Microsoft has been busy issuing security patches (also known as security bulletins) in a fast and furious way over the last few days, with security patches also coming from Adobe and Apple.

Microsoft sent out ten alerts which covered 34 separate vulnerabilities and these came together with a number of other updates and additional fixes. Only three of these security patches were ‘critical’ and they affected media decompression, ActiveX and their web browser, Internet Explorer.

Adobe has recently had to fix a long line of weaknesses with security patches in their product line-up and the latest was uncovered in the Flash Player. This effects multiple platforms and will also create impacts on the Adobe Reader and version Nine of the Acrobat. Although a fix has been issued, not all elements are covered and some platforms will have to wait for help.

Security patch experts say that the older versions of the PDF handling software are safe from the problems. Those users of Reader and Acrobat are being told they can work around the problem, but they have to make inoperative, delete, or rename the component called ‘authplay.dll.’ This provides the Flash function within the PDF documents.

As well as Microsoft and Adobe, Apple has also had its fair share of security patch problem fixing. They have had some problems with their latest version of the Safari browser which is said to have numerous issues inherited from older versions. Not least is a long-discovered weakness which enables malicious sites to harvest history data from the Safari browser.

Computer security officials are again warning computer users to accept security patches sent by the creator of the software in order to protect themselves against all manner of malware programmes.

And they stress that only those security patches from reputable, known companies should be downloaded. A common tactic is to trick computer users into thinking that they need a patch, only to find that it is in effect a malicious programme.

Guest Article by Neil Camp

Top malware in May according to computer security company BitDefender is an Autorun trojan.

May’s top malware goes by the name of Trojan.AutorunInf.Gen and represents just over 13% of all global malware. It’s designed to use external hard drives, memory cards and flash drives to spread malware. And although Microsoft may have discarded its Windows Autorun feature from its latest operating systems and from Vista SP2, early versions are still vulnerable.

Next on the top malware list for May is the infamous Kido, or Conficker, which goes by the tag of Win32.Worm.Downadup. This nasty virus takes a bow for around 6% of global infections and attacks a Windows vulnerability. It spreads via local network computers and stops users trying to access Windows updates and security companies web pages. Latest versions of Windows has removed the vulnerability, but people using older operating systems should ensure that they have updated their operating systems and anti-virus applications.

In third place and close behind the Conficker on the top malware list is another Trojan which accounts for some 5% of all infections. It’s official name is Trojan.FakeAV.KUE and it’s based on JavaScript code. It creates anti-virus scams and the malware gets hosted either on sites that unknowingly carry the virus, or malicious sites. Once people download this type of malware, it triggers various fake alerts offering rogue antivirus software.

Coming fourth is the May top malware list is Win32.Sality.OG. It’s the only file infector virus in the top ten and it’s a device which appends its encrypted code to executable files (.exe and .scr binaries). It does this by deploying a rootkit which kills any antivirus applications on the computer. This means that it remains undetected and unable to carry out its malicious tasks.

In the fifth place is a new one to the top malware charts. It’s a Trojan and is responsible for a tad over 2% of infections. Called the Trojan.Swizzor.2, it acts as a pathfinder for a number of other pieces of malicious software.

BitDefender’s top malware chart for May includes:

1. Trojan.AutorunINF.Gen 13,24%
2. Win32.Worm.Downadup.Gen 5,84%
3. Trojan.FakeAV.KUE 5,11%
4. Win32.Sality.OG 2,68%
5. Gen:Variant.Swizzor.2 2,12%
6. Trojan.Autorun.AET 2,02%
7. Gen:Heur.Krypt.24 2,01%
8. Worm.Autorun.VHG 1,97%
9. Gen:Variant.Rimecud.2 1,91%
10. Exploit.PDF-JS.Gen 1,76%

One things is for sure, try to avoid any of the top malware for May.

Guest Article by Neil Camp

News agency Reuters is reporting that the FBI has started an investigation into the recent security breach of the iPad which resulted in the leak of personal information about AT&T customers.

And the names leaked included a number of senior US Government officials, celebrities and businessman.

The attack on the iPad was first announced by the website Gawker. It reported that a group going by the name of Goatse Security had succeeded into hacking into AT&T’s subscriber data, obtaining the sensitive details from about 100,000 email addresses.

AT&T admitted the attack and said that the flaw had been corrected and what’s more, that only those email addresses which had a security weakness had been exposed by the hackers. AT&T didn’t comment on the role of the FBI.

A less shy FBI spokesman said: "The FBI is aware of these possible computer intrusions and has opened an investigation to address the potential cyber threat.”

Observers see this as a passing embarrassment for AT&T and by no means a crippling blow. The general feeling was amongst security professionals that the breach was not catastrophic and that it had little to do with the iPad’s basic set-up. Furthermore, others pointed out that whenever Government and VIP addresses get hacked, the Feds usually get a call and have to be seen to be pro-active.

AT&T has the exclusive US rights to carry the iPad and the iPhone. This exclusivity hasn’t won it many friends in certain quarters of a jealous industry. There are also subscribers who complain about the quality of the AT&T network.

This won’t dent the incredible success already experienced by the iPad, already selling over two million units worldwide since its launch in April. And the iPad is being seen as Apple’s major battering ram to enforce its international growth strategy. Last month Apple over took its rival Microsoft to become the world’s most valuable technology stock.

Rival models to the iPad are expected soon from Dell and Hewlett Packard, although experts see them playing a game of catch-up.

Guest Article by Neil Camp

It has been announced that Virus Bulletin tests have just been completed on its largest number of anti-malware products yet.

Virus Bulletin tests were run in April 2010 on 60 products and 20 were failed, including those from Microsoft, Norman, Frisk and FortiNet whose products put up for examination failed to make the acceptable grade.

The Virus Bulletin tests threw-in a number of wobblies, including how well the products detected complex polymorphic viruses and also, some products produced false alarms on clean files. Some of these failing this test were products from major companies, with Adobe, Google, Microsoft and Sun in the firing line.

Some 40 products did pass the Virus Bulletin tests though and were awarded the VB100 certification.

The Virus Bulletin tests’ Anti-malware Test Director John Hawes said: “We put a huge range of products through their paces this month, and saw the usual problems with detection of complex viruses and false alarms on common software, with some splendid performances from some and pretty dire showings from others.

“It was pretty shocking how many crashes, freezes, hangs and errors we encountered in this test. XP has been around for a long, long time now and is still the world’s most widely used computing environment – so developers should be producing rock-solid software for it time after time. I’m sure any user who sees their system brought to a halt by their security software will vote with their feet and take their custom elsewhere.”

The Virus Bulletin tests have been going for about ten years and a detailed breakdown of the results are available to subscribers of the service. Virus Bulletin take various computer security products and subject them to a series of stringent tests against a range of malware which are on the WildList. This list is made up of the most up-to-date malware programmes known to be worrying the world’s computers. The Virus Bulletin tests involve making sure that the products under review have to be able to 100%  detect malware on the WildList. They also must not generate any false alarms when inspecting a clean set of files.

This process makes the Virus Bulletin tests and their VB100 Certification Scheme an important product accolade in the industry and consumer sector.

Guest Article by Neil Camp

A recent announcement from the software giant Microsoft sets out to dispel what they believe is a common myth, that software piracy is a victimless crime.

They point to a survey which was published at the end of 2009 by the Business Action to Stop Counterfeiting and Piracy (BASCAP) and which showed that most people think that: a) the counterfeit software business to be harmless; and b) as no-one gets hurt, it can’t be viewed as being unethical.

Microsoft believe that these commonly held views are wrong and in an attempt to try and right the impressions out there, and to help people know what to look for when buying legitimate software and thereby avoiding counterfeit versions, they have created five myths of software piracy.

Myth One. What’s the problem, afterall, software piracy isn’t a serious crime, is it?

Yes it is. Microsoft highlight the fact that police throughout the world have apprehended criminals setting up their own plants to first create illegal copies of the software and then distribute it via sophisticated criminal networks, mostly in poorer countries with few intellectual property laws. In other words, it’s big business.

And the huge profits involved go straight back to organised crime gangs and syndicates. Microsoft give an example of co-operation between themselves and the Chinese authorities in 2007 which saw a Chinese-based gang in the dock after they had been caught running a counterfeiting operation which was estimated to have distributed some $2 billion worth of counterfeit software to 36 countries across five continents. Eleven members of the gang were put behind bars for an average of six years.

Myth Two. This sort of software piracy doesn’t hurt anyone, does it? Well, yes it does, mainly because counterfeit software pedalled by criminals not only leaves computer users vulnerable to external virus attack, but the counterfeit software can actually contain malicious code already in-built. And these malicious code implants are creating large-scale botnets which together are used to distribute, unknowingly to the user, vast quantities of email spam.

Microsoft point to information from a German anti-piracy solutions company which discovered that following downloading a huge number of pirated copies of Windows software, over 30% of them were found to contain malicious code.

Myth Three. It’s all a matter of cost. You can get pirated software far cheaper than the genuine article. Wrong. It’s an ironic fact that counterfeit software is often sold at the market price, in other words, the same as the genuine article and in some cases, more than the genuine software.

Even if it can be bought at a lower price point, people don’t really think about the cost of recovering from a virus. Some estimates suggest that for a home user, the cost of suffering a virus attack can quickly add up to over a thousand dollars, even discounting the fact that some cybercriminal may have used malicious code to syphon a persons’ bank account dry. And if you extrapolate that cost across a company, the cost of using pirated software could run into the tens of thousands.

Myth Four. That most people who buy counterfeit software are fully aware that the product is a fake and what they are most looking for, is a good deal. Not so say Microsoft.

The sad truth is that most people buying counterfeit software have no idea that they are being conned. And they are in effect the subject of a fraud. And it’s not so easy these days to spot a fake, so Microsoft have put together some buying tips for consumers.

First and foremost is the question, are you buying from a reputable outlet, be it online, or offline? A traditional shop can be a little easier to scope out (main high-street retailers would be in serious trouble if they were selling counterfeit goods), but when it comes to online resellers, it’s a little harder. So ask around, see who can be trusted and who might sound too good to be true. And when you’re buying from a reseller, Microsoft provides some handy pointers.

Ask yourself if your reseller can confirm that their software would pass a Windows Genuine Advantage online validation test. Furthermore, is a Certificate of Authenticity included. And, along the same lines as the previous point, is a hologram CD, or DVD included. Indeed, is recovery media included. A dead give away of course, say Microsoft, is the state of the packaging. Does it look of a high quality and is the supporting documentation of high quality as well. Finally, have a look to see if an End-User License Agreement is included.

Final myth, number five, is that obviously software piracy is so rampant, that nothing can be done and consumers can’t really do anything to stop it. Wrong. Microsoft, the same as many other software developers, rely on the goodwill and co-operation of many of its customers to help spot fraudulent copies of its various applications. In fact, there have been thousands of enforcement actions actually based on tip-offs from customer and other bodies. The point being that anyone who has been tricked into buying fake software, is a very unhappy person indeed and are more than happy to make the feelings felt.

So there you are – keep in mind those five myths and remember, be careful out there.

Guest Article by Neil Camp