attacks a Windows vulnerability. It spreads via local network computers and stops users trying to access Windows updates and security companies web pages. Latest versions of Windows has removed the vulnerability, but people using older operating systems should ensure that they have updated their operating systems and anti-virus applications.

In third place and close behind the Conficker on the top malware list is another Trojan which accounts for some 5% of all infections. It’s official name is Trojan.FakeAV.KUE and it’s based on JavaScript code. It creates anti-virus scams and the malware gets hosted either on sites that unknowingly carry the virus, or malicious sites. Once people download this type of malware, it triggers various fake alerts offering rogue antivirus software.

Coming fourth is the May top malware list is Win32.Sality.OG. It’s the only file infector virus in the top ten and it’s a device which appends its encrypted code to executable files (.exe and .scr binaries). It does this by deploying a rootkit which kills any antivirus applications on the computer. This means that it remains undetected and unable to carry out its malicious tasks.

In the fifth place is a new one to the top malware charts. It’s a Trojan and is responsible for a tad over 2% of infections. Called the Trojan.Swizzor.2, it acts as a pathfinder for a number of other pieces of malicious software.

BitDefender’s top malware chart for May includes:

1. Trojan.AutorunINF.Gen 13,24%
2. Win32.Worm.Downadup.Gen 5,84%
3. Trojan.FakeAV.KUE 5,11%
4. Win32.Sality.OG 2,68%
5. Gen:Variant.Swizzor.2 2,12%
6. Trojan.Autorun.AET 2,02%
7. Gen:Heur.Krypt.24 2,01%
8. Worm.Autorun.VHG 1,97%
9. Gen:Variant.Rimecud.2 1,91%
10. Exploit.PDF-JS.Gen 1,76%

One things is for sure, try to avoid any of the top malware for May.

Guest Article by Neil Camp

News agency Reuters is reporting that the FBI has started an investigation into the recent security breach of the iPad which resulted in the leak of personal information about AT&T customers.

And the names leaked included a number of senior US Government officials, celebrities and businessman.

The attack on the iPad was first announced by the website Gawker. It reported that a group going by the name of Goatse Security had succeeded into hacking into AT&T’s subscriber data, obtaining the sensitive details from about 100,000 email addresses.

AT&T admitted the attack and said that the flaw had been corrected and what’s more, that only those email addresses which had a security weakness had been exposed by the hackers. AT&T didn’t comment on the role of the FBI.

A less shy FBI spokesman said: "The FBI is aware of these possible computer intrusions and has opened an investigation to address the potential cyber threat.”

Observers see this as a passing embarrassment for AT&T and by no means a crippling blow. The general feeling was amongst security professionals that the breach was not catastrophic and that it had little to do with the iPad’s basic set-up. Furthermore, others pointed out that whenever Government and VIP addresses get hacked, the Feds usually get a call and have to be seen to be pro-active.

AT&T has the exclusive US rights to carry the iPad and the iPhone. This exclusivity hasn’t won it many friends in certain quarters of a jealous industry. There are also subscribers who complain about the quality of the AT&T network.

This won’t dent the incredible success already experienced by the iPad, already selling over two million units worldwide since its launch in April. And the iPad is being seen as Apple’s major battering ram to enforce its international growth strategy. Last month Apple over took its rival Microsoft to become the world’s most valuable technology stock.

Rival models to the iPad are expected soon from Dell and Hewlett Packard, although experts see them playing a game of catch-up.

Guest Article by Neil Camp

It has been announced that Virus Bulletin tests have just been completed on its largest number of anti-malware products yet.

Virus Bulletin tests were run in April 2010 on 60 products and 20 were failed, including those from Microsoft, Norman, Frisk and FortiNet whose products put up for examination failed to make the acceptable grade.

The Virus Bulletin tests threw-in a number of wobblies, including how well the products detected complex polymorphic viruses and also, some products produced false alarms on clean files. Some of these failing this test were products from major companies, with Adobe, Google, Microsoft and Sun in the firing line.

Some 40 products did pass the Virus Bulletin tests though and were awarded the VB100 certification.

The Virus Bulletin tests’ Anti-malware Test Director John Hawes said: “We put a huge range of products through their paces this month, and saw the usual problems with detection of complex viruses and false alarms on common software, with some splendid performances from some and pretty dire showings from others.

“It was pretty shocking how many crashes, freezes, hangs and errors we encountered in this test. XP has been around for a long, long time now and is still the world’s most widely used computing environment – so developers should be producing rock-solid software for it time after time. I’m sure any user who sees their system brought to a halt by their security software will vote with their feet and take their custom elsewhere.”

The Virus Bulletin tests have been going for about ten years and a detailed breakdown of the results are available to subscribers of the service. Virus Bulletin take various computer security products and subject them to a series of stringent tests against a range of malware which are on the WildList. This list is made up of the most up-to-date malware programmes known to be worrying the world’s computers. The Virus Bulletin tests involve making sure that the products under review have to be able to 100%  detect malware on the WildList. They also must not generate any false alarms when inspecting a clean set of files.

This process makes the Virus Bulletin tests and their VB100 Certification Scheme an important product accolade in the industry and consumer sector.

Guest Article by Neil Camp

A recent announcement from the software giant Microsoft sets out to dispel what they believe is a common myth, that software piracy is a victimless crime.

They point to a survey which was published at the end of 2009 by the Business Action to Stop Counterfeiting and Piracy (BASCAP) and which showed that most people think that: a) the counterfeit software business to be harmless; and b) as no-one gets hurt, it can’t be viewed as being unethical.

Microsoft believe that these commonly held views are wrong and in an attempt to try and right the impressions out there, and to help people know what to look for when buying legitimate software and thereby avoiding counterfeit versions, they have created five myths of software piracy.

Myth One. What’s the problem, afterall, software piracy isn’t a serious crime, is it?

Yes it is. Microsoft highlight the fact that police throughout the world have apprehended criminals setting up their own plants to first create illegal copies of the software and then distribute it via sophisticated criminal networks, mostly in poorer countries with few intellectual property laws. In other words, it’s big business.

And the huge profits involved go straight back to organised crime gangs and syndicates. Microsoft give an example of co-operation between themselves and the Chinese authorities in 2007 which saw a Chinese-based gang in the dock after they had been caught running a counterfeiting operation which was estimated to have distributed some $2 billion worth of counterfeit software to 36 countries across five continents. Eleven members of the gang were put behind bars for an average of six years.

Myth Two. This sort of software piracy doesn’t hurt anyone, does it? Well, yes it does, mainly because counterfeit software pedalled by criminals not only leaves computer users vulnerable to external virus attack, but the counterfeit software can actually contain malicious code already in-built. And these malicious code implants are creating large-scale botnets which together are used to distribute, unknowingly to the user, vast quantities of email spam.

Microsoft point to information from a German anti-piracy solutions company which discovered that following downloading a huge number of pirated copies of Windows software, over 30% of them were found to contain malicious code.

Myth Three. It’s all a matter of cost. You can get pirated software far cheaper than the genuine article. Wrong. It’s an ironic fact that counterfeit software is often sold at the market price, in other words, the same as the genuine article and in some cases, more than the genuine software.

Even if it can be bought at a lower price point, people don’t really think about the cost of recovering from a virus. Some estimates suggest that for a home user, the cost of suffering a virus attack can quickly add up to over a thousand dollars, even discounting the fact that some cybercriminal may have used malicious code to syphon a persons’ bank account dry. And if you extrapolate that cost across a company, the cost of using pirated software could run into the tens of thousands.

Myth Four. That most people who buy counterfeit software are fully aware that the product is a fake and what they are most looking for, is a good deal. Not so say Microsoft.

The sad truth is that most people buying counterfeit software have no idea that they are being conned. And they are in effect the subject of a fraud. And it’s not so easy these days to spot a fake, so Microsoft have put together some buying tips for consumers.

First and foremost is the question, are you buying from a reputable outlet, be it online, or offline? A traditional shop can be a little easier to scope out (main high-street retailers would be in serious trouble if they were selling counterfeit goods), but when it comes to online resellers, it’s a little harder. So ask around, see who can be trusted and who might sound too good to be true. And when you’re buying from a reseller, Microsoft provides some handy pointers.

Ask yourself if your reseller can confirm that their software would pass a Windows Genuine Advantage online validation test. Furthermore, is a Certificate of Authenticity included. And, along the same lines as the previous point, is a hologram CD, or DVD included. Indeed, is recovery media included. A dead give away of course, say Microsoft, is the state of the packaging. Does it look of a high quality and is the supporting documentation of high quality as well. Finally, have a look to see if an End-User License Agreement is included.

Final myth, number five, is that obviously software piracy is so rampant, that nothing can be done and consumers can’t really do anything to stop it. Wrong. Microsoft, the same as many other software developers, rely on the goodwill and co-operation of many of its customers to help spot fraudulent copies of its various applications. In fact, there have been thousands of enforcement actions actually based on tip-offs from customer and other bodies. The point being that anyone who has been tricked into buying fake software, is a very unhappy person indeed and are more than happy to make the feelings felt.

So there you are – keep in mind those five myths and remember, be careful out there.

Guest Article by Neil Camp

The online leak of the Microsoft free tool which helps law enforcement agencies to retrieve forensic evidence in the first ‘rush’ of a crime scene is perhaps not as serious as first thought.

This site ran a story a while back which announced that Interpol’s Global Security Initiative (GSI), which focusses on international security challenges, has been given free use of Microsoft’s Computer Online Forensics Evidence Extractor (hence COFEE) to help the fight against cyber crime.

COFEE help scene of the crime officers gather computer evidence in-situ and quickly. This type of evidence is regarded as volatile and not as efficiently collected as traditional forensic evidence. Microsoft hoped that by giving Interpol, and others, COFEE, it would go a long way to help combating the spread of cyber crime.

But reports from various sites online say that Microsoft does not regard the leak as a major leak. It is said to be investigating the circumstances behind it, but pointed out that COFEE is fundamentally an application which contains a collection of digital forensic tools which are common throughout the world. In other words, it is not ‘secret’ code which will unlock forensic tricks and techniques for the criminal community.

What’s more, those in the know said that the leaked version of COFEE was incomplete, with maybe less than 50% of the programme out there. Which leads watchers of the saga to the conclusion that COFEE is about procedure and technique in the heat of the incident, rather than a magical code which allows the police to get the upper hand.

Indeed, some experts have stated their disappointment that COFEE was not better than they had expected. Some went as far as to suggest that other similar programmes on the market would do a better job.

Some cynics have also stated that maybe Microsoft is deliberately downplaying the incident to avoid any embarrassment over its leaking which is not a great advertisement for the company, or the product. Also, others have challenged Microsoft’s relaxed attitude, given that maybe some criminals could learn from the leak and adapt their browsing and internet use accordingly.

Guest Article by Neil Camp 

Along with Symantec and McAfee, and a whole host of other computer security companies, BitDefender has announced that its new line-up of products which are compatible with Microsoft’s new operating system Windows 7.

BitDefender’s products – including Total Security, Internet Security and Antivirus – have all received certification ensuring that they work with Microsoft Windows 7. And they claim they provide customers with enhanced security, as well as innovative user interface features and reliability improvements.

The 2010 BitDefender line-up includes a number of new features:

• optimised scanning improvements
• active Virus Control
• first-ever usage profiles
• key system enhancements which is aimed at providing industry-leading proactive protection against all internet security threats, without slowing PC performance.

Ross Brown, Vice President of ISV and Solutions Partners for the Worldwide Partner Group at Microsoft, said:
“Our ISV community is alive with innovation, and we’re committed to helping our partners drive the next generation of software experiences. Adding compatibility for the latest Microsoft operating systems helps ISVs to stay ahead of the competition and give their customers access to cutting-edge technologies.”

Vince Hwang, BitDefender Global Director, Product Management, said:
“Working together with Microsoft to achieve this certification allows BitDefender to meet the changing needs of our customers and provide the very best in security solutions to our users. These include intuitive user interfaces with usage profiles that cover anyone from gamers to parents, as well as improved security and reliability features including Active Virus Control, an innovative technology that monitors programs running on a user’s computer and detects malware-like actions as they execute.”

BitDefender claims to be the creator of one of the industry’s fastest and most effective lines of internationally certified security software.

The Company’s Antivirus 2010 product BitDefender Antivirus 2010 has also just received AV-Comparatives’ top certification level for its quality of performance. In all, some 16 antivirus products were tested by AV-Comparatives in August. They sought to find out which software had the highest detection rates and lowest false positives.

Viorel Canja, BitDefender’s head of antimalware lab, said:
“We are particularly pleased with this achievement as it is further proof that BitDefender provides the highest level of protection. The test shows that on this occasion we have outperformed our rivals in terms of false positive ratings with the lowest number of occurrences.”

Guest Article by Neil Camp

Reports form the BBC suggest that Google’s Gmail and Microsoft’s Hotmail have been under siege from phishing attacks which have targeted thousands of service users in an industry wide scheme.

Both Google and Microsoft have moved to stem any damage. Users of Yahoo and AOL email services were also hit.

The BBC stated that they were shown two lists which contained the name and passwords of 30,000 people who use Gmail, Hotmail, Yahoo and AOL email services. And the lists were said to have been posted on the web for anyone to access.

Google told the BBC that only 500 of its customers had been named, although it said a third list was in existence, but declined to give numbers.

A Google spokesperson said:
“We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including Gmail accounts.

“As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.”

Google appeared keen to highlight that the scheme did not actually breach Gmail security, but involved a none too uncommon scam which persuaded people to give away their personal information to cyber criminals.

A phishing scheme is one which usually involves bogus emails purporting to be from a bona fide organisation which invites recipients to send back their personal details, log-in usernames and secure passwords. And despite frequent warnings from the organisations themselves and computer security experts not to give away personal details to anyone, phishing attacks remain very successful in their simplicity and ruthlessness. Most are based on a good copy of a bona fida email and most introduce an element of bullying into their message: act now, or account will be closed down.

This particular scheme started when 10,000 Hotmail addresses were posted online at Pastebin, a website mostly used by developers to share code. But that was just the start, with a further 20,000 names being uploaded which contained e-mail addresses and passwords from Hotmail, Yahoo, AOL, Gmail and other service providers.

Although some of the details were old, or indeed fake, many were genuine.

A Microsoft spokesperson said:
“Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software.”

A person from Yahoo reiterated the rest, urging its customers to “…
take measures to secure their accounts whenever possible, including changing their passwords…”

Computer security industry experts called for the providers to do more to educate their customers as regards the dangers of such phishing attacks.

Guest Article by Neil Camp