The Blog All About Spyware

Vista security overview: too little too late

2007-02-20T23:39:00.001-05:00

By Thomas C Greene in Dublin
Published Tuesday 20th February 2007 20:30 GMT

Review Microsoft has gone out on a limb to promote Vista not merely as "the most secure version of Windows ever" (every recent version is marketed with that tired slogan), but for the first time as an adequately secure version of Windows. "We've got the message and we've done our homework", the company says. So let's see if the reality lives up to the marketing hype.

As Billg likes to point out, Windows is the platform on which 90 per cent of the computing industry builds, and this naturally means that it's the platform on which 90 per cent of spyware, adware, virus, worm, and Trojan developers build. That translates into 90 per cent of botnet zombies, 90 per cent of spam relays, 90 per cent of spyware hosts, and 90 per cent of worm propagators. In a nutshell, Windows is single-handedly responsible for turning the internet into the toxic shithole of malware that it is today.
Click here to find out more!

That's not going to change any time soon, no matter how good Vista's security might be, but a version of Windows with truly adequate security and privacy features would certainly be a step in the right direction.

And indeed, there have been improvements. For one thing, IE7, at least on Vista, is no longer such a dangerous web browser. It may still be the buggiest, the most easily exploited, and the most often exploited browser in internet history, and probably will be forever, but it has become safer to use, despite its many shortcomings. This is because MS has finally addressed IE's single worst and most persistent security blunder: its deep integration with the guts of the system.
Browser woes

At last, MS has, in a sense, sandboxed IE on Vista. In IE7's new protected mode (Vista only), which is enabled by default, IE is restricted from writing to locations outside the browser cache without the user's consent, even if the user has admin privileges. IE is essentially denied write access to the wider file system and to much of the registry. Hallelujah.

To oversimplify this, IE7 protected mode runs as a low-integrity process which is restricted to writing to corresponding low-integrity locations, where rights are minimal. A process started from such a location would have very low rights, as would each child process it spawns. This helps to reduce the impact of malware on the system overall. However, there is a brokering mechanism that enables users to download files to any location they have access to, or to install browser plugins and extensions, and the like. So users are still invited to make a mess of their systems, and no doubt many will, while Microsoft has a chance to shift blame away from itself.

However, IE7 on Vista does still write to parts of the registry in protected mode. And it appears to write to parts that MS says is won't (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/IETechCol/dnwebgen/ProtectedMode.asp). The company says that "a low integrity process, such as Internet Explorer in Protected Mode, can create and modify files in low integrity folders". We are assured that such low integrity processes "cannot gain write access to objects at higher integrity levels". And again, MS emphasises that a low integrity process "can only write to low integrity locations, such as the Temporary Internet Files\Low folder or the HKEY_CURRENT_USER\Software\LowRegistry key".

So I tested this assurance. I ran IE in protected mode, typed a URL into the location bar and went there. Then I opened regedit, and searched for a string of text from that URL.

Sadly, IE7 is still stashing typed URLs in the registry, and not in the ...\LowRegistry location, either. I found them in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs (if you want to fix this, navigate to the key in the left-hand pane of regedit and right click, and choose permissions. Deny permission for each account. That ought to delete all the entries and take care of all related keys in one go).

No doubt one of those brokering mechanisms decided to write to that location, because a URL hardly carries the risk of causing malicious activity. So it's "safe", at least to some. But I wasn't asked if IE could write anything there. It was done automatically. And this behaviour does carry a security risk, if, like me, you think that user privacy and data hygiene are at all related to computer security. Surely, users should not have to hack their registry merely to purge their browser's data traces once and for all.

Next, there is IE7's anti-phishing filter gimmick. I disabled it almost immediately. It's very showy and it says, "Message: We Care", but I found it more irritating than actually helpful. I think a lot of users will disable it, and trust their instincts instead. Remember, if you put your mouse pointer over a link, the actual URL will be displayed in the status bar. The link may say Bank of America, but if the actual URL is http://123.231.123.231/bankofamerica.com/u/0wn3d/dummy/ then it should be pretty clear that it's a dodgy link.

IE7 also has a handy menu for deleting your history, cookies, cache, and so on. This is similar to the Mickey Mouse privacy utility in Firefox (http://www.theregister.co.uk/2007/01/30/firefox_makes_steady_progress/). Remember that these data traces are not securely wiped, but merely deleted. They remain on your HDD until they happen to be overwritten. Firefox will let you delete all that stuff automatically each time you exit; IE won't: you have to do it manually. And remember, with IE your typed URLs are in the registry, where they definitely don't belong, and this utility won't purge them. Oh, and you have to enable User Account Control (UAC) for IE's protected mode to work. Not everyone is going to want to do that, as we will see later.

IE sorely needs cookie and image management like Mozilla's, allowing third-party or offsite cookies and images to be blocked, and allowing users to set all cookies to be deleted on exit. IE won't let you set cookies to be deleted on exit, but will happily block cookies from websites that don't have a "compact privacy policy", a meaningless cookie policy statement (http://msdn.microsoft.com/workshop/security/privacy/overview/createprivacypolicy.asp) that any malicious website could easily have. But this is something MS has been involved with, so they're all excited about it, even though it's rubbish. Unfortunately, they force users to depend on it, which is worse rubbish.

The default security settings for IE are basically sensible and I would change only a few, and this is the first time I've ever said that. I would tighten things up just a bit, disabling MetaRefresh, disabling "Launching programs and files in an IFRAME", disabling "websites in less privileged web content zone can navigate into this zone", and disabling Userdata Persistence. Otherwise, IE7 on Vista offers a decent compromise between security and usability. The privacy conscious are, as always, encouraged to use Mozilla for browsing instead, and leave IE in its default configuration, to be used solely for manual sessions with Windows Update.
Spambuster?

Next up, we have the successor to Outlook Express, called Windows Mail. I always considered Outlook Express to be hands down the worst email client ever devised. Windows Mail is a little better. There now are half-decent junk mail controls and, of course, the famous anti-phishing filter. Email memos are now stored as individual files instead of in a database file, which means they can be searched faster, and email contents will show up in the Windows main search, which is either very handy, or a privacy nightmare, depending on what you get up to with your email. This type of storage also makes it easier for you to nuke messages with a wipe utility, either by wiping free space after deleting, or wiping them manually if you have the patience.

However, junk mail controls are awkward. Flagging memos as spam is a hassle; you do this in a list above the preview pane with the right mouse button, and then select from a list of actions. This can be quite tedious if you get a lot of spam, because one can't select several emails for the same action. There really ought to be a junk button that one can use to mark memos as spam and delete them with a single click, as there is with Thunderbird. It would be nice if the default rule for such a junk button were to be blocking the sender, rather than the sender's domain. One can always block a troublesome domain manually if need be.

Interestingly, an email from Microsoft Press Pass - a mailing list of self-congratulatory press releases for tech journos - was automatically flagged as spam. I find it hard to disagree with that call.

Memos can be displayed as HTML with all the risky stuff, such as online images and scripts, blocked. And Windows Mail doesn't give you a hard time about displaying all memos as plain text, which I recommend. Or rather, it displays lightly formatted text; you don't get the raw text as you do with Kmail, so links show up as they would in HTML, with the actual URL hidden. Now, with IE7, such links show up in the status bar as the full URL when you mouse over them, but in Windows Mail they don't. This should be fixed, because otherwise one is stuck relying solely on Microsoft's anti-phishing filter gimmick.

While not security related, I will note briefly that there is no undelete button or Edit menu option to undo a deletion, for those of us who tend to delete first and ask questions later.
Click yes to continue

Data Execution Prevention (DEP) is a feature from XP SP2 that shuts down programs that handle memory oddly, and it is now set to full on by default. It works with address space layout randomisation, a new feature in Vista that loads some system code in unpredictable memory locations to defend against buffer overflow attacks. Both are very good ideas, and should help reduce the impact of malware to some extent.

However, DEP, when full on, may cause a number of applications to crash, or interfere with their installation. I'm betting that a majority of users will opt for the more conservative setting, and this of course means less defense for everyone.

User Account Control (UAC) is another good idea, because it finally, finally, finally allows the machine's owner to work from a standard user account, and still perform administrative tasks by supplying admin credentials as needed on a per-action basis. You know, the way Linux has been doing it forever.

This is one way of helping protect a multi-user system from being loaded with malware by users, and for ensuring that any malware on the system runs with reduced privileges. When you are in a user account, and you wish to perform an administrative task, you will be prompted for the required credentials. Aside from the prompt, the GUI shell will be disabled during this time, to help prevent certain kinds of privilege escalation attacks where the GUI shell or elements of it are spoofed by malicious software.

Of course, it only works if everyone stays out of the admin account as much as possible, and if everyone with an admin password knows better than to install a questionable program with admin privileges. And there's the catch: "Windows needs your permission to install this cleverly-disguised Trojan nifty program. Click Yes to get rooted continue."

So you see that, here again, MS's security strategy involves shifting responsibility to the user.

UAC is all well and good in theory, but here's the problem: it's never going to work. And the reason why it's never going to work is because MS still encourages the person who installs Vista (the owner presumably) to run their machine with admin privileges by default. I was delighted, when I set up Vista for the first time, to be presented with an opportunity to set up a "user" account. But moments later, when I saw that I was not invited also to create an admin account, I knew that the "user" account I had just set up was indeed an admin account. And so it was.

Until MS gets it through their thick skulls that a multi-user OS needs a separate admin account and a user account for the owner, and that the owner should be encouraged to work from a regular user account as much as possible, UAC will never work as intended.

In fact, UAC is the most complained-about new feature of Vista, and most people are disabling it as soon as possible. Why? Because MS still encourages the owner to set himself up as the admin, and work from that account. And when you're running in an admin account, UAC is nothing but a bother. Every time you try to take an action, and this could be as simple as opening something in Control Panel, UAC disables your screen and pops up a little dialog asking you if you really want to do what you just did. A pointless irritant that will cause the vast majority of Vista users to disable UAC, because the vast majority of Vista users will, unfortunately, be running as admins, thanks to MS's stubborn refusal to try to put everyone into a user account to the extent possible.

And once UAC is disabled, all of its security enhancements are lost. Yes, the basic idea is good, but the implementation has been completely bungled.
A few irritating details

The default folder view options could be improved for the security conscious user. One should definitely not hide file extensions, as the default file view has it, because it is possible to spoof icons and use bogus extensions that can make executables appear to be other than they are. Yes, UAC and DEP are supposed to help with this, but DEP will be set to its lower setting, and UAC will be turned off, on the vast majority of Vista boxes, for reasons we've already discussed. And since it's very likely that you will still be running your Windows box as an admin, if you're going to open a file with Windows Explorer, you'd better look to see whether or not it's an executable, because it will run with your privileges. So, at a minimum, the folder view should default to showing file extensions.

As usual, Windows enables far too many services by default. It would be a tremendous help if MS could somehow use its many wizards to enable only the services needed for each bit of hardware or software installed. That would take some effort on Microsoft's part, and on the part of device and software vendors, but the alternative so far has been to leave every single bell and whistle blaring. Unnecessary services waste RAM, and worse, those related to networking are a needless target for worms and other online attacks.
Data hygiene

The start menu now offers the option of not storing or displaying a list of recently-accessed files and programs. This used to be a real nightmare for data hygiene. Finally, it's fixed.

Oh wait; it's not fixed. In fact, things just got a lot worse. There is the new "Recently Changed" directory, which will show up as one of your "Favourite Links" in the left-hand column of your home or user directory, and in Windows Explorer. And guess what: all the files you've been fiddling with recently will show up in it. Its contents are identical to the "Recent Documents" folder that Microsoft let you think you had shut off.

But worse, the contents of your recently-changed directory will not show up in main search, even if you use advanced search, and search "everywhere". So you might not even know it's there. And still worse, you can't empty this directory without deleting all of the files it points to. You can empty your "Recent Documents" folder, and only the pointers or links will be gone; you don't lose the actual files. But with this new gimmick, you've got an archive of all the files you've looked at, regardless of where you've buried them in the file system hierarchy in hopes of keeping prying eyes off them, and you can't empty it unless you want to say goodbye to the files themselves.

The worst part of this is that by offering the option to disable the list of recent files, MS has given users a false sense of privacy and security. The reality is that privacy and data hygiene are even more difficult than before. What a blunder.
Child safety first

Now there is some good news, finally. Vista ships with parental controls that are reasonably easy to implement. You can set up accounts for the kiddies, and prevent them using all sorts of programs, like email, chat, and IM, or even deny them internet access altogether if they're too young. One thing that I like is the ability to prevent the little porn fiends from downloading files via IE7. But remember, if you have any other browsers loaded on the system, you must disable them all individually via the parental controls, because download blocking only works with IE.

The whole setup is sensible and allows for fine-tuning depending on each child's level of maturity and responsibility. And parents can schedule regular reports on their children's internet use.

Now, parental controls and filtering are all well and good, but we should beware of any false sense of security they might encourage. In a recent Today Show interview (http://www.youtube.com/watch?v=p6TcxNjK7Kc) (video), Billg dilated glowingly about Vista's new parental control centre; but we should remember that it's merely a tool, not a solution. Parental controls are not a substitute for adult supervision. The internet is adult space, and so it should remain. Nothing sends my blood pressure into aneurysm territory faster than talk of legislation that would make the internet safe for children. The internet has been created by adults for adults, and children venturing online simply have got to be supervised, either by a parent or by a mature and responsible older sibling. Filtering is not a panacea.
Package deal

Now, for the Vista Security Centre. This has been controversial, involving MS in skirmishes with security software vendors who claim that Vista's built-in product is anti-competitive.

I'm not sure why anyone would worry. The Security Centre doesn't do very much except remind users, "Message: We Care". It's a little craplet with a stereotypical icon that looks like a shield, and it simply informs you of whether or not the firewall is on, whether or not you've got anti-virus software installed, and so on. It is integrated with an improved version of the malicious software removal tool, or anti-spyware tool, in the form of Windows Defender.

There's nothing much in Security Centre that XP SP2 doesn't have, except a warning that you've turned off UAC. It's something that one might wish to run or consult after installation, and maybe once a month thereafter. But it's on all the time, ready to harangue you, and it's rather difficult to make it go away.

It doesn't contain AV software, but a query for further information on virus issues will bring you to this web page (http://www.microsoft.com/athome/security/update/windowsvistaav.mspx), where MS recommends the vendors it thinks are ready to handle Vista (McAfee is notably absent). Nor does it have a packet filter (firewall) with many features. It's not too bad to configure, but third-party packet filters offer many more options in terms of notification and controlling individual applications. I noticed one exception in the default firewall configuration that I didn't care for, for allowing remote assistance. I don't think that should be allowed unless you're actually using remote assistance.

Windows Defender is certainly better than nothing; it monitors files for changes that can indicate malicious activity, and searches for known spyware. It is also integrated with IE7 to some extent. However, what constitutes spyware is a judgment call, and it's never a bad idea to use more than one anti-spyware/anti-adware product, in hopes that one will pick up what another overlooks. (And WD does seem to miss (http://www.theregister.co.uk/2007/02/20/anti-spyware_tests/) an awful lot of spyware.) I certainly wouldn't recommend depending solely on Windows Defender. But it's nice that it's there.
In a nutshell

So, what have we got here? An adequately secure version of Windows, finally? I think not. We have got, instead, a slightly more secure version than XP SP2. There are good features, and there are good ideas, but they've been implemented badly. The old problems never go away: too many networking services enabled by default; too many owners running their boxes as admins and downloading every bit of malware they can get their hands on. But MS has, in a sense, shifted the responsibility onto users: it has addressed numerous issues where too much was going on automatically and with too many privileges. But this simply means that the owner will be the one making a mess of their Windows box.

Data hygiene is still an absolute disaster on Windows. In fact, it's worse than it ever was in some ways, and that's very bad indeed. Browser traces still in the registry, heavy and complicated indexing to improve search, new locations where data is being stored. It all adds up to a privacy nightmare. Keeping a Vista box "clean" is going to be impossible for all but the most knowledgeable and fastidious users.

So don't rush out to buy Vista in hopes of getting much in return security-wise. I do like some of the changes, at least in theory, or as a decent platform on which to build an adequately secure version of Windows one day. But that day, if it ever comes, will be well in the future. ®

Windows Defender spyware-blocking under fire (again) (20 February 2007)
http://www.theregister.co.uk/2007/02/20/anti-spyware_tests/
Vista security overhaul questioned (19 February 2007)
http://www.theregister.co.uk/2007/02/19/vista_uac/
Vista first look: Bugs and confusion (14 February 2007)
http://www.theregister.co.uk/2007/02/14/pricey_beta_bugger/
How to install a Vista upgrade on any PC (12 February 2007)
http://www.theregister.co.uk/2007/02/12/cheap_vista_for_everyone/
The Fear biz is the computer security biz (11 February 2007)
http://www.theregister.com/2007/02/11/computer_security_fearmongering/
Symantec: Microsoft conflict of interest is damaging internet (7 February 2007)
http://www.theregister.co.uk/2007/02/07/symantec_thompson_microsoft/
Gates: protect Windows Vista users with IP (6 February 2007)
http://www.theregister.co.uk/2007/02/06/gates_rsa/
Microsoft enters the anti-virus bear-pit (9 October 2006)
http://www.theregister.co.uk/2006/10/09/av_market_analysis/

© Copyright 2007

Windows Live Messenger ads serve up malware

2007-02-20T23:38:00.001-05:00

Rogue banner ads slip through safety net
Tom Sanders in California, vnunet.com 21 Feb 2007

Microsoft's Windows Live Messenger client for several days has displayed banner ads that attempted to install malware on user's systems.

Microsoft has acknowledged the incident and has removed the offending advertisements.

"We apologize for the inconvenience and are reviewing our ad approval process to reduce the chance of an occurrence such as this happening again," Whitney Burk, a PR manager with Microsoft said in an emailed statement.

The banners inside the Windows Live Messenger advertised Errorsafe, an application that claims to detect and repair computer problems. The software is notorious because it often gets installed without the user's permission and because it presents false security warnings that are intended to make the user purchase a licensed copy of the software.

Most security vendors list Errorsafe and related software such as Winfixer as a potentially unwanted program or a security risk.

"This is very bad news for users of MSN Messenger, and for MSN and Microsoft, " Sandi Hardmeier, a Microsoft 'MVP' wrote on her Spyware Sucks blog.

Security experts in the past have pointed to banner advertisements as a potential way to distribute malware and exploit software vulnerabilities. They offer malware authors a potential way to post their attack code on trusted, mainstream websites.
The Windows Live Messenger incident further confirms the risk of such attacks.

"I am struggling to express how upset, and disappointed, and worried, I am that this has happened. For years I have been holding up MSN Messenger banner advertisements as an example of how advertisements can be safely served up to end users without putting them at risk of malware."

"Now, everything has changed. Users have been put at direct risk through no fault of their own and they can't avoid the MSN banner advertisements when the contact pane is open without using a third party hack that is ethically wrong to use," Hardmeier concluded.

Microsoft falls victim to shady 'scareware'

2007-02-20T23:36:00.000-05:00

Jeremy KirkTue Feb 20, 10:40 AM ET

Microsoft said it moved quickly to remove a banner advertisement that appeared on its instant-messaging program for a software application that falsely hypes security threats on a user's computer.

"We immediately investigated the reports and removed the offending ads, as this is a violation of our ad-serving policy," wrote Microsoft spokeswoman Whitney Burk, in an e-mail Tuesday.

Last week, computer security analysts noticed two advertisements for Winfixer -- a self-described security program that also goes by the name ErrorSafe -- on Windows Live Messenger.

Security companies have labeled it as a "potentially unwanted program." They believe the program falsely alerts users to problems with their computer and encourages them to purchase the application. It falls into an informally named category of program called "scareware," whose creators try to bully users into downloading their program or face problems with their computer.

Microsoft, which called Winfixer "malware," did not detail how the ads appeared. However, the Center for Democracy and Technology (CDT), a civil liberties and consumer group in Washington, D.C., has investigated how questionable ads promoting spyware and other malicious software have appeared on ad networks.

The incident highlights how even a well-resourced company such as Microsoft can be vulnerable to the vagaries of complex associations of Internet advertising networks.

"There are often a host of parties involved in the advertising chain, making it difficult to track the journey an advertisement takes from its original source to a user's computer," according to a CDT report released last year.

It's extremely hard to police advertisements, as the organizations which supply them could suddenly substitute new ones, said Graham Cluley, senior technology consultant for Sophos, a security software company.

"There remains a risk that advertisements may be vetted and approved when first placed with an advertising network only to be later 'updated' to advertise less savory products," Cluley said. "This isn't just a problem for Microsoft, it's a problem for any company which is delivering advertisements to its userbase."

The U.S. Federal Trade Commission (FTC) has undertaken several actions against companies that have created special programs designed to exploit security vulnerabilities in computers, that -- like Winfixer -- purport to repair the machine.

The Winfixer incident sparks concerns over end-user security and could be especially important for Microsoft. The company seeks to use advertising to subsidize the cost for free services such as Windows Live Mail, formerly Hotmail, and other Web-based services it's using to compete with online offerings from Google Inc.

"For years I have been holding up MSN Messenger banner advertisements as an example of how advertisements can be safely served up to end users without putting them at risk of malware," wrote Sandi Hardmeier, a Microsoft Most Valued Professional and specialist in Internet Explorer, on her blog. "Now, everything has changed. This simply shouldn't have happened."

Winfixer, which sells for around $39.95, has a shady history, experts says. It's a persistent program, constantly popping up on newly-created domains under various aliases, including ErrorSafe, WinAntiVirus and DriveCleaner, said Chris Boyd, security research manager for FaceTime Communications Inc.

The changing names and versions are hard to keep up with for security analysts, let alone for ad network managers who may have no idea of the true nature of the program, Boyd said.

"The suspicions are that it [Winfixer] is a quite sophisticated operation," Boyd said.

At one time, Winfixer was one of several bad programs installed in a bundle by hackers on vulnerable machines, wrote Ben Edelman, a malware researcher and doctoral candidate at Harvard University, on his Web site.

The hackers exploited the Windows Metafile (WMF) problem, a particularly dangerous security hole that appeared in December 2005 and prompted Microsoft to hurriedly issue an off-schedule patch.

As always, users should be careful. "The responsibility ultimately falls on the users to be wary of advertisements which may be selling inappropriate or potentially damaging -- to data or finances -- goods," Cluley said.

Microsoft Takes Aim At Big Piracy Problem

2007-02-20T23:35:00.000-05:00

Patrick SeitzTue Feb 20, 7:00 PM ET

Microsoft is acting to cash in on one of its big opportunities: getting people who are using illegal copies of its software to pay up.

The problem of piracy is nothing new for Microsoft (NasdaqGS:MSFT - News). But the company hopes new incentives it's offering customers will help it recover some revenue it would otherwise lose to pirates.

Under the company's "genuine advantage" program, users of Microsoft's newly released Windows Vista and Office 2007 won't get the full functionality of those products unless they validate their copies online, and this won't work with pirated copies. Only users with legal copies of Windows can download such programs as Windows Defender anti-spyware software or the latest Internet Explorer Web browser and Windows Media Player.

And only users with legal copies of Office 2007 can get extra features such as the ability to save Word documents, Excel spreadsheets and other pages as PDF files. Microsoft originally planned to include the Save as PDF feature in the shipped product, but decided instead to make it a free add-in as an incentive for legitimate users.

Microsoft Chief Executive Steve Ballmer estimates that two-thirds of those using pirated Microsoft software are unaware of it and probably would want to have a legal version.

Send In Receipt

The genuine advantage program is about making it easy for users to know whether they have a genuine copy, says Chris Capossela, corporate vice president of Microsoft's business division product management group. The program gives users incentives to make their copy legal, he says.

In many cases, that incentive is a cheap price, he says. For instance, if customers have a receipt from where they got Office, they can submit that to Microsoft for a free copy. Microsoft then would use the receipt to track down the offending seller.

While Microsoft will now let only legal-software users download non-critical updates, it will still share critical updates, such as security patches, with all Windows and Office users, Capossela says.

"For really critical updates, it's still pretty important for everybody to be able to get those," he said. "It's a really delicate line that we're trying to walk. Because you don't want someone having a terrible experience with the product -- even if they didn't pay for (a legal copy)."

Microsoft is taking the initiative, says Yun Kim, an analyst with Pacific Growth Equities. It's working with personal computer makers in Third World countries such as China to make sure that they don't ship PCs without operating systems. Those machines usually end up running pirated copies of Windows. To avoid that, Microsoft is offering those makers a low-price, stripped-down edition of Windows, Kim says.

Nearly 60 million PCs were sold with pirated versions of Windows during Microsoft's fiscal 2006 ended June 30, the company says.

Half Could Be Pirated

Microsoft also faces a big piracy problem with its Office suite, which includes such popular programs as Word, Excel and PowerPoint.

Microsoft estimates there are 500 million users of Office software, legal and illegal, worldwide. As many as half could be using pirated copies, says Charles Di Bona, an analyst with Sanford C. Bernstein & Co.

"So there's a lot of opportunity there" for recovering lost revenue, Di Bona said.

The Business Software Alliance says 35% of the world's software is pirated. The BSA estimates that software vendors and associated service and support businesses lose at least $50 billion a year to piracy.

Copyright 2007 Investor's Business Daily, Inc.

Independent Research Confirms Allegations That Vista's Anti-Spyware Protection Has Holes

2007-02-20T23:34:00.001-05:00

Monday February 19, 10:04 am ET
An Independent Test of Windows Defender Against Third Party Vendors Demonstrates Why Best of Breed Products Are Still Vital

SAN FRANCISCO--(BUSINESS WIRE)--PC Tools announced today the results of an independent comparison by Enex Testlab of anti-spyware software including Microsoft's own Windows® defender.

PC Tools hired independent testing facility -- Enex Testlab -- to evaluate how Windows Defender stacks up against Spyware Doctor(1) and other third party vendors. The internationally renowned, independent lab has been performing comparison tests for the past 17 years. The lab compared identical threats against a number of leading anti-spyware products throughout 2006 -- Spyware Doctor was the conclusive overall winner.

"We have taken a look at several anti-spyware vendors over time to determine the current level of accuracy against spyware threats in 2006. These results show Vista requires more work to protect users. Third party security vendors -- especially in the area of anti-spyware are still essential components in protecting users," said Matt Tett, Senior Test Engineer for Enex TestLab.

"We have been watching with interest the development of Microsoft's Vista security effort. We know that Microsoft is facing difficult challenges with the broadening scope of dangerous malware attacks while also trying to maintain backwards compatibility and usability. This independent research was designed to show how we compare in combating real-world threats over an extended period of time," said Simon Clausen, CEO of PC Tools.

Research from other security vendors revealed weaknesses in Vista's security -- demonstrating ineffective blocking capabilities, slow definition updates and weak in-built anti-spyware protection. These independent results from Enex Testlab further illustrate how Microsoft must continue to improve the Vista security component to protect consumers.

Recently, a third party vendor chose its own testing sample-set and performed basic tests out of their own threat research lab. They also reported weaknesses in the spyware blocking capability of Windows® Defender.

"While we agree with the overriding conclusion that Vista security is lacking, this approach fundamentally contradicts the laws of statistical analysis, and clearly creates a bias result. By hand-picking the sample-set, it is easy to return results showing whatever you want. It would even be possible to show Vista had 0% blocking ability," Clausen explained.

"We wanted to prove through an independent and unbiased review - where PC Tools did not choose or supply the sample-set, that Vista's anti-spyware protection is in fact inadequate, and could result in a false sense of security to consumers."

According to the aggregate Enex test results for the entirety of 2006, Microsoft Defender's quick scan was able to block only 46.61 percent of dangerous threats while their full scan blocked 53.39 percent. Tested at the same time and using the same sample-set, PC Tools' Spyware Doctor quick scan blocked 83.26 percent and the full scan blocked 88.69 percent receiving the overall number one ranking for the complete year, against Defender, and other leading anti-spyware products.

"These independent results demonstrate that consumers must continue to rely on third party products such as PC Tools' Spyware Doctor(1) to keep them secure from spyware and other malware threats," Clausen said.

(1) Current awards include: PC Magazine Best Anti-Spyware 2005, Editor's Choice 2006; Windows XP Magazine, Editor's Choice; PC Pro Recommended 2006, A List product; PC Answers Editor's Choice 2006; PC Advisor Gold award 2006; PC User 'Top Buy' 2006; Computer Shopper Best Anti-Spyware of 2006.

ABOUT PC TOOLS(TM)

PC Tools is a global software leader with a cache of security and utility products, including the multi award-winning Spyware Doctor(TM). PC Tools is an industry leader in real-time anti-spyware and has a number of key patents pending.

The PC Tools Malware Research Center monitors trends and emerging spyware issues and provides security solutions for the consumer and enterprise marketplace. The company is headquartered in Sydney, with offices in San Francisco, London, Dublin, Melbourne, and Kiev. PC Tools has a global network of distributors, resellers, and retailers.

ABOUT ENEX TESTLAB

With a heritage stemming directly from RMIT University, Enex TestLab provides high quality, independent testing services to government and corporate clients internationally.

Enex TestLab's reputation is founded on independence, rigor, accuracy and the usefulness of our work in saving customers money and reducing their risk. Enex TestLab's testing services have evolved over decades to represent one of the worlds most sophisticated, experienced and creative testing enterprises.

Contact:

PC Tools
Vernon Thompson, 415-547-1806
pr@pctools.com
http://www.pctools.com/

Source: PC Tools

Windows Defender spyware-blocking under fire (again)

2007-02-20T23:32:00.000-05:00

By John Leyden
Published Tuesday 20th February 2007 18:52 GMT

Microsoft's Windows Defender has once again come under criticism for alleged shortcomings in blocking invasive spyware applications.

In tests sponsored by anti-spyware vendor PC Tools, and carried out by independent testing facility Enex Testlabs, Microsoft’s Windows Defender blocked less than half (46 per cent) of current spyware threats, scoring well below third party anti-spyware providers. The findings, published on Tuesday, follow earlier in-house research by security rival Webroot that Windows Defender failed to block 84 per cent of a testing sample-set that included "15 of the most common variations of existing spyware and malware". Threats of various types - including adware, system monitors, key loggers and Trojans - were able to reside on the testing environment undetected by Windows Vista, Webroot reports.

Microsoft has declined to comment on Webroot's criticism and is also staying quiet on the latest reports.

Microsoft's rivals are understandably keen to promote the message that while Vista might be more secure than previous versions of Windows, users still need additional protection from malware threats. Redmond itself isn't up to the job so users ought to continue relying (buying) third-party products, the argument goes.

The problem with both the PC Tools and Webroot's survey is the result of the tests depends on the spyware sample used, who supplies it and the complete objectivity of the testing agency. In the case of the Webroot test, the sample data was "randomly chosen from a database of over 8,000 spyware installation programs that was provided by Webroot" (our emphasis). PC Tools criticised this approach as "hand picking" the sample set. It said PC Tools did not choose or supply the sample-set used by Enex, described as real-world spyware threats circulating in 2006.

According to the aggregate Enex test results for the whole of 2006, Microsoft’s Windows Defender quick scan was able to block only 47 per cent of dangerous threats while their full scan blocked 53 per cent. Tested at the same time and using the same sample-set, PC Tools’ Spyware Doctor quick scan blocked 83 per cent and the full scan blocked 89 per cent better than other unnamed anti-spyware products put through their paces.

However since PC Tools hired Enex to conduct the tests they inevitably carry less authority than would be the case if they were done completely independently.

In the anti-virus world, vendors have agreed to submit to testing against a set of viruses at large on the internet in tests conducted by independent testing houses such as Virus Bulletin and not paid for by any one vendor. The anti-spyware industry hasn't reached this level of maturity.

It's quite possible, for example, that Webroot and PC Tools products might only detect a small proportion of a sample set supplied by Microsoft or McAfee or anyone else. That's not to say these products are ineffective, simply that tests are meaningless until an independently-produced sample is used in tests conducted by wholly disinterested parties.

Until we get to that point anti-spyware tests will be more about marketing than objective product performance assessments. ®

Vista security overview: too little too late (20 February 2007)
http://www.theregister.co.uk/2007/02/20/vista_security_oversold/
Security watchers lambast Vista (5 February 2007)
http://www.theregister.co.uk/2007/02/05/vista_security_criticisms/
Security rivals tried to 'castrate' Vista - Gates (10 November 2006)
http://www.theregister.co.uk/2006/11/10/vista_castration_averted/
Microsoft enters the anti-virus bear-pit (9 October 2006)
http://www.theregister.co.uk/2006/10/09/av_market_analysis/
Share the Vista vision, Microsoft tells security rivals (3 October 2006)
http://www.theregister.co.uk/2006/10/03/mcafee_windows_vista_security_risk/
MS to omit anti-virus from Vista (30 January 2006)
http://www.theregister.co.uk/2006/01/30/vista_security_allchin/
Say hello to Windows Defender (7 November 2005)
http://www.theregister.co.uk/2005/11/07/windows_defender/
US tops poll of spyware purveyors (23 August 2005)
http://www.theregister.co.uk/2005/08/23/webroot_spyware_report/
Spyware scumbags make $2bn a year (4 May 2005)
http://www.theregister.co.uk/2005/05/04/spyware_report/
Anti-spyware group collapses (13 April 2005)
http://www.theregister.co.uk/2005/04/13/coast_collapse/

© Copyright 2007

FTC chief: Pop-ups and adware are bad business

2007-02-20T23:30:00.000-05:00

Corporate America in general ought to do a better job of figuring out where their ad dollars are going
By Robert McMillan, IDG News Service | Wednesday, 21 February, 2007

Over the past few years, dealing with computer crimes and annoyances has become an increasingly important part of the Federal Trade Commission's work. In the past year, the FTC has announced settlements with spammers, adware distributors, and even Sony BMG Music Entertainment, over its distribution of rootkit software.

FTC Chairman Deborah Platt Majoras recently sat down with the IDG News Service to discuss some of the work her organisation is doing to keep the scammers and criminals at bay. She talked about the Sony settlement, the role that online advertisers play in the adware and spyware plague, and whether buried disclosures in licensing agreements really count.

Following is an edited transcript of the interview.

IDGNS: Although there's this perception that much of online criminal activity happens outside of the US, there's actually a lot of money that makes its way to the pockets of US spyware vendors, hosting providers, and even advertisers. What can the FTC to go after the US money?

Majoras: It's a very interesting point. I spoke [recently] to a corporate council. I told them that corporate America in general ought to do a better job of figuring out where their ad dollars are going. Because what we think is happening is that some of the ad dollars are making their way to adware providers who may be providing the software without the consumer's knowledge and consent. And these companies may not even know about it at the end of the day.

If I were a company, I wouldn't think that having a consumer bombarded with pop-up ads advertising my product would be a great way to sell.

We want companies to have a better understanding of where these advertising dollars are going, so in a couple of our high-profile spyware cases, like the one against Zango, we tried to be very public. That's a company that has changed its business model now. They have told us, "We've changed our ways; we're going to do things differently." But the people who hire them need to understand exactly what is going on with this advertising.

IDGNS: Well, you could get their attention if you sued them. Do you think that's likely?

Majoras: That would certainly get their attention. I don't know right now.

IDGNS: You recently settled an action against Sony over its use of rootkit technology to protect copying. That was a case of computer owner's property rights bumping up against the entertainment industry's enforcement of its intellectual property rights. Do you anticipate more of this type of conflict in the future?

Majoras: Yes, we may see some additional collisions, but from our perspective, companies should think about the legal principles that we've developed in the industrial economy and continue to apply them in this new economy.

The principles we applied in the Sony case are not really new and different. It's not that they endeavored to protect their intellectual property, which they're entitled to do, it's that they didn't tell consumers what they were doing. We felt that how a consumer could use the CDs, where the music could be played ultimately, and whether or not their habits were being monitored, those were things that consumers would want to know about before they made their purchase. From our perspective, disclosure to consumers is a first principle.

As we look at principles that we're applying in spyware and the like, the first principle there is, the computer belongs to the user, not to the software distributor. You have to think of it that way.

IDGNS: There is something about the way legal agreements are evolving that offends common sense. I don't think people read most disclosure agreements, and I don't blame them. If you just want to download a plugin or play a CD, is it reasonable to expect someone to read a three-page boilerplate legal agreement?

Majoras: That's a tough issue that you're raising, and an important issue. One of the things that has always been the case, though, is that buried disclosures have never worked and have never been adequate. So if you are burying an important disclosure that's going to make a difference to a consumer, then there's a real question about whether that's a true disclosure.

This is also something that we worry about with some of the spyware legislation that's been proposed. People say that as long as it's disclosed to folks that, "this is what's going to happen," then that may be good enough. We actually had a case in which buried in the EULA was this disclosure that said, "We reserve the right to take over your computer."

But we said there, "No, that is not good enough." That is the type of disclosure that would need to be front and center for the consumer that they really couldn't get past.
Copyright © Fairfax Business Media A Division of John Fairfax Publications Pty Limited, 2006 Privacy Policy

AVG Security Software Named a Leading Alternative Brand By VARBusiness Magazine Readers

2007-02-20T23:26:00.000-05:00

February 20, 2007 10:00 AM Eastern Time

GRISOFT Ranked #1 Alternative Vendor in the Security Software Category

MILBURN, N.J.--(BUSINESS WIRE)--GRISOFT, the developer of AVG Internet security software, has been identified by North American information-technology (IT) solution providers who read VARBusiness magazine as being the top alternative to other security market leaders.

Lawrence M. Walsh, editor of VARBusiness magazine, which covers the business of technology integration, explains that there are numerous reasons why such brands are preferred to category leaders. “Products such as AVG often provide value-added resellers with superior performance, innovative technology and preferential price opportunities,” says Walsh.

GRISOFT’s AVG product line for home, small and medium business users protects against growing Internet-based threats including worms, viruses, Trojans, adware, spyware, spam and keyloggers. AVG Internet Security 7.5 is a comprehensive suite of computer security tools including antivirus and anti-spyware protection, an easy to use personal firewall, a spam filter and anti-phishing tools. Other AVG bundles include AVG Anti-Malware, which combines the latest anti-spyware and antivirus technologies within a single, easy-to-use interface. Network and server editions are also available with remote administration as well as compatibility with the latest operating systems including Windows Vista. All AVG security products include reliable automatic updates and use a low level of computer resources. Free 24/7 technical support is available for all commercial versions.

Larry Bridwell, VP of Global Security Strategies of GRISOFT says: “It is great news for GRISOFT that readers of VARBusiness rank our software as the best choice for resellers and distributors but it is not a surprise by any means. We work closely with our partners and distributors providing them with comprehensive marketing and sales support. We focus similar attention to all AVG commercial version users in the form of worldwide, professional and 24/7 technical support.”

GRISOFT is recognized in the special Feb. 19 “Alternatives” issue of VARBusiness magazine and online at www.varbusiness.com.

About VARBusiness Magazine

For the past 20 years, VARBusiness’ strategic resources have been the gateway to the Solution Provider community. VARBusiness provides strategic insight for technology integrators through industry-defining research, in-depth editorial, channel events and innovative Web services, enabling these IT professionals to make educated decisions for their businesses, partnerships and customers. VARBusiness has been the recipient of numerous industry awards for both editorial content and design. Additional information about VARBusiness products, events and services, is available at its Web site, www.varbusiness.com.

About GRISOFT

www.grisoft.com

GRISOFT is a leading provider of antivirus, firewall protection and security solutions for consumers and SMEs. It is one of the fastest growing companies in the industry with more than 40 million users around the world that rely on GRISOFT AVG products to protect their computers and networks.

Established in 1991, GRISOFT employs some of the world’s leading experts in antivirus software, specifically in the areas of virus analysis and detection, software development, and antivirus support. GRISOFT award-winning products are distributed globally through resellers and the Internet as well as via AVG Anti-Virus Software Developer’s Kit (SDK) to interested partners.

Contacts
PR@vantage for GRISOFT
Fran Bosecker, 845-536-1416
fbosecker@pr-vantage.com
or
GRISOFT, Inc.
North American Marketing
Jim Gildea
jgildea@grisoft.com

PC help: Prolonged shutdown

2007-02-20T23:25:00.000-05:00

Get your computer to close down more quickly
Tim Smith and Anthony Dhanendran, Computeract!ve 20 Feb 2007

Q My computer takes a very long time to shut down; I have time to make a coffee between clicking on Start, then Shut Down, and waiting for the Close down dialogue box to come up on the screen. It then takes several minutes before the computer actually closes down. Can anything be done?
Brian Wadsworth

A Lengthy shut-downs are often caused by rogue programs clogging up the computer or by a single program failing to shut down properly. These rogue programs could be spyware or adware, or they could simply be genuine software that is clashing in some way with another piece of software.

Firstly, make sure that the computer is free of viruses, adware and spyware by running full scans with your anti-virus program and the appropriate cleaning tools. Try Ad-Aware and SpyBot if you don’t have your own programs already.

The next thing is to get rid of any programs that you’re not using. Click on Start, then Control Panel (or Settings, then Control Panel) and select Add or Remove Programs. Browse through the list and select a program that you installed but no longer use. If a program looks unfamiliar, it may be a system program, so it’s best to leave it as it is.

However, once you find any programs suitable for removal, click on Remove and follow the prompts. Do this for any similar entries.

Finally, check the Notification Area at the bottom-right of the screen for icons you might not need – right-click any you don’t need and click on Close or Exit. Do this one at a time, and if the PC shuts down quicker after this, that indicates which program is holding things up. This can be removed, or contact the maker for a possible fix.

ESET NOD32 Rated Fastest Antivirus on Microsoft Vista

2007-02-20T23:23:00.000-05:00

(Newswire Today) — Dubai, UAE, United Arab Emirates, 2007-02-20 - ESET, the leader in proactive threat protection, today announced that ESET NOD32 Anti-virus received its 42nd VB100 award in the February 2007 Virus Bulletin Comparative Review.

NOD32 was rated the fastest in comparative testing of 15 antivirus products running on Microsoft Windows Vista Business Edition (32-bit). ESET further extended its nine-year track record as the vendor with the most VB100 awards.

"ESET is one of the first security vendors in the world to offer a Microsoft Vista compatible antivirus solution. Our award-winning NOD32 solution, which works as a single integrated engine to offer the best unified anti-threat system, provides real-time protection from known and unknown viruses, spyware and other malware. The 42nd VB100 award is a testimonial of ESET's commitment towards offering the fastest and most effective antivirus solution to its customers," said Mr. Neo Neophytou, Managing Director at ESET Distribution Middle East.

“Over the past nine years, ESET has achieved 42 Virus Bulletin VB100 awards, more than any other vendor,” said John Hawes, of Virus Bulletin. “In this most recent Comparative Review, not a single miss or false positive gives ESET another perfect score, and NOD32’s ever-impressive speed makes it a top performer on the Vista platform.”

“We’re pleased to be celebrating our 42nd VB100 win, a milestone that underscores NOD32’s unparalleled proactive detection across a range of platforms,” said Andrew Lee, chief research officer at ESET, LLC. “Hands down, ESET is the fastest antivirus solution on Windows Vista. NOD32 is a top performer that delivers the most advanced technology for combating malware in a fast and easy-to-use product.”

High-performance, low-impact ESET NOD32 Antivirus software offers consumers and businesses comprehensive protection in a product designed to automatically update behind-the-scenes without impacting other applications, so users always have the most current protection available. ESET NOD32 Antivirus version 2.7 utilizes ThreatSense® technology, a sophisticated detection system based on advanced heuristics, to proactively identify previously unknown viruses, Trojans, spyware, rootkits and phishing attacks in real time. ThreatSense is built into NOD32’s single scanning engine to provide comprehensive protection so users do not need to rely on additional point solutions for spyware and adware protection. NOD32 runs on both 32 and 64-bit versions of Windows Vista.

To learn more about emerging threats and what businesses and consumers can do to protect themselves, ESET has produced a podcast series available on iTunes or at the ESET website.

VB100 Overview
The VB100 award was first introduced in 1998. In order to display the VB100 logo, an antivirus product must have demonstrated in tests that:
• It detects all In the Wild viruses during both on-demand and on-access scanning
• It generates no false positives when scanning a set of clean files
• The product must fulfill these criteria in its default state

About ESET Distribution Middle East
ESET Distribution Middle East is the Regional Business Development Center of ESET NOD32 Antivirus for the Middle East. Founded in 1992, ESET is a global provider of security software for enterprises and consumers. ESET’s multiple award-winning, anti-threat software, NOD32, provides real-time protection from known and unknown viruses, spyware and other malware. NOD32 offers the smallest, fastest, and the most advanced protection available, with more Virus Bulletin 100% Awards than any other antivirus product. ESET was named in Deloitte’s Technology Fast 500, for four years running, and has an extensive partner network, which includes corporations like Canon, Dell, and Microsoft. For more information call +971 7 2077813.

Agency / Source:

# # #

Related Link: http://www.esetme.com
Contact name: Nirmala D'souza
Related Link:
+971507343840 / nimi[.]oakconsulting.biz

Updating Windows Defender

2007-02-14T21:45:00.000-05:00

By J. D. BIERSDORFER

Updating

Windows Defender

Q. Every time I turn on my computer I receive a long message that includes “Windows Defender Application failed to initialize: 0x800106ba. A problem caused Windows Defender Service to stop.” What can I do to fix this error?

A. Windows Defender is Microsoft’s own free software for blocking pop-up advertisements, spyware and other malicious programs that could invade and hobble the Windows operating system on your PC.

The most recent version of the program was released last fall, but you may be getting the error message if you are running an earlier version of Windows Defender. A note on Microsoft’s site says the Windows Defender Beta 2 version of the software expired on Dec. 31, 2006, and it urges users to upgrade to the latest version.

You can upgrade to the newest edition of Windows Defender by clicking the “Download It Here” button at www.microsoft.com/defender. According to a support article on the site, older versions of the program will be automatically removed when you install the new Windows Defender. In addition to technical support, the site also offers discussion groups, a Frequently Asked Questions page and the full list of system requirements for the program.

Earlier versions of the software included support for Windows 2000 systems, but the current version of Windows Defender now requires at least Windows XP, Service Pack 2. As part of the Windows Defender installation, you need to validate your copy of Windows, an online process that lets Microsoft verify that your computer is running a legitimate copy of the company’s software.

Camera Issues

With the iMac

Q. Why do I sometimes get a message saying the camera on my iMac is “in use by another application” when I try to use it with the Mac OS X PhotoBooth software?

A. Many recent Macintosh models, including iMac desktop systems as well as MacBook and MacBook Pro laptops, now include a tiny iSight camera above the screen. This camera can be used for video conferences with Apple’s iChat AV instant-message program or to take pictures with the free PhotoBooth software that comes on many new Macs.

The Classic environment — software that lets Mac OS X run programs written for older versions of the Macintosh operating system — has been known to interfere with the iSight cameras on iMac G5 models running Mac OS X 10.4.8. If you are running an old Mac OS 9 program in the Classic environment and cannot use your iSight camera with the PhotoBooth software, Apple suggests restarting the computer and then opening the PhotoBooth program.

The company also notes that you may be able to use PhotoBooth while Classic is running if you open the photo program first.

Too Many

Antivirus Programs

Q. I have an expired copy of Norton AntiVirus on my computer. If I install a copy of the free AVG antivirus program, should I delete the old Norton software?

A. Because they are designed to monitor a computer continually for threats, many antivirus programs that offer “real time” protection work closely with the operating system. Having more than one such program running has been known to cause problems because the two can interfere with each other’s attempts to keep tabs on your system.

To prevent software conflicts, it’s generally a good idea to stick with one antivirus application and keep it rigorously updated. (Running two competing antivirus programs may also have the effect of slowing your computer as well.) If the old Norton program did not come with its own uninstaller software, you can remove it by going to the Start menu to Control Panel and opening the Add or Remove Programs icon. Select the program from the list on screen and click the Remove button.

Antivirus software keeps your computer protected from new threats by regularly downloading program updates from its maker. Once your subscription for these updates runs out, the program may not be able to block the latest threats flying around the Internet, which is why it is important to have up-to-date antivirus software.

Grisoft’s AVG Anti-Virus Free Edition software is available for home users running Windows or Linux systems at free.grisoft.com. The company has a free basic edition of its spyware program, as well as commercial versions of its security software. J. D. BIERSDORFER

Questions about computer-based technology may be sent to QandA @nytimes.com. This weekly column will address questions of general interest, but e-mail and letters cannot be answered individually.

The News-Gazette, Champaign-Urbana, Ill., Computer Queries Column

2007-02-14T21:41:00.000-05:00

By Greg Kline, The News-Gazette, Champaign-Urbana, Ill.

Feb. 12--MAC VOICE-RECOGNITION, MORE ON SPYWARE, VISTA: A caller asked about voice-recognition software for Apple Macintosh computers with the idea of being able to control and work on a Mac with voice commands instead of keyboard and mouse.

Versions of the most popular titles for Windows, notably Dragon NaturallySpeaking, don't exist for the Mac.

IBM's ViaVoice software is available in a Mac OS X version that allows a user to do such things as dictate, correct, edit and format text with voice commands, as well as navigate the Mac's Finder and control Internet applications.

One disadvantage is that the dictating and editing take place in the program's own word processor, which means cutting and pasting your edited copy from ViaVoice's SpeakPad to whatever document-creation software you use.

You can read more about ViaVoice at: www.nuance.com/viavoice/osx The OS X voice-recognition software that probably gets the best reviews from the Mac press is iListen, www.macspeech.com.

It lets you do quite a bit more than ViaVoice, including, for the most part, work within the software you prefer for document creation. It's also under more active development than ViaVoice with a new version for Apple machines running on Intel chips. iListen will transcribe digital voice recordings for you in the bargain.

Mac OS X has some built-in voice-recognition tools allowing quite a bit of control over your computer with voice commands, although not as feature extensive as something like iListen. The system will read on-screen text to you, too.

It doesn't do dictation. But hey, it does let you play OS X's included chess game by speaking your moves.

For more details, check out: www.apple.com/macosx/features/speech Also see: images.apple.com/macosx/features/voiceover

I know you have mentioned in several of your articles the link to check your home computer for spyware free of charge. What is that link again?

I suggest downloading and installing Spybot Search & Destroy: www.safer-networking.org/en. I also suggest downloading and installing Ad-aware Personal SE: www.lavasoftusa.com/products/ad-aware_se_personal.php Both are free. Unlike anti-virus programs, which don't play nice with each other, it doesn't hurt to run two anti-spyware programs (or three or four if you like) and it isn't a bad idea since one title always seems to catch a couple things another didn't.

Some Web sites claim to scan your computer on line, but they're just as likely to be ineffective, to try to sell you software or services, or to actually serve as vehicles for transmitting malicious software. Download Spybot and Ad-aware instead, run scans and check for updates periodically, and you should be good to go.

CHECK FOR VISTA COMPATIBILITY: Last time, I wrote about some factors to consider in deciding whether to upgrade to Microsoft's new Windows Vista. (Short answer, don't until Microsoft issues the first major "service pack" of bug fixes, probably six months to a year from now.) The biggest consideration is your computer's compatibility with Vista, as well as the compatibility of devices you have attached to your computer, like a printer or scanner.

You can get a decent idea of how your specific setup will fare in a Vista transition by visiting: microsoft.com/windowsvista/getready/upgradeadvisor.

The site is Microsoft's Windows Vista Upgrade Advisor, which only works if your computer is currently running Windows XP. You can't upgrade any version earlier than Windows 2000, but then if you're running a version earlier than Windows 2000 your computer probably isn't muscular enough to run Vista anyway.

Contact News-Gazette Staff Writer Greg Kline, 351-5215; e-mail klinenews-gazette.com; or mail The News-Gazette, P.O. Box 677, Champaign, 61824-0677. Include your name, community where you live, phone number and e-mail address. Also include the make and model of your computer, the system software version you're running, and details about any other software or devices the question involves. Answers will run every two weeks.

-----

To see more of The News-Gazette, or to subscribe to the newspaper, go to http://www.news-gazette.com.

Copyright (c) 2007, The News-Gazette, Champaign-Urbana, Ill.

Distributed by McClatchy-Tribune Business News.

For reprints, email tmsreprints@permissionsgroup.com, call 800-374-7985 or 847-635-6550, send a fax to 847-635-6968, or write to The Permissions Group Inc., 1247 Milwaukee Ave., Suite 303, Glenview, IL 60025, USA.

IBM, 6680, AAPL, 6689, MSFT,

Source: The News-Gazette

Hackers target the home front

2007-02-14T21:38:00.000-05:00

Criminals are trying to gain access to banks' computer networks via the weakest link in the security chain: executives who work at home, reports Pete Warren

Thursday February 15, 2007
The Guardian

One of the UK's leading banks has been forced to admit that organised hacking gangs have been targeting its executives. For the past year, Royal Bank of Scotland has been fighting systematic attempts to break into its computer systems from hackers who have sent personalised emails containing keyloggers to its senior management. This has included executives up to board level and is now the subject of a separate investigation by the Serious and Organised Crime Agency.

The hackers are homing in on the trend for people to work from home. The hackers make the assumption that the computers being used outside the work environment are more vulnerable than those protected by a corporate IT department.

Growing threat

For companies it is a growing threat as home working increases: a recent survey from the Equal Opportunities Commission found that more than 60% of the UK's population wants the option of flexible working.

And the hackers are employing increasingly sophisticated techniques. Each email they send is meticulously built to make it attractive to its target, who the criminals have carefully researched by trawling the internet for information. Once the email is composed, the malware is just as carefully designed: it is often modified to avoid detection by security software.

The keylogger contained in the email installs itself automatically and then collects details of logins and passwords from the unsuspecting user. This means that hackers can, using the usernames and passwords stolen by the keyloggers, connect to VPNs, or Virtual Private Networks, which many companies use to create an encrypted pathway into their networks.

Once inside a bank's network, the hackers can communicate directly with computers holding account information and manipulate funds.

Has this actually happened? In some cases sources claim that the login details of VPNs have been obtained and used though there has been no confirmation that any losses have occurred as a result. The attacks are not believed to have focused on RBS but to have been across the whole of the banking industry.

Royal Bank of Scotland said that the bank had suffered no losses as a result of the attacks and added: "RBS has extremely robust processes in place in order to protect our systems from fraud. Trojan email attacks are an industry-wide issue and are not isolated to a particular area or a particular bank."

The first indication that banks had become the target of such sophisticated attacks emerged two years ago when police foiled an attempt by hackers to steal $420m (£210m) from a London branch of Sumitomo, a Japanese bank. According to reports, the attack on Sumitomo involved the use of both hardware and software keyloggers.

It is not just banks that have been targets. Last year attempts were made to steal information from the Houses of Parliament using malicious email. Messagelabs, the company responsible for monitoring much of the email traffic of the government and big business for suspect software, said at the beginning of the year that criminals have been evolving more sophisticated techniques to attack corporate networks.

According to Mark Sunner, chief technology officer of Messagelabs, the number of malicious emails targeted at individuals has been increasing. Two and half years ago they were being seen once every two months, but now they are seeing one or two a day. This has been accompanied by an increase in quality in the creation of Trojans and spyware.

"The hackers are now aiming to take over computers, particularly those of home users. Some of the malicious software that we are routinely seeing for that purpose will have its own antivirus system built into it so that they can kill off the programs of their competitors."

The criminal gangs, believed to be based in Russia and Asia, routinely use software deployed by legitimate businesses and adapt it to gather information on individuals. "The gangs are taking the lists of addresses from people's machines and they are performing their own mail merges to create databases of names and addresses," says Sunner.

According to Sunner, as well as the usual tactic of hijacking a PC for use as part of a spam network, hackers also mine computers for information on the individual and their contacts. This information can then be used help build a database of personal information that can be used to construct targeted criminal emails.

Social networking sites are also being mined, according to Sunner. These are not just the preserve of MySpace and Bebo-using teens; professional social networks such as Plaxo and LinkedIn are also being plundered. Sunner adds: "If someone contacts you from LinkedIn and you don't know them and they ask you to join their network, you essentially tell them the names of everyone you know if you are a member of either group. There are a lot of people who will answer those requests without thinking."

Aamir Butt, UK chief executive of Giritech, a Danish company that produces secure links for home-working, says: "We work with a range of customers including those in the financial industry and it was mentioned to us that the login details for VPN networks were a weakness that people were concerned about."

Increased vigilance

Tony Neate, the head of Get Safe Online, a government-funded organisation set up to raise awareness among UK businesses of computer criminals, says: "There is now an attempt to target individuals within UK businesses - including the banking sector. What is happening is that crime is doing what it always does, which is look for the weakest link. Home working is where they perceive a weakness.

"This points to a need for increased vigilance and security by those working from home and by those responsible for letting them work from home. For home working to be effective, security needs to be as effective as if working in an office."

· If you'd like to comment on any aspect of Technology Guardian, send your emails to tech@guardian.co.uk

Windows Vista: the Missing Manual

2007-02-14T18:12:00.000-05:00

John Suda writes "It's been over five years in the making and its nearly perfect. No, Im not referring to Microsoft's vast new operating system named Windows Vista, but to the reference book Windows Vista: the Missing Manual, by author David Pogue. The book is the latest, and perhaps best, in the Missing Manual series published by Pogue Press / OReilly Media, Inc. The Missing Manual series is the benchmark of quality for computer manuals. Unless youre a system administrator, programmer, or uber-geek, this is probably the only reference source you'll need to learn Microsofts Vista." Read below for the rest of John's review.
Windows Vista: the Missing Manual
author David Pogue
pages 848
publisher O'Reilly Media
rating 9
reviewer John Suda
ISBN 0596528272
summary The only reference source you'll need to learn Microsofts Vista

Vista is the long-awaited successor to Windows XP and it is a major overhaul and upgrade of that operating system. It was designed primarily to address long-standing security issues with XP and its predecessors, but it also has a vastly new look and feel graphically and in operating features. It comes with a large number of new programs and features and its innards have been significantly beefed up, as it is a 64 bit operating system, focused on the intermediate future of computing hardware and software.

There are so many changes in Vista that it would take perhaps a dozen pages just to provide a bare-bones description of everything. You dont get any written material from Microsoft when you buy Vista. There are digital support and help resources built in and available elsewhere for Vista, but they are not convenient to use and they are relatively limited in scope and depth. Vista, the Missing Manual, provides the information Microsoft doesnt. It covers all five North American versions of Vista. Page 6 has a handy comparison chart of each version. The beginning of every content section refers to which version of Vista the discussion applies.

This Missing Manual uses every bit of 827 pages (including index) to provide similar descriptive and informational material as the built-in Vista sources, but provides much, much more:

Beyond mere description of features and functions, the book explains and evaluates all of the major (and many of the minor) changes from Windows XP to the new Vista. The introductory chapter itemizes all of the most important changes providing perspective on what Microsoft has done with the new operating system. It also highlights some of the more significant interface changes the new search tool, the revised Start Menu, and the new ribbon bar.

The author notes, at every point relevant, the options a user has in either using a new Vista feature, or in reconfiguring the operating experience to return to pre-existing features and the aesthetic elements of Windows XP and earlier versions of the operating system.

Pogue provides an expert users perspective on the value of the changes and new features in Vista. Some things are improvements and upgrades; others are rated as inferior to what was before. If you dont like the new or changed feature, Pogue guides you how to revert to previous iterations of the featuress, or otherwise provides workarounds.

Pogue is great at providing an expert users perspective on working with the operating system efficiently and pragmatically. He doesnt just describe a feature or function but includes tips and guides on how to be more efficient and practical with it and provides reference to other resources available for additional information or guidance. The Manual is written so that one almost feels that they are getting a one-on-one, hands-on lesson, in using Windows Vista. He represents the Alpha-geek relative you might have to help you out when you cant figure out how to do or fix something.

Beyond all of the information, guidance and perspectives, Pogue has a great writing style. The writing is sprinkled with wit, sarcasm, and good-natured humor, extremely rare for a computer related book. Microsoft gets more than a few slams for its many foibles, all well earned. WordPad, for example, no longer opens Word files!

The author writes for multiple levels of need and understanding. He details the basics of Windows Vista for beginners, provides richer material in breadth and depth for intermediate users, and a good amount of material useful for power users, both informationally and in advanced tips. There are many sidebars sprinkled throughout called Power Users Clinic which offer more technical tips, shortcuts, and information to PC veterans.

There is a lot new to Vista. The most important, if not the most noticeable, are the security enhancements. Microsoft now has a user account control which limits installation of new applications to a user who has administrative permissions. By default, the operating system generates accounts for simple users, without the ability to allow installation of new programs. There is a full page of FAQs just regarding the user account control.

A major security upgrade is service hardening which prevents access to the all-important system files by outsiders or unauthorized users. Other new security elements are the Windows Defender program designed to prevent spyware installs, a phishing filter in Internet Explorer, parental controls, protected mode, drive encryption, address space randomization, and much more. That list doesnt even include a new backup program to help protect users from nonfeasance in basic computer operations (although the author recommends third-party software.)

What is most noticeable is the appearance of the desktop, windows, icons, system font (Sergoe UI), and interface features. These are all redesigned to take advantage the vastly enhanced graphic capabilities of Vista referred to as Aero. The Start Menu has been redesigned to be easier to use. The conventional menu bar for the desktop and most application windows has been replaced with a content-based ribbon bar.

There is a lengthy list of new applications, most significantly Windows response to Apple Macintoshs iLife suite of media applications. In Vista, these are the Photo Gallery, Calendar, DVD Maker, Media Player 11, and DVD Maker. It adds to that group, Meeting Space, which is a collaboration program for local network users.

The Windows Sidebar is modeled after Apples Dashboard, which allows customized applets to be displayed and used. A useful cautionary note mentions that the Sidebar gadgets dont save data or configurations when closed. You must start all over again.

Mr. Pogue is an accomplished writer and computer expert having authored over 40 books, including 17 of the Missing Manual series. Hes well regarded as the weekly technology columnist for the New York Times and a correspondent for CBSs News Sunday Morning. Hes been assisted here by four other experts who contributed chapters or parts of chapters to this manual. The writing is clear, concise, and jargon free. The book provides a fair evaluation of Microsofts latest operating system and gives it good grades overall. Pogue routinely points out the areas that Microsoft has unashamedly copied from Apple Macintosh, and notes it as a good thing.

The book is organized into eight parts including a set of appendices. These include the Desktop (or user workspace), the Vista software, Online and Internet connection matters, the new Pictures, Movie, and Media applications, hardware and peripherals, PC health and maintenance, and networking with Vista. The page layout is clean. The book is filled with hundreds of screenshots and numerous step-by-step instructions on nearly all of Vistas elements. The discussion is comprehensive and deep.

Part One explains the Desktop and whats new, including the Welcome Center, Start Menu, and the greatly enhanced search tool which graces every window and the desktop itself. It now offers natural language searching for the first time. For those using older hardware which may not be up to par for Aeros graphic demands, Pogue provides a handful of suggested speed tweaks. A full 10 pages is devoted to Microsofts improved speech recognition system, including a large handful of insights from an experienced user of such software. The author is a fan of Dragon s Naturally Speaking program, but gives good reviews to Vistas capabilities.

Part Two contains most of the material on the new programs and the improved programs Internet Explorer and its new RSS capability, tabs, and search bar, Mail (the Outlook replacement), and the Control Panel, which now contains at least 50 icons for mini-applications, wizards, links, and folders. Chapter 8 provides an applet by applet description. Dealing with the Internet with Internet Explorer and Mail comprises most of Part Three. There is a comprehensive section on connecting to the Internet with the growing number of methods-cable, DSL, dial-up, WiFi, cell, etc.

The media applications are covered in detail in Part Four including comparisons of Microsofts media applications to iTunes and Zune. The discussion of Media Center includes tips on managing recorded TV and setting up media hardware. Part Five deals with the fax, print, and scan functions and hardware related matters. Especially interesting are the printer tricks and the section on laptops, tablets, palm tops and hand-recognition software.

For maintenance, troubleshooting, and problem solving, there is a trio of chapters in Part Six covering disk maintenance and repair, the new dynamic discs feature, compression and encryption, and backups. Geeks may be interested in knowing how to uncover the hidden controls for the new improved firewall. Pogue even provides material on energy conservation and how to configure Vista to work most efficiently for the user.

Part Seven covers the basics of accounts and networks. There is a lot new in Vista, especially in regard to its separate users architecture. The difference between workgroup and domain networks is explained clearly. Sharing and collaboration functions are explained and there is a comprehensive and deep section on remote control using a multitude of methods.

The appendices are great. Appendix A. discusses the installation of Vista in a comprehensive, systematic manner, from pre-purchase and installation considerations, to making decisions about upgrades or clean installs, to dual booting. He describes the new Welcome Center which aggregates many of the initial configurations for a user, or for multiple users.

Appendix B. is cheekily titled Fun with the Registry and is an introduction, with examples, to the notorious registry which is carried over from XP and predecessors. Most authors writing for this level of reader tend to avoid discussion of the registry, but Pogue provides just enough material to intrigue the intermediate user.

Appendix C. is a short itemization of whats missing in Vista from previous Windows operating systems. It makes it easy to figure out why something youve used before cant be located and used. Appendix D. is a master list of keyboard shortcuts for both the operating system and its major applications, like Internet Explorer 7, and the new Windows Mail.

There is no wasted space or text in this book. Its worth every cent of its $34.95 price. As a small bonus, copies of shareware programs mentioned in the book are conveniently available for download at www.missingmanual.com.

You can purchase Microsoft's Vista: the Missing Manual from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Hackers Two-Timing on Valentine's Day

2007-02-14T18:09:00.000-05:00

Wednesday February 14, 4:43 pm ET
* Hacker's second strike disables antivirus and security tools; uses rootkit functions to conceal its presence.
* Nurech.B worm spreads through Valentine's Day e-card spoofs with subject lines like "Happy Valentine's Day" or "Valentines Day Dance"
* Attack automatically detected and blocked by Panda's TruPrevent(TM) Technology.

GLENDALE, Calif., Feb. 14 /PRNewswire/ -- Panda Labs has detected the new Nurech.B worm, which, like its predecessor Nurech.A, arrives disguised as a Valentine's Day message. Nurech.A -- launched last week using similar methods -- continues to spread, maintaining an "orange" alert level according to Panda Labs.

Nurech.B arrives in emails with subject lines such as: "Happy Valentine's Day," "Valentines Day Dance," "The Valentines Angel." The email sender is always a woman's name such as Sandra, Willa, Wendy, or Vicky.

The email attachment simulates an e-greeting card using file names like "Greeting Postcard.exe," "Greeting card.exe," or "Postcard.exe."

When users click on the attachment, it creates a copy of the worm on the hard drive, and then conceals its presence using rootkit-like functions. The worm also disables certain antivirus, antispyware, and security applications installed on the system.

According to Mr. Luis Corrons, Technical Director of PandaLabs, "The objective of course is to trick users into opening the attachment using enticing subject lines related to the romantic holiday. This type of trick is usually quite successful, so we strongly advise users never to open any attachment that they have not requested, regardless of what it seems to contain."

One massive attempt to infect everybody was not enough for these hackers. Mr. Corrons warns, "Last week they launched Nurech.A, which quickly reached orange alert levels. Now they are giving it a second try on Valentine's Day itself. Do not open any Valentine's Day or other e-card attachment without scanning it first using fully up-to-date antivirus software."

Both waves of attack were automatically detected and blocked by Panda's TruPrevent Technologies. All though neither of the two latest threats existed previously in malware signature files, TruPrevent was able to block them both based on real-time analysis of the behavior and intent of the malicious code contained in the attachments. All PCs with TruPrevent installed were therefore unaffected by the attack.

Additional information on Panda's TruPrevent Technologies can be found at http://www.pandasoftware.com/truprevent

Computer users wanting to know whether their computers have been attacked by Nurech.A, Nurech.B, or any other form of malicious code can use Panda's ActiveScan, a free service available at: www.pandasoftware.com/activescan. ActiveScan will perform a complete inspection, free of charge.

To protect users, Panda Software also offers informational newsletters such as "Virus Alerts," an e-bulletin in English and Spanish that gives immediate notice of newly discovered malicious code. (http://www.pandasoftware.com/about/subscriptions/).

About PandaLabs

Since 1990, its mission has been to analyze new threats as rapidly as possible to keep our clients safe. Several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), work 24/7 to provide global coverage. To achieve this, they also have the support of TruPrevent(TM), which acts as a global early-warning system made up of strategically distributed sensors to neutralize new threats and send them to PandaLabs for in-depth analysis. According to AV-Test.org, PandaLabs is currently the fastest laboratory in the industry in detecting malicious code and providing complete updates to users. More information at www.pandasoftware.com/pandalabs.asp/ and the PandaLabs blog (http://blogs.pandasoftware.com).

For more information: http://www.pandasoftware.com/virus_info

Source: Panda Software

Hasta la Vista, Windows

2007-02-14T18:08:00.000-05:00

Paul Chin
2/14/2007

Dear Windows,

I'm sorry to do this with a letter but I don't think I can handle seeing you in person. We both know that things haven't been quite right between us these last couple of years. I've noticed that we've been drifting apart for a long time. I haven't spoken with anyone in your family -- Internet Explorer, Outlook, Office -- in ages and have been spending more and more time with Firefox, Thunderbird, and OpenOffice. I was hoping we could work out our differences, but we're beyond that. I hate to end things like this; I just don't think we're compatible anymore.

I thought if we took a trip to Vista we might ignite that spark in our relationship again -- you know, a new setting, a new beginning (remember how exciting it was when we first went from MS-DOS 6 to Windows 3.11?) Don't get me wrong, I really appreciate the effort you're making to win me over. Those scrolling 3-D application windows are really, really cool. You look absolutely fantastic and you're showing me a lot of glitz, but deep down, we still have the same old problems. We can't solve them with a simple makeover; this relationship needs to be more than skin deep.

I know that I'm not perfect, and I don't expect you to be perfect either; but I do expect you to be reliable. I want to be able to count on you and to trust you. It's been about five years since you promised me more security and reliability with your Microsoft Trustworthy Computing Initiative, but we're no more secure now than we were then. I also don't appreciate what you're doing when I'm not around ... Do you think I don't know that you're calling your mother with your Windows Genuine Advantage and talking about my PC behind my back? And when you were confronted by this you got defensive and kept denying that WGA is spyware. I'm sorry, if it looks like a chicken, walks like a chicken, and clucks like a chicken ... it's a chicken.

Who owns my computer anyway? You or me? I want you to stop changing things around without telling me. You're supposed to help me get my job done but you seem to be more concerned with licensing issues than security. I was hoping Vista would be a fresh start for us -- but it's ended up being the last straw. Instead of working things out, you just keep demanding more and more from me: graphics card upgrade, hi-def monitor, and all kinds of additional memory. I'm not made of money... Sorry, I just can't give you what you want.

There's no easy way to say this so I'm just going to come right out with it: I met someone else; her name is Mac OS X Tiger.

If it's any consolation this is not something I planned. A friend introduced me to her MacBook and one thing led to another. But this shouldn't come as a surprise to you. I've always been completely honest with you and never tried to hide our relationship. In fact, I even see now that you're trying to emulate her look and behavior; but you're showing me things that Tiger showed me over a year ago. Be true to yourself.

Tiger and I have so much in common and we're totally in synch. We work with, not against, each other. But you, Windows, you've never communicated with me -- and you're so temperamental. Some mornings you boot right up; others I have to try 2 or 3 times before you come on. I don't want to be mean but you're just too high maintenance for me. Every time we have a disagreement, you turn your cold blue screen at me and I'm left sitting there in silence waiting for you to cool down. I finally came to the realization that I've been keeping you around because I needed you, not because I wanted you -- that's not fair to either of us.

I don't hold any ill-will towards you, Windows. We've been together for a long time. You saw me through college, my first IT job, and now and my freelance career -- but it's time we both move on. Before I go, though, can I offer you some friendly advice? It's time you stop imposing yourself on others by sheer strength of market share and start listening -- I mean really listening. You can't win people over simply because there's no viable alternative for them. Perhaps if you spent more time with those who rely on you and less time with your lawyers (I know those Europeans are really on your case, but you brought it on yourself) we wouldn't be in this situation. If you realize this one day, maybe then we can start talking about "us" again.

Your friend always,

Paul

Paul Chin (www.paulchinonline.com) is an IT consultant and a freelance writer. Previously, Paul worked as an intranet and content management specialist in the aerospace and competitive intelligence industries.

Linux vs. Vista: How Does Security Stack Up?

2007-02-13T18:45:00.001-05:00

By Jack M. Germain
LinuxInsider
Part of the ECT News Network
02/13/07 4:00 AM PT

For consumers looking to boost their computers' security, is Vista the way to go? Or can Linux provide greater protection from hacker attacks? In the face of viruses, worms or other breaches, the answer is obvious. "We don't need a survey or study to determine the answer. The answer is universal with those that actually manage these systems," said John Cherry of the OSDL Desktop Linux Working Group.

HP's ProLiant ML150 Server. 40% of businesses whose systems fry never fully recover. HP's ProLiant ML150 Server safeguards your business' data from unforeseen disasters.

As the five versions of Microsoft (Nasdaq: MSFT) Latest News about Microsoft Windows' new Vista operating system Back up your business with HP's ProLiant ML150 Server - just $1,299. sit on store shelves, current Windows users are taking their time deciding if they will upgrade from Windows XP or buy new computers with Vista installed. The push for buying Windows Vista follows an epidemic of computer viruses, spyware Barracuda Spam Filter – Free Evaluation Unit and adware intrusions and carries the promise of a more secure computing environment.

However, some computer security experts contend that Windows Vista offers little to make computing more secure. They suggest that rather than wait for a half-baked new Windows operating system, consumer and enterprise users would have far better security with Linux.

"For the most part, the relatively slow response to Windows Vista is self inflicted. Vista has offered little to entice those using Windows XP to migrate," John Cherry, initiative manager for the OSDL (now Linux Foundation) Desktop Linux Working Group, told LinuxInsider. "It also comes with a heavy price tag in terms of training, hardware requirements, hardware compatibility and application compatibility."

Anyone debating which system's security is better need only ask a system administrator, Cherry said. In the face of viruses, worms or other breaches, the answer is obvious.

"We don't need a survey or study to determine the answer. The answer is universal with those that actually manage these systems," Cherry declared.
No Linux Stampede Yet

If Linux is the clear-cut winner in the desktop security shoot-out, why have enterprise users been so slow in migrating from Windows? The availability of niche applications Get the Facts on BlackBerry Business Solutions in corporate environments is still the major inhibitor to mainstream adoption, he noted.

However, that situation could soon change for both corporate and small-business users. Cherry sees signs that IT decision makers are considering the Linux alternative in the face of the Vista introduction. Many IT managers are incorporating plans to move their niche applications to Linux, he disclosed.

Based on a recent OSDL Desktop Linux Working Group survey and feedback from the desktop community, the main factor preventing the widespread adoption of the Linux desktop in the workplace is application availability.

"If an organization has significantly invested in a Microsoft-centric IT infrastructure, introduction of non-Microsoft products on the desktop remains problematic due to the limited support for open standards in this kind of infrastructure," Cherry explained.

The survey's conclusions noted that open source Click for Open Source Router - Firewall from Vyatta Latest News about open source developers have already created replacement programs for all the essential business needs. Those considering a switch to Linux, however, do not want to leave their favored Windows applications.
Linux Security

Linux outperforms Windows XP and Windows Vista because its architecture is different. Linux derives its security in large part from its Unix design philosophy, also used as the basis for Mac OS X.

There are two distinct differences that account for Linux's better security reputation, according to Cherry. One, users do not habitually log in as administrator, which is often required to run Windows. Two, mail clients and desktop applications do not automatically execute attached code.

In addition, technologies such as SELinux and AppArmor and stack randomization have been developed for Linux that help to limit the impact of a security breach if it were to occur, he said.

Linux is also better than Windows at recovering from buffer overflows, which are a common attack vector.

"This is best handled at the interface level as a register exploit in Windows," Ken Steinberg, CEO of computer-security firm Savant Protection, told LinuxInsider.

Linux allows software developers to go into the system and fix buffer overruns, he added. However, one can not do that with Windows.
Chink in the Armor

Not all security experts are comfortable with a description that Linux is more iron-clad than Windows. Some even mock the popular explanation that Linux is more secure because attackers are not drawn to its much smaller user base compared to Windows.

"It doesn't matter what operating system is used. They are all subjected to potential intrusion," disputed Steinberg. "Linux is not any more secure than Windows."

Hackers capitalize on the exploits they find in the Windows environment but deliberately do not dwell on the known weaknesses in Linux because they use that operating system themselves, according to Steinberg.

"The only time people fix flaws in an operating system is when those flaws cause an inconvenience," Steinberg claimed. "The lower incidence of Linux attacks has nothing to do with the user base being less than Windows."

The biggest design flaw in Linux is its over-reliance on code scripts. Linux is far more scripted than Windows, he noted. Because of this heavy reliance on scripting, nothing is checking its lines of code compared to the amount of code-checking done in Windows when it is compiled.

Using thin clients with on-demand applications delivered over the Internet Free How-To Guide for Small Business Web Strategies - from domain name selection to site promotion. are now mainstream in the corporate world, Steinberg emphasized. Thin clients are all Linux boxes.

"Corporations are deploying Linux over Windows. It is only a matter of time before Linux attacks become more prevalent and publicized," he warned.
Battle Hardened Linux

Savant Protection's malware software offers enhanced Linux desktop security to enterprise users by enabling a lockdown mode during everyday use. It has what Steinberg called a battleship mode to prevent new programs from being added.

The product, called "Savant," runs Linux in the equivalent of a white listing mode. Users can choose a blacklist analysis on demand. This white list approach keeps Linux systems clean 99 percent of the time, Steinberg said.

"There is no way to get rid of all the vulnerabilities or to make any OS perfectly safe. Accept the fact that there is no Nirvana. For hackers the the goal is maliciousness and money," he added.
Vigorous Virtualization

Some software developers argue that new technologies are making moot the question of whether Windows Vista and XP platforms can be made more secure. Similarly, it should not be an issue if Linux desktop has exploitable weaknesses.

New technology could minimize, if not fully eliminate, computer security problems, suggested Eran Heyman, CEO of Ericon Software. His company provides terminal emulation solutions for both Windows and Linux platforms.

"We can bring Linux to the next level of security by removing the desktop from the physical machine. A new trend is security of data Free Trial - Way Beyond CRM – Learn how Landslide can help you. to the server," Heyman told LinuxInsider. "The virtual Linux environment is filtered and re-imaged each time a connection is made to wipe out any existing bad code running on the operating system."

Small businesses through large enterprise configurations can use virtualization to run Xen, VMWare and Windows Server installations. Virtualization technology moves the operating system to a centrally-managed location. It mimics behavior on the local machine, but the operating system is not there, said Heyman.

This method Works on a PC, thin client, via SSL VPN, even kiosks in an airport. Users can connect securely to the virtual desktop, he said, adding that virtualization is not a traditional security approach nor is it available to individual users.

House Committee Zeroes in on Data Privacy

2007-02-13T18:43:00.000-05:00

Feb 09, 2007

Data privacy is taking center stage in Congress this week as the House of Representatives follows the Senate with bipartisan legislation aimed at protecting consumers' personal information.

The U.S. House Committee on Energy and Commerce announced a package of bills Thursday to protect consumer privacy. The release coincides with National Consumer Protection Week.

The legislation aims to protect people's Social Security numbers, prohibit the use of spyware for transmitting personal information, increase restrictions on personal phone records, and require companies doing interstate business to protect personal data.

Rep. John Dingell, D-Mich., who chairs the committee, said in a prepared statement that the committee will work with government regulators, consumer advocates, and businesses to end a "scourge of identity theft and related abuse."

"The American public is owed no less than the full measure of our combined best efforts," he said. "These bills address serious problems that are not going away and only worsen while the Congress dithers."

Joe Barton, a Texas Republican, and 23 co-sponsors, proposed more restrictions on personal phone records. Pretexting, or obtaining personal phone records fraudulently, is illegal under a bill President George W. Bush signed last month. Barton's bill would go further by requiring telecommunications companies to gain advanced consent before sharing customers' phone records with partners, contractors, and other third parties.

Last year, telecommunications companies fought stringent standards contained in failed anti-pretexting proposals.

Barton and Rep. Ed Markey, D-Mass., introduced another bill to outlaw the sale and purchase of Social Security numbers, except in cases where health, security, emergencies, or consumer credit validation call for it.

Reps. Edolphus Towns, D-N.Y., and Mary Bono, R-Calif., introduced a cybertrespass protection bill, which would prohibit spyware users from secretly transmitting Internet users' personal information.

Finally, the Data Accountability and Trust Act (DATA), introduced by Reps. Bobby Rush, D-Ill., and Cliff Stearns, R-Fla., would require businesses doing interstate commerce to set policies and procedures for protecting personal data. Similar to a bill recently introduced in the Senate, the legislation would also require companies to provide national notice of data breaches.

"Data breaches continue at a rapid pace and constitute a major threat to consumers," said Rush. "We must pass comprehensive data security legislation this year."

Security industry representatives support comprehensive national regulations.

According to the Cyber Security Industry Alliance, so do 69% of Americans.

Free Apps Enhance Browsing and Data Portability

2007-02-13T18:42:00.000-05:00

By Doug Stanley
Tampa Tribune
02/13/07 8:02 AM PT

The latest versions of the Firefox and Internet Explorer browsers let you bring up multiple home pages simultaneously at startup. Also, users of U3 smart drives may encounter problems when logging on to a Vista machine. Depending on your drive, updates may be available, and the free PortableApps suite offers a new solution.

netViz Data Integration and Visualization Software - save as much as $1M/year. EMA finds that for next-generation management, netViz is ideal for supporting cross-domain processes and providing a collaborative matrix for efficient IT operations, resulting in many benefits including cost optimization. Learn More.

If you check the same two, three, four or more Web sites every time you open your browser, why not make them all your home page?

Browsers that support tabs make it easy to automatically open multiple sites at startup.

Among the many browsers that support tabbed browsing are Mozilla Latest News about Mozilla Foundation Firefox and Microsoft (Nasdaq: MSFT) Latest News about Microsoft Internet Free How-To Guide for Small Business Web Strategies - from domain name selection to site promotion. Explorer 7.

The first step toward making your home page a set of tabs is to open each site in its own tab in a single window.

Once you've opened the tabs of your favorite sites:

* In Firefox, select Tools, then Options, and click on the Main icon. Under the Startup section, click the Use Current Pages button and click OK.
* In IE7, click the down arrow next to the home page icon to open the pull-down menu, then click Add or Change Home Page. Click the radio button next to "Use the current tab set as your home page" and click the Yes button.
* Now when you open your browser, your favorite sites will each open automatically in their own tabs.

U3 vs. Vista?

If you've come to depend on a U3 Smart Drive to carry around your favorite software, bookmarks, settings and data Free Trial - Way Beyond CRM – Learn how Landslide can help you., you may be in for a letdown when you plug it into a PC running Windows Vista.

Many existing U3 drives won't work normally with Windows Vista without upgrading the U3 Launchpad, a graphical user interface similar to the Windows Start Menu.

What's more, some U3 drives won't function properly with Vista even if you upgrade the Launchpad.

Only Launchpad versions 1.4 and later are compatible with Vista. Updates are available only from the manufacturer of your smart drive.

To see if an update is available for your drive, plug it into a Windows XP computer and use the "Check for Updates" feature of the U3 Launchpad. It's under Status and Settings, U3 Launchpad Settings.

Because of inherent limitations, certain drives -- including many from industry stalwart SanDisk -- won't play nice with Vista.

Check the Web site of the manufacturer or your drive to find out whether it can be made Vista-compatible.
Portable Apps to the Rescue

If you can't get your U3 drive to work with Vista -- or you have a USB Latest News about USB flash drive that isn't U3-enabled -- you really should have the excellent and free PortableApps Suite.

Available at PortableApps.com, the open source Click for Open Source Router - Firewall from Vyatta Latest News about open source suite turns any USB flash drive into the perfect way to carry your favorite software and settings wherever you go.

PortableApps Suite is a collection of software, including a Web browser, e-mail Email Marketing Software - Free Demo client, office suite, instant-messaging program, antivirus protection and more.

Like a U3 Smart Drive, it includes an integrated menu from which you can launch your applications Get the Facts on BlackBerry Business Solutions or explore the photos, documents and other files you have stored on the drive.

For a non-U3 drive, you just install the suite and you're good to go.

If you have a U3 drive that won't work right with Vista, you can simply uninstall the U3 Launchpad and then install PortableApps Suite. With the possible exception of password protection, you won't miss U3 at all.

© 2007 McClatchy-Tribune Business News. All rights reserved.
© 2007 ECT News Network. All rights reserved.

Windows Vista dampens consumer security market

2007-02-13T18:40:00.000-05:00

Nikhil Kumar
Microsoft’s long-awaited OneCare is shaking up the consumer security field. The lack of a rival product on the market doesn’t bode well for the traditional security players.

“If you look at our investment in the next version of Windows (Vista), security would jump out as the thing we’ve spent the most time on,” said Bill Gates during the launch of Microsoft’s latest desktop operating system Windows Vista.

This, and other strong statements by Microsoft that Windows Vista is the safest desktop OS are justified to an extent. Patchguard, or Kernel Patch Protection is perhaps the first security measure that protects the core of the computer — the kernel, by blocking malicious code from reaching it. PatchGuard, which debuted a year ago in Windows XP x64 Edition, was never broadly adopted. That’s set to change with the release of Windows Vista. As people buy PCs with 64-bit processors, the use of the 64-bit edition of Windows will increase.

In particular, PatchGuard incorporates Host Intrusion Prevention Products or HIPS’s, which are an upcoming class of security softwares that determine whether a program is malicious by looking at its behavior, rather than using the classic signature-based approach, which checks a program against a database of known threats.

On top of this, PatchGuard blocks features to protect against tampering with security tools. Malicious programs increasingly try to disable security software, and the tamper-protection features aim to prevent that.

The introduction of OneCare signals the start of heightened competition for consumersí dollars, with Microsoft taking on the incumbent Symantec and McAfee. Last year, the worldwide market for consumer antivirus software reached $1.95 billion, up 17 percent year-over-year. Symantec dominated the space, taking a 70 per cent piece of the pie.

Microsoft isn’t just a newcomer to consumer security; it’s also taking a different tack.

The OneCare software and service package aims to be comprehensive, whereas Symantec and McAfee have traditionally charged for additional features. OneCare includes the security basics — antivirus, anti-spyware and firewall — found in the products sold by its rivals, but adds backup features and tune-up tools for Windows systems. It’s being touted by Microsoft as a pit-crew for your PC.

Symantec and McAfee have both announced that they are preparing integrated packages to go up against OneCare. The planned releases will incorporate components of their current security, PC optimisation and backup products, the companies have said. So far, however, they have shown only product plans, not actual software.

This year, McAfee plans to ship four products based on its integrated security technology, code-named Falcon. Symantec’s Norton 360, previously known by the code name Genesis, is set for release by the end of March next year, having originally had a September due date.

There are some limitations to OneCare in early comparisons of features. For example, Symantec promises to deliver online backup capabilities in Norton 360, which will let people store their critical data on a Symantec server. Right now, Microsoft does not offer that feature in OneCare, where people can only back up to external hard drives, CDs or DVDs.

Additionally, OneCare lacks spam-filtering capabilities and doesnít offer protection against information-stealing web sites used in phishing scams, but those features will be part of Symantec and McAfee’s PC Care suites. Microsoft, meanwhile, offers a phishing shield in its toolbars in Windows Live and in the MSN Search Web browser.

OneCare costs $49.95 per year for use on up to three PCs that run Windows XP with Service Pack 2. That’s less than Symantec and McAfee charge for three-user editions of their existing security suites — $119.99 and $129.99, respectively. However, those are full prices for the packages, which donít have as wide a range of tools as the upcoming products and which are often heavily rebated.

Experts opine that Microsoft will steal the market purely through its pricing.

Study Suggests Mobile Malware Storm Brewing

2007-02-13T18:39:00.000-05:00

By Erika Morphy
TechNewsWorld
02/13/07 10:31 AM PT

The number of mobile malware attacks is on the rise, according to a study by the Informa Telecoms & Media that was sponsored by McAfee. Eighty-three percent of mobile operators surveyed have been hit by device infections -- five times more than the number of incidents in 2005. Also, mobile operators spent much more time in dealing with these threats -- 700 percent more.

Just in time for the 3GSM World Congress in Barcelona, Spain, McAfee has released new research that points to a recent increase in mobile malware attacks.

Nearly half of the mobile operators who have been the recipients of mobile malware experienced an attack within the last three months, according to the report.

Another indicator of the growing extent of the problem is the time mobile operators spent in 2006 dealing with these threats: It has increased by 700 percent to 1,000 hours when compared with 2005.

Paying Closer Attention

The Informa Telecoms & Media study, which was sponsored by McAfee, also found that 83 percent of mobile operators surveyed have been hit by mobile-device infections and that the number of security incidents in 2006 was more than five times as high as in 2005.

"This research clearly demonstrates that mobile security is moving quickly up the industry agenda, with the number of malware incidents rising and more time and money being dedicated to resolving mobile security issues," said Victor Kouznetsov, senior vice president of McAfee Mobile Security.

Eighty-five percent of survey respondents plan to increase their mobile security budgets to address network intrusion, mobile viruses, denial-of-service attacks, spam and mobile phishing.

Similar Results

Mobile threats have increased twentyfold in recent years, from just eight viruses detected in 2003 to more than 162 in 2006, according to reports by SMobile Systems. To date, nearly 400 mobile viruses have been detected, the company reported.

Additionally, the growing use of smartphones, as well as increasing market penetration by Microsoft (Nasdaq: MSFT) , have made mobile devices much more attractive targets for hackers, according to ABI Research. There have been close to 30 different types of attacks on mobile devices within the past two years, the company found.

The growth of the emerging mobile device security managed services market is now well over US$500 million in 2011 -- from $100 million last year, ABI Research reported.

A Disconnect in Policies

Right now, there is a disconnect in many mobile operators' security policies, McAfee findings suggested, as less than one-third of the operators who consider application and device-level protection important actually deploy protection at these levels.

Additionally, while fewer operators consider network level protection important, more than half deploy protection at this level.

Is It Cost-Effective?

However, some in the industry wonder how cost-effective massive investments in this particular space would be.

"Yes, there have been malware attacks, but those have not been widespread and the financial costs not that significant," Patrick Hinojosa, CTO of CyberDefender, told TechNewsWorld. Compared to the constant bombardment of malware from the Internet , the mobile networks are relatively secure, he said.

Nevertheless, security vendors still worry about a range of security issues specific to mobile viruses, ranging from the vulnerability of corporate networks that sync with smartphones to privacy concerns and the growing flexibility of mobile malware.

More Exposure for Malware

"I have seen mobile malware for sale on the Internet," Yuval Ben-Itzhak, chief technology officer for Finjan, told TechNewsWorld. "I am also seeing malware designed for the desktop being adapted for the mobile environment. It is just a matter of time before it becomes more prevalent."

One particularly alarming mobile virus, according to Paul Miller, managing director of Symantec's (Nasdaq: SYMC) mobile security group, is a form of snoopware that allows hackers to activate a microphone on a smartphone.

"Once that happens, anybody -- from a stranger in the bedroom to a competitor in the boardroom -- can listen in on a person's life at any time," he told TechNewsWorld.

With more than 70 percent of mobile phone owners using their devices as an alarm clock, "our phones are always with us now. This can't even be called spyware, because it is so much more," Miller noted.

The first such applications were sold as "spouse monitoring tools" last year, he commented, adding, "It didn't take long, though, for someone to write a malicious stealth code."

Financial Concerns

This snoopware is an extreme example of the vulnerability to which our phones can expose us. The more likely target by hackers will be financial or personal data on a smartphone.

The number of mobile viruses will more than double over the next year or two, and are expected to target applications such as m-commerce and mobile banking, SMobile Systems predicts.

"Most users have to lose a phone before they realize how much information they have put on it," Paul Davis, vice president and program manager for enterprise security, global outsourcing and infrastructure services at Unisys (NYSE: UIS) , told TechNewsWorld.

The risk to corporations is also high, he said. "Data is leaking out of corporations through mobile devices because they are linked to the corporate system," Davis concluded.

GRISOFT AVG Receives First Virus Bulletin Certification on Windows Vista

2007-02-13T18:36:00.000-05:00

Wednesday, 14 February 2007 Avalanche Technology Group, Australasian distributor of GRISOFT’s AVG security software, today announced that AVG Anti-Virus has received Virus Bulletin’s VB100 award for tests completed on Microsoft Windows Vista. This award states that AVG had found and removed all presented viruses considered to be "in the wild" and is therefore ready to protect users of Microsoft’s new operating system. The quality of AVG Anti-Virus for 32-bit and 64-bit versions of Windows Vista is also approved by ICSA Labs, which recently certified AVG Anti-Virus on the Vista platform.

{mosloadposition “The close cooperation with Microsoft in developing security tools for beta versions of Windows Vista and the preparation for the Vista launch was a great experience for us,” said Larry Bridwell, Global Security Strategist for AVG. “We can now confidently say that users of our security products are fully prepared to face a broad range of Internet threats even when upgrading to Windows Vista.” Virus Bulletin is one of the known authorities in the security industry. VB editors regularly test security products against real risks on numerous operating systems. AVG not only passed the current testing on Windows Vista but it continues to keep 100% success rate since AVG products were tested in 2004. AVG protects Vista users against a broad range of Internet threats including viruses, trojans, spyware, spam, dialers and worms. The comprehensive AVG 7.5 product line offers its users reliable automatic updates with a simple to use, unified user interface. Avalanche provides its commercial AVG clients with free customer support via telephone and email during Australian business hours, backed up by full 24 / 7 / 365 support from GRISOFT. All products in the AVG range are available on the Avalanche website www.avalanche.com.au and via its extensive network of resellers located throughout Australia, New Zealand and the South Pacific. About Virus Bulletinwww.virusbulletin.comVirus Bulletin started in 1989 as a magazine dedicated to providing PC users with a regular source of intelligence about computer viruses, their prevention, detection and removal, and how to recover programs and data following an attack. Virus Bulletin quickly became the leading specialist publication in the field of viruses and related malware. Editorial independence has always been VB's prime concern. From the very first issue, VB has cut through the hype and remained uninfluenced by vendors' sales pitches and marketing babble. The aim of the magazine is to arm users with all the information they need to stay current with the latest developments in the anti-malware field. About ICSA Labswww.icsalabs.comFor over a decade, ICSA Labs, an independent division of Cybertrust, Inc., has been the security industry's central authority for research, intelligence, and certification testing of products. ICSA Labs sets standards for information security products and certifies over 95% of the installed base of anti-virus, firewall, IPSec VPN, cryptography, SSL VPN, network IPS, anti-spyware and PC firewall products commonly deployed in the world today. About GRISOFTwww.GRISOFT.comFounded in 1991, with corporate offices in Europe and the USA, GRISOFT is focused on developing software solutions that provide protection from computer viruses. GRISOFT's primary focus is to deliver the most comprehensive and proactive protection available on the market. Distributed globally through resellers and through the internet, the AVG Anti-Virus product line supports all major operating systems and platforms. More than 40 million users around the world use GRISOFT AVG products to protect their computers and networks. Employing some of the world's leading experts in antivirus software, specifically in the areas of virus analysis and detection, software development, and antivirus support, GRISOFT is uniquely positioned to continue its leadership in the industry. GRISOFT continues to invest in R&D, teaming with leading universities to maintain its technological edge. GRISOFT has experienced incredible growth in the last decade, particularly in the last few years, due to its ability to apply technical expertise to the protection of both businesses and home users. GRISOFT is continually expanding to address the needs of the global market. About Avalanche
www.avalanche.com.au Established in 1997 and based in Melbourne, Avalanche Technology Group Pty Ltd is a wholly owned Australian company that distributes a range of innovative business software solutions to the Australian and New Zealand markets. The products, which focus on real business needs, provide outstanding technical solutions and exceptional value for the client. Avalanche is the Australian and New Zealand distributor of GRISOFT´s AVG security portfolio and FinePrint Software´s pdfFactory and FinePrint products. Avalanche has a 900-strong reseller network across Australia and New Zealand.

BNL's Page sees downloading as future of music

2007-02-13T18:35:00.001-05:00

Angela Mulholland , CTV.ca News Staff

Updated: Tue. Feb. 13 2007 3:52 PM ET

Imagine if downloading music were like watching television.

Instead of paying for every song we bought separately, we would be charged a monthly fee, just as we are charged for cable each month. Our music choices would be tracked so that artists and their managers would be compensated. And if we wanted "premium content," we would pay extra fees, just as we do for specialty TV channels.

That's the vision the Barenaked Ladies' Steven Page has for the future of music.

The current system in which music lovers are forced to choose between downloading illegally from rogue websites, or from paying song-by-song from sites that have limited collections, isn't working.

"If we look at the way people watch TV, if there was a transaction fee for every time you changed the channel, people would obviously stop watching TV," he explained to CTV.ca

He sees an evolution of the current system so that music artists and distributors are paid with a system that is either ad-based, or with a fee at the ISP level, or at the entry to the P2P (peer-to-peer) service - or a combination.

"I think the answer lies not in charging for every piece of music you take, but in a flat fee," he says.

The one thing he is sure of is that downloading has changed the music sales model and there is no going back.

Instead of finding ways to capitalize on this revolution, the music industry has wasted time attempting to fight it, Page believes. They've been trying to force music buyers back into the music stores, and suing them when they break the rules.

"Suing people back into the old system isn't going to work. What is going to work is working together with record companies and ISPs to create a way for charging for it," he says.

"As far as I'm concerned, there's money sitting on the table that they're not collecting. So the longer they don't, the longer we won't see any income."

Page and his bandmates have joined together with nearly 200 other Canadian music acts to form Canadian Music Creators Coalition. They are against changes to federal laws that would make it easier for record companies to sue illegal downloaders. They say their members don't support suing music lovers, and want it known that the labels are pursuing legal action against their will.

"We cannot turn back the clock. So rather than trying to pull our audience back and asking them to change their behaviour -- which I think is futile -- what we have to do instead is take advantage of this," Page says.

There are already marketing research firms that can track monitor file-sharing networks. If the record industry could use those services and charge for what music is being traded, they could ensure that everyone -- including themselves -- was getting paid.

Perhaps market forces alone could convince downloaders to abandon illegal websites. If there were a good, reliable alternative, music fans would come to realize that rogue sites, with their viruses, spyware and Trojans, are a lot more hassle than they're worth.

As much as Page loves the mp3 revolution, he isn't expecting the CD to go the way of the vinyl LP anytime soon. Just as VHS didn't kill the movie industry as many had predicted, and DVDs have found a place alongside, the need for CDs remains.

"I think CDs will continue. I think people enjoy the retail experience of buying and giving CDs," Page says.

"If music were like water, even though you could have regular tap water anytime you wanted, it wouldn't stop you from buying the musical version of bottled water [i.e.: CDs]. Even though people have access to water anytime they want, they still go and buy the luxury version as well."

On an artistic level, downloading is also changing the way musicians create music. Recent studies suggest that while Canadians are downloading plenty of 99-cent songs, they generally don't like to download albums. Does that mean the concept of albums -- and "concept" albums themselves such as "The Wall" -- will soon become extinct?

Maybe, but maybe it's all part of the evolution of music. Perhaps by being free of constraints of the medium, artists won't feel compelled to fill out albums with fluff or will release as much music at once as they chose.

"It makes you wonder if Miles Davis hasn't been restricted by the construct of a record when he made "Kind of Blue" -- we know he recorded plenty more -- would he have released a 2-hour DVD? Or maybe just a 10-minute EP?" wonders Page.

"I think in the future, there'll be all kinds of experimentation with the different forms."

The Barenaked Ladies themselves have already begun experimenting with form. They've released albums on USB flash drives, offering their fans songs, videos, and photo galleries in a tiny tool that can fit into a pocket.

Embracing such technologies is the Ladies' way of saying they know that their fans are going to save the songs on a computer and should be able to copy them to any device they choose.

"It helps to build trust between you and your fans," Page explains. "We have to create some trust with our fans because right now the trust level is almost nil."

"So by giving people the music and saying 'Do with it as you please,' then people don't think that we have to treat them as idiots or as criminals."

Microsoft Patches 12 Vulnerabilities, 6 Of Them 'Critical'

2007-02-13T18:30:00.000-05:00

In terms of urgency, one vendor says this patch releases scores seven or eight on a scale of one to 10.

By Sharon Gaudin, InformationWeek
Feb. 13, 2007
URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=197005876

If you're an IT manager, Microsoft's latest monthly Patch Tuesday release will be good job security, but it could really mess up your love life.

The software company took care of 20 vulnerabilities by releasing 12 patches Tuesday -- six for what the company called "critical" bugs, six for "important" bugs. The patch clears up five zero-day vulnerabilities, according to Symantec.

The SANS Institute's Internet Storm Center is marking five of the fixes with a "patch now" warning, including a patch for Internet Explorer and two for Office. The Storm Center gives the "patch now" warning when analysts there think there's an immediate danger of exploitation.

"We've been joking that this is really going to mess up Valentine's plans," says Chris Andrew, VP of security technologies at PatchLink, a vulnerability management company.

Andrew says Microsoft's patch release this month is a big one, and it's a significant one.

There are seven fixes for Microsoft Windows, three for Office, one for Internet Explorer, one for Microsoft Works, one for Microsoft's Malware Protection Engine, and one for Step-by-Step Interactive Training.

Microsoft Office vulnerabilities that were overlooked in the January patch update are being fixed this time around. Andrew explains that Microsoft simply didn't have enough time between when the vulnerabilities came out and when they issued their January patches to create the fixes and have them tested.

Johannes Ullrich, chief research officer at the SANS Institute and chief technology officer for the Internet Storm Center, said in an interview last week he was specifically looking for Microsoft to patch the outstanding Office bugs. "Last month, they didn't fix any outstanding Office bugs, and they're high-value targets. It's important to get them fixed."

Vincent Hwang, a group product manager with Symantec Security Response, says the Office vulnerabilities aren't the only ones that need quick updating.

"The Word ones in particular are associated with publicly known vulnerabilities, which gives attackers an easy way in," Hwang says. "Due to the pervasive nature and the known exploits, it's prudent to patch them as soon as you can."

Hwang says on a scale of one to 10, this patch release would rank a seven or eight in terms of urgency in getting them done.

Amol Sarwate, manager of the Vulnerability Lab at Qualys and an advisor at the SANS Institute, warns that it's urgent for IT managers to get the fix for the Malware Protection Engine. It's a piece of software Microsoft embedded in Windows Defender, an anti-spyware and pop-up blocker; Windows Antigen, an antivirus content-filtering system for Exchange and SharePoint Servers; and Windows Live OneCare, which monitors the firewall while also providing antivirus and anti-spyware.

"It certainly is a lot to deal with," Hwang says. "In the last six months, Microsoft has been putting out a large volume of patches. It's always an issue to manage, to decide what to patch first and to roll them through the organization. ... Hopefully, they have forgiving spouses and significant others."

New Method Traps 'Fast' Worms

2007-02-12T19:01:00.002-05:00

FEBRUARY 12, 2007 | Researchers at Penn State University have launched a startup to sell their new antivirus and anti-worm technologies. The recently formed Day Zero Systems first plans to sell to antivirus companies the new technology it has developed for identifying and blocking worms.

The Proactive Worm Containment (PWC) approach developed by the researchers is supposed to augment traditional signature-based worm and virus detection, as well as so-called rate-limiting technology. The researchers have applied for a provisional patent for PWC, which uses anomaly detection, not signatures. It looks at packet rate, frequency of connections, and the diversity of connections, and it can find and detain a worm within milliseconds of a cyber attack.

Peng Liu, associate professor of information sciences and technology at Penn State and the lead researcher on the PWC project, acknowledges that anomaly detection isn't new. But the difference with PWC, he says, is it doesn't generate false positives -- it releases legitimate hosts that get temporarily quarantined. "The novelty of PWC is that it can unblock those mistakenly contained hosts very quickly," he says. "Others cannot do this."

Existing rate-limiting technology just slows infected hosts, he notes. And PWC can also find worms that are hiding out in memory because it doesn't just scan the disk, he says. "Our technology detects every packet going out of the network."

But security experts say PWC is just another spin on anomaly detection, which has failed to catch on due to its quirks and resource-intensive nature.

"There are literally hundreds of anomaly models that all look great on paper. But as soon as you deploy them in a real enterprise setting, you find thousands of idiosyncrasies that set the anomaly model off," says Thomas Ptacek, a security researcher with Matasano Security. A proxy server, for instance, would set off any rate and diversity of connection anomaly.

And anomaly detection is not exactly new: Arbor Networks, Lancope, and Mazu have offered this technology for several years, he notes.

Randy Abrams, director of technical education for AV company Eset, says his company today uses heuristics along with signatures. "The shortcoming of the Penn State approach is that a worm can compromise the system before invoking its replication routine," Abrams says. "This means additional backdoors, spyware, rootkits, and other malware can be installed on the computer. It would be when the worm enters a fast replication phase that the Penn State technology kicks in.

"It sounds like a reasonable layer in a defense, but it targets one specific part of the problem."

Few "clever" worm detection and containments schemes see the light of day, notes Matasano's Ptacek. For one thing, enterprises don't want to deploy technology that blocks traffic. "Any time a packet is dropped, the enterprise not only wants to know why it was dropped, but also to have been able to predict [it]."

Secondly, worm detection schemes require manpower, he says. "Every worm detection scheme so far requires at least one full-time person to tune and maintain." And finally, he says, "fast" worms aren't a big priority today. "We haven't seen a serious fast worm outbreak in years, and I think enterprises have more pressing problems right now."

But Liu says most worms are fast worms, statistically. "Also, the damaging worms are all fast worms." The technology could miss slow-spreading worms, but those would probably be caught by signatures or other technologies, says Liu.

The idea is for the PWC to be included as an add-on in AV products or firewalls, for instance, he says.

Experts: computer valentine messages could contain viruses

2007-02-12T19:01:00.001-05:00

Security experts are cautioning Internet users to be wary of Valentine's Day e-mails and e-greeting cards because they may contain viruses that could wreak havoc on their computer systems.

by Josephine Roque

Notably, a worm called Nurech.A comes in e-mails with subject lines like: "Together You and I," "Til the End of Time," "Heart of Mine."

An attached file with the name postcard.exe can also end up infecting computers.

Valentine's Day will generate millions of electronic messages sent between lovers.

Security firm Symantec spokeswoman, Simone Milne, says high traffic levels open the way for malicious software such as computer viruses or spyware to be sent.

The general advice from security experts is not to open suspicious e-mail no matter what it says it contains.

Mouse-Trapped

2007-02-12T19:00:00.000-05:00

Mark Rasch,

Substitute teacher Julie Amero faces up to 40 years in prison for exposing kids to porn using a classroom computer, but the facts strongly suggest that she was wrongfully convicted. Many issues remain, from the need for an independent computer forensics investigation and the presence of spyware and adware on the machine, to bad or incomplete legal work on both sides of this criminal case.

A recent criminal case in Connecticut points out the problems of computer forensics and aggressive law enforcement. It also points out how companies can get themselves and their employees into legal hot water by failing to take reasonable computer security procedures.

Take the case of Julie Amero, a 40 year old substitute teacher from Windham, Connecticut. On October 19, 2004 Ms. Amero, reportedly four months pregnant, was asked to substitute for Michael Napp’s seventh grade language arts class at Kelly Middle School. Classrooms in this suburb of Norwich, Connecticut apparently have PCs connected to the Internet, but substitute teachers don’t get passwords. Therefore, Mr. Napp logged in, and stayed logged in under his UserID and password. Mr. Napp logged into a few websites, and then turned the class and the computer over to Julie. He advised her not to turn off the computer, as she had no password to log back in. It wasn’t the first time Amero had used a computer in the classroom. Indeed, she frequently used the computers in the classroom when she was supposed to be substitute teaching – many times in lieu of actually interacting with the 12 and 13 year old kids.

Julie Amero logged in to look at her AOL mail and, about six minutes later, either she or one of the students visited various websites about hair products or hair styles. Now one can reasonably ask why Julie was checking e-mail, or for that matter surfing the web while she was supposed to be teaching. In fact, she spent most of the day logged on to the Internet – not just logged on, but actively surfing. And why were her students allowed to be surfing Internet websites about hair styles? In fact, Julie Amero had been reprimanded for not paying enough attention to the students and instead just web browsing while in class.

However, on this particular date, it appears that one of the sites that either she or one of the students browsed to had caused a series of “pop-up” ads to be displayed on the classroom computer – and displayed a series of hard-core pornographic sites. She stated that she saw a bunch of the students giggling at the screen, and saw the pornographic sites.

The substitute teacher said that she immediately stepped in and shielded the children from the images, pushing them away or physically blocking them from seeing the images. As she tried to close the pop-ups down, new ones would pop-up. She walked down the hall to get the assistance of another faculty member, who advised her that there was nothing that could be done. Meanwhile, of course, the hard-core porn was popping up on the computer for all the seventh graders to see. The substitute asked one of the teachers to call for the school principal to help, but no help was forthcoming. At the end of the day, Amero reported the problem to the assistant principal, who told her “not to worry.” Apparently, the incident was not seen as all that significant, and the log data indicates that Amero had continued to use the computer for the rest of the day – browsing lots of other sites, unrelated to porn. Oh yeah, and unrelated to her work as a substitute teacher. In fact, it appears that Julie continued to browse the web all day – even after the pop-up incident.

When the students told their parents what had happened, they told the administration, who vowed that Julie would never work in the classroom again. But they went further. The 40 year old substitute teacher was arrested, indicted, tried – and here is the kicker – on January 5, 2007, she was convicted of four counts of risk of injury to a minor, or impairing the morals of a child (Conn. Gen. Stat. § 53-21). Indeed, she was originally charged with exposing ten children in the seventh grade class to the materials on the Internet, but six of the charges were dropped. The statute punishes “[a]ny person who . . . unlawfully . . . permits any child under the age of sixteen years to be placed in such a situation that . . . the morals of such child are likely to be impaired, or does any act likely to impair the . . . morals of any such child. . .”

Julie faces 40 years in the slammer for exposing the kids to porn. This despite the fact that a recent study by the University of New Hampshire, published in the journal Pediatrics, which indicates that 42% of children ages 10 to 17 have been exposed to pornography on the Internet in the last year, with 2/3 of them saying this exposure was inadvertent – due to pop-ups, bad URL’s, or bad search results. Amero will be sentenced March 2, 2007.

A battle of forensics

At her trial, Norwich Police Detective Mark Lounsbury testified that there was evidence that, while the class was in session, the computer logged entries into websites like meetlovers.com and femalesexual.com, and other graphic sites. Elsewhere, Detective Lounsbury has explained that his forensic procedure is that:

"Physical evidence and electronic evidence is collected. . . . This evidence includes internet history, content, and registry data, including 'typed URLs'. It's these 'typed URLs,' gleaned from the registry, which are identified - not pop ups. I use a simple tool [ComputerCOP Professional v.3.16.3] to search for the evidence. The tool provides me with an audit trail, evidence log, the evidence, web content log, and visited sites log."

Nobody contested the fact that sites containing pornography were displayed on, and therefore accessed by, the computer in Mr. Napp’s 7th Grade class. The question, of course was, did Julie Amero do it, and more importantly, did she do it knowingly and intentionally?

This is where the evidence gets fuzzy. The State’s Attorney, David Smith reportedly told the jury, "You have to physically click on it to get to those sites." Other times he appears to have gone further, and suggested not only that Amero clicked on the URLs, but that she physically typed them in. Oh really? The theory that Amero deliberately typed the URL’s into the computer is the same idea as that expressed outside the courtroom by school officials, like Norwich Schools Superintendent Pam Aubin who reportedly said, "This wasn't just [someone clicking on] popups [advertisements]."

Pop-ups are irrelevant to forensics?

Others have suggested that Amero’s crime was not deliberately going to porn sites, but simply failing to prevent the pop-ups from being seen by the students. Indeed, this may have been the government’s theory as well, or an alternate theory that the government came up with after the defense tried to show the existence of pop-ups and spyware. The prosecutor told the jury that Amora was guilty of exposing the children to pornography because she “should have thrown a sweater over the monitor” as a means of protecting the students. The angora defense? This despite the fact that as at least one student testified, the substitute teacher "physically reached up and pushed his face away from her computer."

Indeed, it is possible that the statute permits conviction for merely “permitting” a child to be placed in a situation that might impair their morals. So did the jury convict her for merely pushing the kids away and not yanking the extension cord? It is impossible to say. We all know that Microsoft Windows almost yells at you if you try to turn of your computer this way (well, at least when you reboot) – and that this kind of hard reboot can not only lose important data but can potentially damage the spinning hard drive.

There are significant forensic reasons not to simply unplug a misbehaving computer. Sure, the question now is whether there was malware, spyware, pop-ups, or possible a Trojan horse on the computer. But what if the computer was being actively attacked, through a Trojan or back-door? Turning off the CPU likely would prevent the tracking needed to find the source of the attack. Unplugging the computer, for example, would prevent the creation of certain registry entries that are created only when, for example, the browser is closed properly – such as the registry entry indicating what URLs were typed into the browser – an important evidentiary issue in this case.

The decision about how to respond to this “incident” should not be left exclusively to the substitute teacher, and she should not be faulted – much less prosecuted – for not yanking the cord. There are conflicting reports about how long she kept the offending computer on, with Fox News’ Bill O’Reilly reporting that the computer was left on all day, although it is not clear if the monitor remained visible to the students the whole time, and there is no allegation that there was porn on the computer for anything other than the few minutes after around 9 AM. Apparently neither she, nor any other faculty member, administrator or the principal or assistant principal ever considered just turning off the monitor – assuming that this was easy to do. Amero probably didn’t turn off the monitor because she wanted to keep surfing.

Even the local newspaper, calling her acts “disgusting and merit[ing] punishment,” failed to distinguish whether Amero’s crime was going to pornographic websites in the presence of minors, or just not reacting properly when the pop-ups started coming, noting that Amero “. . . was accused and convicted of intentionally accessing several pornographic sites - not pop-up ads or windows, as she suggested. And she did not turn off the computer when the students saw the images.” OK. Which one was it? If they can’t distinguish which crime she was convicted of, how could the jury?

Even the Connecticut model jury instructions simply say that you are guilty of the crime if you “without legal right or justification” permit a person under sixteen, “to be placed in a situation that . . . was likely to . . . impair his morals.” The jury was also told that "morals" means good morals, living, acting and thinking in accordance with those principles and precepts which are commonly accepted among us as right and decent. So Amero could be convicted even if she didn’t type any URLs or click on any porn sites – in fact, even if (and maybe specifically because) she never even touched the computer! Indeed, she could have been convicted even if there was no porn on any of these sites – all the law appears to have required was that the materials be “indecent” – a four letter word would have supported a decade in the pokey. Perhaps it is the government’s theory that not yanking the plug placed the members of the seventh grade class in a situation that was likely to impair their morals. If that was the case, then why present any forensic testimony? Talk about strict liability! Without individually interviewing each of the jurors, we have, quite frankly no idea what the jury convicted her of. I love the law.

Whether or not the government thinks that Amero’s crime was not yanking the cord, they asserted in court and out of court that the forensic evidence conclusively demonstrated that she actually typed the URLs – deliberately went to porn sites. And this is clearly not the case, as we'll see with further analysis.

The problem with computer forensics

Detective Lounsbury explained later in an online article his process and thinking for the collection of forensic evidence in the Amero case. He stated:

"Physical evidence and electronic evidence is collected. . . . This evidence includes internet history, content, and registry data, including "typed URLs". It's these "typed URLs," gleaned from the registry, which are identified - not pop ups."

“Typed URLs?” Vhus ist das?

As far as I am aware, there is no search tool apart from either a keylogger or a remote screen capture tool that will be able to forensically and conclusively search for “typed URLs.” The registry, history, and log files can show what URL’s (websites) were visited, and precisely what time (based upon the system time which can be altered), and in what order. I don’t know how this can show that the URL was “typed” as opposed to “clicked through” or “popped-up.” In and of itself.

Now there is a "TypedURL" Registry field for Internet Explorer, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs. This is what is used, for example, when the auto-complete feature starts to fill in a URL you have already been to. This Registry entry records these URLs after the browser is properly closed. And, of course even this is affected by adware, bots, and Trojans. So examining the “typed URLs” doesn’t really tell you that those URLs were actually typed – particularly where there is adware. In addition, the Registry entry only includes the last several “typed URLs” – each new one adding itself to the queue. Since Julie was surfing the rest of the day, it’s not clear what forensic value this would have – although it was a good starting point.

Many of the sites Amero visited that morning were obscure – porn sites masquerading as legitimate sites for hair-styles. It makes little sense that Amero would have “typed” a hair syling site intending to find porn. In fact, for example, one of the URLs in the cache was http://pagead2.googlesyndication.com - does the government really contend that the substitute teacher typed in that URL? Indeed, in press reports, the government expert and the prosecutor went back and forth, alternatively asserting that their evidence showed that she deliberately went to porn sites because she “typed” the URL’s of these sites, and somewhat contradictorily asserting that the evidence of intent was that she “clicked on” links to these sites – which generally would not have shown up in the “typed URL” registry.

As Dr. Neal Krawetz of Hacker Factor has pointed out, a thorough forensic examination might be able to exclude the possibility that a particular URL was “typed,” but could not demonstrate conclusively that it was, in fact, typed. He points out that you would want to examine the hard drive to determine whether there was spyware or adware on the computer that was either capable of, or actually designed to generate the web requests. You would want to know when the spyware was added to the computer, using timestamps and sector locations, and determine whether these times coincide with the times that the substitute teacher used the computer. You would look at the URLs that were accessed at the time the time the spyware was loaded. If, for example there is a short delay between the times that each website is loaded (and the .jpg files on that website downloaded) this is a strong indication of a pop-up ad. People can only type so fast. The regularity of the opening of the URL (every 3 seconds, every 5 seconds, etc.) would indicate a likely pop-up. Were websites opened instantaneously with the closing of other websites, as Ms. Amero testified happened when she tried to shut down or close the pop-ups? There are lots of other ways you could exclude human intervention (well, I suppose pop ups are human intervention, but you know what I mean).

As a matter of fact, it has been reported that the CEO of the maker of the forensic software that Lounsbury used stated that, while the software can find all sorts of files and images, including deleted images or images in unallocated disk space, by keyword or by filetype, [it] does not determine the cause of those files being on the computer (whether caused by malware, intrusion, or direct and willful use), and that it is not the function of [the software] to make that determination." Nevertheless, both the detective and the prosecutor were unequivocal that the forensic evidence demonstrated beyond a reasonable doubt that the substitute teacher deliberately “typed in” the porn sites.

Detective Lounsbury went further, though. He reportedly also said that he can differentiate between what is and what is not a pop-up based on the source codes [sic]. What source codes? The source code of the websites that were visited? Did Lounsbury really access the servers that held the HTML for these “hairstyle” sites and forensically examine their source code, but somehow forget to look for spyware on the machine he was given? Indeed, he himself indicated that it is the normal practice to use:

"Additional tools which search for specific viruses, trojans, and worms by their unique hashes can be brought into play to search for the known bad code."

Once evidence is located, police take note of the date and time it was created, modified, and last accessed. When the evidence (malware, .jpg, web page) was created is the "when" in "who, what, when, where, how and why." So, if malware was created at the same time the web pages and images were created, was the malware spawned by the "typed URL", by its content (i.e. Web Attacker kit), or mouse napping (click-throughs)? If there's no malware created prior to a web page with questionable content how do you end up at said web page?

Of course, Detective Lounsbury forgets the fact that, with sophisticated enough tools, and sufficient access, malware can be wiped from the system, system dates altered, and that even a simple rebooting or accessing of files can change their forensic value. It's understandable, though, considering the fact that he had very little substantive computer forensics training. He continued:

"I ask this rhetorical question: Where does objectionable material come from - a site like Disney.com or the pornographic dot coms? Where do abusive JavaScript and Web Attacker kits reside? What about zero-day Internet Explorer Exploits such as the one discussed at this site on techfeed.net: 'A security hole in IE was recently confirmed by Microsoft. Now exploits that install tons of adware have been spotted on Porn sites. This exploit is reportedly easy to duplicate, and experts expect the problem to spread quickly to other shady sites across the Internet.'"

The detective seems to be suggesting that the only way to get pornographic malware (that is, malware that loads pornographic websites) is to go to a pornographic website. While it is true that many pornographic websites do engage in “mouse-trapping” pop-ups, spyware, adware, or even fat-finger typing can send you into an infinite loop of pornography. So can hijacked websites, like the website of the NFL’s Super Bowl Dolphin Stadium which, once visited, installed a nifty key-logger onto your computer. Malware can come from many sources – including the AOL mail that Julie Amero went to. Indeed, as the recent settlement with the Federal Trade Commission indicates, you can even get malware or a rootkit by simply playing a music CD.

A bumbled forensic defense?

The PC in the classroom – like many school computers – was running Windows 98 and the browser was Internet Explorer 5. There was no evidence that either browser or OS had been, in any significant degree, updated, and neither the PC nor the network itself apparently had any kind of firewall. Win 98 is no longer even patchable and is not supported by its creator. None of this is unusual. Finally, the PC was reportedly riddled with spyware, much of which predated Julie Amero’s use of the computer.

A defense forensic expert prepared a report contained the following chronology of events based upon his forensic examination.

On October 19, 2004, around 8:00 A.M., Mr. Napp, the class' regular teacher logged on to the PC because Julie Amero being a substitute teacher did not have her own id and password. It makes sense that Mr. Napp told Julie not to logoff or shut the computer off, for if she did she and the students would not have access to the computer. The initial user continued use of the PC and accessed Tickle.com, cookie.monster.com, addynamics.com, and adrevolver.com all between 8:06:14 - 8:08:03 AM. During the next few moments Julie retrieved her email through AOL.

Amazingly, despite having two laptops filled with forensic evidence, the defense expert, for reasons discussed below, reportedly was only able to present two powerpoint slides in Amero’s defense. Not noted in the forensic examiner’s report is the fact that those sites are all strongly linked to adware and automated popups. Of course, addynamnics.com and adrevolver.com are adware sites, and despite the forensic examiner’s conclusion that “the initial user . . . accessed” these sites, a more accurate assessment would be that these sites were accessed while the initial user was logged in – consistent with adware with pornographic pop-ups. For example, Ad Dynamics is a Canadian company that advertises that it will “Manage, deliver and track banner [sic] of any size, pop-ups, text ads and many different types of rich media ads.” Similarly, they are listed as known domains for spyware and popup adware. The forensic report continues:

"http://www.hair-styles.org was accessed at 8:14:24 A.M., based upon the hair style images uploaded to the PC we were led to believe that there were students using the computer to search out hair styles. The user went to http://www.crayola.com at 8:35:27 A.M. The user continued accessing the original hair site and was directed to http://new-hair-styles.com. This site had pornographic links, pop-ups were then initiated by http://pagead2.googlesyndication.com. There were additional pop-ups by realmedia.com, cnentrport.net, and by 9:20:00 A.M., several java, aspx's and html scripts were uploaded. A click on the curlyhairstyles.htm icon on the http://www.new-hair-styles.com site led to the execution of the curlyhairstyle script along with others that contained pornographic links and pop-ups. Once the aforementioned started, it would be very difficult even for an experienced user to extricate themselves from this situation of porn pop-ups and loops.
All of the jpg's that we looked at in the internet cache folders were of the 5, 6 and 15 kB size, very small images indeed. Normally, when a person goes to a pornographic website they are interested in the larger pictures of greater resolution and those jpgs would be at least 35 kB and larger. We found no evidence of where this kind of surfing was exercised on October 19, 2004."

Now you probably don’t want to retrace the clicks of the seventh grade class noted in the forensic report – well, not unless you want a bit of porn yourself. Even a cursory review of these sites three years later shows that these are not hair design sites, they are fronts for porn or penis-enlargement sites in Russia and the Ukraine. Looking behind the site itself the style sheet for these sites is named "images/sex_style.css" and the background image lives at "http://sex.sweetmeet.ru/". If you scroll down the page far enough, you get to a penis enlargement ad that is a fixed component of the page. The ">>>" images beside the links on the left of the page link to "sweetmeat.ru" the porn site that Amero was convicted of visiting. And guess what else? There is a javascript on called “function popUP(url,h,w,resizable,scrollbars)” – to open pop-ups.

Oh, and many of the hairstyle pictures are of women wearing little or no clothing. (Long hair covers their chest.) All this, coupled with the fact that the seventh grade girls were apparently looking for information about hair styles which might be of interest to 12 year-old girls, and not so much for 40 year-old women, one can reasonably ask what is a more reasonable explanation for the pornographic pop-ups – a 12 year-old surfing for hair styles, or a 40 year-old faculty member surfing porn from a borrowed account in the presence of 29 curious pre-teens, hoping none of them would notice.

So let’s get this straight. The machine's Internet history showed that a previous user had been accessing the kind of sites likely to plant pornographic malware, such as dubious dating sites. The forensic examination also showed a host of adware and spyware on the machine, much of which had been in place and operating well before the porn incident - including one designed to hijack and redirect the browser. And on this evidence, she was convicted?

What the jury didn’t see

The police detective indicated that the police never examined the school computer for the existence of Trojan horses, logic bombs, spyware, adware or other malicious code. They reportedly didn’t do this because the defense did not raise the “malware defense” prior to trial. Indeed, many have conjectured that the “pop-up” defense was manufactured for the trial, and that Julie never told anyone about the pop-ups at the time, or indeed at any time prior to trial.

However, if you wanted to assert that the defendant deliberately clicked on pornographic websites, and offer expert testimony to that effect, it would be incumbent upon you to eliminate the possibility – indeed, the probability – of the existence of malware. Indeed, the police detective himself suggested that a normal procedure would be to look for malware created before or at the time of the alleged criminal acts.

This may be a case where the defendant was wrongfully convicted because of a technicality – not just because of spyware or pop-ups. You see, Connecticut law requires the defense to give the government any written reports or tangible evidence they intend to introduce at trial, or evidence “[w]hich is a report or statement as to a . . . scientific test or experiment made in connection with the particular case prepared by, and relating to the anticipated testimony of, a person whom the defendant intends to call as a witness." It is not clear whether the defense expert prepared such a written report, or whether if so, it was disclosed to the prosecution. In 1992, the Connecticut Supreme Court in a case against Adrian Genotti (220 Conn. 796, 1992) held that there was no legal obligation to prepare and therefore disclose a written report, and that an expert should not be prevented from testifying just because no written report was created and/or disclosed.

It appears that the government did not rebut the argument that the substitute teacher was the victim of pop-ups because they didn’t know that was going to be the defense. In fact, Amero may not have even raised this as a defense until immediately before trial. It also appears that, as a result the defense wasn’t fully able to present this defense because they didn’t give the government sufficient notice of the expert’s reports.

Indeed, despite the fact that the investigation and the case had been pending for almost two years, it appears that nobody even brought up the possibility of the “pop-up” defense until shortly before trial. This may have been tactical on the part of the defense, or it may have been because the defendant simply didn’t focus on what caused the porn to be displayed. In any event, the cops didn’t look for evidence to rebut a defense about which they weren’t aware, and so they never looked for spyware and adware. Because the defense may not have given notice of the existence of the expert report, the court curtailed the expert’s testimony. So Ms. Amero goes to jail for a failure to produce some paper?

The IP address history logs of the school apparently were not reviewed. What is worse, it appears that nobody attempted to recreate the sessions with live Internet accounts to see whether the pop-ups actually occurred at the time. The defense expert’s request to do so in court was denied. However, while some of the particular sites may no longer have been active at the time of the trial three years later, archives of these sites indicate that they were likely sources of malware. Indeed, even an immediate reconstruction of the events might not yield an identical result, as malware sites are polymorphic – changing URLs sometimes within minutes, and the results would only be useful if it used a similarly outdated computer, with a similar lack of controls, and similarly un-updated software and browser.

As a result, it is impossible, without an independent forensic examination, to determine whether Julie (a) deliberately surfed for porn; (b) inadvertently went to a porn website; (c) was the victim of pop-up porn sites; or (d) merely sat by while students did any of the acts. It makes little difference for purposes of her termination (for not paying attention in class), but makes a huge difference for criminal purposes.

Where was the school's filter?

While the Norwich school’s Information Services Director Bob Hartz reportedly told a school board hearing in January 2007 that the school was running Symantec’s WebNOT filtering software [Editor's note: SecurityFocus is owned by Symantec Corp], Hartz stated that the automatic update feature was not activated – possibly due to an unpaid invoice. Thus, for at least three months, the system was not blocking many pornographic websites, including the ones seen by the 7th grade class. There did not appear to be any kind of adware blocking software on the school machines. This could explain why there had never been an incident involving pop-ups prior to that date, and – assuming, as Hartz later told the school board, a new filter was installed (and updated) it hasn’t happened since. Filters aren’t perfect – but outdated filters are much less than perfect. Now who again exposed the kids to materials that impaired their morals?

Now I am not suggesting, without a full review of the evidence, that it was impossible that Ms. Amero voluntarily visited the porn sites while sitting as a substitute teacher in the 7th grade class. Stranger things have happened. I also don’t think that the mere presence of spyware, adware, or even remote control or Trojan horse software should act as a perfect defense to any crime or fraud that someone might conduct. This is not a “twinkie-defense” – “gee, I have malware, you can’t convict me of anything.” I have previously written about the so-called “Trojan horse” defense to allegations of hacking or downloading pornography. Indeed, the defense may be misused, and only an independent forensic examination can say for sure. However, the facts of this case strongly suggest that the substitute teacher was the victim of mouse-trapping, and not a porn surfer.

Not only could Amero be sentenced to 20 years in jail, there is nothing to prevent the Connecticut legislature from requiring – years hence – that she register as a sex-offender, and have her name posted on the Internet in that capacity. She rejected a government plea offer which would have guaranteed a probationary sentence and a non-felony conviction. Nobody seems to suggest that a 20 year sentence is appropriate, and indeed, it is likely that Amero will get probation anyway. But the real question here is: does the evidence support the criminal conviction for knowingly displaying pornography (as opposed to not doing her job, surfing other websites during class time, or failing to react properly to the pornographic websites.)

This seems to be an example of bad – or at least incomplete – lawyering on both sides, and the vagaries of a “jury of your peers.” Firstly, neither the prosecution nor defense experts fully presented their cases – the prosecution because they had no notice that adware would be an issue, the defense because they weren’t permitted to because of possible discovery violations. The jury was asked to render a verdict on incomplete evidence and vague and ambiguous jury instructions about exactly what the crime was. Moreover, juries tend to believe expert testimony, and experts frequently display a degree of certainty that is not supported by the facts. And that is the real crime here. How is it that you can have two experts examine the same computer and conclude – with equal degrees of certitude – that the defendant deliberately typed in the URL’s, and that she did not? The answer lies not with science, or forensics, but with humans. People naturally come to forensic examinations with preconceived ideas, and trying to “prove” something. This dictates what files they examine, and what they conclude from these files. They shade their testimony and examination. What is possible becomes likely. What is merely “unlikely” becomes “impossible.” The truth is, we will see more people wrongfully convicted of crimes they did not commit because the computer indicates that they did it. And computers never lie, right HAL?

Institutional liability

This case is an object lesson not only to users, but to their employers as well. First of all, I want to point out that companies have a fiduciary obligation to their employees to take efforts necessary to prevent them from being unfairly and unjustly implicated in criminal activity – to have strong authentication systems, and decent policies and practices.

Now I am generally sympathetic to public schools, which depend on taxpayers to pony up funds for everything from books, pens, pencils, and computers to teacher salaries, physical plant, and softballs. They have tight budgets, high expectations, and usually very little support. So its not unusual that they might have outdated equipment, unpatched systems, untrained users (particularly substitute teachers), outmoded or non-existent firewalls, no anti viral or anti spyware systems, and little access control. While this neighborhood in Connecticut is by no means low income, I am sure that budgets are tight there, like everywhere else. Computer security just isn’t a high priority, especially when they are seeking $40 million to renovate the school itself.

To help schools acquire new computer hardware and wire or rewire their schools, Congress in 2000 passed the Children's Internet Protection Act (CIPA). CIPA imposes certain types of requirements on any school or library that receives funding support for Internet access or internal connections from the "E-rate" program - a program that makes certain technology more affordable for eligible schools and libraries. In early 2001, the Federal Communications Commission (FCC) issued rules implementing CIPA. It requires schools that participate in the E-rate program to certify that they have an Internet safety policy and technology protection measures in place. This policy must include technology protection measures to block or filter Internet access to pictures that: (a) are obscene, (b) are child pornography, or (c) are harmful to minors, for computers that are accessed by minors. They also must adopt and enforce a policy to monitor online activities of minors including (a) access by minors to inappropriate matter on the Internet; (b) the safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications; (c) unauthorized access, including so-called "hacking," and other unlawful activities by minors online; (d) unauthorized disclosure, use, and dissemination of personal information regarding minors; and (e) restricting minors access to materials harmful to them.

It is not clear whether the Norwich, Connecticut school district received e-Rate funds, although many other Connecticut schools did, and a 2005 report by the Connecticut Department of Information Technolgy suggests that Norwich received e-Rate funds (PDF), and that they had “upgraded” their Internet filtering in 2004 to the N2H2 Sentient filtering system. A report issued the day after the conviction by the Connecticut Education Network (CEN) confirms this.

Thus, Norwich was mandated to have measures in place to block access to pornographic sites. Would the failure to update blocking software take the school district out of compliance? It certainly would implicate the annual certification that they had blocking protection in place – or at least that they had effective blocking in place.

This points out that there are a host of laws and regulations that mandate levels of protection and security. These may include legal requirements to keep spyware, malware and anti-virus protections active and updated, to use appropriate filtering software, to monitor activities, and take appropriate remedial efforts. Oh yeah, and to have an effective incident response program that includes computer forensics that will actually tell when and how someone may have violated these rules. Or when they simply appear to have violated the rules.

Indeed, several years ago I was involved in an incident where an employee was almost terminated for attempting to repeatedly hack into a series of computers located in Eastern Europe – pinging one IP address after another sequentially and repeatedly. Looked like a hack. A forensic examination of his computer indicated that he had inadvertently downloaded malware, which was unsuccessfully attempting to register itself at its home base.

Similarly, the February 2000 Distributed Denial of Service Attack launched by the infamous “mafiaboy” involved bots that infected thousands of computers located mainly in academic environments. While these unpatched systems became the vehicles for attacks on others, a cursory forensic exam would have indicated that the colleges and universities were the source of, rather than the victims of these attacks. The same thing is obviously true for spam bots, file parking, and other methods used by hackers to divert attention from themselves and on to other innocent people or systems.

An incomplete forensic examination can lead to the creation of an “airtight” criminal case against the wrong person. Next time it could be a senior corporate executive who could face some jail time. Maybe then we will do something about it.

Privacy Statement
Copyright 2006, SecurityFocus

Steve Jobs Blasts DRM

2007-02-12T18:59:00.001-05:00

by Adam C. Engst <ace@tidbits.com>

In an unprecedented move, Apple last week posted on the company Web site an open letter from Steve Jobs entitled "Thoughts on Music." That Apple chose the open letter approach is interesting, but sensible, since there isn't really a conventional format for a company to express an opinion or take a position other than a press release, and the letter was aimed, as we'll see, at many audiences other than the press. I'm a bit surprised that Apple didn't choose to film Jobs talking instead (or at least in addition to posting the letter). Why not harness the Reality Distortion Field when your CEO controls it? Such a video would have become an instant hit via iTunes and YouTube, further spreading Apple's message.

Video or no video, you can and should read the full letter, which makes a number of interesting and relevant points about the current state of the music industry, digital rights management (DRM), and Apple's role in the world.

First, Apple was forced to create and use FairPlay DRM when selling music on the iTunes Store because that was the only way the big music companies would agree to license their music to Apple. However, perhaps due to the music companies not realizing the potential size of the online market, Apple was initially able to negotiate pretty good terms, which accounts for FairPlay-encrypted tracks working on up to five computers and unlimited iPods, enabling burning to audio CDs from the same playlist some number of times, and so on. (Also, iTunes ran only on Macs at the time, so Apple was able to convince the music companies that the platform's small market share ensured that if the experiment were a failure, they wouldn't have lost much.) Apple may have benefited early on from the way FairPlay locks iTunes Store users into using iPods, but Jobs claims that on average, only about 2 percent of music on iPods was purchased from the iTunes Store (of course, that's a weak argument for any individual who happens to have purchased a lot of music from the iTunes Store, but no one was forced to buy from Apple). Plus, remember that before the opening of the iTunes Store, Apple was running its "Rip, Mix, and Burn" commercials, which were widely seen as tweaking the recording industry.

Second, if FairPlay were breached, Apple would have to fix it in a very short time or risk losing its ability to sell music on the iTunes Store. There have been several breaches of FairPlay that Apple has resolved quickly - thanks to the company controlling all portions of the media-purchasing and playing process - but on the whole, FairPlay's protections have remained intact. That may be in part due to it having reasonable conditions, unlike many other DRM systems. But with 70 percent of the market, Apple certainly isn't escaping attention by being a small player, as is often stated as a reason for the paucity of exploits aimed at Mac OS X. That said, Jobs unfairly equates the desire to break FairPlay to the desire to steal music, conveniently ignoring how many people are both philosophically and practically offended by DRM and how it limits their fair use rights.

Third, were Apple to license FairPlay to other manufacturers, the likelihood of a license-endangering breach and the difficulty of implementing a quick fix goes up, as the number of people in different companies with access to code and encryption keys increases along with the number of devices available to crack. That worry is not unfounded; it was by hackers disassembling the object code of the Xing DVD player that the Content Scrambling System (CSS) protecting DVD movies was broken. And while Apple could in theory license other forms of DRM from Microsoft and others to enable iPods to be used with other online music stores, the general consensus among industry insiders is that it would be a cold day in hell before that would happen (though you can never count out global climate change affecting the netherworld; see the linked picture). Plus, unlike releasing iTunes and the iPod for Windows, it's unclear how licensing Microsoft DRM would benefit Apple, given that most of the online music stores have significant overlap in their catalogs. The primary benefit to users would involve being able to choose an online music store that offers a subscription plan, which Apple has steadfastly avoided with the iTunes Store. (Of course, subscription plans require DRM, because otherwise you could keep forever everything you heard once, so eliminating DRM would also destroy that entire business model.)

Fourth, although Apple owns 70 percent of the online music market today, with companies like Microsoft and Sony entering the fray with similar proprietary music stores selling DRM-protected content that plays on only specific music players, Apple sees no problem with its dominant position (no surprise there). Jobs also points out that because only 2 percent of music on the average iPod has been purchased from the iTunes Store (the remainder being unprotected MP3s ripped from CDs or purchased online from unprotected sources), it's disingenuous to portray Apple as locking iPod users into using the iTunes Store. And something he doesn't say is that it's easy - if extra work - to remove FairPlay by burning protected tracks to an audio CD, after which they could be transferred to any other music player.

Fifth, and this is undoubtedly the most interesting point, Jobs states unequivocally that Apple would prefer that all music sold online was DRM-free, because it would be better for customers who want to use alternative music stores or alternative music players. What he doesn't say is that it would also be easier for Apple, which wouldn't have to maintain and update FairPlay constantly. It would also be better for competition, eliminating what little lock-in currently exists between a particular music store and its associated player. Given how Apple essentially created the portable music player market with the iPod (not the first, but so much better than its predecessors that it might as well have been) and the online music market (by integrating the iTunes Store into iTunes itself), I don't think Apple fears competition at all, and may even welcome it as an encouragement to innovation.

Sixth and lastly, Jobs points out that while fewer than 2 billion protected tracks were sold online in 2006, the music companies sold over 20 billion songs in completely unprotected form via conventional CDs. He uses this fact to point the finger of blame at the music companies themselves for furthering illegal music copying. This is in fact a tricky argument, because it can be used either to push for removing DRM restrictions on music sold online or for increasing restrictions on physical media. Efforts to use copy prevention technologies on CDs have failed, partially through technical ineptitude (they simply didn't work), and partially through utter stupidity, as in the case of the Sony BMG rootkit scandal, in which Sony intentionally installed spyware on Windows PCs when a protected CD was played.

Why This Letter, and Why Now? Response among our sources has been interesting. Many don't feel that Apple is saying anything new, but I'm not sure I agree. Apple has never before come out against DRM in music so plainly. Also, even if these attitudes aren't completely new, Apple hasn't previously shown such aggressiveness in promoting them and assigning the blame for DRM to the music companies. It's possible that the letter is in part a PR effort to paint Apple as a friend of the consumer, in contrast with the big bad music companies, thus giving Apple the high moral ground with customers and establishing Apple's position in advance of any large-scale movement on the part of the music companies to offer unprotected tracks via other online services, as EMI has done with Yahoo.

Interestingly, video is never mentioned in the letter. Jobs has always seemed to consider music and video differently, perhaps because of his association with Pixar, and it's also certainly true that Apple is by no means in the same powerful negotiating position with the movie studios as it is with the music companies. Plus, all commercial DVDs are nominally protected against copying by CSS, and bandwidth limitations have slowed large-scale sharing of video content.

But again, why now, and to whom is the letter targeted? It's almost certainly a response to the Consumer Council of Norway's complaint against Apple with regard to the End User License Agreement (EULA) with which iTunes customers must agree. Among the criticisms (many of which are legitimate) is the concern about interoperability - songs purchased on the iTunes Store cannot be played on other devices (the conversion step I outlined previously is never mentioned). In essence, Apple is saying to Norway and the other European countries, "Look, this DRM wasn't our idea, and without it, we couldn't maintain the licenses that enable us to be in business. But we'd happily drop the DRM if we could; go talk to the music companies about that." If push comes to shove, Apple will simply pull the iTunes Store out of Norway.

Another possibility is that the letter is meant to tweak Microsoft over that company's embrace of DRM, including the Windows Media DRM, the Windows Media DRM-incompatible Zune (on the sales of which Microsoft pays royalties to the music companies; see "Of the Zune, DRM, and Universal Music," 2006-11-13), and the extensive DRM support that's built into Windows Vista. Peter Gutmann, a University of Auckland computer science researcher who works on the design and analysis of cryptographic security architectures, has posted an exhaustive discussion of the problems that are likely to result from Vista's low-level content protection code. Jobs's letter never mentions Vista, but it seems entirely within Jobs's character to set Apple as an alternative to Microsoft with respect to DRM.

It's also possible, though less likely, that the letter comes in part as a followup to a rather unflattering portrayal of Apple's attitudes about DRM in the New York Times. In that article, the head of the Nettwerk Music Group, Terry McBride, says that although Nettwerk's music is sold on the eMusic online service without DRM restrictions, Apple insists on adding FairPlay to the same tracks sold on the iTunes Store.

A challenge to Apple then: start selling unprotected tracks on the iTunes Store when the rights-holders request such an action. Apple currently makes many unprotected podcasts available for free in the iTunes Store, though I don't know if there are any unprotected podcasts or songs that are sold, or if Apple currently has back end limitations that require FairPlay on non-free tracks. And if Apple really wanted to put its money where Steve Jobs's mouth is, it could buy eMusic, which is the second-largest online music service, and which has about two million tracks from independent artists, none of which contain any DRM. (Of course, buying eMusic might draw unwanted attention from monopoly regulators.)

Other Views -- Coverage of the letter has been widespread, with a variety of responses. On Playlist, Jim Dalrymple has some interesting reactions from Real Networks and a wonderfully typical comment from the RIAA. Also on Playlist, Nancy Gohring of IDG News Service reports on the response from the Consumer Council of Norway, which admits that music companies have some responsibility but still claims that ultimate responsibility lies with Apple. The Economist concludes, "Mr Jobs's argument, in short, is transparently self-serving. It also happens to be right." Dan Moren of MacUser.com imagines a world without DRM, John Gruber of Daring Fireball reads between the lines of Jobs's letter, and as usual, John Moltz of Crazy Apple Rumors Site makes up the stuff you wish had been said.

Vista pumps US PC sales

2007-02-12T18:57:00.000-05:00

Correspondents in San Francisco
FEBRUARY 12, 2007

US sales of computers carrying Microsoft's new operating system Vista soared in the week after it was launched, defying the expectations of analysts who gave Vista lacklustre reviews.

Personal computer sales for the week following Vista's debut to succeed Microsoft's
Windows XP in January were 67 per cent higher than those in the same week in 2006, and nearly triple those of the preceding week, according to analyst firm Current Analysis.

"I didn't expect to see such aggressive growth right off the line," Current Analysis research director Samir Bhavnani said. "If you are Microsoft, you have to be pleased with these results."

Adding to the achievement was the fact that computer sales are usually sluggish during the end of January and the beginning of February.

"This bodes well for Vista," Mr Bhavnani said, cautioning that a more reliable picture would be shown by PC sales figures in the coming six months.

"The early returns are showing the messaging Microsoft is doing is resonating with customers."

As Microsoft executives predicted, the majority of people opting for Vista bought the higher-priced Home Premium version and only 22 per cent went for the more economical, scaled-down Basic edition.

Slightly more than half of the Vista-based personal computers sold for the week ending February 3 were made by Hewlett-Packard.

Microsoft spent five years and $US6 billion dollars creating Vista as the successor to its Windows XP operating system.

It has touted Vista worldwide as its most secure and thoroughly-tested operating system release.

The release was repeatedly delayed, prompting computer pricing deals and discounts to appeal to customers in the notoriously slow sales period following the year-end holiday shopping season.

Critics maintain that Vista's complexity forces aspiring users to upgrade computers to meet memory and graphics demands. Computer game developers have complained Vista's security features can block or break their software.

Longtime Microsoft followers advised people to put off upgrading to Vista until flaws and kinks are exposed and fixed, as has been the historical pattern with the company's previous operating systems.

Approximately 95 per cent of the 900 million computers in the world run on Windows operating systems.

"When you are number one, you take a lot of heat," Mr Bhavnani said of the criticism heaped on Microsoft concerning Vista. "Microsoft will always put a good product out there on the field."

Vista Not Playing Nice With FPS Games

2007-02-12T18:56:00.000-05:00

"Computerworld is reporting that gamers who have installed Vista are reporting problems with first person-shooter titles such as CounterStrike, Half-Life 2, Doom 3. and F.E.A.R. (Users have compiled lists of games with Vista issues.) The complaints, which have turned up on gamers' forums, cite crashes and low frame rates. Not surprisingly, the problems relate to graphics hardware and software: 'Experts blame still-flaky software drivers, Vista's complexity, and a dearth of new video cards optimized for Vista's new rendering technology, DirectX 10. That's despite promises from Microsoft that Vista is backwards-compatible with XP's graphic engine, DirectX 9, and that it will support existing games. Meanwhile, games written to take advantage of DirectX 10 have been slow to emerge. And one Nvidia executive predicts that gamers may not routinely see games optimized for DirectX 10 until mid-2008.'"

Microsoft releases second beta of home server OS

2007-02-12T18:54:00.000-05:00

By Elizabeth Montalbano, IDG News Service

February 12, 2007

Microsoft has released the second beta of a new server aimed at giving users a way to connect and manage Windows Vista PCs, devices, and printers in their homes.

Beta 2 of Windows Home Server, which already has been tested by more than 1,000 Microsoft employees, software and hardware partners, is now available, Microsoft said. The company soon plans to extend the product's beta program, and those who want to test beta 2 of the OS can sign up at this Web site.

Microsoft also unveiled the Windows Home Server Blog, which will track the progress of the software's development, oin Monday. Additionally, Charlie Kinder, Microsoft general manager of Windows Home Server, also maintains a blog where he will post about the product.

Microsoft introduced Windows Home Server at the Consumer Electronics Show in Las Vegas in January. Hewlett-Packard will have the first server built on the OS, a product called the HP MediaSmart Server, later this year. Currently, Microsoft only plans to make Windows Home Server available through OEMs, not sell it directly to consumers.

A dozen patches on the way from Microsoft

2007-02-12T18:53:00.001-05:00

Microsoft on Tuesday plans to release a dozen security bulletins, including a "critical" one for its own anti-spyware and other security products.

By Joris Evers , February 12, 2007

Microsoft on Tuesday plans to release a dozen security bulletins, including a "critical" one for its own anti-spyware and other security products.

The bulletins, part of its monthly patch cycle, will provpide fixes for an undisclosed number of security vulnerabilities, Microsoft said in a note on its website on Thursday.

The software maker plans to offer fixes for Windows, Office, Visual Studio, Microsoft Data Access Components (MDAC), and several of its security products, including its Windows Live OneCare package of antivirus, firewall and PC health tools and its Windows Defender anti-spyware.

At least four of the bulletins will be labeled "critical", Microsoft's highest severity rating. These type of security issues typically could allow an attacker to gain full control of an affected system with no or minimal action by the user.

Critical fixes are on tap for Windows, Office, MDAC and the security tools, Microsoft said. The company provided no further details on which problems it is fixing, other than that some of the updates may require a system restart.

There are 10 disclosed, but yet-to-be-patched security holes in various Microsoft products, according to eEye Security's zero-day flaw tracker. At least five flaws are known in Office and at least one in Visual Studio.

Last month, Microsoft pulled four planned security bulletins at the last moment. Those bulletins were to have addressed bugs in Office.

Online Security a Big Issue

2007-02-12T18:52:00.000-05:00

By Scott Miller, The Pantagraph, Bloomington, Ill.

Feb. 11--BLOOMINGTON -- Jeff Mercier came into work one morning, turned on his laptop, logged into the corporate server and quickly got a call from the IT department.

Somewhere during work travels, a virus attached to his laptop computer with hopes of stealing personal information. Fortunately, he hadn't put his entire company and customers at risk.

While the laptop couldn't detect a problem, the well-secure corporate server quickly identified the virus when Mercier logged on at the office. Mercier erased and reinstalled the programs on his laptop. Secure information was not compromised.

"If it wouldn't have been caught, it probably would have got my banking account information," said Mercier, director of operations at Bloomington Offset Process Inc. in Bloomington.

Or worse, the virus could have spread into the corporate server and started stealing company information or even the private information of customers. Mercier and his employer are secure.

Hackers have created various types of key-watching programs and spyware that steal personal information as it's being typed. That information is then resold. It's a $62 billion industry, according to computer-security guru David Stelzl, who travels the country telling businesses the gory details of digital theft.

He called it the new organized crime while at a stop in Bloomington recently.

"This is no longer a bunch of college students looking for notoriety," he said. "The drug trade industry is not as big as this."

In most cases, Stelzl said, the spyware conceals itself because it doesn't disrupt your computer.

"They want you to be profitable. They don't want to disrupt your business. They want to sell your information," he said. "If you're a big company or a small company, you either have information I can sell or a system I can use."

No matter how much anti-spyware a company buys, hackers will always find a key, Stelzl said. Often, unaware employees will give them the key.

They'll respond to unsolicited e-mails or visit phony Web sites that contain viruses.

"Never open e-mail greeting cards," Stelzl said. "If someone e-mails me a greeting card, I delete it and call them and say, 'Don't ever e-mail me a greeting card because I won't open it.'"

The various firewalls businesses buy, Stelzl said, are meaningless without employee education.

"If I went out and bought all those products, I'd be broke," he said. "They will get in. The question you need to ask is 'Will I be able to detect them?'"

Still, protection is the first step in defeating spyware, Stelzl said, and firewalls and security software serve as protection.

The second and third steps, he said, are detection and response.

Bloomington-based Integrity Technology Solutions recently analyzed the computer security of more than a dozen small businesses in the Twin Cities. None were up to par, said Integrity President Harlan Geiser.

"There was a common problem that people didn't have their (security) software updated. They typically don't even know it," Geiser said.

They didn't have protection.

The problem, Geiser said, typically exists in smaller companies that don't have information-technology, or IT, departments. Many companies, for example, refer all computer-related questions and problems to the employee in the office who's the most tech savvy, Geiser said. That person has other responsibilities and can't keep up with the evolving world of computer security, Geiser added.

Such companies have no form of detection.

If companies don't have an IT staff, many now outsource such tasks to companies like Geiser's. In addition, proper employee training and education can help workers detect suspicious e-mails and Web sites.

Lastly, after protecting your server and detecting the virus, companies need to respond.

This means simply deleting the virus, Geiser said, and fixing affected programs.

Mercier and his company handled the problem perfectly. The corporate server had enough protection to lock out the virus embedded on Mercier's laptop. The IT department quickly detected the virus, then responded by deleting the virus and reinstalling all the software on Mercier's laptop.

-----

To see more of The Pantagraph, or to subscribe to the newspaper, go to http://www.pantagraph.com

Distributed by McClatchy-Tribune Business News.

For reprints, email tmsreprints@permissionsgroup.com, call 800-374-7985 or 847-635-6550, send a fax to 847-635-6968, or write to The Permissions Group Inc., 1247 Milwaukee Ave., Suite 303, Glenview, IL 60025, USA.

Story from REDORBIT NEWS:
http://www.redorbit.com/news/display/?id=837545

Published: 2007/02/12 15:00:29 CST

© RedOrbit 2005

Anti-Spyware Coalition Reaches Important Milestone

2007-02-12T18:49:00.000-05:00

(1) Anti-Spyware Coalition Reaches Important Milestone

Last month, the Anti-Spyware Coalition (ASC) unveiled a comprehensive set of "best practices" for identifying potentially unwanted technology. Based on more than a year of consultations and building on all of the coalition's previous work, the Best Practices document provides the clearest description yet of how anti-spyware companies determine whether software may be "unwanted." In a related development, the ASC also issued its Conflict Identification and Resolution Process, which for the first time offers a uniform, fair method for resolving software disputes between anti-spyware vendors.

Issuing best practices has been a top priority of the ASC since it was founded in 2005 with the mission of educating users, establishing a community for anti-spyware advocates and collaborating to improve the usefulness of anti-spyware technologies. Coordinated by the Center for Democracy & Technology, the ASC comprises academics, public interest advocates and companies active in the anti-spyware space. Its diverse membership is united by a common goal of making the Internet safer by educating users and improving the tools available to fight spyware.

Members of the coalition see the best practices a vital tool -- not only for anti-spyware vendors to use in honing the detection process -- but also to help software developers avoid publishing products likely to be unwanted by consumers.

"Best Practices: Factors for Use in the Evaluation of Potentially Unwanted Technologies" details the process by which anti-spyware companies review software applications identifying behaviors which raise red flags as well as behaviors that help to mitigate concerns by providing real value to users. It relies heavily on the ASC's own spyware "definitions" document and its Risk-Modeling Description, which helped to establish a common understanding of spyware and how it is classified.

The "Conflict Identification and Resolution Process" highlights possible ways in which anti-spyware tools may conflict with one another and offers clear steps to resolve those conflicts. In addition to allowing for better, more structured interactions between developers, the resolution process will also provide a level of transparency to consumers who may be affected by such conflicts.

As is the case with all ASC materials, both the Best Practices and the Conflict Identification and Resolution Process are intended to be living documents that evolve with the rapidly changing software environment. ASC is currently holding an open comment period on both documents.

ASC Documents

ASC Comment Form

(2) Best Practices Document Builds on Previous ASC Work

The work of the ASC has been methodical, with each document laying the groundwork for ensuing reports that further define and categorize technologies and the characteristics that may cause them to be "unwanted." The best practices document is the product of more than a year and a half of consultations and is built on the foundation established by all of the ASC's previous public reports.

In October 2005, the ASC released its Working Report -- Definitions and Supporting Documents, which defined the term "Spyware (and Other Potentially Unwanted Technologies)." One of the key tenets underlying that definition was that it was ultimately up to the user to determine whether a technology's behavior is wanted or unwanted. A piece of technology that exhibits behaviors unwanted by users in one context may offer enough benefits that it becomes wanted by the same users in another, particularly if the technology in question is offered with proper notice, consent, and user control. The report documented types of underlying technologies and short descriptions of reasons why a certain implementation of an underlying technology may be wanted and why a different implementation of the same underlying technology may be unwanted.

In January 2006, the ASC broadened the explanation of what makes certain technology implementations potentially unwanted with its Risk Modeling Description, which detailed the criteria by which anti-spyware companies classify Spyware and other Potentially Unwanted Technologies. These criteria include both risk factors - those that increase the potential concern about a technology - and consent factors, basic notice, consent, and user control - that mitigate the risks.

While the documents offer a transparent picture of how anti-spyware vendors and researchers consider negative and positive behaviors, the membership of the ASC felt that it was important to move past the current behaviors and to help create a better marketplace. To this end, the ASC drafted its latest Working Report -- Best Practices: Factors for Use in the Evaluation of Potentially Unwanted Technologies to highlight the sorts of technological behaviors that limit the negative impact of potentially unwanted technologies. This Working Report is designed for use by anti-spyware vendors, but contains important insights for many software publishers as well.

The goal of the best practices document is to further explain the "consent factors" described in the Anti-Spyware Coalition's Risk Model Report. Consent factors, as defined by the ASC are characteristics that may help to mitigate the "potentially unwanted" characteristics of certain software applications. They include providing real value to users; offering clear notice; granting appropriate consent and control; insuring security; and offering consumer's appropriate avenues for redress.

ASC Working Report: Best Practices

(3) Conflict Resolution Process A First For Anti-Spyware Industry

The very nature of anti-spyware tools makes occasional conflicts inevitable. The ASC created the Conflict Identification and Resolution Process to establish guidelines for resolving those conflicts in a fair and orderly manner.

In the early days of the antivirus industry, technical conflicts resulting from the installation of two or more antivirus products on the same computer were not uncommon. Typically, such conflicts were easily identified and resolved in a collegial manner, with little, if any, formalized process.

As technology has evolved to include more real-time detection technologies and complex, system-wide removal routines, resolution of some of these issues has become more complicated. Conflicts can now involve two programs attempting to use one resource, or attempting to perform identical functions. In such cases, the widely accepted best practice has been for products to alert users when technical conflicts arise, allowing users to decide whether or not to proceed with installations that could render existing programs unusable, or that could result in a newly installed product not functioning as expected.

The conflict resolution document offers voluntary guidelines for companies for resolving these sorts of disputes in the Anti-Spyware industry. The guidelines propose three main elements: the sharing of software versions so as to reduce or minimize conflicts, the provision of accurate information about conflicts to consumers, and the prompt response and cooperation between vendors to seek to resolve conflicts.

Although aimed at addressing conflicts among members of the Anti-Spyware Coalition (ASC), these guidelines can be used to address conflicts between any two anti-spyware vendors.

Vista, Hackers, Red Flags and Bulls

2007-02-11T21:20:00.001-05:00

Learn to Remove Spyware With Free and Available Programs! Click me

By Jack M. Germain
TechNewsWorld
02/09/07 8:00 AM PT

Microsoft's marketing message for Vista can be summed up in one word: Security. By locking down the Vista kernel, Microsoft says, the OS provides outstanding malware protection. Such a message may be attractive to consumers, but it may also attract hackers who will view Vista not as an impenetrable fortress but as a challenge to be overcome.

Intrusion Prevention at Warp10!
Got a Multi-Gigabit LAN? Protect it with Reflex Security's IPS! Scales from 1 to 10 Gigabit. Highly Available / High Performance Next Generation Intrusion Prevention. Instant White Paper Download.

Microsoft (Nasdaq: MSFT) last week unleashed its six versions of its new operating system , Vista. The software maker's promises of a more robust kernel and built-in security enhancements have created the impression among consumers that third-party security solutions for antivirus, spyware and adware will become a thing of the past.

Meanwhile, computer security firms have been putting the finishing touches on their own updated products to resolve the vulnerabilities they say will inevitably be discovered in Vista.

Microsoft's foray into the malware protection market could be an attempt to muscle third-party vendors out the Vista security business. However, the company is far from becoming the last word on securing its newest OS family member.

Computer security issues will not be curtailed just because Microsoft says its new operating system will be tougher to crack than previous versions. Millions of unprotected or poorly protected computers will remain in use for years to come.

Even though Vista may have better defenses in its redesigned kernel, it will not become a dominant OS overnight, computer experts said.

Haphazard Migration

With Microsoft positioning itself as the primary security developer for its own operating system, nobody is sure yet what role third-party security software developers will play with Vista.

Microsoft welcomes continued product opportunities from third-party security vendors and wants its Vista users to have choices, the company told TechNewsWorld. Many of those vendors say Microsoft is treating them like an errant stepchild, withholding access to the kernel in Vista's crown jewel -- the 32-bit version of the new OS.

"Its too early to tell the impact of Microsoft's Vista on desktop and server products such as those from Symantec (Nasdaq: SYMC) and McAfee," Brian Laing, CSO of security software company RedSeal Systems, told TechNewsWorld. "Right now, some companies are just starting to move to Windows XP, let alone moving to Vista, an OS that has been out for such a short period of time."

As Vista rolls out the new security features, Laing predicted that two main things will happen.

First, consumers at home will adopt Vista's new security features out of convenience. Since they are a part of the operating system, it will be one less thing they need to buy.

Second, enterprise users will be unlikely to leave the security solutions for which they already have subscriptions from third-party vendors such as Symantec and McAfee any time soon. Before experienced users are willing to adopt Vista's own brand of security, Laing noted, Microsoft will have to prove that its new solutions work, that they do not have their own issues and that they can be managed in an enterprise.

This time delay and the large amount of resources available already to third-party security vendors should combine to give the security industry ample time to respond to Vista's new security features, according to Laing.

"You are already seeing companies start to look at more far-reaching solutions such as adopting security risk management software as the next big direction for them," Laing said.

Kernel Warfare

Larry Biddell, vice president of Global Securities Strategies at Grisoft, expects a repeat of trends he observed in earlier Microsoft roll-outs. These past trends show that Vista's security enhancements will not be long-lived.

Vista and the tightening of the kernel will not adversely affect the antivirus industry, Biddell told TechNewsWorld. When Microsoft shipped its Windows upgrade on 3.5-inch floppies instead of 5.25-inch floppy, other software vendors shifted to the new format. When Microsoft upgraded to Windows 95 and later to Windows Millennium and distributed the programs on CDs instead of floppies, many viruses indigenous to earlier delivery methods stopped working.

"Each time the file format changed, the virus landscape changed. Now some viruses and vulnerabilities won't work on Vista," Biddell explained.

That will only be temporary. Biddell likened the more secure Vista kernel as a challenge to virus writers. They will react to Vista as a bull does to a red flag.

Hackers will find new vulnerabilities in Vista, Biddell said. He sees the odds in the hackers' favor. Microsoft has added three new products in a very short time period -- Internet Explorer 7.0, Vista and Office Suite. As a result, he expects malware writers to find new vulnerabilities over the next few months.

The risk of new attack methods is too severe for computer users to fully trust Vista to protect itself from infections, Biddell added. He predicted that quite a few new malware and exploits will be written as proof of concepts.

"These will uncover issues. That's why consumers will still need other antivirus solutions. Vista is not going to be a magic bullet [that obliterates attacks]. Hackers will stil1 look to make money. Early adopters of these new programs will need to make sure they are protected," said Biddell.

The Greed Factor

John Safa, security expert and the chief architect at DriveSentry, fully agrees with the notion that malware groups will quickly topple Vista. He, too, fully expects hackers will respond to Microsoft's challenge.

"By claiming it has locked down Vista, Microsoft has effectively issued an open invitation to the hacking community to prove it wrong," Safa told TechNewsWorld.

It is a money issue, as well. Malware authors have realized they can easily turn a profit by posting malicious programs under the guise of cracks for high-profile software like the upcoming Windows Vista, Safa explained. Consumers will be bombarded with enticing solutions to bypass legitimate validation procedures, he noted.

When unsuspecting consumers download what they believe to be a legitimate crack, their personal data will either be destroyed or encrypted, often with a ransom note attached.

Perception Plus

Vista is a secure platform, preaches Ed Moyle, a manager with CTG's Information Security Services. Part of that security is the inclusion of additional features within the platform such as patchguard, unified access control and development methodologies such as the SDL to help reduce vulnerabilities. Microsoft is interested in changing the perception that its platforms are insecure by developing its own security features and adding them to Vista.

Microsoft does not want to take over system security, Moyle told TechNewsWorld. Instead, he said, Microsoft has gone after threats that are of direct concern to the majority of computer users.

"For example, Microsoft has targeted malware (spyware, viruses, rootkits) both through patchguard and also through antimalware product development. I believe it has done this because malware is a very public area of concern. By targeting this area, Microsoft gets quite a bit of visibility," Moyle said.

In the process of shoring up its image on security, Microsoft's antispyware product is likely to displace niche antispyware software in quite a few cases, he added. Thus, it is likely that there will be an impact to the sales of niche security products.

New Windows, Old Problems

2007-02-11T21:18:00.000-05:00

Learn to Remove Spyware With Free and Available Programs! Click me

Lisa Lerer, 01.30.07, 6:00 PM ET

Windows users--that is, more than nine out of every 10 computer users--have long complained of bugs and viruses. Using a Microsoft operating system required patience and vigilance, particularly if you want to keep up with the newest security patches designed to keep it safe from hackers.

Now Vista, Microsoft's new operating system, promises to alleviate many of these headaches with what Bill Gates calls "the most advanced operating system for security ever done."

Alas, that still doesn't mean Vista users can boot up their computer and stop worrying. "The reality is that this is really the most secure operating system that Microsoft has ever engineered, but you can't take it for granted that you will be protected," says Andy Walker author of the book Microsoft Windows Vista Help Desk.

That's because the new operating system, five years in the making, is an enormous piece of software, which makes it potentially rife with security holes. And Microsoft's dominant market share means its users are a huge target for cyber criminals and miscreants. Vista is like a hacker's Mount Everest: Everyone wants to conquer the giant.

Microsoft had already released the first patch for the system, designed to fix a flaw related to the processing of Windows Meta File images before the consumer version of Vista went on sale. Joanna Rutkowska, a researcher at Singapore-based Coseinc, publicly hacked the operating system last August at the Black Hat security conference. In December, computer security firm Determina reported six vulnerabilities in Microsoft's new Internet Explorer 7 browser.

Expect more holes to appear over time. Rick Howard, director of intelligence at iDefense, a subsidiary of security company VeriSign, predicts a Vista-specific virus will appear in the next six months. His company is offering an $8,000 reward to the first six researchers who can find holes in Vista or the newest version of Internet Explorer. If they write code that exploits the weakness, they'll make up to $4,000 more.

These rewards are only a fraction of what a Vista vulnerability goes for on the black market. According to computer security researchers at Tokyo-based Trend Micro, underground hackers sell Vista exploits for $50,000 a pop.

Vista's biggest weakness is its lack of anti-virus applications. Windows Defender, a new Vista program, is pretty effective at nabbing spyware. But the new system lacks any kind of virus-catcher, meaning that consumers will still need additional protections. "[Vista] doesn't in anyway change the need to continue doing what customers have been doing, which is having a good security product on their operating system," says Rowan Trollope, vice president of Symantec's consumer products division. Consumers should pick up additional security software that includes an anti-virus program.

Trial programs of McAfee will be automatically included inside new Dell, Gateway and Toshiba computers shipped with Vista. Symantec runs the same deal with Sony and HP machines.

The security companies don't yet offer products for the 64-bit version of Vista, a result of their much publicized fight with Microsoft in the fall. They expect to get the codes allowing them to offer those products around the time Microsoft releases its first Vista Service Pack. Most consumers use a 32-bit platform right now, notes Symantec's Trollope, so it's not that much of a problem.

If you're buying Vista software off the shelf, Walker recommends AVG Anti-Virus, a free anti-virus program found at grisoft.com. "If customers believe they do not need to install any security products on their Vista PC, they will be just as susceptible as they were on XP to getting viruses," says Brian Trombley, Product Manager at McAfee.

Security experts also have a problem with the settings of Vista's firewall. Vista automatically blocks questionable inbound connections, preventing malware from sneaking into the system. But users have to turn on the outbound firewall to stop a virus that's already on the machine from infecting others. With the growth of botnets, networks of computers manipulated by cyber thieves unbeknownst to their owners, blocking unsafe outbound traffic is even more critical.

One new feature that security expects generally like is User Account Control, a protection system that allows different users to set up different accounts. UAC also stops unauthorized users from making some system changes or installing software without typing in the administrative password. More significantly, UAC is supposed to contain a malicious infection and stop it from infecting the entire computer. Vista users are encouraged to create an administrative account to oversee the whole computer, but work in a user account. If they run into trouble, the problem will be localized.

UAC also allows the system's administrator to monitor and limit an individual user's activities. This should appeal to parents, as it allows them to block specific Web sites, downloads, games and programs. Parents can also control what days and time their child can use the computer and get activity reports, showing what Web sites the kids visit, how long they're online and how many e-mail messages they get.

This kind of thoroughness, however, may be the system's undoing. UAC is a very chatty program. Every time a user tries makes a change, a pop up will appear asking for their approval. The program fails to distinguish between dangerous things users really shouldn't do and mundane changes like altering the date and time of the system. After a while, users may contract a case of security overload. They'll get tired of the constant pop-ups and just approve everything without even reading the alerts. "The virus writers and spyware writers will take advantage of that dialogue fatigue," says Walker.

First there was too little security. Now, users will complain of too much. When will Microsoft get it just right?

Companies accused of spyware violations

2007-02-11T21:17:00.000-05:00

Learn to Remove Spyware With Free and Available Programs! Click me

The state Attorney General's Office filed a lawsuit Wednesday against three California-based Internet affiliate advertisers, accusing them of violating Washington's spyware and consumer protection laws.

It accuses the companies and their executives -- Secure Link Networks LLC and Manuel Corona Jr. of Brea; NJC Softwares LLC and Rudy O. Corella of Lake Elsinore; and FixWinReg and HoanVinh V. Nguyenphuoc of Redondo Beach -- of anonymously sending to computers "Net Send" messages, which resemble internal Windows system warnings.

The false messages claim to detect system errors and misleadingly instruct consumers that they must buy registry-scanning software to repair the problems, the Attorney General's Office said.

Hundreds of Washington consumers may have bought the defendants' products after being redirected to their Web sites.

The lawsuit, filed in King County Superior Court, could seek fines of up to $100,000 per violation under the Computer Spyware Act and $2,000 per violation under consumer protection laws, the Attorney General's Office said.

Mediocre Malware Protection From Windows Vista, Experts Say

2007-02-11T21:14:00.000-05:00

Learn to Remove Spyware With Free and Available Programs! Click me

The integrated malware guards in Microsoft's new Windows Vista operating system produce only mediocre results, experts report. The Windows Defender software recognises only 68.2 per cent of 9,225 total Spyware files not yet active on the tested system, the Munich-based computer magazine PC Professionell reported. Good antivirus software recognises 95 per cent and more.

Of 23 successfully installed adware and spyware samples, Defender missed four of them during a later inspection. Even with the watchdog software turned on, the malicious software could be installed unnoticed, the report claims. Even once found, removing them from the computer was a problematic affair, PC Professionell judged.

Windows Defender should therefore be viewed as no more than a decent basic protection, they write. Users should not rely on it alone, however. The experts therefore recommend an additional virus scanner with good spyware recognition.

© 2007 DPA

Sophos Offers Security For Windows Mobile

2007-02-11T21:13:00.000-05:00

Learn to Remove Spyware With Free and Available Programs! Click me

By: Sharon Khare | Feb 11,2007

Sophos has announced the availability of Mobile Security for Windows Mobile 5.0 based devices against mobile viruses and spyware threats.

Sophos Mobile Security protects devices against malware infection via MMS, SMS, e-mail, instant messaging, Wi-Fi and Bluetooth. It offers on-access, on-demand or scheduled scanning and detects and quarantines mobile viruses or spyware.

"Unlike other products we've tried, Sophos Mobile Security acts as an invisible guardian without affecting day-to-day usage," said Peter Jenkins, managing director of e-Advantage Solutions Ltd. "We are particularly impressed with the management features - it's simple to configure and easy to create reports. It certainly has my recommendation."

"There is no doubt that the use of smartphones and PDAs is on the rise, letting employees access the internet from virtually anywhere with just a click of a button," said John Stringer, product manager at Sophos. "Unprotected mobiles can be a route for hackers into a seemingly well-defended network. Although the number of mobile threats is small compared to more commonly encountered Windows-specific malware, administrators are looking to defend all the points of entry into their organization."

Sophos Mobile Security supports Windows Mobile 5.0 for Pocket PC Edition and Windows Mobile 5.0 for Pocket PC Phone Edition. This version will also protect devices using Windows Mobile 6.0 which Microsoft plans to launch later in 2007.

Online security a big issue

2007-02-11T21:11:00.000-05:00

Learn to Remove Spyware With Free and Available Programs! Click me

By Scott Miller
scottmiller@pantagraph.com

BLOOMINGTON — Jeff Mercier came into work one morning, turned on his laptop, logged into the corporate server and quickly got a call from the IT department.

Somewhere during work travels, a virus attached to his laptop computer with hopes of stealing personal information. Fortunately, he hadn’t put his entire company and customers at risk.

While the laptop couldn’t detect a problem, the well-secure corporate server quickly identified the virus when Mercier logged on at the office. Mercier erased and reinstalled the programs on his laptop. Secure information was not compromised.

“If it wouldn’t have been caught, it probably would have got my banking account information,” said Mercier, director of operations at Bloomington Offset Process Inc. in Bloomington.

Or worse, the virus could have spread into the corporate server and started stealing company information or even the private information of customers. Mercier and his employer are secure.

Organized crime

Hackers have created various types of key-watching programs and spyware that steal personal information as it’s being typed. That information is then resold. It’s a $62 billion industry, according to computer-security guru David Stelzl, who travels the country telling businesses the gory details of digital theft.

He called it the new organized crime while at a stop in Bloomington recently.

“This is no longer a bunch of college students looking for notoriety,” he said. “The drug trade industry is not as big as this.”

In most cases, Stelzl said, the spyware conceals itself because it doesn’t disrupt your computer.

“They want you to be profitable. They don’t want to disrupt your business. They want to sell your information,” he said. “If you’re a big company or a small company, you either have information I can sell or a system I can use.”

Lock and key

No matter how much anti-spyware a company buys, hackers will always find a key, Stelzl said. Often, unaware employees will give them the key.

They’ll respond to unsolicited e-mails or visit phony Web sites that contain viruses.

“Never open e-mail greeting cards,” Stelzl said. “If someone e-mails me a greeting card, I delete it and call them and say, ‘Don’t ever e-mail me a greeting card because I won’t open it.’”

The various firewalls businesses buy, Stelzl said, are meaningless without employee education.

“If I went out and bought all those products, I’d be broke,” he said. “They will get in. The question you need to ask is ‘Will I be able to detect them?’”

Protect, detect, respond

Still, protection is the first step in defeating spyware, Stelzl said, and firewalls and security software serve as protection.

The second and third steps, he said, are detection and response.

Bloomington-based Integrity Technology Solutions recently analyzed the computer security of more than a dozen small businesses in the Twin Cities. None were up to par, said Integrity President Harlan Geiser.

“There was a common problem that people didn’t have their (security) software updated. They typically don’t even know it,” Geiser said.

They didn’t have protection.

The problem, Geiser said, typically exists in smaller companies that don’t have information-technology, or IT, departments. Many companies, for example, refer all computer-related questions and problems to the employee in the office who’s the most tech savvy, Geiser said. That person has other responsibilities and can’t keep up with the evolving world of computer security, Geiser added.

Such companies have no form of detection.

If companies don’t have an IT staff, many now outsource such tasks to companies like Geiser’s. In addition, proper employee training and education can help workers detect suspicious e-mails and Web sites.

Lastly, after protecting your server and detecting the virus, companies need to respond.

This means simply deleting the virus, Geiser said, and fixing affected programs.

Mercier and his company handled the problem perfectly. The corporate server had enough protection to lock out the virus embedded on Mercier’s laptop. The IT department quickly detected the virus, then responded by deleting the virus and reinstalling all the software on Mercier’s laptop.

From Spyware With Love!

2007-02-11T20:48:00.000-05:00

Learn to Remove Spyware With Free and Available Programs! Click me

Its late. You've been scouring the web for that perfect present for your Aunt Bess in Idaho. You finally find it at presents4aunties.com. The site looks a little rough on the edges, weird colors and such. But they have that gift you know will make Aunt Bess add you to her will. You purchase the gift, log off and head to bed. Tired but happy.

The next day, coffee in hand, you turn on your computer. That's strange you say, its awfully slow this morning. Finally its booted and ready to go. You open your browser to check the Cow Tipping Blog for the latest posts.

What's this you say, My Homepage is now longer the Log , but a site trying to sell me a DVD of the Surfs vs the Terminator!

Oh well you say, not quite fully awake. You type in the URL for your Log and wait. And wait, and wait. Finally its up! You start to read the mornings postings. You're into the second post about the upcoming Cow Tipping Championship in Vegas when a Popup appears and says you need to go to heartburn for the new revolutionary cure for heartburn. Click here now it says and receive a free gift, the secret cure for Baldness!

Weird you think, you click the X to close it.

You don't realize by clicking the X that a small hidden piece of code has just been downloaded to your computer.

You finish the Log postings and decide to check your Bank Account. You type in the URL and wait, and wait. Finally the Bank Logon appears. You log in, completely unaware of the code, which is actually a Key logger, is recording your every keystroke. The Transaction is there for Aunties gift, you're so happy. You log off and remember you forgot to email that document for your Boss. That's ok you say, I can log in from here and send it! Technology is so great ! You log into your work portal and access your email program, find the document, attach it to the email form and send it. You vaguely remember it had something to do with the updated personal info list for all of the employees at your job. It includes their Addresses, email addresses and Direct Deposit Account numbers, also their Logon Names and Passwords to access the Computers at work.

Darn you say as another Popup appears, what's wrong with this computer?

Well at least you didn't forget the Bosses Document. Wouldn't want to get in trouble with the Boss. You've a great job, working for the Trans Global Bank after all. Offices all over the world don't you know.

Well time to check your Anti-Virus program for updates. Hmm it says no updates kneed ed . You notice the Misspelling but what the heck, those things happen. Gee the computer is really slow! You decide to reboot, hoping that will fix it. Gripes, now it wont even boot! At least there's a little extra money in the ole Bank Account to get it fixed.

The above is fiction. No animals were harmed. But its scary huh to think it could happen.

Granted it's a worse case scenario, but I wonder...

Be smart out there people, learn how to use your Anti-Virus and Anti-Spyware programs. Keep em updated, and it they don't work well for your surfing habits, find programs that will. Keep your computer protected, your well being may depend on it.

Doug Wood all has a web site at http://www.spywarebiz.com.
There he provides free information and recommended products to combat Spy ware.
He is a member of the IWA (International Webmasters Association).
Article edited for proper content by Wendy McCallum.
Permission to copy ok as long as about author info remains with article.
Copyright 2005 SpywareBiz

spywarebiz@comcast.net

Two anti-spyware programs are better than one

2006-04-12T14:47:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

By BILL HUSTED

Cox News Service

Q: We have installed SpyBot Search & Destroy on our computer. But we recently read that after installing and running one anti-spyware program, a different one should be installed and the scan re-run. This seems to us to be unnecessary and possibly could cause a problem.

- Lorlee and Russell Hoff, Dayton, Ohio

A: Congratulations on making your computer safer and faster with SpyBot. It's an excellent - and free - anti-adware program (available at www.download .com).

Actually, there is an argument for using two separate anti-spyware programs.

These programs use a database of information about known adware and spyware programs to identify threats. That's why it's important to update the program regularly so it can recognize threats that came along after you installed the program. But even with a program that is updated regularly, it's likely there are some threats not in the database.

By using two programs, you increase the chances more threats will be recognized. In most cases, there are no conflicts. But I can make no promises about that.

Q: Yesterday I purchased a 42-inch plasma HDTV, and the salesperson suggested getting a $300 surge protector called Monster Power HTS 1600 Power Center. Is this necessary?

- Ray Matulis, Atlantis, Fla.

A: There's a pretty good argument for devices that filter AC power. I took a slightly less expensive option, a UPS, that is actually better. Just as I protect my computers with an uninterruptible power supply, I've added one to my HDTV.

Whether you decide on a surge protector or a UPS, make sure it's powerful enough for the job.

eSoft Gateway Anti-Spyware Protects Against Spyware Delivered Via Email

2006-04-12T14:37:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

April 11, 2006 (12:00 PM EST)
PRNewswire

BROOMFIELD, Colo., April 11 /PRNewswire/ -- eSoft, Inc., a leading vendor of integrated Internet security and content management solutions, announced today the availability of its latest Anti-Spyware update, which offers enterprises protection against Spyware delivered via email attachment as well as those downloaded from websites.

"According to Webroot's most recent State of Spyware Report, malicious Spyware threats increased by over 200% in 2005," said Jeff Finn, president and CEO of eSoft. "We continue to see increases in Spyware activity linked to criminal behavior. These Spyware threats installed by unaware end users come through a variety of delivery methods including via email attachment and bundled in free downloads Today's update protects our customers against these threats, regardless of delivery mechanism."

At the Gateway, eSoft combines signature matching, intrusion prevention and web filtering techniques to detect and prevent Spyware from infecting the network, whether delivered through website, email or any other delivery mechanism. eSoft also detects infected computers on the internal network and blocks them from sending private data to Internet collection sites.

Availability

eSoft updated Gateway Anti-Spyware is available for both InstaGate and ThreatWall appliances immediately. More information can be found at http://www.esoft.com/products/softpak_gwas.cfm .

About eSoft Inc.

eSoft is a leading provider of integrated Internet security solutions offering organizations of all sizes unparalleled protection from dynamic Internet-based threats. eSoft's award winning InstaGate(TM) and ThreatWall(TM) platforms offer high-performance Deep Packet Inspection security services including Firewall, IPSec VPN, Anti-Virus, Anti-Spam, Anti-Spyware, Intrusion Prevention, Web Content Filtering, Email Content Filtering and even Web, Email, File and FTP servers. eSoft solutions are based on purpose-built hardware platforms and optional security software modules called SoftPaks(TM), which are distributed and maintained through eSoft's patented SoftPak Director(TM) technology. Overall, the eSoft solution offers the IT manager extreme simplicity and flexibility when deploying and managing network security, resulting in less time demands on IT staff, a reduced need for in-house security expertise, and a lower total cost of ownership.

CONTACT: Samantha Leggat of Lighthouse Public Relations, +1-925-447-5300, samantha.leggat@earthlink.net, for eSoft, Inc.

Web site: http://www.esoft.com/products/softpak_gwas.cfm/ http://www.esoft.com//

N-able teams with McAfee to provide security services

2006-04-12T14:36:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

y Ottawa Business Journal Staff
Wed, Apr 12, 2006 12:00 PM EST

Ottawa's N-able Technologies has teamed up with McAfee to offer a new set of anti-virus and anti-spyware services to small and medium-sized businesses.

The anti-spyware service consists of automatic spyware prevention and removal software that detects, blocks and cleans spyware before it transmits confidential information and files to unauthorized parties.

The anti-virus offering provides 24/7 protection by scanning desktops and services for viruses and removing threats before any damage ensues.

The new anti-spyware and anti-virus software services are sold together and present a sizable market opportunity for value-added resellers and managed service providers looking to break into managed services or simply to expand their existing lineup of managed security service capabilities.

"By incorporating McAfee's technology into our solution, we've brought to market a powerful duo of managed security software offerings for the desktop and the network," says Bill Stewart, vice president of marketing at N-able Technologies. "These new services make it easier and more profitable for our MSP partners to meet the growing security demands of SMBs."

Not all adware is badware

2006-04-12T14:34:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

There is a lot of confusion among Internet users as to the difference between adware and spyware.

Adware--generally defined as software installed by consenting users seeking free, value-added services in exchange for exposure to advertisements--is often confused with, or used interchangeably with, the term spyware--advertising-based software often installed without the user's knowledge or consent. As a result, adware is frequently, yet inappropriately, treated like spyware as a virus or malicious software by anti-spyware programs.

To end this confusion, adware vendors and marketers must do a better job of teaching consumers and the software industry how to distinguish adware from spyware. After all, the notion of providing services in return for viewer eyeballs is not new and is comparable to viewing advertisements in any other medium, such as network television, radio and newspapers.

The mere fact that the software is showing ads should not taint it as illegitimate or cause users to associate it with malicious software.

However, when legitimate adware is listed in an anti-spyware scanning process, it acquires an unjustified negative reputation and falls victim to a serious churn problem that afflicts much legitimate software, since users usually eliminate the application by clicking on a default button to "clean" or "remove" suspicious software.

Industry leaders such as Symantec have come to recognize the need to differentiate between adware applications and also between vendors that practice 100 percent transparency and those that do not. As such, 100 percent transparent advertising-based software will be classified by Symantec as low-risk with the recommendation not to remove. That provides users with the choice, and it is a meaningful step for the whole industry.

I would like to go further and see a day when the term "adware" is reserved for platforms created solely for displaying ads, while the term "ad-supported software" is applied to programs that provide consumer benefits in return for exposure to commercial messages.

I also propose that we in the industry who produce legitimate adware and ad-supported software adhere to any guidelines set by online-privacy watchdog Truste and adopt the following practices and guidelines:

Adware should never be part of a third-party bundle deal or have any affiliate distributors. It should be downloaded only directly from the company's Web site.
All advertisements should be easily identified and clearly labeled with the company's brand so that the association between the advertisements and the adware is totally transparent. Users should understand that instead of paying for the software, they are getting advertising.
Software should be clearly identifiable in the standard Windows add/remove programs list so that a simple and complete uninstall option is available at any time.
Software should be prominently displayed on computer systems, with a clear interface on the desktop to ensure that users are fully aware of its existence. It is not acceptable for adware or spyware to run behind the scenes, operate in stealth mode or in any way deceive consumers about its existence.
Adware makers should offer ad-free (yet paid) versions of their software.

Adware companies that follow these rules of transparency should not be viewed as threats and should not be detected by anti-spyware/antivirus vendors. I also hope that those vendors embrace Truste's certification and respect it by not detecting certified software. Until then, anti-spyware vendors will continue to unjustly categorize much adware as malicious software.

Microsoft Fixes 14 Flaws

2006-04-12T14:33:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

Three of the bulletins were tagged as "critical," one as "important," and the fifth as "moderate"--the last being Microsoft's second-from-the-bottom alert.

By Gregg Keizer
TechWeb.com

Apr 11, 2006 04:39 PM

Microsoft Tuesday released five security bulletins that patched 14 different vulnerabilities, including an awaited fix for Internet Explorer, the browser which has been victimized for weeks by multiple exploits installing adware, spyware, and keyloggers on users' PCs.

Three of the bulletins were tagged as "critical," one as "important," and the fifth as "moderate;" that last is Microsoft's second-from-the-bottom alert.

However, the majority of the 14 bugs in the 5 bulletins were labeled "critical" by the Redmond, Wash. developer, meaning that they should be patched as soon as possible. Of the 9 critical flaws, 7 relate to the MS06-013 security bulletin, a massive update for Internet Explorer 5.0 and 6.0 (but not, apparently, the Beta 2 Preview of IE 7).

Still, said one analyst, the bugs aren't anything out of the ordinary.

"It's the same sort of thing we get every month," said Mike Murray, director of research at vulnerability management vendor nCircle. "There's not really anything that's surprising here."

Another security expert agreed. "The createTextRange vulnerability [patched in MS06-013] is significant, but only because of the publicity and hype it's received," said Jonathan Bitle, a product manager with vulnerability management software maker Qualys.

createTextRange was the name given to an IE bug discovered three weeks ago, and quickly exploited by several hundred malicious Web sites to secretly download spyware, adware, and other malicious programs on users' machines.

Of the remaining 9 bugs fixed in MS06-013, 2 had been made public previously; however, although proof-of-concept code was in the wild, Microsoft claimed that no active exploits were circulating.

"It's hard to be surprised anymore by IE vulnerabilities," said nCircle's Murray.

Among the newly-revealed flaws was one dubbed "Address Bar Spoofing Vulnerability." However, it is not a fix for the bug noted by Danish vulnerability tracker Secunia last week, but instead is an entirely different -- and previously undisclosed -- potential phishing exploit.

Two other bulletins were judged "critical" by Microsoft: MS06-015, which Symantec dubbed "Windows XP Self-Executing Folder Vulnerability," and MS06-014, which affects Windows MDAC (Microsoft Data Access Components), those parts of the operating system used to access SQL databases.

Both flaws can be exploited by attackers who could take complete control of a PC if they could lure users to malicious sites or get them to open e-mail attachments.

"Both of these are in the same sort of category as the IE vulnerabilities," said Murray. "Both could be used in the kind of user-interaction scenarios we've been seeing for some time.

"When you're talking about user interaction vulnerabilities, whether it’s a shell bug [MS06-015] or in MDAC [MS06-014], it's all about the same," Murray added.

The fourth and fifth bulletins unveiled Tuesday impact Outlook Express, the free e-mail client bundled with Windows ( MS06-016) and Microsoft Office's FrontPage Web design application ( MS06-017). The former was labeled "important," the latter "moderate" by Microsoft.

A large number of the vulnerabilities disclosed Tuesday must be patched even by those running Microsoft's most-current operating system, Windows XP SP2, which debuted over two years ago and has been heralded by many as much more secure.

"We are seeing more vulnerabilities for SP2," admitted Murray, "but what we're not seeing are remote vulnerabilities. All the vuls we're seeing require you to click on something or download something. What SP2 did is eliminate those remote vulnerabilities."

Qualys' Bitle seconded that.

"There's no more of what I call 'outside-in' threats," he said. "Instead, it's all 'inside-out' since SP2 was released. Firewalls and perimeter defenses can't stop users from visiting malicious sites."

Both were hopeful, Murray more so, that the upcoming Windows Vista and IE 7 would continue the trend toward locking down the operating system and making it more difficult for users to blithely surf to suspicious sites.

"Look at the vulnerabilities," urged Murray. "There are not that many that affect Windows [Server] 2003. That's because it's locking down the browser more.

"Microsoft is doing the right things to mitigate problems as time goes on. With Vista and IE 7, the OS and browser will be more locked down. Then attacks will turn to e-mail clients.

"And then we'll have to lock them down more."

Users can obtain the month's patches via Windows' Automatic Update, from the Microsoft Update service, or through other software and services the company maintains, such as Windows Server Update Services (WSUS) or Software Update Services (SUS).

Microsoft helped write Oklahoma computer law

2006-04-12T14:32:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

The good people of Oklahoma asked Microsoft to help the State write a new law banning spyware, and the results are amazing.

Apparently the state was so impressed with Vole’s work on the law it plans to bring it before its government for debate under the fairly harmless title "Computer Spyware Protection Act House" Bill 2083.

The law is amazing, not only because it is probably the first written overtly by a major company without bothering with the tedious problem of lobbying, but because… well it is written by Microsoft, what do you think could go wrong?

West Coast Labs Grants Anti-Spyware Gateway Certification To Aladdin Knowledge' ESafe Virtual Appliance - Quick Facts

2006-04-12T14:31:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

(RTTNews) - Aladdin Knowledge Systems (ALDN | charts | news | PowerRating) revealed its award-winning eSafe Virtual Appliance received West Coast Labs' Checkmark Anti-Spyware Gateway Certification.

Accompanying the certification, West Coast Labs also released an Anti-Spyware Solutions Technology Report highlighting eSafe's numerous benefits.

Shimon Gruper, vice president of technologies for the Aladdin eSafe Business Unit, said, "The Checkmark Anti-spyware certification and the West Coat technology report provide independent verification of eSafe as a best-of-bread Web browsing security solution that protects our customers against the ever- growing spyware threat."

Virus and spyware scanners are the best, cheapest protection

2006-04-12T14:30:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

By Tim Henderson

thenderson@MiamiHerald.com

Q: When I was struggling with e-mail problems, I ran into a screen recommending a scanning program to identify what was wrong with my operating system. After identifying 146 problems, to fix them I had to accept charges on my credit card for $47, including renewal of the charges every year. Then I ran into another program that charges $29.99 to use for a week, without making any other commitment. After running it a few times, it reduced the problems to ''two very serious initializing problems,'' which it seems I have to solve a different way. Can you tell me what to do with the computer?

HORTON REY

A: It sounds to me like you were misled by some online advertisements that pretend to detect problems with your computer and offer to fix them for a fee. You should ignore those.

There are two things you really need to check for problems from malicious and/or unwanted programs on your computer: a virus scanner and a spyware scanner. The virus scanner costs money; but the best spyware scanner I've found is free from Microsoft. Go to www.microsoft.com and look for Windows Defender under Popular Downloads.

The two standard virus scanners are Norton, available at www.symantec.com, and McAfee from www.mcafee.com, and you'll have to get regular updates to remain protected.

If you just want a quick check to make sure you don't have a virus, you can do it online at housecall.trend

micro.com.

Q: I took my computer to a shop in Davie and got a call from them saying the motherboard is ''burnt'' and it's not worth fixing at all. We'll think about buying another computer later. I think maybe the wall outlet I had it plugged into was not a very good one.

DON NEWTON

A: To avoid damage from power surges, a lot of people buy power strips built specifically for delicate electronic equipment. Possibly you were already doing that, but if not, it can be a big help. It has a circuit breaker to protect you from power surges, and of course it offers the convenience of plugging all your equipment into one outlet.

MAILBAG: To the reader who had problems with a cursor that stopped responding to mouse movements, E. Tom Thurmond of Miami and my former colleague Dan Keating of the Washington Post noted that it could be caused by a wireless mouse in need of a new battery. That was news to me, since all of my mice are still wired! When it happens to a conventional mouse, it's usually because of junk in the little rubber ball inside. ''My wireless mouse eats batteries, and its reaction to low batteries is as outlined in the question,'' wrote Thurmond.

New York Sues Over Alleged Spyware

2006-04-12T14:26:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

Speaking a language spyware purveyors understand: fines and jail time

by Mathew Schwartz

4/11/2006

Can we finally say goodbye to VX2, Aurora, and OfferOptimizer?

These and many other pieces of adware and spyware, created by a company called Direct Revenue, have secretly installed themselves on PCs as part of software “bundles” included with “free” applications, games, or browser “enhancements”; or installed via drive-by downloads that exploit known browser vulnerabilities. After installation, they track users’ surfing habits, targeting users with multiple, unending pop-up advertisements.

Now, the New York Attorney General’s office is seeking a court order to prevent Direct Revenue from disseminating spyware or using existing spyware installations to deliver advertising. Fittingly, it also wants the court to compel Direct Revenue to disclose its own revenues, then pay penalties for its fraudulent practices.

Spyware makers, beware? According to New York Attorney General Eliot Spitzer, “Surreptitiously installed spyware and adware harm consumers and businesses, and my office will continue to prosecute these practices aggressively.” His office has already been making an anti-spyware and anti-adware name for itself, with the notable prosecution last year of adware purveyor Intermix Media, among others.

The current suit names four people, including Direct Revenue’s founders and chief officers, and alleges they knew about the organization’s fraudulent practices since its founding. They have also all owned a majority of stock since the company was founded.

Numerous Direct Revenue e-mails attached to the suit back up the AG’s charges. For example, lawsuit defendant and former Direct Revenue CEO Josh Abram said in April 2005 when e-mailing a distributor, “We have a very stealthy version of our adware product which we’re happy to give u… Don’t worry. If we do a deal—a build together—these will not be caught.”

Contrast the revenues companies such as Direct Revenue garner from serving advertising via spyware, versus the money companies must spend to defend against spyware, which can lift sensitive corporate information and browsing habits, not to mention bog down employees’ PCs and send them to the help desk. In particular, Forrester Research reports that at least for small and medium-size businesses (SMBs), along with viruses, worms, and spam, spyware is a top security concern. Already, an estimated 57 percent of SMBs have purchased anti-spyware software.

Avoiding Spyware Uninstallers

One problem with spyware: it’s just so insidious. Indeed, take another e-mail reproduced as part of the suit was from Direct Revenue’s chief technology officer, who observed how those infected with the company’s spyware “don’t know how they got our software.”

Once a PC is infected with spyware, removing it typically takes dedicated software. Audaciously, Direct Revenue provided customers with a site claiming to remove its spyware, but when users followed instructions to deactivate their firewall and download the “uninstallers,” they merely downloaded additional spyware.

Penalty for Past Practices

In a Direct Revenue press release posted on the company’s site, an unnamed spokesman rebuffs the charge. "This lawsuit is a baseless attempt by the Office of the Attorney General to rewrite the rules of the adware business. It focuses exclusively on the company's past practices—practices we and other industry leaders changed long ago—and says not a word about what we're doing today.

"We are proud of our products and the value they bring to both advertisers and consumers—the former by delivering positive, measurable results for their ad dollars, and the latter by offering free content and applications in exchange for viewing a few targeted advertisements per day.”

Furthermore, the company says its current practices include explicit and affirmative customer consent (in plain English) prior to installation, easy removal of the company’s software (by supplying a link to an opt-out page from every ad and by being listed in Add/Remove Programs), no use of personally identifiable information, and no use of third-party affiliates to distribute its software. The press release fails to address any past practices, however.

Getting Tough with Spyware Purveyors

Despite the public excoriation of spyware purveyors, there may be only one way to stem spyware: fines and jail time. As Ari Schwartz, the deputy director of the Center for Democracy and Technology in Washington, notes, “aggressive law enforcement is an essential component in the ongoing fight to stem the tide of unwanted spyware.”

Finally, prosecutors are catching up with such companies. While Congress has considered passing anti-spyware legislation, many computer security advocates argue current laws are sufficient for stopping spyware. In other words, don’t bother with a show of “get tough” legislation—just get tough.

Witness the New York suit, which the AG’s office says was filed “under New York’s General Business Law, which prohibits false advertising and deceptive business practices; its Penal Law, which prohibits computer tampering; and its common law prohibitions against trespass.” As the use of such laws illustrates, distributing spyware is a fraudulent activity, and that’s cause enough to pursue legal remedies.

Spyware funders make strange bedfellows

2006-04-04T11:39:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

Best of the blogs: Chase, Citi, Sprint, T-Mobile, Travelocity and United Airlines are all advertisers with adware vendor Direct Revenue. That means, as Ed Foster writes, "they are helping to fund the plague of intrusive software that threatens the security of our computers and the Internet." A pair of reports that came out disclosed those vendors as such. And there's more, Foster continues, with In the company of spyware. "Just a cursory glance at the Direct Revenue ads in Edelman's study reveals another, and even more disturbing, pattern: many of these companies are running ads that compete for the same market."

Show of the week: New products debuting at LinuxWorld keep on coming. The latest include: JBoss adds to its middleware roster with a rules engine and transaction server, IBM teams with Novell to bundle Linux with middleware in the hopes of easing deployment for SMBs, and Splunk launches an IT troubleshooting Wiki that enables systems administrators to share information. For complete LinuxWorld coverage, visit our special reports The virtues of open source, and LinuxWorld Conference and Expo 2006.

M&A's: Microsoft scoops up ProClarity and for an undisclosed sum obtains its business analysis and visualization software for culling information from SQL Server. SAP buys Virsa for its risk management wares. And at least one analyst is saying that Patricia Russo, chairman and chief executive of Lucent, will be up against some challenges as she runs the combined Alcatel-Lucent from Paris, and those obstacles just might have to do with being an American and a woman.

Storage: As the database market continues to be whittled down into fewer offerings, some people tend to think the database backup wars are finished, and Sean McCown used to be among those folks -- but not anymore. "Quest is making sure that it's alive and well," he points out in this post.

Spitzer sues major `spyware' Internet company over pop-up ads

2006-04-04T11:32:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

MICHAEL GORMLEY
Associated Press Writer

April 4, 2006, 11:16 AM EDT

ALBANY, N.Y. -- New York Attorney General Eliot Spitzer on Tuesday accused a major Internet pop-up advertising company of secretly installing spyware and sending ads through spyware already installed on personal computers.

Spitzer sought a court order in state Supreme Court to stop Direct Revenue from allegedly installing millions of pop-up ad programs that he said also monitors the Internet activity of users.

"These applications are deceptive and unfair to consumers, bad for businesses that rely on efficient networks to do their jobs, and bad for online retailers that need consumers to trust and enjoy their online experience," Spitzer said. "We will continue to side with consumers in their fight for control of their desktops."

Spitzer has taken legal action against other companies he said installs spyware and adware _ software that can be downloaded onto personal computers without the computer user's knowledge after they are attracted to Web sites or other actions.

Spitzer claims Direct Revenue or its distributors offered free games, browsers or software it but never mentioned the spyware that was attached in the downloads.

Spitzer called them "drive-by downloads" and said his investigators documented 21 Web sites that included Direct Revenue downloads called VX2, Aurora and OfferOptimizer. After the download, Spitzer said the company can track consumers' Web activity and deliver pop-up ads.

Spitzer said the company also thwarted consumers' attempts to remove the spyware, which sometimes reinstalled itself. Spitzer accuses the company in a civil suit under state business laws against deceptive business practices and false advertising.

A spokesman for the company didn't immediately respond to a request for comment.

Spyware and adware often land on computers, hitching a ride during visits to porn and gambling sites or in downloads of free games and screensavers. Often, the payload arrives with downloads of cartoon-character softwares aimed at children.

Infected computers can become filled with pop-up ads and users can find the unwanted programs difficult to remove.

In October, the former chief executive of Los Angeles-based Intermix Media Inc. agreed to pay $750,000 in penalties after Spitzer accused the company of secretly installing adware and spyware on millions of home computers. Spitzer accused the former executive, Brad Greenspan, of directing employees to bundle adware with other free programs and to make the software difficult to remove.

Spitzer said Intermix also agreed to pay $7.5 million in penalties over three years and stop distributing adware programs. Intermix ran Web sites featuring quizzes, games and jokes that it packaged for advertisers.

Spitzer's lawsuit filed in Manhattan also names Direct Revenue's former CEO, Josh Abram. Spitzer said Abram told a distributor in an e-mail that "we have a very stealthy version of our adware product which we 're happy to give u . . . Don't worry. If we do a deal * a build together * these will not be caught."

In another part of an e-mail released by Spitzer, the company's chief technology officer allegedly stated that users "don't know how they got our software (this is both upgrade and recent install..." and that users "say that they are getting so many ads that it is annoying them."

Yahoo Implicated In Spyware Click Fraud

2006-04-04T11:30:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

Advertisers who expect their Overture ad campaigns to run with certain Yahoo Searches may be surprised to find their ads running in syndicated spyware applications that render each impression as an ad click the advertiser must pay.

When that click is paid, according to spyware researcher Ben Edelman, Yahoo and the spyware vendor split the revenue. Edelman has followed up his August 2005 research into spyware receiving payments from Yahoo's Overture by noting an increase in this possible syndication fraud.

"In my August syndication fraud examples, an advertiser only pays Yahoo if a user clicks the advertiser's ad. Not so for three of today's examples. Here, spyware completely fakes a click -- causing Yahoo to charge an advertiser a "pay-per-click" fee, even though no user actually clicked on any pay-per-click link. This is "click fraud," Edelman wrote.

Edelman documented three examples where actual click fraud took place. He named 180solutions, Nbcsearch, and Look2me/Ad-w-a-r-e as culprits in presenting popup ads that defrauded advertisers with Yahoo.

"Spyware syndication falls within the general problem of syndication-based click fraud. Suppose X, the Yahoo partner site, hires a spyware vendor to send users to its site and to make it appear as if those users clicked X's Yahoo ads. Then advertisers will pay Yahoo, and Yahoo will pay X, even though users never actually clicked the ads," said Edelman.

His examples of this click fraud are not guesswork and assumptions. For each case, Edelman provided a full packet log, annontated screenshots, and video of the spyware-based click fraud taking place.

A fourth example of nefarious practices taking place involves the practice of inserting pay-per-click links into text without the consent of the publisher. Edelman displayed one example of this, a story about Iraq from the New York Times website that had a third-party link inserted.

Edelman believes that Overture is the sole funding source for Qklinkserver.com, which inserted the link. He diagrammed the process that took place with this insertion:

(T)he net effect of these practices is that advertisers pay Yahoo, then Yahoo pays Intermix (Sirsearch), then Intermix pays Searchdistribution.net which pays Qklinkserver.com / Srch-results.com.

Intermix, the parent of MySpace, is now owned by News Corp. Intermix has been implicated in spyware schemes in the past, when the company was investigated by New York Attorney General Eliot Spitzer's office before News Corp purchased it.

While News Corp has been publicly cleaning up MySpace, it may need to take a harder look at some of Intermix's other businesses. And Yahoo should be doing these types of audits itself, instead of waiting for Edelman or someone else to do them before correcting a problem.

Stopping PC Spies at the Gate

2006-04-04T11:26:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

By Elizabeth Millard
April 4, 2006 7:16AM

"If you want to avoid spyware, there are certain parts of the Web you should stay away from. They're the dark alleys of the Internet world. Basically, you visit a game cheat site, and you're vulnerable for spyware. A kids site will open you up to adware," said Dave Cole, director of Symantec Security Response.

Although spyware has been called the plague of the Internet, some people still regard the invasive software as a kind of digital Avian flu -- it is bad, and potentially very threatening, but happening to someone else.

That, many experts note, is a big mistake.

The prevalence of spyware, which usually slithers onto a system undetected during a download of other content, is formidable and poses a very real danger to every Internet user.

"You name it, spyware can do it," said Craig Schmugar, virus research manager at McAfee Avert Labs, which monitors Internet threats. "Everything from stealing your identity, turning your machine into a spam relay machine to popping up ads on your system. It can degrade your system performance to the point that using your machine is unbearable."

Defining the Threat

Spyware is a term that can be broken down into two categories, Schmugar said.

In the first category are the illegal, information-stealing threats that include Trojan viruses and "keylogger" programs that track user input. These are the villains of the Internet, and they pose a considerable risk to users. These types of programs are on the rise because the data extracted can be quite profitable to sellers.

Not all spyware is designed to be so harmful, though. The second category consists of programs intended to simply redirect users to different Web sites, or to collect general information on browsing habits.

"Advertisers often use spyware to cover competitors' Web sites," said Ben Edelman, a Harvard University researcher who focuses on spyware. "Where better can Netflix get a new customer than someone about to sign up with Blockbuster?"

If Netflix wanted to employ spyware, the company would hire an ad network, which then would hire another ad network, which would buy ad space from a spyware vendor, Edelman noted. This chain of companies distances the legitimate business from spyware activity while still giving it an edge in the marketplace.

Although this type of spyware, also called adware, might not be designed to hijack a system or steal identities, it still can be annoying. Working in the background, it can gobble up processing power, severely slow down a system, and even cause frequent crashes. It might also prompt a significant increase in pop-up ads, an Internet phenomenon that is almost universally despised.

"The advertisers are profiting from this, as are the adware makers, and those affiliates who distribute the adware," said Schmugar. "A significant number of affiliates are indirectly violating adware makers' terms of service by exploiting system vulnerabilities to silently install adware."

Spy vs. You

Although some spyware is relatively benign, especially the type that simply tries to get users to view ads or visit a rival site, other types are downright scary.

Keylogging programs, for example, can capture passwords, user IDs, and personal information. This is not just the kind of stuff that absentminded people put on a Post-It note, either. Through keylogging, a phisher can read every e-mail sent, see every Web site visited, watch every e-commerce transaction, and secretly view private instant-messaging chats.

With all that information, identity theft would be child's play, and even worse, it could extend into every facet of a person's digital life. A phisher could send e-mails from a user's account, with keylogging software attached, that would then infect the person's entire network of family and friends.

As unsettling as it might be to have one's identity hijacked, the effect on someone's finances could be devastating. With this level of personal information, a phisher might set up an electronic checking account, transfer every dollar of a victim's bank account into it, and walk away. Just as a user is wrangling with the bank over what happened, the credit card bills are likely to start arriving.

Many phishing victims have reported feeling violated by the actions, as if the phisher had come into their homes while they were sleeping and cleaned them out.

But, to extend the metaphor, phishing can be even worse than outright property theft. Thanks to insurance, most valuables can be replaced. But with phishing, someone's information might be sold again and again on the underground data market, forcing a victim to spend thousands of dollars, and months of time, trying to clear his or her good name and recover financially.

Other scenarios might not be as frightening as losing one's digital identity, but prove annoying and frustrating nonetheless. A spyware creator could hijack a user's system, turning the computer into a spam-spewing zombie, or so severely cripple the machine that it is nearly unusable.

Who's At Risk?

People who surf the Web in a corporate environment usually are protected. Computer network experts have become adept at putting up firewalls, blocking suspicious e-mail attachments, and watching for dubious download activity. Well aware of the spyware problem, many companies also do periodic sweeps of their systems to remove any unwanted programs that sneaked through their filters.

But many home users are not so fortunate. Some have installed antispyware protection, but in general, many are at risk, said Harvard's Edelman. Also vulnerable are libraries, airports, and hotels, all of which offer open Internet access without spyware blockers.

According to antivirus software company Symantec, visiting certain Web sites also can affect the likelihood of being infected with spyware. In a recent experiment, researchers started with a fresh installation of Windows XP containing the latest security updates and spent an hour visiting well-known sites in major categories like gaming, shopping, travel, and kid-oriented fare.

What was left behind on the machines was compelling, Symantec noted. Sites for kids produced the most adware, downloading over 350 applications onto the system, but no pieces of spyware. In contrast, gaming sites caused only 23 adware applications to appear, but four spyware programs. Going to shopping sites resulted in no adware or spyware.

"What this experiment tells us is that if you want to avoid spyware, there are certain parts of the Web you should stay away from," said Dave Cole, director of Symantec Security Response. "They're the dark alleys of the Internet world. Basically, you visit a game cheat site, and you're vulnerable for spyware. A kids site will open you up to adware."

Tool Kit

There are several spyware blockers and cleaners on the market, and Edelman noted that many users download programs like Ad-Aware, Webroot, and Counterspy.

A company started last year, SiteAdvisor, provides a system of automated testers that patrols the Web and gives out spyware safety ratings, allowing people to see if their favorite sites are really spyware havens. After downloading SiteAdvisor's software, people will see a small box in their browser with a red, yellow, or green icon to indicate the spyware threat level.

Antispyware tools work by scanning a computer system to find suspicious-looking programs that seem to have no business being in the machine, like adware, password crackers, remote-administration tools, jokes, and other applications. Some of what is caught is legitimate, which is why everything is usually presented in list format to a user, who can then sort the wanted from the junk.

Lately, though, even antispyware programs must be viewed with suspicion. A major trend has been the use of pop-ups by firms that allegedly provide free system scans and spyware cleaning. When a user chooses to accept the offer, he gets a message informing him that his system is riddled with spyware, even if it is perfectly clean. The irony is that during the scan, spyware is actually being installed.

"Stick with what you trust," said Symantec's Cole. "Don't use something from a pop-up ad that tries to scare you into downloading it because it has a funky, scary alert message."

Trend Micro Introduces InterScan Web Security Appliance

2006-04-04T11:08:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

The product enhances multi-layered anti-spyware protection for enterprises.

Tuesday, April 04, 2006: Trend Micro India has made available the InterScan Web Security Appliance in the Indian market. The new gateway-based hardware solution has been designed to provide enterprise organisations with comprehensive front-line protection against malware and content security threats.

The InterScan Web Security Appliance acts as the first line of defence against threats like spyware, grayware, viruses and phishing. It offers ability to trigger automatic agentless end-point cleanup via collaboration with Trend Micro damage cleanup services. It also provides malware detection and blocking, URL filtering, anti-phishing, and other features to prevent threats like spyware from entering the network.

It gives business organisations a greater choice in gateway protection, introducing an easy-to-deploy hardware option that complements Trend Micro’s software-based InterScan offerings.

“InterScan Web Security Appliance is easy to install and configure,” said Fernando Rynne, global product marketing manager, Trend Micro, Inc. “Moreover, it is much more effective than desktop-only security with integrated anti-spyware, antivirus, anti-phishing and URL filtering at the Internet gateway.”

Leave Spyware No Place to Hide!

2006-04-04T11:07:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

TRISNAP TECHNOLOGIES, a world innovator in spyware detection technologies, announces the release of System Spyware Interrogator 3.0 Tech Edition.

System Spyware Interrogator (SSI) is a free tool that detects and removes malicious software from clients' computers. Its uses Trisnap's unique Predator technology to compare applications running on a client's computer with an online database of spyware definitions to immediately reveal all suspicious applications. Costly and time consuming updates off malware definitions on user's computers are not required

System Spyware Interrogator 3.0 Tech Edition is the newest version of Spywaredata's popular scanner. The Tech Edition was been designed for technicians who deal with spyware on a regular basis. The consumer edition of System Spyware Interrogator offers monthly, quarterly and annual priority fee-based automatic removal options. The Tech Edition also offers Alternate Directory Scans, File Hash Generation, Intelligent Hijackthis log parser, and a memory process killer. SSI is linked directly to one of the largest malware databases in the world at www.spywaredata.com. The SSI Tech Edition is intended for technicians and users who would like to better expedite their search, detection and elimination of spyware.

Spyware company denies software is malicious

2006-04-04T11:06:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

By Nancy Gohring, IDG news service

The company selling spyware for mobiles has hit back at the suggestion its program is malicious.

Thai company Vervata has hit back after security firm, F-Secure, recently began blocking a commercial application called FlexiSpy, a product that bills itself as the world's first spy software built for mobile phones.

When FlexiSpy software is loaded onto a Symbian mobile phone, it sends all text messages that are sent and received, as well as call details, to FlexiSpy servers. Users can log on to the servers via the Internet to read the messages and view the call records. The problem, says F-Secure, is that the phone owner may not know the program has been installed and can't uninstall it.

"We're convinced that this could be used for malicious and illegal purposes in so many ways that we made the decision to flag it as malware," said Mikko Hypponen, F-Secure's chief research officer.

Vervata argues that FlexiSpy isn't a virus, a Trojan horse or malware. "Like any other monitoring software there may be a possibility for misuse, but there is nothing inherent in FlexiSpy that makes it illegal or malicious," a Vervata spokesman said. He added that the software must be consciously installed by a person, does not self-replicate and doesn't pretend to be something it's not.

He said that an uninstall option is provided so the user can uninstall the program at any time but F-Secure found that the application uninstaller doesn't work.

Hypponen also worried that a user could "beam" the program via Bluetooth to other nearby users. "If one in 100 people who received it wonders what it is and clicks on it, it would install without telling the user what the program does," he said. Going forward, the person who sent the program could read that person's text messages online. "If that's not malicious, I don't know what is," Hypponen said.

Some changes to the program could make it more palatable, he said. For instance, if the installation process clearly shows that a spy program is being installed, it could be useful for parents that might want to monitor a child's text messages, he said.

But using this type of program to spy on another person is illegal in most parts of the world, he noted. In addition, he also said that users might be concerned that the text messages and calling information is being stored on Vervata servers.

F-Secure has contacted Vervata to discuss the program but hasn't received a response, Hypponen said.

Each page of the FlexiSpy Web site warns visitors that logging other people's text messages and other phone activity or installing FlexiSpy on another person's phone without their knowledge could be illegal. It also says that Vervata assumes no liability and isn't responsible for misuse or damage caused by FlexiSpy.

Frost and Sullivan to counter spyware

2006-04-04T11:05:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

Wednesday, 29 March , 2006, 16:27

Chennai: About 90 per cent of computers all over the world have some form of spyware, which could lead to identity thefts, stolen proprietary data, invasion of privacy and slowing down of computers apart from other malfunctions.

Keeping in mind all the effects of spyware, Frost and Sullivan introduced a product that could counter its threat at a workshop in Chennai.

A recent study by Frost and Sulllivan also found that virus or worm attacks accounted for 65 per cent of all attacks and spyware and malware contributed to almost 15 per cent of it, company's Director Ravi Krishnaswamy told reporters today while making a presentation on the 'spyware industry in the world'.

He was speaking after Trend Micro India, an antivirus software company, announced the introduction of the Inter-Scan Web Security Appliance in India today.

The appliance acts as the first line of defence against threats like spyware, grayware, viruses and phising, Fernando Rynne, Global Product Marketing Manager, Trend Micro said while introducing the product.

He said the Appliance offers unique ability to trigger automatic agent less end point clean up via collaboration with TrendMicro Damage Cleanup Services. It also provides malware detection and blocking, URL filtering, anti-phising and other features to prevent threats like spyware from entering the network.

"We are the only vendor to tackle the full lifecycle of spyware with a multi-layered approach across the enterprise network. This layered approach allows us to prevent, detect, block and clean spyware as well as other grayware and malware as part of a comprehensive solution for large companies," said, company country manager Niraj Kaushik.

Israel jails spyware-for-hire couple

2006-04-04T11:02:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

Dirty deeds done dirt cheap

By John Leyden

Published Monday 27th March 2006 20:57 GMT

An Israeli couple were jailed on Monday after confessing to the development and sale of spyware that helped private investigators snoop on their clients' business competitors.

Ruth Brier-Haephrati, 28, was jailed four years while her husband Michael Haephrati, 44, was sentenced to two years imprisonment. Both sentences were in line with a plea-bargaining agreement made earlier this month. Ruth was charged with a litany of offences including fraud, planting computer viruses, and conspiracy. Her husband, Michael, was charged as her accomplice to those offences. Each also faces a suspended sentence and a fine of one million New Israeli Shekels ($212K).

The malware sent stolen documents to an FTP site, allowing unscrupulous firms to swipe confidential documents from rivals. Each software installation allegedly netted the Haephratis 2,000 New Israeli Shekels ($425). According to court documents, Michael Haephrati developed the spyware Trojan horse, while his wife, Ruth, marketed the software. ®

Do-It-Yourself Spyware Kit Sells For $20 on Web

2006-04-04T11:01:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

A do-it-yourself malware creation kit is being hawked on a Russian Web site for less than $20, according to security researchers tracking the seedier side of the Internet.

Virus hunters at SophosLabs discovered the spyware kit, called WebAttacker, on a Web site run by self-professed spyware and adware developers. The kit is available for sale directly from the site, which even offers tech support to buyers.

The WebAttacker kit includes scripts that simplify the task of infecting computers and spam-sending techniques to lure victims to specially rigged Web sites.

Ron O'Brien, senior technology analyst at Sophos, based in Boston, said samples of the malware kit include timely spam-run themes — such as bird-flu protection and Slobodan Milosevic murder conspiracy theories — to guide online criminals through social engineering attacks.

Spam messages with fake links to news stories about topical issues are normally used to lure e-mail users to bogus Web sites where malicious code can be executed via browser and operating system exploits.

"Making spyware available on the cheap like this means that technical skill has been removed as an entry-level barrier" to spamming and hacking, O'Brien said. "Now even dim-witted miscreants will be able to join the world of cyber-crime."

It's not the first time a do-it-yourself malware builder has been found.

Earlier this year, researchers at Sunbelt Software uncovered a special program that was being used to create keystroke loggers and Trojans to target customers of financial institutions in the United Kingdom, United States and Canada.

The Trojan builder provided an easy-to-use interface for creating new variants of malware that can steal credit card numbers and online banking log-ins from machines on which it is installed, and can direct e-Gold payments into an account owned by the attacker.

Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

Spyware for cell phones emerges

2006-04-04T10:57:00.000-04:00

Learn to Remove Spyware With Free and Available Programs! Click me

Snoop dog eats dog

By Nick Farrell: Friday 31 March 2006, 07:57

A NEW bit of software that lurks on cell phones and captures call logs and text messages has been dubbed a Trojan horse by a security outfit.

The software, called FlexiSpy, made by Vervata, is being flogged as a method that parents can protect their children by knowing everything they do. It captures call logs, text messages and mobile Internet activity.

However, security outfit F-Secure, said that the software is a Trojan, or at least an electronic sheep in digital wolf's clothing.

Jarno Niemela wrote in the company’s bog, that the application installs itself without any kind of indication as to what it is. When it is installed on the phone, it completely hides itself from the user.

It is concerned that the FlexiSpy could be used by bad guys as part of malicious software that targets phones. Hackers could try sending the program to phones via a Bluetooth connection and trust that there are enough curious people to install it.

F-Secure has updated its security software to detect the program and remove it.

Vervata denied that its software was a Trojan. In a letter to News.com the company insisted that FlexiSpy was not malicious. It can also be uninstalled with an option provided. We assume that is if you know it is there.

The software has to be installed by a human who knows exactly what the software does and cannot self replicate. No one has questioned what sort of control freak wants to listen to their child’s telephone calls and what message that this gives the child about life.

Recent developments in adware and spyware

2006-03-27T10:03:00.000-05:00

Learn to Remove Spyware With Free and Available Programs! Click me

Computer users accustomed to treating adware and spyware as just a low-level annoyance came in for a shock recently.

According to Reuters, a California man was indicted earlier this month on federal charges of creating a robot-like network of hijacked computers that helped him and two others bring in $100,000 for installing unwanted adware.

The indictment from a federal grand jury in Seattle also accused Christopher Maxwell, 20, and two unidentified conspirators of crippling Seattle's Northwest Hospital with a "botnet" attack in January 2005.

Authorities said the hospital attack caused $150,000 in damages, shut down the intensive care unit, and disabled doctors' pagers.

If he is convicted, Maxwell will face a maximum 10 years in prison and a $250,000 fine.

Reuters quoted the following statement by U.S. Attorney John McKay: "Some people consider botnets a mere annoyance or inconvenience for consumers, but they are highly destructive. In this case, the impact of the botnet could have been deadly."

Let there be no misunderstanding: adware and spyware are among the fastest-growing risks to consumers and organizations today. This article looks at recent developments in adware and spyware, as well as recommended steps to reduce the risks posed by these programs.

Growing volumes

While adware and spyware are not categorized as malicious code, Symantec monitors them using many of the same methods used for tracking malicious code development and proliferation. This involves an ongoing analysis of reports and data delivered from over 120 million client, server, and gateway email systems, as well as filtration of 25 million email messages per day. Symantec then compiles the most common reports and analyzes them to determine the appropriate categorization.

Adware programs enable the delivery and display of advertising content onto the user's device. This may be done without the user's prior consent or knowledge. It is often, but not always, presented in the form of pop-up windows or bars that appear on the screen.

Adware isn't always a security risk. In some cases, it simply delivers an advertising message to the user's screen. But depending upon its functionality and the context in which it is deployed, adware can constitute a security risk.

According to the latest edition of the Symantec Internet Security Threat Report, during the first six months of 2005, the prevalence of adware increased dramatically over the two previous reporting periods. Between January 1 and June 30, 2004, adware comprised 4 percent of the top 50 programs reported to Symantec. In the second half of 2004, it made up 5 percent of the top 50 programs. Between January 1 and June 30, 2005, however, it made up 8 percent of the top 50 reported programs.

For their part, spyware programs can secretly monitor system activity and either relay the information back to another computer or hold it for subsequent retrieval. In some cases, spyware is used by organizations to monitor Internet usage or by parents to monitor their children's Internet usage. Spyware can be surreptitiously placed on users' systems in order to gather confidential information such as usernames, passwords, banking information, and credit card details. This can be done through keystroke logging and by capturing email and instant messaging traffic.

Spyware is one of the fastest-growing risks, increasing at an estimated rate of 50 to 100 percent year over year, according to some security experts.

The chief offenders

The most frequently reported adware program between January 1 and June 30, 2005 was ShopAtHomeAgent, which accounted for 19 percent of the top 10 adware programs reported. It downloads and displays advertisements; however, it may also redirect access to certain Web sites through www.shopathomeselect.com.

The second most common adware program in this period was Istbar, which accounted for 14 percent of the top 10 reports. Istbar is a family of adware programs that install via an Internet Explorer toolbar, often using aggressive, persistent techniques.

CoolWebSearch was the third most commonly reported adware, making up just over 13 percent of the top 10 reports. CoolWebSearch is a large family of security risk programs that can be manually installed or bundled with another program. The programs have been observed hijacking searches, which are then redirected to the CoolWebSearch Web site or an affiliate.

Turning to spyware, Webhancer was the most reported program in the first six months of 2005, accounting for 29 percent of the top 10 spyware programs reported overall. (It was also the most reported spyware program in 2004.) Webhancer monitors the user's browsing habits, sending the information back to its centralized servers. While the program includes an End User Licensing Agreement (or EULA), it is also capable of updating itself from servers. This means that updated versions may contain additional functionality that the user may not have agreed to as part of the original EULA.

Apropos was the second most reported spyware program in this period, making up 27 percent of the top 10 spyware reports. An Internet Explorer browser helper object (or BHO) installed by an ActiveX control, Apropos installs a toolbar that links to Web sites and sends information back to its server.

The third most reported spyware program, Marketscore, is a new addition to the top 10, making up 19 percent of the top 10 reported spyware programs. When Marketscore is installed on a computer, it starts a proxy service. Once this service has executed, all of the system's Internet connections will be routed through the Marketscore's proxy, called OSSProxy.

Of the top 10 adware programs reported in the first six months of 2005, five hijacked browsers. During this same period, two spyware programs performed this function.

Prevention and mitigation

Because adware and spyware can be placed on a user's computer by exploiting software vulnerabilities, Symantec recommends that users update their antivirus software regularly. Security administrators should also take extra measures to ensure that patch levels on all computers are up-to-date. Users and administrators should employ defense in-depth, which means deploying a properly configured firewall and integrated antivirus and intrusion detection systems. In addition, users should exercise caution when installing any software through a Web browser and avoid downloading any software from sources that are not known and trusted.

Besides the deployment of defense in-depth, Symantec recommends that acceptable usage policies be put in place and enforced. System administrators should regularly audit systems to ensure that no unauthorized software is installed on them. In all cases, administrators and end users should read the EULAs of all software programs before agreeing to their conditions.

Security risks such as adware and spyware have the potential to compromise users' personal information and privacy, and their prevalence is increasing globally. Enterprises should consider an approach that detects these risks in a way that is non-intrusive, allowing users to make informed decisions based upon their own level of acceptable risk.

Spyware And Adware Continue To Plague PCs

2006-03-27T10:00:00.000-05:00

Learn to Remove Spyware With Free and Available Programs! Click me

More businesses deploy anti-spyware apps, while efforts to control the parasitic code are widening as watchdog groups employ new tactics and law enforcement cracks down on suspects.

By Eric Chabrow
InformationWeek

Mar 27, 2006 12:02 AM

The characters who create and distribute spyware eventually reach a crossroads. Some clean up their acts, present themselves as adware aficionados, and do their best to legitimize questionable marketing techniques. Others continue their shady work on the sly. One major player reached a dead end: Adware pusher Claria last week revealed plans to exit the controversial business.

Efforts to control the parasitic code are widening as watchdog groups employ new tactics and law enforcement cracks down on suspects. The Center for Democracy and Technology last week issued a report that points the finger not just at adware distributors, but also at nearly a dozen of their clients, including Club Med Americas, NetZero, and ProFlowers. "These advertisers see the benefits of advertising with these companies that engage in unfair and deceptive practices, but they haven't seen the downside," says Ari Schwartz, deputy director of the nonprofit public policy group.

StopBadware.org, a new watchdog group, last week added four popular programs to its "badware" list: file-sharing program Kazaa, spyware removal software SpyAxe, download manager MediaPipe, and Screensaver.com's Waterfalls 3 screensaver. And the Los Angeles City Attorney's office revealed that it filed the first criminal spyware case in California, charging three people with running companies that distributed spyware in the guise of legitimate software tools.

IT departments have been fighting spyware and adware--they're different, but both troublesome--for several years, and there's something to show for their efforts: Fewer machines are getting infected. While spyware infected 81% of consumer PCs last year, that's down from 91% in 2004, according to anti-spyware vendor Webroot, which scanned more than 2 million PCs to arrive at those findings.

That's progress, but there were setbacks, too. The average spyware count on each machine climbed in 2005, to 25 instances, and the programs are increasingly malicious, with more Trojan horses than before.

It's not just a consumer problem. Spyware was reported by 80% of respondents last year in an FBI survey of 2,066 companies.

Spyware also is growing in seriousness and complexity, as miscreants use the embedded code to pilfer funds and steal data that can be sold. Adware tends to be less sinister, but it's problematic in other ways, slowing PCs and clogging networks with the traffic it generates. "I know there's a major difference functionally," says Scott Larsen, IS manager at the online group travel agency Groople. "Obviously, the repercussions of spyware versus adware are different. But they're one and the same in one respect: I don't want them on my box."

A year ago, the IT team at Groople found spyware on at least one of its PCs every day or two and spent part of most days digging it out. The company installed anti-spyware software from Trend Micro and Microsoft at its Internet gateway and on PCs and laptops, at a cost of about $10,000. Spyware infestations have dropped to one every two weeks, and staffers now spend only an hour every few weeks getting rid of it.

An average company spends more than $1.5 million a year getting rid of the junk, according to a study of more than 600 IT managers conducted last summer by research firm NewDiligence for security software vendor FaceTime Communications. Worldwide business spending on anti-spyware software will jump from $214 million this year to nearly $1.4 billion by 2010, predicts research firm Radicati Group.

Criminal Intent
Spyware purveyors are part of a shadowy underworld. Israeli authorities this month indicted a couple for creating Trojan horse software and selling it to private detective agencies to spy on the business rivals of their clients. Victims included an automobile importer, public relations firm, and television company, according to published reports.

Israeli officials allege Michael Haefrati crafted the malware--a variant of a keystroke-logging program called Hotword, according to Dave Cole, director of Symantec Security Response--and provided technical support while his wife Ruth marketed it to private investigators and at times inserted the virus into victims' computers herself. The indictment suggests that the couple, whose company, Target-Eva, was registered to operate in Israel, the United Kingdom, and the United States, tried to market the software to legitimate security agencies as early as 2000 but began selling it illicitly after private investigators two years ago solicited them to modify Hotword.

There's also the example set by spyware purveyor Carlos Enrique Perez-Melara, who was indicted last summer for distributing a program called Loverspy. Here's how it worked, according to the indictment: For $89, a buyer could get Loverspy through a Texas Web site, which directed people to servers in Perez-Melara's San Diego apartment. On the site, people selected an innocuous-looking electronic greeting card featuring puppies, kittens, or flowers that contained the malware. Purchasers could send the E-card to as many as five E-mail addresses. When the targets opened the E-card, Loverspy would be secretly installed on their PCs.

According to the Justice Department, all activities on the PCs--E-mail, Web site visits, passwords entered--were captured and forwarded on to the purchasers, either directly or through Perez-Melara's servers. Loverspy gave purchasers the ability to remotely control the victims' PCs, including accessing, changing, and deleting files, even turning on Webcams connected to them. The government contends that more than 1,000 people bought Loverspy and installed it on 2,000 computers. A person who received spam touting the product tipped off authorities. The indictment also charged four purchasers of Loverspy with computer hacking. No trial date has been set for Perez-Melara, who's on the lam in El Salvador.

Spyware can even be a threat to personal safety, as stalkers use keystroke loggers, says Schwartz of the Center for Democracy and Technology, which led the formation of the Anti-Spyware Coalition, a group that includes America Online, Microsoft, and Symantec. He cites a recent case in Michigan where a batterer secretly installed keystroke-logging software on his estranged wife's computer and tracked her and their kids by reading her E-mail and viewing her online activities. "He followed them from battered women's shelter to battered women's shelter," Schwartz says. "That's kind of the worst-case scenario."

Much of the spyware aimed at stealing individual identities, money, and corporate trade secrets involves organized criminal groups, says Chris Painter, deputy chief of the Department of Justice's computer crime and intellectual property section. "If there's a way to make money, they're going to try to find it," he says.

These criminal groups may be patterned after the Shadowcrew Organization, a one-stop online marketplace for identity theft busted by the government a year and a half ago, Painter says. Shadowcrew operated in the United States and eight other countries. Members of the gang found each other through chat rooms and Web sites that attract criminals. "We see a lot of cooperation among groups," he says. "Once money is involved, it's a good reason for people to team up."

The culprits offer specialized skills: writing malicious code, placing spyware on PCs, creating false IDs and ATM cards from stolen information, and selling stolen identities. Spyware is an international problem, and much of the malware placed on people's PCs originates from countries, including those in Eastern Europe, where educated but underemployed people can be drawn to virtual crime. That makes it tougher to stop. The feds busted people in Shadowcrew by infiltrating the gang with undercover agents.

What these groups and individuals do is clearly criminal, and they have no defenders. But there's another class of software trying to claw its way to respectability.

Nobody's Friend
Adware, spyware's close cousin, is loaded onto PCs to track user Internet behavior in order to deliver pop-up ads to market specific products or services. People often load adware onto PCs along with free content such as toolbars, games, and wallpaper. Like spyware, adware can be delivered clandestinely when users visit an unscrupulous Web site that exploits a browser vulnerability to make the transfer.

It's possible, albeit inexcusable, that advertisers might be unaware that spyware is delivering their messages. Anti-spyware gadfly Ben Edelman analyzed HTML coding to trace a pop-up ad from music retailer Columbia House to spyware transmitter ICanNews. Columbia House had retained aQuantive to place its ads on the Web, which subcontracted ad placement to Yfdmedia, which contracted Azoogle, which signed up MyGeek, which engaged ICanNews. "The net effect is that the user was shown this pop-up ad when the user never consented to receive this kind of advertising," Edelman says.

The largest adware companies say they give users' sufficient notice about adware and its properties, and they shun the spyware label. But critics, including corporate users, don't see the difference. "As much as these companies want to call it adware, spyware sure feels like the right name, because it's really surreptitious," says Jonathan Johnson, senior VP of corporate and legal affairs at Overstock.com, an online retailer that itself once used adware but now is suing a competitor that used it to deliver ads to people looking at the Overstock site (see story, "Are Pop-Ups Unfair Competition?").

Adware has well-heeled backers. Claria raised more than $58 million from U.S. Venture Partners and Greylock Partners, 180solutions received $40 million from Spectrum Equity, and WhenU.com obtained back- ing of $35 million from ABS Capital Partners and Trident Capital.

Adware pioneer Claria last week disclosed plans to leave the adware market by June. Claria, founded in the late 1990s as Gator, has retained Deutsche Bank Securities to sell its adware assets and is in discussions with a number of interested buyers. Alex Eckelberry, CEO of anti-spyware software maker Sunbelt Software, says he wouldn't be surprised if two other major adware companies--180solutions and WhenU--bid on Claria's adware business. Eckelberry suggests that venture capital firms that funded Claria see the adverse publicity surrounding adware as diminishing the company's value.

But Claria may not be getting out of the business of placing software on PCs. It's focusing on a new service it will introduce next month called PersonalWeb, which automatically generates personalized Web pages that provide users with information they want, such as sports scores or community news.

Is Reform Possible?
Adware's critics are relentless. The Center for Democracy and Technology in January asked the Federal Trade Commission to take action against adware company 180solutions for repeated and deliberate attempts to dupe Internet users into downloading intrusive software. Last month, adware critic Edelman posted information on his Web site showing that new software 180solutions developed to prevent unauthorized downloads didn't work and that unethical business partners could get around it to plant adware on PCs.

180solutions' executive VP of business development, York Baur, says the company has changed the way it conducts business. "The only valid criticism is that we were perhaps naive about the world of Web publishing earlier on in our history, and it has taken us through 2005 to truly take control of that ownership of [our] network and get practices that we think are poor cleaned up," Baur says.

180solutions, like other adware companies, offers users bundles of free products from thousands of content providers in exchange for placement of software on their computers to deliver targeted ads based on the Web sites they visit. 180solutions' premier product is Zango, which offers a variety of games as well as tools to access simultaneously AOL, Yahoo, and MSN instant messages; burn CDs and DVDs; and get desktop TV listings, astrology readings, and weather forecasts. In addition, scores of scripts and software are available. Soon the company will offer video programming, too.

180solutions' problem was that it paid others to distribute that software and didn't make sure its distributors had people's permission. The company has more than 5,000 affiliates--it calls them Web publishers--that are paid to place adware on computers and are responsible for 90% of its adware downloads. Until a year ago, 180solutions used distributors to sign up affiliates. Last year, it severed relations with six of its distributors, acquired a seventh, and started using an automated system to manage affiliate relations. The company now deals directly with its affiliates and vets each one by requiring banking and payment histories and checking each Web site to see if it meets 180solutions' standards, Baur says.

he company makes money from advertisers, mostly direct marketers that pay to have pop-up ads appear on users' computers, often when the adware software detects the consumer perusing a competitor's E-commerce site or seeking services and products similar to those offered by the advertiser. Based on the contract, 180solutions is paid per view or, when a purchase is made through the ad link, per acquisition.

180solutions says its user base numbers more than 20 million, and its revenue last year topped $50 million. The company says it spent $2.5 million on software--known as S3 for Safe and Secure Search--that's supposed to keep affiliates from surreptitiously installing 180solutions software on users' PCs, but it's not perfect. Co-founder Ken Smith, writing in a blog, blamed the recent failure of the software to prevent unauthorized downloads on his company's detection and reporting mechanisms, not the S3 technology.

Skeptics aren't buying it, and they're trying to pressure advertisers not to use 180solutions. "We want to give fair notice to companies thinking about advertising with 180solutions that they keep this in mind," says Schwartz of the Center for Democracy and Technology. Azoogle, one of the largest third-party online ad networks, heeded that advice and terminated its relationship with 180solutions this month.

Adware makers need to rein in out-of-control affiliates. In January, according to the Justice Department, Jeanson James Ancheta confessed to using servers he controlled to transmit malicious code over the Web to scan for and exploit vulnerable computers, redirecting thousands of PCs to an Internet Relay Chat channel that he controlled. Ancheta generated $60,000 in advertising affiliate earnings by directing more than 400,000 infected computers to servers he controlled where adware he had modified was surreptitiously downloaded. Ancheta also admitted to commandeering computers to create botnets--or robot networks--to launch denial-of-service attacks and transmit spam. He also earned about $3,000 from selling access to his botnets.

Serious Business
Among Ancheta's victims were the Weapons Division of the U.S. Naval Air Warfare Center in China Lake, Calif., and the Defense Information Systems Agency, the combat support unit responsible for IT and communications. The 20-year-old agreed to pay $15,000 to the two Defense Department units as restitution and forfeit all proceeds from his illegal activity, including $60,000 in cash, his computer equipment, and a BMW. He faces up to 25 years in prison; a federal judge will decide sentencing on May 1.

Adware provider WhenU.com doesn't use affiliates, but it, too, has had to change some practices. When CEO Bill Day, one-time head of the search site About .com, joined WhenU as CEO in 2004, one of his first actions was to stop marketing its software through banner ads on Web sites, for which WhenU paid the site operator a fee per download. Customers of WhenU's newer pop-up ads include ABC, which last fall used WhenU to promote two new shows, Invasion and Commander In Chief.

It's possible that adware could shake off its troubled youth and become a legit form of advertising--even if, like telemarketing, it's never exactly loved. Day notes that advertisers pay WhenU only when users click on ads, a model similar to that used by paid-search companies like Google and Yahoo. Users get only about an ad an hour, maybe less, says Day, who claims 10 million to 15 million users and growing revenue.

If adware cleans up its act, it might eventually get the likes of the Center for Democracy and Technology off its back, and it could become a viable way for people to get content free. But that won't necessarily help business IT people, who still will have one more potentially risky and bandwidth-eating software program to keep off their networks.

Defining The Problem
It's not just adware companies feeling the backlash. The Australian media has had a field day reporting that skier Dale Begg-Smith, who won a gold medal in the 2006 Winter Olympics in the men's mogul event, was once a spyware master. The Australian reports say Begg-Smith's defunct Adscpm.com Web site spawned 20 million pop-ups a day, though Begg-Smith's associates are quoted as insisting the 21-year-old skier was involved in legitimate businesses.

Sony BMG Music Entertainment last year got nabbed selling music CDs that contained a rootkit--software that can be used by hackers to hide malicious code from antivirus and anti-spyware defenses--within the copy-protection scheme used to prevent music CDs from being copied to computers. To prevent software for digital rights management from easily being thwarted, Sony BMG used a rootkit to hide the copy-protection files from customers and make them difficult to remove. Bloggers, researchers, and law enforcement cried foul, and Sony BMG eventually recalled the CDs and alerted users about how to remove the DRM software.

It's enough to cause concern among PC users. Princeton University computer science and public affairs professor Edward Felten is a typical--and anxious--one. He knows there are tools on the Web that could help with his new hobby of music editing. But because of the threat of malicious software, "I'm less prone to try new software," Felten laments. "I'm more careful of what Web sites I go to. I spend time trying to protect myself."

That's important, but unfortunate. Spyware, Felten says, causes him "to shy away from small companies, shy away from using software from sites I don't know." That hesitation could mean a lost opportunity--adding to the price we pay for spyware.

LG Card Selects Blue Coat to Strengthen Web Security While Increasing Performance

2006-03-27T09:59:00.000-05:00

Learn to Remove Spyware With Free and Available Programs! Click me

SEOUL, South Korea, March 27 /PRNewswire-FirstCall/ -- Blue Coat(R) Systems , the leader in secure content and application delivery, today announced that LG Card, the leading credit card company in South Korea, has deployed Blue Coat's SG-Series and AV-Series appliances to protect its corporate network and customer database from spyware, viruses and other security threats and to ensure the privacy and integrity of its data.

LG Card offers installment financing, consumer loans and leasing as well as credit card services to more then 9.8 million cardholders in South Korea. Since protection of its customer database is vital to its operations and reputation, LG Card endeavors to utilize the highest levels of security infrastructure and practices. In the past, its network had experienced several security threats, including spyware and other virus attacks that caused a slow down in overall operations.
"Traditionally, the true cost of security has always been performance, but with Blue Coat we get the highest levels of security along with significant acceleration of content and applications," said IC Jeong, manager of the network operation team for LG Card. "Without impacting transaction performance, we can block spyware and other malware before it has a chance to penetrate the corporate network or individual client and server. We can also protect our customer database with the highest level of security."
"LG Card is a trusted name and company in Korea, and we are happy to provide both the protection and acceleration they needed to maintain the confidence and excellence of operations," said An Seung-Ryong, Country Manager of Blue Coat Korea. "Only a proxy infrastructure has the power to simultaneously control, protect and accelerate Web communications and applications."
About Blue Coat Systems
Blue Coat secures Web communications and accelerates business applications across the distributed enterprise. Blue Coat's family of appliances and client-based solutions -- deployed in branch offices, Internet gateways, end points, and data centers -- provide intelligent points of policy-based control enabling IT organizations to optimize security and accelerate performance for all users and applications. Blue Coat has installed more than 25,000 appliances worldwide and is ranked #1 by IDC in the Secure Content and Application Delivery market. Blue Coat is headquartered in Sunnyvale, California, and can be reached at 408-220-2200 or http://www.bluecoat.com/.
FORWARD LOOKING STATEMENTS: The statements contained in this press release that are not purely historical are forward-looking statements, including statements regarding Blue Coat Systems' expectations, beliefs, intentions or strategies regarding the future, and including statements regarding the capabilities and expected performance of Blue Coat Systems' products. All forward-looking statements included in this press release are based upon information available to Blue Coat Systems as of the date hereof, and Blue Coat Systems assumes no obligation to update any such forward-looking statements. Forward-looking statements involve risks and uncertainties, which could cause actual results to differ materially from those projected. These and other risks relating to Blue Coat Systems' business are set forth in Blue Coat Systems' most recently filed Form 10-Q for the quarter ended January 31, 2006 and Form 10-K for the year ended April 30, 2005, and other reports filed from time to time with the Securities and Exchange Commission.
NOTE: All trademarks, trade names or service marks used or mentioned herein belong to their respective owners.
Blue Coat Systems

CONTACT: investors, Carla Chun, +1-408-220-2318, orCarla.chun@bluecoat.com, or media, Steve Schick, +1-220-2076, orsteve.schick@bluecoat.com, both of Blue Coat Systems; or media, Kevin Kosh ofCHEN PR, +1-781-672-3111, or kkosh@chenpr.com, for Blue Coat Systems

Web site: http://www.bluecoat.com/

Columnist arms computer users for war with hackers, spyware and more

2006-03-27T09:58:00.000-05:00

Learn to Remove Spyware With Free and Available Programs! Click me

By Bill Husted, bhusted@ajc.com
March 27, 2006

I'd be forced to find a real job were it not for hackers, viruses, spam and spyware. Without all that stuff, using a computer would be easy. All you'd need to know would be the location of the on/off button.

The computer is pretty much used as an appliance these days, but it's different from most. You won't find magazines and columns devoted to advice on using your microwave oven, for instance. Nor do you need them. We haven't reached that level with the computer, however. Instead, you fight a bitter daily war to keep data safe. And the computer criminals on the other side are pretty darned good at what they do.

Today we'll talk about the basics of computer security. I'll tell you how to enlist in Husted's Army of Computer Righteousness to give you more firepower in that war with the bad guys. I'll be your supply sergeant. I can equip you with weapons that will help you survive the coming battles. When you enlist in the Army, you are not expected to pay for your rifle and helmet. So your weapons are free, too.

Let's start with the firewall. The firewall blocks attempts to invade your computer. While there are both hardware and software firewalls, most home users are candidates for firewalls of the software variety. Every computer needs a firewall. Windows XP includes a built-in firewall — it's not a great one, but it is much better than no firewall at all.

A better free firewall can be downloaded at http://www.zonelabs.com. The company also sells firewall programs, so look for the link on the main page called "Free ZoneAlarm and Trials." Click on that and look for the heading "ZoneAlarm Free Download for business use only." I can't give you a free router. But if you have a home computer network, you probably use one. Routers furnish additional protection against intrusion. That's because, quite literally, your computers hide behind the router while online. But even computers hiding behind a router still need a software firewall.

I wish I could say we're done. But we've just gotten started. Anti-virus protection also is essential. A computer virus is just another computer program. But unlike your favorite game or word processing program, it is software designed to do harm.

When I started writing about computer viruses, most were created with destruction in mind. Some would erase the hard disk, others would put annoying messages on the screen. There's been a big change in viruses over the past couple of years. Nowadays, they try hard not to be noticed. Many are created by skilled professionals instead of hackers and are designed to take control of your computer. Once that happens, your computer is enlisted in an army of zombie machines.

Often these captive computers are used to send out spam. That way the real spammers are less likely to be located. Besides putting you at risk of being a secret spammer, these viruses will slow your computer. A good anti-virus program is needed here. And it should be regularly updated, otherwise it won't be able to find newly created viruses. Luckily the equipment I'll issue you here fits the bill.

The free anti-virus program I recommend comes from Grisoft and can be found at http://free.grisoft.com. Besides being free, it will automatically update itself. Even if Grisoft charged for this program, I would still recommend it.

I know you are staggering under the weight of supplies, but there's still more. We need to do something about spyware and adware.

The worst of this stuff literally spies on you. The best of it — and that's not saying much — tracks Web sites you visit so marketers can send you targeted spam. For instance, if you hang out on tennis sites, you can expect to get spam offers for tennis balls. God knows what you can expect if you hang out on seamier Web sites.

Even the relatively harmless variety of adware slows your computer down — way down. I've seen computers with more than 200 adware and spyware programs hidden away. Computer repairmen tell me that the leading cause of slow computers is adware.

For a long time I've recommended two programs: SpyBot Search & Destroy and Ad-aware. You can find free versions of both at http://www.download.com. I still think both work fine, but I've added still another free program to my list. It's a free Microsoft product called Windows Defender. At the moment, there's a link to Windows Defender on the main http://www.microsoft.com page. But things change fast on the Web. So if you can't find Defender on the main page, use the search box at the top of the Microsoft page. OK, you're in the army now. Unfortunately, given the state of computer security, your term of enlistment is for life.

— Bill Husted writes for the Atlanta Journal-Constitution.E-mail: bhusted@ajc.com.

Spyware kits sold for fifteen dollars available on the web, Sophos reports

2006-03-27T09:57:00.000-05:00

Learn to Remove Spyware With Free and Available Programs! Click me

Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centers, have discovered a Russian website that sells spyware kits, called WebAttacker, for fifteen US dollars (about ten UK pounds). The website, which refers to its creators as spyware and adware developers, markets the strengths of its kits, makes the kits available for online purchase and offers technical support to its buyers.

Included in the kits are scripts designed to simplify the task of infecting computers - the buyer spams out a message to email addresses, inviting recipients to visit a compromised website. Samples found in Sophos's global network of monitoring stations used newsworthy topics to lure unwary users. One presented itself as a warning of the deadly H5N1 bird flu virus, providing links to a bogus website, which purported to contain advice on how to protect "you and your family". The other claims that Slobodan Milosevic was murdered and invites users to visit the site for more information. These websites then attempt to download the malicious code remotely onto the user's PC by taking advantage of known web browser and operating system vulnerabilities.

"This type of behaviour is inviting the return of what we call script-kiddies," said Carole Theriault, senior security consultant at Sophos. "By simplifying the task of the potential hacker and making it available so cheaply, sites like this one will attract opportunists who aren't necessarily very skilled and turn them into cyber-criminals."

JavaScript code on the infected websites detects the visiting computer's browser version and operating system, including any installed patches, and launches the most appropriate exploit. The exploit downloads a program that attempts to turn off the firewall and install malware, generally a password stealer, keylogger or a banking Trojan. Sophos protection, Troj/Dloadr-ADU, has been available since 13 March, 2006.

"The underground cyber economy is, in some ways, very similar to the one most of us operate by - everyone wants a piece of the action," continued Theriault. "The more common cyber attacks become, the more of these types of sites offering kits, databases of email addresses, and bespoke Trojans and spyware we will see. So as long as the money continues to flow, there will be interested parties."

Kazaa crowned 'king of spyware'

2006-03-27T09:56:00.000-05:00

Learn to Remove Spyware With Free and Available Programs! Click me

P2P giant Kazaa has been told to stop insisting its software is spyware-free by independent testers who claim it interferes with computer use, modifies other applications and never completely removes all components during the uninstall process.

Sharman Networks, makers of Kazaa, ‘the world’s most downloaded software,’ believe it installs with ‘no spyware’ – because no personally identifiable data is sent by the program.

But Internet experts, consulting with researcher group Stopbadware.org, found Kazaa’s installation included several bundled programs, considered ‘spyware’ under the definition of ‘software that subverts a PC’s operation for the benefit of a third party.’

Finding Kazaa guilty on all three counts of so-called ‘Badware behaviour,’ the researchers found that one of the eight bundled applications, The Best Offers Network, “cannot be closed at all by the typical user.”

Instead, the researchers said the application must be closed by killing the process from within the Windows Task Manager - the only viable solution that the software makers fail to disclose.

Likewise the report from the online group, which was recently founded by researchers at Harvard and Oxford University, reveals no warning to users, during installation or otherwise, of three other side-effects slowing performance in Kazaa-installed PCs.

The file-sharing program automatically adds two new hyperlinks to the Windows Desktop, installs programs that modify Internet Explorer, while changing the default 404 and DNS error pages in IE.

Sharman Networks does however inform Kazaa users at pre-installation stage of two included applications, namely Anti-Virus and a host of links to websites, admitted as adware programs.

Those downloading the current version, Kazaa 3.0, who wish to reject AV BullGuard, or the adware programs, have the option of proceeding with the installation or cancelling it.

Responding to the study, Sharman Networks told the Associated Press agency that they dispute the research group’s findings.

“We disagree with it,” spokeswoman Felicity Campbell said of the report. “We really don't have sinister desires to get into people's computers and stay there.”

Out of three other applications tested, ScreenSaver.com’s ‘Waterfalls 3’ was found to bundle a Trojan-horse like program, though overall, Kazaa emerged with the highest ‘badware’ rating.

IE Exploit Strikes, Installs Spyware

2006-03-27T09:54:00.000-05:00

Learn to Remove Spyware With Free and Available Programs! Click me

By Gregg Keizer, TechWeb News
March 24, 2006 (8:25 PM EST)
URL: http://www.techweb.com/wire/183702818

The unpatched CreateTextRange vulnerability in Internet Explorer is already being used by at least one Web site to install spyware on users' machines, a security organization said Friday.

"We just received a report that a particular site uses the vulnerability to install a spybot variant," the SANS Institute's Internet Storm Center (ISC) warned Friday in an alert. "It is a minor site with insignificant visitor numbers according to Netcraft's 'Site rank.'"

Disclosed only Wednesday, the flaw in IE 5.01, 6.0, and the January version of IE 7 Beta 2 Preview has security vendors worried because a patch isn't available from Microsoft. Thursday, as news circulated that a working exploit had been publicly posted, Microsoft said it was working on a fix.

Even before the site exploiting the CreateTextRange bug was discovered, security companies had raised alarms. The ISC bumped up its InfoCON level to "yellow" for the first time since the Windows Metafile fiasco in late December, when another "zero-day" flaw hit Windows users.

"It's a relatively trivial mod[ification] to turn [the exploit] into something more destructive," the ISC warned. "For that reason, we're raising Infocon to yellow for the next 24 hours."

Symantec raised its ThreatCon status indicator to "2" and boosted its Internet Threat Meter's warning for Web activities to "medium" because of the bug.

Although it's unclear exactly whether the Spybot-distributing site is drawing users to its poison or simply waiting for the unwary to stumble across the URL, it's likely the former, Scott Carpenter, director of security at Secure Elements, said in an e-mail to TechWeb. "The most probable vector for this worm will be in the form of spam with malicious links that will tempt users into clicking on a link that takes them to a malicious site."

In December (and after), hundreds of sites used the Windows Metafile bug to load spyware, including keyloggers and backdoor Trojans, onto unsuspecting users' PCs.

Rumors that Microsoft would release a patch before April 11, the next regularly-scheduled patch day -- such releases are dubbed "out-of-cycle" -- was quashed by a Microsoft spokesman who refused to commit the company to a date.

"Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers," he said in a verbatim repeat of Thursday's advisory. "This will either take the form of a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."

So, what should users expect, say, over the weekend and early next week?

"It's hard to say at the moment, since this is just the beginning," said Alain Sergile, a technical product manager at Internet Security Systems' X-Force research. "But if SANS' report is accurate, I think we'll see additional targeted attacks where spam is sent to users at a specific organization in the hope that someone clicks on the link and downloads the malicious code so the attacker can infiltrate the network."

Because it remains an unpatched vulnerability, "everyone should consider this a zero-day kind of threat," added Sergile. "That means people will be caught flat footed."

Microsoft has recommended that users disable Active Scripting in IE until a patch is posted, but Sergile said that wasn't really a workable solution. "That will kill the capability of a large number of Web sites. The Web isn't much fun without those [scripting] capabilities." Instead, he recommended users visit only sites they know are safe.

Or turn to another browser. "The problem is in how Internet Explorer interprets the scripting call. Firefox doesn't have this problem."

Spyware-for-hire couple plead guilty

2006-03-15T14:23:00.000-05:00

Learn to Remove Spyware With Free and Available Programs! Click me

Israeli prison looms for Haephratis

By John Leyden

Published Wednesday 15th March 2006 10:16 GMT

Get breaking Reg news straight to your desktop - click here to find out how.

An Israeli couple faces prison after confessing to the development and sale of a spyware Trojan horse that helped private investigators snoop on their clients' business competitors.

Ruth Brier-Haephrati, 28, and Michael Haephrati, 44, have entered guilty pleas to industrial espionage charges over the Trojan horse case. Ruth was charged with a litany of offences including fraud, planting computer viruses, and conspiracy. Her husband, Michael, is charged with aiding and abetting those offences, Ha'aretz reports. Ruth faces four years in jail while Michael faces two years' imprisonment. Each also faces a suspended sentence and a fine of one million New Israeli Shekels ($212K) under a plea-bargaining agreement. Tel Aviv District Court Judge Bracha Ofir-Tom will rule on whether the Haephrati's plea is acceptable on 27 March.

Investigators allege the duo developed and sold customised spyware or Trojan horse packages designed to evade detection by security tools to three private investigation companies in Israel - Modi'in Ezrahi, Zvi Krochmal, and Philosof-Balali. This spyware code was allegedly installed on victims' PCs by private detectives from a diskette or via email, as part of a spying scam that ran for up to two years. The malware sent stolen documents to an FTP site, allowing unscrupulous firms to swipe confidential documents from rivals. Each software installation allegedly netted the Haephratis 2,000 New Israeli Shekels ($425), The Jerusalem Post reports. According to court documents, Michael Haephrati developed the spyware Trojan horse, while his wife, Ruth, marketed it via a firm called Target-Eya.

Firms suspected of using the malware include Mayer Motors (an importer of Volvo and Honda cars) against Champion Motors (an Audi and Volkswagen dealership). Satellite television company Yes is accused of spying on rival cable TV outfit HOT. Another alleged victim is a PR agency, whose clients include Israel's second biggest mobile phone operator, Partner Communication. The Haephratis are among 22 people arrested in Israel and the UK in connection with the case last year. ®