Anti-virus must be free

When I first read the title of Robert Vamosi's latest at AnchorDesk, I thought "yeah right... that's gonna happen". I can see Symantec of McAfee giving their stuff away.

He makes some excellent points though. The virus outbreaks and cred-wars we've seen tell me that the problem is only going to get worse until the majority of desktops are protected, actively. It's a thoughtful piece and a good read.

ZDNet AnchorDesk: Antivirus software must be free. Here's why

I WONDER WHY, in 2004, we are still fighting mass-mailing viruses and worms like these. Given that viruses have been around for more than twenty years now, and that the antivirus companies have made tremendous progress in stopping this sort of threat, we should all be protected from new outbreaks. But millions of PCs worldwide still do not have basic antivirus protection, and thus are susceptible to infection.

One reason I think so many PCs are undefended is because antivirus apps keep getting more expensive. That's why I offer a challenge to the major antivirus companies: I'd like to see one of you offer a free version of your best-selling antivirus product for desktop PCs. You'll still make your profits, and your user base will certainly increase. But the bottom line is this: Whichever one of you does so can claim you're truly making the Internet safer for everyone--and that's priceless.

Of course, I disagree with his assessment of free tools because there are good ones out there and they do work. Check the Invisible PC website for suggestions on the best free tools to kkep your PC safe, secure, and ivisible to the bad guys.

How to prevent browser-based spyware

SearchSecurity.com has a good tip from Ed Skoudis about how to avoid having your browser hijacked by spyware:

There's a massive battle for browsers going on right now. No, I'm not
referring to the epic struggle for market dominance between Netscape
and Microsoft way back in the mid-1990s. Today's browser battle is
being fought between forces that want to have control over users'
browsers: users and administrators versus spyware. If a user merely
surfs to the wrong Web site, aggressive malware can install itself on
the users' box, steal information and possibly give an attacker
remote control of the system.

Read the complete tip here.

SearchSecurity.com | RSA Security index suggests things are getting worse

From SearchSecurity.com:

Times are they are getting worse

Last week, RSA released its second annual Internet Insecurity Index during the RSA conference in San Francisco. The index says the security landscape has gotten slightly worse over last year.

The index works on an increasing scale of insecurity from 1 to 10 with 10 being very insecure. The overall rating was 7, slightly worse then last year's rating of 6. The security industry and Internet crime and fraud both received higher insecurity ratings for the year while the government gained some ground.

A breakdown of the ratings is below:

- Hacks, attacks and flaws: 8 (same as last year)
- Threats: 8 (same as last year)
- Internet crime and fraud: 8 (up from 7 last year)
- Internet users and ISPs: 6 (same as last year)
- Information security industry: 6 (up from 4 last year)
- Government: 6 (was 4 last year) "

With new Bagle and Netsky worms, March comes in with a roar - Computerworld

The virus writers are counting on your curiousity to spread these nasties. Don't do it. Don't open an attachment from someone you do not know or one with a suspicious file name. Read this excellent article from Computerworld - it tips you off to the latest tricks these bad guys are trying to spread their malware. And update your anti-virus definitions every time you connect to the net if you don't use the automatic update feature.

Has your subscription to McAfee or Norton or Panda expired? Renew it. Or switch to one of the excellent free tools available. A listing of free tools is always available at the Invisible PC web site. Either way, make sure you are up to date.

With new Bagle and Netsky worms, March comes in with a roar - Computerworld:

The original Netsky worm first appeared on Feb. 16. Since then, three more variants have been released on the Internet. Like its predecessors, Netsky.D scans an infected computer's hard drive for files containing e-mail addresses and then sends copies of itself to those addresses, antivirus companies said.

Netsky.D affects machines running Microsoft Corp.'s Windows operating system and arrives in e-mail messages with randomly generated subject lines such as 'Re: Document,' 'Re: Your picture' or 'Re:approved.' The Netsky.D worm disguises its payload as a .pif (for program information file) attachment that also has a randomly generated name such as 'my_details.pif,' 'document.pif' or 'mp3music.pif.'

Unlike its predecessors, NetSky.D doesn't spread on peer-to-peer networks, and doesn't use a .zip file to conceal its contents, according to antivirus company Network Associates Inc.

The gaggle of new Bagle worms that appeared in recent days use many of the same tricks as the new Netsky worms, and some new techniques, according to antivirus companies.

Bagle versions C, D, E, F and G appeared between Saturday and Monday and are variants of the first Bagle worm, which appeared on Jan. 19. All versions target systems running Windows, harvest e-mail addresses from infected machines and open a TCP port to listen for commands from a remote attacker, according to an alert released by computer security company iDefense Inc.

Bagle.C appears to be the most virulent of the bunch. Sophos has received hundreds of reports of messages containing that version, which uses a Microsoft Office 2000 Excel icon to fool users. Other Bagle variants use Windows folder icons, Cluley said.

Bagle versions F and G also use a password-protected .zip file to get past antivirus scanners. Password-protected .zip files have encrypted contents that cannot be read by even sophisticated antivirus scanners. However, virus writers must supply the password information in the body of a message before users can open the .zip and get to the virus file inside, which makes it harder for the worm to spread, he said.

The use of .zip files to hide e-mail viruses is increasingly popular among virus writers, he said.

Many recipients may be used to receiving zipped attachments from correspondents and open the Bagle and Netsky attachments out of curiosity, Cluley said.

eWeek - Virus Outbreak: More E-Mail Worms Are Set Loose

Check your anti-virus signatures. If you're not set to automatically update, maybe this will convince you that it's a good idea. This is the worst outbreak I've ever seen .

Virus Outbreak: More E-Mail Worms Are Set Loose

March 1, 2004
By Dennis Fisher


Maybe it's the weirdness of having 29 days in February or some misplaced glee that spring is coming, but for whatever reason virus writers went on a rampage during the last week, unleashing more than a half-dozen new viruses.

Since Friday, five new versions of the Bagle virus have appeared, not to mention a couple of fresh variants of NetSky. None of the viruses appears to be particularly clever or innovative. However, several of them already have proved to be quite effective.

The most widespread of the new malware is NetSky.C, which has infected nearly 100,000 machines since its debut Feb. 25, according to Trend Micro Inc. NeySky.D also is on the loose and is a bit odd in that it attempts to deactivate two earlier worms, MyDoom.A and MyDoom.B. This variant was gaining ground Monday morning, anti-virus companies said.

But the virus family making the biggest splash this week by far is Bagle. Variants C, D, E, F and G all have appeared within the last few days, and like all of the other new viruses, are mass-mailers. The Bagle viruses typically include a ZIP file that is infected with the actual virus. The sending address is spoofed, and the subject lines and attachment names are random.

The two latest versions of Bagle, F and G, have protected the infected attachment with a password, preventing anti-virus scanners from examining it.

How bad has it gotten? Network Associates Inc.'s AVERT (Antivirus and Vulnerability Emergency Response Team) group has had to go into its emergency process eight times in 2004 already, more often than in all of 2002 or 2003. In anti-virus research, the how and the what are always more easily answered than the why, and this latest wave of attacks is no exception, experts say.

Spam Tide May Be Turning

Now here's a nice thought for a Monday morning...

Spam Tide May Be Turning
By Cameron Sturdevant
March 1, 2004

Major announcements at the RSA Conference here last week - in addition to recent anti-spam technology advances - mark the beginning of the end of spam as we know it.

Ars Technica: Spyware gets another enemy

It appears that some of our elected officials are beginning to understand the magnitude of the spyware issue and are trying to do something about it. As with spam, I believe that legislation and technology together will provide the cure.

Spyware gets another enemy
Posted 02/27/2004 @ 11:51 AM, by Matt Woodward

Spyware (aka malware, adware) is a thorn in the sides of nearly everyone who owns a Windows-based PC. Just like spam, it is an egregious offender that often wastes immense amounts of time for every user who is infected with its presence. Not only that, it often invades the privacy of its unsuspecting users. Unsuspecting? Yes, frequently the more insidious versions automatically install themselves with nary a footnote about its presence nor will it tell you that it spies on every action you take on the Internet. That is just for starters. Other side effects include: changing your default homepage and redirecting you to sites you do not want to visit. When you attempt to remove it, the spyware claims that it is completely removed, but if you look carefully, it is still there and is sometimes nearly impossible to remove.

Much like spam, some analysts deem that half the problem is technological and the other half is legal. Fortunately, a group of computer-savvy Senators are fed up with spyware and are drafting a bill called the 'Software Principles Yielding Better Levels of Consumer Knowledge (SPYBLOCK) Act' (Really. I want to know who comes up with these names...) The new bill aims to minimize the effects of spyware by disarming it on 3 levels: 1) Harmful spyware would be completely prohibited. 2) Spyware must be easy to completely uninstall. 3) Stealthy installation would be no longer allowed.