Invisible PC

Expect 13 Windows patches, some critical

2005-02-07T08:45:00.000-07:00

Expect 13 Windows patches, some critical: "Plan for a very busy Patch Tuesday.

Microsoft said on its TechNet site that it expects to issue 13 security bulletins Tuesday, some of them for critical security holes in Windows Media Player, MSN Messenger, Microsoft Office and Visual Studio.

The software giant won't reveal full details of vulnerabilities to be patched until Tuesday afternoon. But Thursday it revealed that its patch release will address:

* 'Moderate' security holes affecting SharePoint Services and Office;
* 'Important' vulnerabilities in the .NET Framework;
* One or more 'critical' vulnerabilities affecting Microsoft Office and Visual Studio; and
* One or more 'critical' flaws in Windows, Windows Media Player and MSN Messenger."

NevOn: Hidden dangers with public Wi-Fi

2005-01-21T05:59:00.000-07:00

NevOn: Hidden dangers with public Wi-Fi: "It's becoming a common thing to see people sitting in public places - train stations, airports, the local Starbucks - with their laptops, doing their email or writing their blogs, or any manner of things that they'd do when in the office or at home.

How do you know that the wi-fi network you've connected to really is secure?"

Is your password on this list?

2005-01-07T09:55:00.000-07:00

Here's a lengthy list of the most common passwords. If yours is on it, change it now. And, take to heart the warning in the introduction to the list that any word which appears in the dictionary is not a good password.

GeodSoft How-To: Common and Bad Passwords

Opinion from PC Magazine: Panic Over Spyware

2004-12-22T09:01:00.000-07:00

John Dvorak has disovered there's a problem with spyware! Seriously, this article is well worth reading. Despite your best efforts, your PC may be still be vulnerable to some of the latest nasties.

Opinion from PC Magazine: Panic Over Spyware: "Now, if you think that the free antispyware programs are going to help with the nastiest of infections, you are kidding yourself. I've chatted with four spyware vendors over the past couple of weeks and they all agree that it's gotten so bad that the public is only partially aware of the problem. Few users know that their machines are infected.

There is now a firm belief that organized crime, including the Russian mafia, is behind much of this activity. The scene is no longer dominated by kids out for fun.

So what is the spyware used for? There appear to be four primary uses."

Critical Update for Windows XP Service Pack 2 Firewall

2004-12-17T09:02:00.000-07:00

If you use a dial-up connection, you must install this update on your Windows XP SP2 system.

Description of the Critical Update for Windows XP Service Pack 2: "After you set up Microsoft Windows Firewall in Microsoft Windows XP Service Pack 2 (SP2), you may discover that your computer can be accessed by anyone on the Internet when you use a dial-up connection to connect to the Internet."

The security lingo of 2004

2004-12-09T09:13:00.000-07:00

Are you up-to-date on all of the lingo? If you still think phishing refers to attending concerts by a jam band or zombies are characters in "B" horror movies, this article may help.

The security lingo of 2004: "Using some of the security lingo of the last 12 months, you could say 2004 was the year bots hijacked machines and created armies of zombie PCs, opening backdoors for spammers, phishers and all kinds of phreaks."

USATODAY.com - Unprotected PCs can be hijacked in minutes

2004-12-05T07:26:00.000-07:00

The time it takes for an unprotected PC to be attacked on the net has decreased to essentially zero according to a new study reported in USA Today.

Simply connecting to the Internet — and doing nothing else — exposes your PC to non-stop, automated break-in attempts by intruders looking to take control of your machine surreptitiously.

While most break-in tries fail, an unprotected PC can get hijacked within minutes of accessing the Internet. Once hijacked, it is likely to get grouped with other compromised PCs to dispense spam, conduct denial-of-service attacks or carry out identity-theft scams.

Those are key findings of a test conducted by USA TODAY and Avantgarde, a San Francisco tech marketing and design firm. The experiment involved monitoring six "honeypot" computers for two weeks — set up to see what kind of malicious traffic they would attract. Once breached, the test computers were shut down before they could be used to attack other PCs.

The test did not measure Web attacks that require user participation, namely spyware, which gets spread by visiting contagious Web sites, or e-mail viruses, which proliferate via e-mail attachments.

Microsoft Monitor: New IE Security Update

2004-12-01T13:41:00.000-07:00

If you're using Internet Explorer and not running Windows XP SP2 - get this patch... now!

Microsoft Monitor: New IE Security Update: "Today, Microsoft released a cumulative security patch for Internet Explorer, available here. The update is an out-of-cycle patch, which means Microsoft regards it as fairly important. Microsoft typically issues security patches on the second Tuesday of every month, so December 14 is next scheduled release. Customers running older Windows versions are at greatest risk. Those running Windows XP with Service Pack 2 don't need the update."

AOL to Release 9.0 Security Edition

2004-11-18T11:56:00.000-07:00

Say what you will about AOL - this is welcome news for the millions of AOL customers and, by extension, everyone on the net.

BetaNews | AOL to Release 9.0 Security Edition: "The message coming from America Online could not be any clearer: 'We will keep our customers safe online.' Even though the market is awash with security software, AOL has stepped in for its members and delivered a fortified version of AOL 9.0, dubbed 'Security Edition,' that secures the perimeter around its flagship client software.

Customers who download AOL 9.0 Security Edition will receive antivirus software and a firewall from McAfee, spyware detection, a pop-up blocker and a host of other amenities at no additional charge. AOL has also worked under the hood on an assortment of improvements that advance the quality of its service."

Small Business Pipeline | The Only True Fix For Windows

2004-11-17T11:46:00.000-07:00

Small Business Pipeline | The Only True Fix For Windows, according to the author is to completely rebuild your PC from scratch. This is something I do every 9-12 months, in part because of the huge amount of software I test (installing/uninstalling software is a surefire way to mess up your Windows installation). If your PC has become totally brain-dead or so infected you can not get it clean, this is a good basic guide to rebuilding a PC from the ground up.

My only complaint about the article is that I don't think the author spends enough time talking about securing your sparkling new PC immediately by downloading and having available locally the core set of antivirus, anti-spyware, and other protection tools I recommend in The Invisible PC Toolkit (whihc you can find on The Invisible PC website).

AVG Version 7 Free Edition now available

2004-11-15T13:47:00.000-07:00

I've been recommending AVG as the best free antivirus for some time. The new, vastly improved version 7.0 is now available for download. If you've been looking for a good AV package this is it.

"In our ongoing efforts to provide the best possible protection against computer viruses for individual consumers, we felt it was the appropriate time to overhaul and revise our hugely successful Free Edition of AVG so that consumers could realize some of the benefits and features of the considerable development and improvement that AVG has undergone” commented Peter Lipa, President of Grisoft Inc. “ We have successfully completed the beta trials of the new version of AVG Free, which has been received very positively by the many testers who participated in the program. The new AVG Free Edition is available to all users on November 10th 2004. As to ensure that there will be no loss of protection to our individual AVG Free users, both versions of AVG Free will be available for approximately the next two months so that these users will have plenty of time to download and install the updated version before their current version expires."

MSNBC - Online users not safe as they think

2004-10-25T07:34:00.000-06:00

A new study concludes that 77% of home computer users are wrong in thinking that they are safe from internet predators. Visit The Invisible PC website and get tools to secure your PC against virus, worm, Trojan, and hacker attacks.

MSNBC - Online users not safe as they think: "Internet users at home are not nearly as safe online as they believe, according to a nationwide inspection by researchers. They found most consumers have no firewall protection, outdated antivirus software and dozens of spyware programs secretly running on their computers."

Expert: 0-day exploit targets Microsoft flaw

2004-10-21T10:06:00.000-06:00

Expert: 0-day exploit targets Microsoft flaw: "A zero-day exploit targeting one of the latest Microsoft flaws was publicly announced Tuesday, but don't worry -- there are workarounds, says a security expert. "

Download the registry patch linked at the end of the article and double-click it after it's on your machine. It will prevent this exploit from working on your PC.

SANS Top 20 Vulnerabilities released

2004-10-12T13:28:00.000-06:00

Every year, SANS, a leading info security training organization, releases a list of the top 20 vulnerabilities of the previous year. Actually, it's two Top 10 lists - one for Windows and one for UNIX/Linux. Not suprisingly, browsers and file-sharing figure prominently in the list for Windows. There's good information to be gotten here but this is written for a technical audience.

SANS Top 20 Vulnerabilities - The Experts Consensus: "The vast majority of worms and other successful cyber attacks are made possible by vulnerabilities in a small number of common operating system services. Attackers are opportunistic. They take the easiest and most convenient route and exploit the best-known flaws with the most effective and widely available attack tools. They count on organizations not fixing the problems, and they often attack indiscriminately, scanning the Internet for any vulnerable systems. The easy and destructive spread of worms, such as Blaster, Slammer, and Code Red, can be traced directly to exploitation of unpatched vulnerabilities."

New Windows vulnerability from JPEG graphics

2004-09-23T15:42:00.000-06:00

New computer code that exploits a recently disclosed hole in Microsoft Corp.'s Internet Explorer Web browser is circulating on the Internet and could allow remote attackers to take full control of vulnerable Windows machines, according to warnings from antivirus companies and Internet security experts.

Spam worse than ever

2004-09-09T13:27:00.000-06:00

Spam worse than ever :: AO: "Spam worse than ever
CBS MarketWatch

NewsTeam | CBS [MarketWatch] | POSTED: 09.09.04 @09:19
Almost three of every four e-mail messages last month were spam messages, according to Postini Inc., a provider of e-mail filtering services for company networks. Despite the federal CAN-SPAM Act and federal arrests of bulk e-mailers, spam accounted for 76 percent of all e-mail processed by Postini in August. 'The spam problem is just too large for laws alone to stop,' said Andrew Lochart, director of product marketing. He said a total of 5.7 billion messages were reviewed during the month and 15 percent of them, or 85 million, included viruses. "

Best Practice: When to run the Windows XP SP2 Windows Firewall

2004-08-25T09:29:00.000-06:00

Here's a good overview of the new Windows Firewall that is part of the Windows XP SP2 update.

Best Practice: When to run the Windows XP SP2 Windows Firewall: "The Windows Firewall included in Windows XP SP2 is a great new feature to secure the operating system. But Microsoft recommends that you run only one firewall on your computer, because the Windows Firewall may not have enough of a feature set to allow corporate users to manage intrusions."

Microsoft offers tips for security at home

2004-08-12T11:15:00.000-06:00

Microsoft's Security at home web page has a great selection of articles and links to information about keeping your home PC safe.

Consumer Reports: "Only 41% of households are protected against spyware"

2004-08-10T05:46:00.000-06:00

AlwaysOn: "Computer users long have been plagued by unwanted e-mails and the threat of viruses, but emerging threats such as spyware and the practice called 'phishing' continue to make a jaunt through cyberspace potentially even more daunting.

While spyware represents a real threat to those accessing the Internet from home, relatively few users have taken steps to guard themselves against it, according to a study by Consumer Reports released late Monday.

Although there is some disagreement over the exact definition of spyware, it broadly describes a wide range of unwanted programs that do things like secretly gathering information about a user's computer and Internet usage, and transmitting it to a third party. It can also take over Web browsers and serve up unwanted ads, slowing a computer to a crawl and making operating systems unstable.

As with spam e-mails, spyware is often used by third-party marketing companies that are associated with reputable companies whose products they push.

In the nationally representative study of 2,000 homes with Internet access, 36 percent of households reported a telltale sign of spyware on their computer: the homepage of the Web browser had been automatically changed without their consent.

However, only 41 percent of surveyed households said they use software to detect or remove spyware at home.

'In other words, most consumers haven't taken the most obvious step to fend off spyware,' the nonprofit consumer advocacy group said."

Desktop Pipeline | News | EarthLink, Webroot Report Spyware Doubling In Second Quarter

2004-08-06T07:43:00.000-06:00

The risks of remaining unprotected continue to rise. If you're not running spyware detection and removal programs on your PC, you risk having your personal information, including passwords and credit cards, compromised. Visit The Invisible PC website to find links to free tools you can use to protect yourslef.

Desktop Pipeline | News | EarthLink, Webroot Report Spyware Doubling In Second Quarter: "Spyware continues to plague computer users, according to numbers released Wednesday by Internet provider EarthLink and anti-adware vendor Webroot.

The firms' third joint SpyAudit report noted that although the incidence of spyware's most dangerous forms -- systems monitors such as key loggers and Trojans that can open the machine to hacker hijacking -- dipped slightly from May to June, it nearly doubled from the first to the second quarters of 2004.

In the first quarter, SpyAudit found some 253,00 pieces of spyware it categorized as system monitors or Trojans, while during the second quarter the number jumped to approximately 447,000."

e-Security Guide for Small Business

2004-08-04T06:35:00.000-06:00

Microsoft is offering a free Small Business Guide to Security (PDF) that's well worth the download. If you have small business (or home) network based on Microsoft operating systems, you'll undoubtedly find a tip or two in this guide.

e-Security Guide for Small Business

We know how much security and dependability mean to you in today's business computing environment. And we want to help. That's why we created the e-Security Guide for Small Business explicitly for small-business owners. Download this free technology resource to get tips, tricks, and how-to information you can use right away to help protect your PC and your business. You'll learn:

• How to help protect your network against the most common threats
• How to help guard valuable business information
• How to help thwart viruses and hackers
• Plus pointers to additional security resources, including a sample small business security plan

Mydoom, Zindos, and Doomjuice Worm Removal Tool

2004-08-03T06:04:00.000-06:00

Run Windows Update to get your Internet Explorer patched and download and run this small utility (120K) to make sure you have not been infected with the latest MyDoom virus variants.

Download details: Mydoom, Zindos, and Doomjuice Worm Removal Tool: "This tool helps to remove the Mydoom.A, Mydoom.B, Mydoom.E, Mydoom.F, Mydoom.G, Mydoom.J, Mydoom.L, Mydoom.O, Zindos.A, Doomjuice.A, and Doomjuice.B worms from infected systems. Once the tool has run�after the End-User License Agreement (EULA) is accepted�it automatically checks for infection and removes any of the targeted worms that are found. If a machine is infected with the Mydoom.B worm, the tool also provides the user with the default version of the hosts file and set the 'read-only' attribute for that file. This action enables the user to visit previously-blocked Microsoft and antivirus Web sites."

New Microsoft Patch for IE Fixes Three Critical Problems -RSS

2004-07-30T13:11:00.000-06:00

New Microsoft Patch for IE Fixes Three Critical Problems : "Microsoft released a new patch, MS04-25 'Cumulative Security Update for Internet Explorer (867801),' for Internet Explorer 5.01, 5.5, and 6.01, that fixes three critical problems in the browser.

The patch will help prevent such nuisances as the 'Download.Ject' exploit launched against IE users last month. The patch also corrects two buffer overflow problems. One problem involves GIF files where that can cause a buffer overflow in MSHTML.DLL. The other problem involves bitmap images, where malformed bitmap images can cause a buffer overflow.

Microsoft said that the update, which is available for Windows NT, Windows 2000, Windows XP, and Windows Server 2003, replaces all previous updates released for the browser. No update is available yet for Windows 95, Windows 98, and Windows ME, however Microsoft said that an update for those operating systems 'will be made available as soon as possible following the release. When these security updates are available, you will be able to download them only from the Windows Update Web site.'"

From Windows + .Net Magazine

70% of virus activity linked to one man, Sophos report reveals

2004-07-30T06:21:00.000-06:00

If you weren't frightened before reading this, you should certainly see the wisdom in locking down your PC with appropriate defenses now. If a teenager can create this much havoc on his own, you have to see that being connected to the Net requires preparation and vigilance.

70% of virus activity linked to one man, Sophos report reveals: "A report published by Sophos, a world leader in protecting businesses against viruses and spam, has revealed that 70% of virus activity in the first half of 2004 can be linked to a German teenager.

Sven Jaschan, 18, is the self-confessed author of the Netsky and Sasser worms which hit internet users hard in the first six months of the year."

Visit the Invisible PC website and get the tools you need to secure your PC.

Microsoft Readies Next Round of IE Patches

2004-07-29T06:20:00.000-06:00

Make sure you have Automatic Updates (notification at the very least) turned on. You want to get this patched ASAP!

Microsoft Readies Next Round of IE Patches: "Microsoft officials say the company is prepping a patch for its Internet Explorer browser to plug the vulnerability exploited by the Download.Ject attacks in June. The patch is expected sometime next week, several weeks before the next scheduled batch release of security fixes."

Spy Sweeper 3.0 review by PC Magazine

2004-07-24T06:49:00.000-06:00

I have to agree with this review. Although it's not perfect (no defense ever is), this is a great tool to keep malware off your PC.

Spy Sweeper 3.0 review by PC Magazine: "Even as adware and spyware evolve into more aggressive forms, antispyware utilities are becoming more effective at combating these pernicious pests. Webroot's Spy Sweeper 3.0 improves on the capabilities of Spy Sweeper 2.2, our previous Editors' Choice, with solid (if still imperfect) spyware-removal capabilities, an improved interface, and the most effective real-time blocking we've seen yet. Although Spy Sweeper couldn't fully counter the effects of all adware and spyware in our testing, it remains the best single product that we've used in this category."

Security | IE May Be Hazardous To Your Computer's Health | Small Biz Pipeline

2004-07-21T06:30:00.000-06:00

Security | IE May Be Hazardous To Your Computer's Health | Small Biz Pipeline: "At the bottom of a recent vulnerability note posted by the US Computer Emergency Readiness Team (CERT) is a chilling paragraph header in the Solutions section: 'Use a different web browser' (than IE). This has been our company policy for about four months, ever since our System Administrator, who is no security slouch himself, had his machine infected by some sort of malware that brought it down and necessitated a day-long cleanup. Yes, he had anti-virus software installed, we have a firewall, and his IE security settings were tight. Clearly, however, unless you crank up security to the maximum level -- disabling Active scripting and ActiveX controls in the Local Machine Zone, and also disabling browser helper objects -- IE can not be considered a 'safe' browser.

* http://www.kb.cert.org/vuls/id/713878
* http://support.microsoft.com/?kbid=870669"

If Microsoft says critical, 'sit up and listen'

2004-07-20T12:27:00.000-06:00

If Microsoft says critical, 'sit up and listen': "'If Microsoft says there is a critical problem with its software, (you) should sit up and listen. (Everyone) should ensure they have the resources in place to see which of the vulnerabilities may affect them and apply the fixes as necessary,' Graham Cluley, senior technology consultant for Lynnfield, Mass.-based antivirus firm Sophos, said in a statement. 'In the past we have seen worms exploiting Microsoft security holes appear within a couple of weeks of Microsoft's announcement. Smarter (users) will be putting protection in place now rather than waiting to see if an attack occurs.'"

For July, a Sweeping Set of Security Fixes

2004-07-14T07:37:00.000-06:00

Needless to say, you should run Windows Update immediately and get these critical updates applied to your system.

For July, a Sweeping Set of Security Fixes -RSS: "After two months in which it released only a smattering of security fixes, Microsoft on Tuesday issued seven security patches, two of which it identified as critical. However, the software giant has still not fixed a set of glaring issues with Internet Explorer (IE), its dominant Web browser that has come under increasing attack in recent weeks.
The two critical fixes both address problems with Windows components, including the Task Scheduler and HTML Help; both problems affect numerous Windows versions. And in both cases, a successful exploit could lead to remote users running code on the infected systems, leading Microsoft to label them as critical vulnerabilities."

iMedia Connection: Spam is More Stressful than Traffic

2004-07-08T16:35:00.000-06:00

iMedia Connection: Spam is More Stressful than Traffic: "Yahoo! Mail surveyed users in eleven countries -- Argentina, Australia, Britain, Brazil, France, Germany, Hong Kong, Italy, Japan, Spain and the United States.

The survey found that Americans in general are either extremely active and knowledgeable about eliminating spam -- or very uninformed and indifferent. To protect themselves, 78 percent of Americans delete spam messages and 58 percent use a spam filter.

However, one-third of Americans continue to respond to spam messages, perpetuating the problem. What's worse, one out of five people admit to purchasing products from spammers.

Of others who admit they respond to spam, the Japanese stand out as the most active, with almost one-half of the survey respondents indicating they send spammers angry replies.

Most Brazilians, on the other hand, simply never respond, followed by the French."

SC Magazine has a great article on the dangers of spyware

2004-07-07T07:17:00.000-06:00

SC Magazine: "Spyware is a term whose use is becoming increasingly frequent in the lexicon of internet security threats. Just as computer users begin to think that their systems are protected against current menaces � various types of computer malware and spam, etc, so they are faced with yet another challenge. But just how big a threat is spyware for the corporate and home computer user today?"

Get the IE patch now! This is not one to fool around about.

2004-07-03T06:11:00.000-06:00

Following last week's revelation of an attack that could potentially expose all of your private information to Russian hackers, Microsoft has finally released a configuration change for Internet Explorer to mitigate the risk. This is not a fix, but it will address the specific attack these mobsters were using. Get it now. It takes seconds via Windows Update. Unless you are already running the beta of Service Pack 2 for Windows XP, you are vulnerable. This is serious enough that CERT (the US Computer Emergency Response Team) suggested for the first time that users consider switching to a different browser.

WinInfo Short Takes: Week of July 5: "Microsoft Addresses Download.Ject Attack
Microsoft has released a 'configuration change' for Windows Server 2003, Windows XP, and Windows 2000 that improves system resiliency against the Download.Ject electronic attack, which caused panic attacks among security consultants and IT administrators last week. The company will post the changes to Microsoft Windows Update later today and will release them through Automatic Updates. The changes are also available for direct download from the Microsoft Web site. "

Is it finally time to dump Intenet Explorer?

2004-06-29T14:43:00.000-06:00

You know things are getting bad when the US CERT suggests switching to another browser!

US-CERT: Beware of IE: "The U.S. government's Computer Emergency Readiness Team (US-CERT) is warning Web surfers to stop using Microsoft's Internet Explorer (IE) browser.
On the heels of last week's sophisticated malware attack that targeted a known IE flaw, US-CERT updated an earlier advisory to recommend the use of alternative browsers because of 'significant vulnerabilities' in technologies embedded in IE."

Desktop Pipeline | Evaluating Windows XP Service Pack 2 RC2

2004-06-25T11:21:00.000-06:00

Starting today, Scot Finnie takes a look at the security improvements in Windows XP SP2. Today's installment looks at the new Windows Firewall.

Desktop Pipeline | How-To | Evaluating Windows XP Service Pack 2 RC2: "There are also some advantages to having a firewall onboard. Windows Firewall offers solid basic protection, it's better than ICF (Internet Connection Firewall, the utility it replaces), and it's a lot better than nothing. Windows Firewall is easier to configure, and more importantly, it's better about staying out of the way of your applications. It also now has improved protection during boot and shutdown, something all top-notch software firewalls provide.

The biggest benefit, though, is probably as stand-in protection for mobile PCs connected to hotels and hotspot wireless networks. They're protected back in the office, but on the road or when working at home, they're often sitting ducks. It's very easy to turn Windows Firewall on, and the 'Don't Allow Exceptions' mode locks things down with a very simple control. "

One third of PCs have spyware on them!

2004-06-18T05:46:00.000-06:00

Are you part of the one-third of the population that has spyware on their system? Get the tools I recommend at the Invisible PC website and make sure.

SC Magazine: "One-third of PCs infected by spyware
by Dan Ilett

One third of PCs could be infected by spyware.
According to research from anti spyware firm Webroot Software and ISP EarthLink, 500,000 system monitors and Trojan horses were discovered from 1.5 million spyware scans completed."

Retail PCs can reach customers without latest patches - Computerworld

2004-06-17T05:55:00.000-06:00

Here's a good reminder. That shiny new PC has probably been sitting on a shelf for a while and in't up to date with the latest patches and anti-virus signatures. Most new PCs don't come equipped to deal with the dangers on the Net in any case. Visit The Invisible PC web site and download the recommended tools before you plug your new PC into the network. Install them first, then connect and get the latest updates.

Retail PCs can reach customers without latest patches - Computerworld:

"Current PC users are constantly reminded about the need to download patches and operating system updates as soon as they are made available. But those users may not realize that a 'new' PC might have been sitting in a warehouse for several months, and might lack the most recent patches required to keep it safe from viruses and worms. "

Spam costs $2K per employee

2004-06-09T20:40:00.000-06:00

Nucleus Research claims spam will cost US employers $2K per employee in lost productivity. Nucleus found that unsolicited e-mail reduced employee productivity by a staggering 1.4%. Spam-filtering solutions were doing little to control this onslaught, reducing spam levels by only 26% on average. More on this topic at ITFacts.biz.

Ad-Aware adds SpyHunter to removal list

2004-06-02T06:52:00.000-06:00

Lavasoft's newsletter this month explains why the SpyHunter application from Enigma Software has been added to their Ad-Aware spyware database. The application, they explain, is actually loaded with it's own spyware and reports private information about the user's machine. This news is not yet avaialable on the Lavasoft web site and so I'm copying it here (it's long):

SpyHunter now included in Ad-aware's database

By Åsa Karlsson - Content Manager

Enigma Software Group Inc. is the company behind the SpyHunter software. They claim that “Our suites are built to address the need of privacy protection and computer security. We empower internet users to take control over their computers against Spyware, parasites, SPAM, and others obtaining your personal information online!” However, what’s not disclosed is the hidden transmission of the Microsoft Windows Product ID to their servers every time their software checks for an update. They also uniquely identify their users by use of a unique ID for each installation. This unique ID is also sent to their servers undisclosed. This is something we at Lavasoft find highly questionable and unethical.

Enigma Software Group also uses questionable methods to market their software SpyHunter. Their pop-up ads resemble virus alerts from well-known anti-virus programs, and DOS windows displaying fake scan results.

The pop-up ads can be found here:
http://www2.enigmasoftwaregroup.com/TMP/1.htm
http://www2.enigmasoftwaregroup.com/TMP/2.htm
http://www2.enigmasoftwaregroup.com/TMP/3.htm
http://www2.enigmasoftwaregroup.com/TMP/4.htm

and here (mirrored site):
Example 1
Example 2
Example 3
Example 4

Internet users are tricked into believing their computers are infected with “a spyware virus” and that they must download and scan their computers with SpyHunter to get rid of it. The SpyHunter scanner is free to download, but in order to remove these items, the software must be purchased.

Earlier this year the so-called anti-spyware software SpyBan was removed from the website Download.com because adware was installed along with the software. According to News.com SpyBan “had failed to disclose and explain all the software components included in its installation, a violation of the Web site's policies”.

Enigma Software Group’s End User Licence Agreement does not contain information about SpyHunter transmitting a client id or the Product ID of the Microsoft Windows Operating System. That is why we at Lavasoft hope that SpyHunter will be removed from the Download.com website soon.

Why SpyHunter has been added to Ad-aware's database
While some may claim adding SpyHunter to Ad-aware’s database is an attempt to defame a competitor, our users trust us with protecting their privacy, and when another company is doing the very thing they’re claiming to help protect against, Ad-aware is there to ensure our users’ privacy isn’t deceptively violated.

All items added to Ad-aware’s database are qualified using a Threat Assessment Chart (TAC) prior to inclusion. The system is based on a total of 10 points, 1 being the least and 10 being the most threatening and/or problematic. Behavior and intent weigh more heavily towards becoming a legitimate detection than do the technical aspects. Please note that applications that are difficult to remove and cause system instability due to poor coding and DO NOT contain any further violations as described below ARE NOT considered for inclusion in the Ad-aware database.

Points are added according to the following criteria:

Removal – One Point
Integration – Two Points
Distribution – Two Points
Behavior – Three Points
Privacy – Two Points
An application requires a TAC number of three or higher to be included in the database.

More information about the TAC can be found on the Threat Assessment Chart page.

SpyHunter from Enigma Software Group Inc. has received a TAC level of four and has been added to the database. The TAC level was determined using the following information:

Removal – No Points Received
This item does not have any characteristics which match those defined in the Removal section.

Integration – No Points Received
This item does not have any characteristics which match those defined in the Removal section.

Distribution – Two Points Received
This item’s End User Licence Agreement (EULA) does not contain information pertaining to the transmission of a client id or the Product ID of the Microsoft Windows Operating System. This transmission is not disclosed in the EULA. More information about this transmission can be found in the Privacy section.

Behavior – No Points Received
This item does not have any characteristics which match those defined in the Removal section.

Privacy – Two Points Received
This item transmits the Product ID of the Microsoft Windows Operating System. This ID is transmitted as part of the update check process. MemScanner is the memory-resident portion of Enigma.SpyHunter. This component transmits a Unique ID during its update process.

SpywareGuard - Another great tool from JavaCool

2004-05-28T05:57:00.000-06:00

SpywareGuard: "SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard.

SpywareGuard now also features Download Protection and Browser Hijacking Protection!

Features Listing:
- Fast Real-Time Scanning engine - catch and block spyware before it is executed (EXE and CAB files supported) with signature-based scanning for known spyware and heuristic/generic detection capabilities to catch new/mutated spyware
- Download Protection - prevent spyware from being download in Internet Explorer
- Browser Hijacking Protection - stop browser hijacking activity in real-time
- SG LiveUpdate - provides an easy updating solution
- Small size - with a small size and small definition sizes, download and updates are quick
- Report Capabilities - keep a detailed log of all spyware detected
- Spyware files are blocked before being opened or run - they are not simply shut down after they are loaded in memory (and after they have performed their tasks)
- It's a free download "

Spybot Search and Destroy - WinPlanet Windows Software Reviews

2004-05-23T07:04:00.000-06:00

Forrest Stroud has written an excellent review of the new Spybot Search & Destroy 1.3. This is a critical part of the Invisible PC toolkit and Stroud highlights many of the improvements this update offers. Read it, get it, install it, and be safer.

Spybot Search and Destroy - WinPlanet Windows Software Reviews: "Believe it or not, once upon a time securing our computers didn't require an arsenal of utilities and never-ending maintenance. In those days, which we'll call the pre-Internet period, keeping your computer free of viruses, spyware, trojan horses, adware, and the like entailed little more than not sharing your floppy disks with other computers.
But the advent of the Internet, while great in so many ways, has brought about threats and activity that demand nothing less than full-time attention � from you, your IT staff, or automated scanning utilities. Can you even imagine a life without real-time virus scanning and near-daily security updates from Microsoft?"

Zone Labs Security Scanner

2004-05-16T07:42:00.000-06:00

Zone Labs, makers of the excellent (and highly recommended) ZoneAlarm personal firewall, now offers a free spyware scanning service you can perform anytime, online, to check your system. A very nice free service.

Zone Labs Security Scanner

Scan for a range of Internet tracking devices... and delete them.

Simply surfing the Internet exposes your browsing habits to others. Files can be placed on your computer to track your activity online and report back to questionable parties. These tracking devices are unwanted files that invade your Internet privacy.

These unwanted files, also referred to as 'cookies', can facilitate or perform the following types of actions:

- Profile your online behavior
- Track Web sites you visit
- Trigger targeted pop-up ads
- Record search terms and form entries

The Zone Labs security scanner quickly informs you of the presence of these unwanted files. There is no limit to the number of scans you can perform.

Teen Busted For Sasser Worm as New One Hits

2004-05-11T15:48:00.000-06:00

In addition to the news below about the latest Sasser worm variant, Microsoft announced today that 1.5 million people have downloaded their Sasser detection and removal tool. Have you? Are you patched? Is your anti-virus software up-to-date?

Teen Busted For Sasser Worm as New One Hits

By Ryan Naraine

Even as Microsoft and law enforcement authorities celebrated the arrest of a German teenager believed to be the mastermind behind the malicious Sasser worm, anti-virus firms have quarantined yet another mutant attacking vulnerable Windows users.

Over the weekend, Microsoft announced the arrest of an unidentified 18-year-old in connection with the creation and distribution of the Sasser worm that exploits a flaw in the Local Security Authority Subsystem Service (LSASS), but the new development does not end to the threat.

According to anti-virus specialist Symantec, a new variant (W32.Sasser.E.Worm) has appeared and is exploiting the LSASS vulnerability described in Microsoft's MS04-011 patch. Sasser.E, which is being widely distributed, spreads by scanning randomly selected IP addresses for vulnerable systems. 'W32.Sasser.E.Worm can run on, but not infect, Windows 95/98/Me computers. Although these operating systems cannot be infected, they can still be used to infect vulnerable computers,' Symantec warned.

MS to Help Zap Worms Automatically

2004-05-07T10:35:00.000-06:00

Looks like security will be the focus for the second half of the year for Microsoft. XP Service Pack 2 has been delayed until the Fall which is another security-focused release from Redmond.

MS to Help Zap Worms Automatically: MS to Help Zap Worms Automatically
By Ryan Naraine

Microsoft (Quote, Chart) is working on a plan to include worm removal tools in a new feature called Microsoft Update that's on schedule for release by this year's end.

With the proliferation of destructive worms like Blaster, NetSky and Sasser escalating daily to pose an ever-greater threat to home users, Microsoft plans to release the new Microsoft Update as part of the larger Windows Update patch management platform.

Depending on the threat level of malicious worms, the software giant will automate the worm removal process. This goes beyond Microsoft's latest moves to create disinfection tools to deal with major virus outbreaks.

Microsoft: Almost 1.5M download Sasser cleanup tool - Computerworld

2004-05-06T06:00:00.000-06:00

This worm is on the move and mutating quickly. Get the removal tool nd make sure your Windows patches are up to date.

Microsoft: Almost 1.5M download Sasser cleanup tool - Computerworld

News Story by Paul Roberts

MAY 05, 2004 (IDG NEWS SERVICE) - Almost 1.5 million Windows customers downloaded a cleanup tool for the Sasser Internet worm in the first two days after Microsoft Corp. began offering the tool on Sunday, according to a Microsoft spokeswoman.

The number of downloads is one indication of the number of Windows computers infected with Sasser, and it's bigger than most estimates from computer security companies. Still, the total number of infected systems could be even higher, especially when infections on computer networks are taken into account, the spokeswoman said.

Sasser, which appeared on Friday, exploits a recently disclosed hole in a component of Windows called the Local Security Authority Subsystem Service, or LSASS. Microsoft released a software patch, MS04-011, on April 13 that plugs the LSASS hole (see story).

Sasser Worms Continue to Threaten Corporate Productivity

2004-05-05T16:17:00.000-06:00

Sasser Worms Continue to Threaten Corporate Productivity:

Sasser Worms Continue to Threaten Corporate Productivity
May 4, 2004

More and more companies worldwide are losing production due to attacks from the Sasser worms, according to Panda Software this afternoon. The four variants of Sasser are all among the 10 viruses most frequently detected by Panda Software, although Sasser.B is causing more damage than the others. To protect against this epidemic, users should install the patch released by Microsoft to correct the LSASS vulnerability.

Netsky worm variant targets the security conscious

2004-05-04T14:10:00.000-06:00

They're getting sneakier all the time. Regardless of the message, do not open or run unsolicited attachments. If you get an attachment from someone you know that you are not expecting, check with them to see if they actually sent it before opening the file.

Netsky worm variant targets the security conscious: First it began with an onslaught of Sasser worms over the weekend. Now a Netsky variant claiming to be a fix for Sasser is on the move.

"The latest Netsky worm is incredibly sneaky in the social engineering it uses to infect innocent computer users. It knows people are panicking right now about Sasser so it presents itself as a fix for Sasser from one of several well-known antivirus firms,' said Graham Cluley, senior technology consultant for U.K.-based Sophos. 'All users should be wary of launching unsolicited e-mail attachments."

seattlepi.com Microsoft Blog: On the trail of Sasser

2004-05-03T15:44:00.000-06:00

More information on the Sasser worm. If you aren't patched yet and don't run a firewall, you're going to get bitten by this one. Run Windows Update now and if you're running Windows XP, at least turn on the built-in Internet Connection Firewall. Better yet, go to the Invisible PC web site and click on "Tools" and get the free Zone Alarm firewall.

seattlepi.com Microsoft Blog: On the trail of Sasser: On the trail of Sasser

Here's a collection of stories about 'Sasser,' the latest virus to target Windows.

Associated Press: New virus snarls thousands of computers

PC World: Experts probe Sasser, Netsky link

ComputerWorld: Corporate users wary of Sasser worm

ZDNet: Newest Sasser worm a greater danger

TechWeb: How to protect PCs against Sasser

ArsTechnica: Could Sasser be the MSBlast of 2004?

Free scanning tool for Sasser worm

2004-05-02T06:33:00.000-06:00

eEye, a security analysis firm has made a free scanning tool available to check for the "Sasser" worm. The latest Microsoft Critical Updates provide protection against this worm but if you haven't updated your system, you might want to download and run this scanner and get your OS patched!

eEye Offers Free Scanning Tool to Identify Workstations Vulnerable to "Sasser" Worm

As a service to the network security community, eEye has announced the availability of a free tool to scan network computers and detect if any are vulnerable to the "Sasser.A" worm currently circulating worldwide. The tool allows administrators to quickly identify vulnerable workstations that do not contain the patch required to protect from the attack, and it provides information on where to locate the patch made available from Microsoft.

Download the FREE Retina Sasser Audit Tool here:
http://www.eeye.com/html/Research/Tools/Download.asp?file=RetinaSasser

Blaster Redux? SSL Worm Threat Rising

2004-04-29T10:57:00.000-06:00

Heads up! Sounds like there's a storm brewing.

Blaster Redux? SSL Worm Threat Rising:

"Security experts have spotted the first signs of a Blaster-like worm circulating underground, prompting fears that major Internet disruptions could be less than a week away.

Anti-virus firms on Wednesday warned of abnormal port-scanning activity and evidence of a backdoor Trojan infecting machines through a known vulnerability in Microsoft (Quote, Chart) IIS servers.

And, as was the case when the Blaster virus hammered corporate networks last August, a patch for the flaw has already been issued by Microsoft.

'This is an urgent situation. We're in the mode right now where we are strongly recommending that the patches be applied. The only way this won't be as disruptive as Blaster is for people to patch their IIS servers,' according to Symantec's Jonah Paransky.
Paransky, a senior manager of security product management at Symantec, told internetnews.com it was 'highly likely we're see self-propagating malicious code' released in the coming days."

Password protection no match for Easter egg lovers

2004-04-27T16:24:00.000-06:00

Unbelievable. This is the third year in a row that this story has run and people still don't seem to get it. Do not share your password with strangers.

Password protection no match for Easter egg lovers:

"Forget sophisticated, AV-disabling network worms masquerading as an e-vite party link from a college friend. Next time you want to access someone's computer system without permission, just offer candy.

A recent survey of 172 office workers waiting for commuter trains at a London financial district transit station found a shocking 71% turned over their passwords in exchange for a chocolate Easter egg. Some even gave up the goods for a pen.

'We were really quite shocked at how easy it was to get them to give such sensitive information away,' said Neil Stinchcombe, one of the researchers who took part in the third annual survey on office scruples to help promote the upcoming Infosecurity Europe 2004 conference this month in London.

'Slightly more people gave up their passwords last year, but we did it in the West End, which is our theater district,' Stinchcombe explained. 'These are more security conscious people this year, and still they gave up their passwords so easily.' "

The cost of spyware

2004-04-26T05:26:00.000-06:00

Network World's Mark Gibbs weighs in on the costs of spyware and why it's critical you keep this stuff off of your machine.

The cost of spyware: "If you're starting to think these programs are dangerous, you're right. They often slow down browsing and overall PC performance, can make your system unstable, and waste huge amounts of time and money. And on top of that, hacker-type spyware easily can bypass every bit of security you have, creating horrendous security problems.

So what might spyware be costing you? We'll start by assuming a fully loaded user salary is $72,000 per year and there are 260 working days per year. If a spyware infection involves nothing more than getting rid of it when found, and that process takes the user and the support person she works with, say, two hours to fix, then we're looking at a cost per incident of:

($72,000/260 days)*((2 people * 2 hours)/(8 hours per day)) = $138"

'Osama Captured' e-Mail is Malicious Trojan

2004-04-23T13:28:00.000-06:00

Please don't fall for this scam. When he's captured, trust me, you'll know about it.

'Osama Captured' e-Mail is Malicious Trojan: "Those 'Osama Bin Laden Captured' e-mails hammering your in-box today will attempt to download a Trojan if the embedded URL is clicked, anti-virus experts warned Friday.
Glendale, Calif.-based Panda Software said the URL embedded in the e-mail directs users to what appears to be an advertising page before exploiting a known security vulnerability in Microsoft's Internet Explorer (IE) browser to download the trojan.
The fake news item, purporting to come from CNN or the BBC and promising photographs and video of Bin Laden's capture, first appeared on instant messaging networks earlier this month. According to security analysts, it is yet another use of social engineering tactics by spammers to direct traffic to Web sites."

Spyware in the office - Computerworld

2004-04-23T06:45:00.000-06:00

Computerworld has a good opinion piece on the implications of spyware in the office. A lot of this applies just as well to your home PC. Well worth reading.

Spyware in the office - Computerworld: "Threat or nuisance?

Spyware, sometimes called adware, snoopware or sneakware, is software that secretly gathers information about a user and relays that information to another party over the Internet. In many cases, users unknowingly install spyware when they download freeware or shareware, even though references -- often obscure -- to spyware might be included in the program's end-user agreement. In other instances, spyware programs are automatically installed when a user simply views an HTML e-mail or visits a certain Web page.

At its mildest, spyware is a simple tool used by advertisers to track users' Web-surfing preferences.

At its worst, spyware is used to monitor keystrokes, scan files, install additional spyware, reconfigure Web browsers, snoop e-mail and other applications, and more. Some of today's spyware can even capture screenshots or turn on webcams.

More info on the latest Netsky virus

2004-04-19T13:38:00.000-06:00

Latest Netsky infects via Microsoft flaw: "Antivirus experts recommend that Microsoft Windows users immediately apply security patches to protect their systems from the latest worm threat. Unlike its many predecessors, Netsky-V spreads without using e-mail attachments to infect users. Details on which flaws the worm exploits haven't been released.

'Virus writers know that large corporations are now blocking many different types of files at the gateway,' said Bruce Hughes, director of malicious code research at Carlisle, Pa.-based ICSA Labs. 'They need to come up with new ways to get the malware onto corporate desktops. They can do this by sending an embedded hyperlink within a message that can quickly be changed. Add the fact that it uses an exploit that downloads the malware and autoexecutes it, and we have a very dangerous situation.'"

I don't know... it seems like a clear menace to me.

2004-04-19T05:50:00.000-06:00

If your browser gets hijacked and forces you to porn site, isn't that terrorism? If your personal information is exposed without your consent, isn't that theft? Let your elected representatives know you think this is a problem the FTC needs to make every bit as much of a priority as spam.

USATODAY.com - Next on FTC's hit list: Spyware: "Next on FTC's hit list: Spyware
By Paul Davidson, USA TODAY

After moving to curb spam with new legislation last year, federal regulators are poised to take on the newest scourge of the Internet: spyware.

The Federal Trade Commission will hold a workshop Monday to study technical and regulatory responses to spyware programs surreptitiously buried in your computer that monitor your activities. A similar FTC workshop on junk e-mail last year led to an agency recommendation to pass an anti-spam bill. Congress responded.

But with spyware seen as a less clear menace, FTC officials are hesitant to crack down on it. And Capitol Hill staffers say new spyware bills are unlikely to pass this year."

Get your anti-virus up-to-date - this one is really nasty!

2004-04-17T06:56:00.000-06:00

eSecurity Planet: Trends: "New Netsky Variant -- No Attachment Needed
By Sharon Gaudin
April 15, 2004

Users don't even need to open an attachment to be infected with the latest variant of the virulent Netsky virus.
Netsky-V, unlike its widespread siblings, spreads without using email attachments. That means users can get hit with the virus just by opening a tainted email.
''This makes me a little bit nervous because of the way it automatically infects machines,'' says Patrick Hinojosa, CTO at Panda Software U.S., an anti-virus and intrusion prevention company with U.S. headquarters in Glendale, Calif. ''It doesn't require foolish end users to spread. And anything that doesn't require user participation to work is bad news.'' "

InfoWorld: EarthLink finds rampant spyware, trojans: April 15, 2004: By : SECURITY

2004-04-15T18:23:00.000-06:00

This is why protecting your PC is so critical. Visit the Invisible PC website and download the free tools I recommend. Install them, run them, update them. Don't be a victim!

InfoWorld: EarthLink finds rampant spyware, trojans: April 15, 2004: By : SECURITY: "EarthLink finds rampant spyware, trojans
Paper identifies 300,000 programs capable of stealing personal information

By Paul Roberts, IDG News ServiceApril 15, 2004

Internet service provider EarthLink and Webroot Software released a report on Thursday that said an average of almost 28 spyware programs are running on each computer. More serious, Trojan horse or system monitoring programs were found on more than 30 percent of all systems scanned, raising fears of identity theft."

It's getting harder to be a Mac user

2004-04-14T10:19:00.000-06:00

Symantec joins Earthlink, Adobe, and other companies abandoning (in part or whole) their support for Mac users. Only time will tell if this is a bad thing or an opportunity for new companies to fill the void.

MacMinute: Symantec halts Norton Utilities, SystemWorks development: "Symantec halts Norton Utilities, SystemWorks development
April 14, 2004 - 11:05 EDT Symantec has stopped development of Norton Utilities and Norton SystemWorks for Mac. 'Symantec remains committed to the Macintosh platform,' Nancy Mohler, Symantec's senior product manager, told The Mac Observer. '(We are) actively working on development of enhanced Internet security solutions to support the Mac operating system.' Mohler said development on Norton AntiVirus, Norton Internet Security and Norton Personal Firewall for Mac will continue."

Run Windows Update... now!

2004-04-14T06:25:00.000-06:00

Get your Windows updated now. Stop reading. Do it. Now.

(are you still here?)

eEye Digital Security Uncovers Dangerous Vulnerabilities in Microsoft Windows
Six new vulnerabilities related to Microsoft Windows were announced today. The discoveries include critical flaws in Windows Remote Procedure Call (RPC), Local Security Authority Subsystem Service (LSASS), and in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats. Of the six newly discovered, four are extremely critical since they allow for the remote execution of code on unpatched machines.

Systems Affected
Affected systems include all current versions of Microsoft Windows and Windows Server 2003.

Potential Impact
These vulnerabilities could potentially allow an attacker to take complete control of an affected system. An attacker could then take any action on the affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. eEye and Microsoft have released detailed advisories to alert Windows users of the need to immediately secure vulnerable machines on their networks.

MacMinute: Symantec-EarthLink solution is Windows only

2004-04-13T10:21:00.000-06:00

While I'm sorry to see Earthlink fail to support its many Mac customers, this is a great idea and one I believe more and more service providers will have to adopt to keep their customers secure. I posted a while back that Comcast had offered its cable modem customers a free one-year subscription to the McAfee Personal Firewall product (which I am currently running on my PC and am quite happy with).

MacMinute: Symantec-EarthLink solution is Windows only: "Symantec and EarthLink are launching a new subscription-based Internet security service that resides on the user's desktop and blocks viruses, hackers and other Internet threats. Unfortunately, the service is for Windows users only; Mac users are directed to the Symantec online store to find a 'Mac solution that's right for you.' The subscription-based Internet security offering will feature Symantec's Internet security solutions, including Norton AntiVirus and Norton Personal Firewall, and will be billed monthly on the subscribers' EarthLink invoice. They'll be available as a bundle, featuring both Norton AntiVirus and Norton Personal Firewall, for US$5.95 per month -- or either program can be subscribed to separately for $3.95 per month."

Symptoms of Spyware

2004-04-09T06:06:00.000-06:00

Found on Spyware Warrior

From a great MSN community devoted to the fight against spyware -

1. Your usual homepage is changed and you have no idea why.
2. An unexpected toolbar appears and you don't know how it got there.
3. Your firewall alerts you to an unknown program or process trying to access the interent.
4. New shortcuts appear on your desktop or your task bar, or even your system tray that you didn't put there.
5. New entries appear in your favorites folder that you didn't put there.
6. Your computer starts acting sluggish and slow (this could be from a number of reasons however).
7. Excessive CPU usage. Each bit of malware has its own program, and, thus uses resources.
8.Excessive popup windows, unable to stop or close.
9. If you have AdAware or Spybot S&D, should either one open, and appear for a few seconds, then disappear(without scanning), more than likely, its avariant of CoolWeb infection.
Every time you do a search, you wind up at the same unsual, unknown website.
There is a new program, in the add/remove section of your control panel.
Your firewall, is mysteriously turned off, same with firewall.
Your unable to access any of these: task manager, regedit, MSCONFIG, they just pop up, and disappear.

TeMerc Internet Security Site

New Netsky worms change their stripes - Computerworld

2004-04-07T05:52:00.000-06:00

New Netsky worms change their stripes - Computerworld

News Story by Paul Roberts

APRIL 06, 2004 (IDG NEWS SERVICE) - New versions of the Netsky e-mail worm are spreading on the Internet and may be the work of a different author than previous editions of that worm, according to antivirus software companies.

Netsky.S appeared yesterday, and Netsky.T was detected today. They are the 19th and 20th editions of an e-mail virus that first appeared in February. Unlike earlier variants, the new Netsky strains open 'back doors' on machines they infect, prompting at least one antivirus expert to declare the worm the work of a different virus author.

MSBlast epidemic far larger than believed | CNET News.com

2004-04-06T09:17:00.000-06:00

MSBlast epidemic far larger than believed | CNET News.com:

By Robert Lemos
Staff Writer, CNET News.com
http://news.com.com/2100-7349-5184439.html

Story last modified April 2, 2004, 5:02 PM PST

New data from Microsoft suggests that at least 8 million Windows computers have been infected by the MSBlast, or Blaster, worm since last August--many times more than previously thought.

The latest data comes from the software giant's ability to track the usage of an online tool that its engineers created to clean systems infected with the worm. Since the January release of the tool, more than 16 million of the systems that connected to Microsoft's Windows Update service were found to be infected with MSBlast and were offered a patch and the use of the disinfecting tool, the software giant told CNET News.com. During the same period, about 8 million systems actually called on Update to patch them and prevent reinfection and used the special tool to remove the worm.

Though Microsoft believes the total number of users infected by the worm is likely closer to the higher, 16 million, tally, the 8 million figure may provide a more solid indication of the minimum number of systems hit. The larger number may include systems counted more than once, as busy computers users declined to deal with the worm immediately, or canceled the process once it had begun, only to return to Windows Update later. Once those systems were disinfected and patched, however, they would not be re-counted. Microsoft did not track what systems, specifically, used the tool, just that it was used.

Meet the author of Spybot S&D in a PC World interview

2004-04-04T07:24:00.000-06:00

PCWorld.com - Three Minutes With Spybot's Creator Patrick Kolla: "Patrick M. Kolla wrote Spybot Search & Destroy, a free download that is one of PC World's most recommended programs. Spybot is an anti-spyware scanner that finds and cleans out adware on your PC so your private information can't be transmitted. The software is so popular worldwide that user donations support Kolla's company, Safer Networking Limited, which he runs with part-time help from his father, Dr. Michael Kolla, and a group of computer science students called Team Spybot. Kolla, 26, lives in Germany 300 steps from the Safer Networking office that takes up a floor in his parents' home. An edited transcript of the February 23, 2004, conversation follows."

Opening unknown e-mail attachments labeled a security sin

2004-04-01T14:24:00.000-07:00

As if you needed another reason not to open unknown attachments in your e-mail.

SearchSecurity.com: "Opening unknown e-mail attachments presents the most significant security sin a user can commit, according to nearly half of IT managers surveyed by WatchGuard Inc. Forty percent of respondents said that it's more damaging than failing to implement mandatory virus updates, installing an unauthorized wireless network or making a password easily accessible to others (each selected by 14% of respondents).

SpywareBlaster 3.0 released - it' still free - get it!

2004-03-30T05:40:00.000-07:00

This is an essential piece of your tool kit for keeping malware off of your PC. Download it, install it, and know you have another layer of defense in place. Spyware Blaster is free for individual use.

SpywareBlaster: "Spyware, adware, browser hijackers, and dialers are some of the fastest-growing threats on the Internet today.
By simply browsing to a web page, you could find your computer to be the brand-new host of one of these unwanted fiends!

The most important step you can take is to secure your system. And SpywareBlaster is the most powerful protection program available.

- Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
- Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
- Restrict the actions of potentially dangerous sites in Internet Explorer.

SpywareBlaster can help keep your system spyware-free and secure, without interfering with the 'good side' of the web.

And unlike other programs, SpywareBlaster does not have to remain running in the background."

New Bagel.U a virus of few words - Computerworld

2004-03-26T22:30:00.000-07:00

If your computer suddenly invites you to play a game of cards... you've got the Bagel.U virus!

"MARCH 26, 2004 (IDG NEWS SERVICE) - Antivirus software companies are again warning e-mail users about a new version of the widespread Bagel virus, which is spreading on the Internet through infected e-mail messages and targeting machines running the Windows operating system.

Bagle.U is the 21st version of an e-mail worm that first appeared in January. Unlike earlier versions of the worm, the new variant eschews tricky subject lines or enticing messages, hiding in a file attachment to otherwise blank e-mail messages. Once the attachment is opened, Bagle.U opens a back door to infected systems, mails copies of itself to e-mail addresses it steals from the user's computer and even launches the Windows Hearts card game, antivirus companies said.

Thousands of copies of the new Bagle variant were first spotted today, following what is believed to be an initial e-mail 'seeding' of the virus, according to iDefense Inc., an IT security services company in Reston, Va. "

If your e-mail program has a preview window that automatically displays the contents of e-mails, turn it off until you have your anti-virus updated to thwart this latest version of Bagel!

InfoWorld: Yahoo patches e-mail hole: March 24, 2004: By : SECURITY

2004-03-24T20:16:00.000-07:00

InfoWorld: Yahoo patches e-mail hole: March 24, 2004: By : SECURITY: Login and password information could have been exposed, experts say

By Paul Roberts, IDG News ServiceMarch 24, 2004

Yahoo Inc. has patched a hole in its Web e-mail service that could have allowed malicious hackers to run malicious computer scripts on computers that use Microsoft Corp.'s Internet Explorer Web browser to check Web e-mail accounts.

The company applied a fix for the vulnerability on Tuesday, shortly after Israeli security company GreyMagic Software published an advisory warning about the problem, which also affected Microsoft's Hotmail e-mail service.

Hotmail, Yahoo Users at Risk of PC Takeover

2004-03-23T13:57:00.000-07:00

Be careful what you're opening if you use a web-based e-mail service, especially Yahoo! Mail. It sounds as though Microsoft has already fixed HorMial, but no word on Yahoo!, AOL, Mailblocks, or other popular web-based mail services.

Hotmail, Yahoo Users at Risk of PC Takeover
By Ryan Naraine

A potentially serious security flaw found in Web-based e-mail services offered by Microsoft (Quote, Chart) and Yahoo (Quote, Chart) could put millions of PCs at risk of takeover, an Internet security research firm warned Tuesday.

Israel-based security consultants GreyMagic issued the advisory with a chilling warning that attackers could inject malicious code by simply sending an e-mail to an unsuspecting Hotmail or Yahoo user.

The vulnerability only affects Hotmail and Yahoo running on Microsoft's Internet Explorer (IE) browser.

'When the victim attempts to read this email, the code executes and may result in severe consequences,' the company said. Successful exploit could lead to theft of a user's login and password, disclosure of the content of any e-mail in the mailbox and disclosure of all contacts within the address book.

Additionally, GreyMagic said the attacker could manipulate the system to automatically send e-mails from the mailbox and to exploit vulnerabilities in IE to access the user's file system and eventually take over his or her machine.

The company said Microsoft reacted to its warning with a fix for the flaw. However, GreyMagic said all attempts to contact Yahoo's security department failed, meaning that Yahoo's users are still vulnerable. Efforts by internetnews.com to contact Yahoo at press time were unsuccessful.

GreyMagic said that many other Web-based e-mail services may be vulnerable to the flaw, since it is a completely new way to embed script. "

Internet Week > Security > New Bagle Worm Infects Windows Without File Attachments > March 19, 2004

2004-03-22T07:48:00.000-07:00

Internet Week > Security > New Bagle Worm Infects Windows Without File Attachments > March 19, 2004: "A new round of Bagle worms blitzed the Internet Thursday, and takes advantage of a five-month-old vulnerability in Internet Explorer that let them infect computers without having to convince users to open a file attachment.

Bagle.q -- which was quickly followed by three variants, dubbed Bagle.r, Bagle.s, and Bagle.t -- follows in the footsteps of earlier editions of the persistent, pernicious worm by arriving as e-mail, opening a backdoor to the system so it can be re-infected or loaded with other malicious code, and attaching itself to executable files found on the hard drive to make it even more difficult to dislodge.
The big difference in this newest Bagle wave, said security experts, is that it can infect unpatched PCs without the usual file attachment.

If the message arrives on a machine that's not been patched against the Internet Explorer Object Data Remote Execution vulnerability -- disclosed in early October, 2003 -- Outlook and Outlook Express users who simply open or view the e-mail are automatically infected."

Windows XP SP2 Turns 'On' Pop-up Blocking

2004-03-19T13:29:00.000-07:00

Coming soon to WIndows XP near you...

Windows XP SP2 Turns 'On' Pop-up Blocking: "Windows XP SP2 Turns 'On' Pop-up Blocking
By Ryan Naraine

Microsoft's (Quote, Chart) long awaited Windows XP Service Pack 2 (SP2) now includes some significant tweaks and a change in policy, the company said late Wednesday.
The Redmond, Wash.-based software vendor said it is adding a new Windows Security Center to the control panel and switching the default setting for pop-up blocking in Internet Explorer. Microsoft said it is still on track to deliver the final code for SP2 by the end of June.
With Release Candidate 1 (RC1) of the security-centric OS update, Microsoft also announced plans to open up access to the beta under a technical preview program and launch an SP2 preview site to provide details on the changes for developers.
The biggest change in the updated service pack is the addition of a new Windows Security Center to XP's control panel to allow consumers to check the status of essential security functionalities. The Security Center has the ability to monitor firewalls, Automatic Update and third-party anti-virus software and warn customers about the need to apply patches.

Flaws Found in Two Symantec Apps

2004-03-19T13:21:00.000-07:00

If you use Norton apps to secure your PC, run... don't walk and read this article. Then get the updates.

Flaws Found in Two Symantec Apps: "
Flaws Found in Two Symantec Apps

March 19, 2004
By Dennis Fisher

Vulnerabilities weaken two of Symantec Corp.'s more popular security applications, Norton AntiSpam and Norton Internet Security, researchers have found.

SearchSecurity.com | Latest Bagle worm both nasty and sneaky

2004-03-18T11:40:00.000-07:00

Heads up! There's a new virus trick on its way to an Inbox near you. Read this story at SearchSecurity.com to learn more about Bagle-Q.

SearchSecurity.com | Latest Bagle worm both nasty and sneaky: "A new Bagle variant has surfaced using a novel technique to propogate. Rather than attach itself to an e-mail, the worm uses a URL in the message to download the malicious code. "

SearchSecurity.com | DHS to release SoHo security guidelines

2004-03-17T11:01:00.000-07:00

Good news from the Dept. of Homland Security. SOHO and home users are either part of the problem or part of the solution. More to foolow when details are released.

SearchSecurity.com | DHS to release SoHo security guidelines: "This week, the US Department of Homeland Security is expected to release guidelines for improving cybersecurity for small businesses and home computer users�groups normally not focused on security.
The new guidelines are seen as a follow-up to last year's National Strategy to Secure Cyberspace. That document was widely panned for lacking regulatory teeth since it recommends and encourages rather than enforces. The Strategy cited market forces as the major driver for improving security rather than regulations. Some accused the government of buckling to pressure from industry in taking a more laissez-faire approach. "

Microsoft is shipping the free Security Update CD

2004-03-14T06:38:00.000-07:00

You ordered yours, right? No? Do it today. A true free lunch does not come along every day my friends. This CD will patch an installation of Windows through October 2003 and you can do it before you go online to collect the newer stuff. While this is not perfect protection, it's a lot safer than putting an unpatched PC ontot he network.

In a recent test, a completely unpatched and unprotected Windows XP Pro box I hung on the net to collect updates, basic anti-virus, and spyware tools was attacked 45 times before I got it patched!

Here's the URL. Place your order now.

To place a new order, visit Windows Security Update CD February 2004 Release at http://www.microsoft.com/security/protect/default.asp?Locale=en-us

New version of the Sober worm masquerades as Microsoft update - Computerworld

2004-03-09T06:11:00.000-07:00

The virus storm continues. The Sober worm is back with a new trick to try to fool you. Repeat after me: "Microsoft never sends patches by e-mail." Update your anti-virus and delete any of these messages that might have slipped through.

New version of the Sober worm masquerades as Microsoft update - Computerworld

Sober.D is the latest version of a worm that first appeared in October
News Story by Paul Roberts

MARCH 08, 2004 (IDG NEWS SERVICE) - Antivirus software companies warned customers about a new variant of the Sober e-mail worm that began spreading on the Internet today and masquerades as a Microsoft Corp. software update.

Sober.D is the latest version of a worm that first appeared in October. The new worm poses as a software patch that will remove the MyDoom virus from infected Windows systems, said antivirus company F-Secure Corp. in Helsinki, Finland.

F-Secure first detected the new worm variant in Germany early today. The company rated the virus a 'Level 2' threat, indicating 'large infections,' the company said.

Like its predecessors, Sober.D spreads by skimming e-mail addresses from victims' computers, then mailing copies of itself to those addresses. Sober.D also adapts its message for German-speaking audiences, inserting a German-language version of its pitch message into e-mail addresses belonging to German domains, such as those ending in .de, F-Secure said.

Anti-virus must be free

2004-03-06T06:15:00.000-07:00

When I first read the title of Robert Vamosi's latest at AnchorDesk, I thought "yeah right... that's gonna happen". I can see Symantec of McAfee giving their stuff away.

He makes some excellent points though. The virus outbreaks and cred-wars we've seen tell me that the problem is only going to get worse until the majority of desktops are protected, actively. It's a thoughtful piece and a good read.

ZDNet AnchorDesk: Antivirus software must be free. Here's why

I WONDER WHY, in 2004, we are still fighting mass-mailing viruses and worms like these. Given that viruses have been around for more than twenty years now, and that the antivirus companies have made tremendous progress in stopping this sort of threat, we should all be protected from new outbreaks. But millions of PCs worldwide still do not have basic antivirus protection, and thus are susceptible to infection.

One reason I think so many PCs are undefended is because antivirus apps keep getting more expensive. That's why I offer a challenge to the major antivirus companies: I'd like to see one of you offer a free version of your best-selling antivirus product for desktop PCs. You'll still make your profits, and your user base will certainly increase. But the bottom line is this: Whichever one of you does so can claim you're truly making the Internet safer for everyone--and that's priceless.

Of course, I disagree with his assessment of free tools because there are good ones out there and they do work. Check the Invisible PC website for suggestions on the best free tools to kkep your PC safe, secure, and ivisible to the bad guys.

How to prevent browser-based spyware

2004-03-04T05:30:00.000-07:00

SearchSecurity.com has a good tip from Ed Skoudis about how to avoid having your browser hijacked by spyware:

There's a massive battle for browsers going on right now. No, I'm not
referring to the epic struggle for market dominance between Netscape
and Microsoft way back in the mid-1990s. Today's browser battle is
being fought between forces that want to have control over users'
browsers: users and administrators versus spyware. If a user merely
surfs to the wrong Web site, aggressive malware can install itself on
the users' box, steal information and possibly give an attacker
remote control of the system.

Read the complete tip here.

SearchSecurity.com | RSA Security index suggests things are getting worse

2004-03-02T09:43:00.000-07:00

From SearchSecurity.com:

Times are they are getting worse

Last week, RSA released its second annual Internet Insecurity Index during the RSA conference in San Francisco. The index says the security landscape has gotten slightly worse over last year.

The index works on an increasing scale of insecurity from 1 to 10 with 10 being very insecure. The overall rating was 7, slightly worse then last year's rating of 6. The security industry and Internet crime and fraud both received higher insecurity ratings for the year while the government gained some ground.

A breakdown of the ratings is below:

- Hacks, attacks and flaws: 8 (same as last year)
- Threats: 8 (same as last year)
- Internet crime and fraud: 8 (up from 7 last year)
- Internet users and ISPs: 6 (same as last year)
- Information security industry: 6 (up from 4 last year)
- Government: 6 (was 4 last year) "

With new Bagle and Netsky worms, March comes in with a roar - Computerworld

2004-03-02T05:55:00.000-07:00

The virus writers are counting on your curiousity to spread these nasties. Don't do it. Don't open an attachment from someone you do not know or one with a suspicious file name. Read this excellent article from Computerworld - it tips you off to the latest tricks these bad guys are trying to spread their malware. And update your anti-virus definitions every time you connect to the net if you don't use the automatic update feature.

Has your subscription to McAfee or Norton or Panda expired? Renew it. Or switch to one of the excellent free tools available. A listing of free tools is always available at the Invisible PC web site. Either way, make sure you are up to date.

With new Bagle and Netsky worms, March comes in with a roar - Computerworld:

The original Netsky worm first appeared on Feb. 16. Since then, three more variants have been released on the Internet. Like its predecessors, Netsky.D scans an infected computer's hard drive for files containing e-mail addresses and then sends copies of itself to those addresses, antivirus companies said.

Netsky.D affects machines running Microsoft Corp.'s Windows operating system and arrives in e-mail messages with randomly generated subject lines such as 'Re: Document,' 'Re: Your picture' or 'Re:approved.' The Netsky.D worm disguises its payload as a .pif (for program information file) attachment that also has a randomly generated name such as 'my_details.pif,' 'document.pif' or 'mp3music.pif.'

Unlike its predecessors, NetSky.D doesn't spread on peer-to-peer networks, and doesn't use a .zip file to conceal its contents, according to antivirus company Network Associates Inc.

The gaggle of new Bagle worms that appeared in recent days use many of the same tricks as the new Netsky worms, and some new techniques, according to antivirus companies.

Bagle versions C, D, E, F and G appeared between Saturday and Monday and are variants of the first Bagle worm, which appeared on Jan. 19. All versions target systems running Windows, harvest e-mail addresses from infected machines and open a TCP port to listen for commands from a remote attacker, according to an alert released by computer security company iDefense Inc.

Bagle.C appears to be the most virulent of the bunch. Sophos has received hundreds of reports of messages containing that version, which uses a Microsoft Office 2000 Excel icon to fool users. Other Bagle variants use Windows folder icons, Cluley said.

Bagle versions F and G also use a password-protected .zip file to get past antivirus scanners. Password-protected .zip files have encrypted contents that cannot be read by even sophisticated antivirus scanners. However, virus writers must supply the password information in the body of a message before users can open the .zip and get to the virus file inside, which makes it harder for the worm to spread, he said.

The use of .zip files to hide e-mail viruses is increasingly popular among virus writers, he said.

Many recipients may be used to receiving zipped attachments from correspondents and open the Bagle and Netsky attachments out of curiosity, Cluley said.

eWeek - Virus Outbreak: More E-Mail Worms Are Set Loose

2004-03-01T11:18:00.000-07:00

Check your anti-virus signatures. If you're not set to automatically update, maybe this will convince you that it's a good idea. This is the worst outbreak I've ever seen .

Virus Outbreak: More E-Mail Worms Are Set Loose

March 1, 2004
By Dennis Fisher

Maybe it's the weirdness of having 29 days in February or some misplaced glee that spring is coming, but for whatever reason virus writers went on a rampage during the last week, unleashing more than a half-dozen new viruses.

Since Friday, five new versions of the Bagle virus have appeared, not to mention a couple of fresh variants of NetSky. None of the viruses appears to be particularly clever or innovative. However, several of them already have proved to be quite effective.

The most widespread of the new malware is NetSky.C, which has infected nearly 100,000 machines since its debut Feb. 25, according to Trend Micro Inc. NeySky.D also is on the loose and is a bit odd in that it attempts to deactivate two earlier worms, MyDoom.A and MyDoom.B. This variant was gaining ground Monday morning, anti-virus companies said.

But the virus family making the biggest splash this week by far is Bagle. Variants C, D, E, F and G all have appeared within the last few days, and like all of the other new viruses, are mass-mailers. The Bagle viruses typically include a ZIP file that is infected with the actual virus. The sending address is spoofed, and the subject lines and attachment names are random.

The two latest versions of Bagle, F and G, have protected the infected attachment with a password, preventing anti-virus scanners from examining it.

How bad has it gotten? Network Associates Inc.'s AVERT (Antivirus and Vulnerability Emergency Response Team) group has had to go into its emergency process eight times in 2004 already, more often than in all of 2002 or 2003. In anti-virus research, the how and the what are always more easily answered than the why, and this latest wave of attacks is no exception, experts say.

Spam Tide May Be Turning

2004-03-01T06:52:00.000-07:00

Now here's a nice thought for a Monday morning...

Spam Tide May Be Turning
By Cameron Sturdevant
March 1, 2004

Major announcements at the RSA Conference here last week - in addition to recent anti-spam technology advances - mark the beginning of the end of spam as we know it.

Ars Technica: Spyware gets another enemy

2004-02-29T08:54:00.000-07:00

It appears that some of our elected officials are beginning to understand the magnitude of the spyware issue and are trying to do something about it. As with spam, I believe that legislation and technology together will provide the cure.

Spyware gets another enemy
Posted 02/27/2004 @ 11:51 AM, by Matt Woodward

Spyware (aka malware, adware) is a thorn in the sides of nearly everyone who owns a Windows-based PC. Just like spam, it is an egregious offender that often wastes immense amounts of time for every user who is infected with its presence. Not only that, it often invades the privacy of its unsuspecting users. Unsuspecting? Yes, frequently the more insidious versions automatically install themselves with nary a footnote about its presence nor will it tell you that it spies on every action you take on the Internet. That is just for starters. Other side effects include: changing your default homepage and redirecting you to sites you do not want to visit. When you attempt to remove it, the spyware claims that it is completely removed, but if you look carefully, it is still there and is sometimes nearly impossible to remove.

Much like spam, some analysts deem that half the problem is technological and the other half is legal. Fortunately, a group of computer-savvy Senators are fed up with spyware and are drafting a bill called the 'Software Principles Yielding Better Levels of Consumer Knowledge (SPYBLOCK) Act' (Really. I want to know who comes up with these names...) The new bill aims to minimize the effects of spyware by disarming it on 3 levels: 1) Harmful spyware would be completely prohibited. 2) Spyware must be easy to completely uninstall. 3) Stealthy installation would be no longer allowed.

Gates predicts death of the password | CNET News.com

2004-02-28T06:22:00.000-07:00

Microsoft and RSA Security will make identities harder to hijack and easily compromised passwords a thing of the past if they can pull this off.

Gates predicts death of the password | CNET News.com: "
By Munir Kotadia
Special to CNET News.com
http://news.com.com/2100-1029-5164733.html

Story last modified February 25, 2004, 7:25 AM PST

SAN FRANCISCO--Microsoft Chairman Bill Gates predicted the demise of the traditional password because it cannot 'meet the challenge' of keeping critical information secure.

Gates, speaking at the RSA Security conference here on Tuesday, said: 'There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure.'

RSA is working with Microsoft to develop a SecurID technology specifically for Windows. Both companies agreed there is a need to remove the vulnerabilities associated with employees using weak passwords. "

Keep PC viruses from making you sick

2004-02-26T05:36:00.000-07:00

Microsoft offers some sound advice on how to avoid a virus and explain, in this excerpt, why people keep getting fooled into opening those attachments.

Keep PC viruses from making you sick: "Typically, a virus arrives as an attachment to an e-mail, and the only way it can infect your computer is if you, the user, click on it. Here's how they trick the unsuspecting user:

A virus in disguise. Viruses often appear to be legitimate. They may appear to be a Word doc, Excel file or Web link. In many cases the true extension (.bat, .exe, .pif, etc.) is hidden because the file. This happens when your basic operating system is set to show abridged file names.

Leveraging friendship. To entice users to click, most virus programs will read the address book of an infected machine and send copies of the virus out to everyone listed. As a result, when people receive the virus file, they are inclined to click on it, since it's coming from a friend or colleague - i.e. a 'trusted source.'

Touching our emotions. Viruses play on the emotions of the reader. This 'socio-engineering' technique often uses curiosity, anger, or desire to get users to click on a virus attachment. For example, here's an excerpt from one instance of the Klez virus, which appears with the subject 'Worm Klez.E immunity':
We developed this free immunity tool to defeat the malicious virus. You only need to run this tool once, and then Klez will never come into your PC.

NOTE: Because this tool acts as a fake Klez to fool the real worm, some AV monitor maybe cry when you run it. If so, ignore the warning, and select 'continue.'

The bottom line: Don't open any attachments unless you are certain that the person who sent it to you did so intentionally - even if they are your friend or colleague."

InfoWorld: Latest Mydoom variant deletes files: February 25, 2004: By : Security

2004-02-25T15:39:00.000-07:00

Make sure you've updated you anti-virus software and, if you haven't, stop reading this and do it now!

InfoWorld: Latest Mydoom variant deletes files: February 25, 2004: By : Security: "The latest variant of the Mydoom virus, discovered Friday, is still spreading and actively deleting files from victims' computers, security researchers warned Wednesday.

The variant, dubbed Mydoom.F, not only tries to perform a distributed denial-of-service attack on the Web sites of Microsoft Corp. and the Recording Industry Association of America, but has a destructive payload that deletes document and picture files, according to researchers at Helsinki's F-Secure Corp.

New Microsoft security to include "active protection" :: AO

2004-02-25T09:29:00.000-07:00

Always On network reports from the RSA Security Conference that Microsoft chairman Bill Gates announced a range of new measures Microsoft will introduce in the forthcoming Service Pack 2 for Windows XP.

Microsoft Corp. Chairman Bill Gates, whose company's software is often derided for being buggy and vulnerable to hackers, showed off planned features for shoring up its programs and heading off cyberattacks.

Gates showed off an upcoming Windows XP update that focuses on security improvements. Service Pack 2, which will be available later this year, includes a centralized control center where users can automatically check their computer's security status, such as whether all critical updates have been applied or whether antivirus software is running.

Unlike earlier Windows releases, Microsoft's firewall software will be turned on as part of the default installation. A firewall blocks intruders from entering a system.

In the new service pack, the Internet Explorer browser will now have a pop-up ad blocker as well as more user control over small programs embedded in some Web sites.

Beyond the Windows service release, Gates also showed off "active protection technologies" that will gird Windows computers against attacks by sensing system or network changes that indicate virus activity. If a problem is detected, the computer's firewall will dynamically ratchet up defenses.

A number of companies at the conference were showing products similarly geared toward detecting unusual activity in networks.

Gates also said e-mail spam - which often contains viruses or is sent from infected computers - is being targeted on several fronts. Besides today's antispam filters, Microsoft and other companies are developing e-mail programs that allow users to create "white lists" of people with whom they wish to communicate.

A busy week for Ad-Aware

2004-02-24T05:55:00.000-07:00

I recommend Lavasoft's Ad-Aware to every PC user I know. Whenever I set up a PC for a friend or co-worker, it's a critical piece of the layered defense I recommend to make and keep your PC invisible. This week alone, there have been two updates to the Ad-Aware reference file offering protection against more than a dozen new spies.

Get Ad-Aware. Run it often. Check for updates every time you run it. Be safe.

edbott.com - two excellent articles on spyware

2004-02-21T12:00:00.000-07:00

Ed Bott, who has written a number of books about Microsoft Office and Windows security has two excellent posts on his blog about the dirty tricks being played by spyware purveyors. He also points to a good article in PC Magazine.

edbott.com: "What is spyware?
February 21, 2004
In its current issue, PC Magazine has an interesting review of 11 anti-spyware programs. Spy Stoppers is available online.
It's a pretty good overview, marred by one huge omission: The article doesn't include a definition of spyware. In fact, I've found that this sloppy use of the terms spyware and adware is causing mass confusion among people. It's not fair that reasonably benign programs like Gator (annoying, but easy to remove) should get lumped in with CoolWebSearch (hostile, evil, and nearly impossible to remove).

Right now, the purveyors of the truly awful CoolWebSearch program and its many variants are engaged in a battle to take over as many innocent machines as possible. Someone has shut down the incredibly useful Spyware Info Web site, which offers the free CWShredder utility to remove this parasite. I'm not particularly worried about cookies from DoubleClick, but I am concerned that a program can install itself and then aggressively hide its actions and make itself impossible to remove.

That's not spyware. That's a hostile takeover."

Zone Labs: Security Alert

2004-02-21T05:47:00.000-07:00

What does this mean? If you run the ZoneAlarm firewall, follow the update instructions on this advisory page and get the latest version. Kudos to ZoneLabs for fixing this vulnerability so quickly.

Zone Labs: Security Alert: Zone Labs SMTP Processing Vulnerability
Overview: A security vulnerability exists in specific versions of ZoneAlarm, ZoneAlarm Pro, ZoneAlarm Plus and the Zone Labs Integrity client. This vulnerability is caused by an unchecked buffer in Simple Mail Transfer Protocol (SMTP) processing which could lead to a buffer overflow. In order to exploit the vulnerability without user assistance, the target system must be operating as an SMTP server. Zone Labs does not recommend using our client security products to protect servers.

The Microsoft Protect Your PC Web Site

2004-02-20T11:23:00.000-07:00

Microsoft is trying to help. Go to this page, choose the version of Windows you use, and follow the three easy steps to add a firewall, critical updates, and antivirus software to your machine. While you're there, you should order the free CD. If you ever have to rebuild your system, you'll be able to bring it up to the state of patching as of October 2003 before you put your machine online and expose it to who knows what.

Welcome to the Microsoft Protect Your PC Web Site: "There are three steps you can take to improve your computer's security. You can follow the three steps online, or print them for easy reference.

Slow connection? Get the free Microsoft Windows Security Update CD."

SearchSecurity.com | Netsky no longer flying high

2004-02-19T09:53:00.000-07:00

SearchSecurity.com | Netsky no longer flying high: "'We have a name for companies who think they have a business reason for allowing self-extracting executable files in,' said Roger Thompson, vice president of product development at PestPatrol Inc., a Carlisle, Pa.-based developer of security tools. 'We call them 'victims.''

Don't be a victim. If you receive an e-mail with a suspicious attachment - especially an executable file (with an extension like .exe) don't open it, delete it!

SearchSecurity.com | Netsky-B soars from Europe to the US

2004-02-18T15:36:00.000-07:00

Go forth and update your anti-virus signatures now! The next nasty is on the loose.

SearchSecurity.com | Netsky-B soars from Europe to the US: "Netsky-B soars from Europe to the US

By Edward Hurley, News Writer
18 Feb 2004 | SearchSecurity.com

Antivirus experts are warning of a new mass mailer worm that surfaced Wedneday morning.
Both Trend Micro and McAfee have Netsky-B rated as a 'medium' risk. Symantec has it a moderate risk. The worm seems to be strongest in Europe, but that may change as North American workers come online.

The best way to prevent getting clipped by Netsky-B is updating antivirus signatures. Using content filtering to catch the worm is difficult as it uses a variety of subject line and body messages. Subjects could include 'hello' or 'read it immediately.' The body of the message could say 'anything ok' or 'is that true?'

The worm can arrive featuring a double extension such as .rtf.pif. It may also be a .zip file, which may be problematic as many businesses allow such files in as they are commonly used in business.
When executed, the worm displays a bogus error message: 'The file could not be opened!' It then copies itself to the Windows directory folder as services.exe. Netsky-B also adds a registry key so it starts when the system is started.

Netsky-B can also spread via shared drives. It searches for folder names containing 'Share' or 'Sharing' and then copies itself to those folders, according to Symantec. The worm copies itself using a variety of tempting sounding names such as 'programming basics.doc.exe,' 'cool screensaver.scr' or 'winxp_crack.exe.'"

New tool from the maker of Spybot-S&D!

2004-02-18T11:14:00.000-07:00

News - The home of Spybot-S&D!: "Ugly new CoolWWWSearch variant[link]
21. January 2004
CoolWWWSearch.SmartKiller (v1 and v2) is a new, real ugly variant of CoolWWWSearch. When running, it will close every browser window you use to visit a large list of anti-spyware-sites, and even will close Spybot-S&D and some other anti-spyware applications as well.

So if your copy of Spybot-S&D (or the anti-spyware application of your choice) closes a few seconds after starting, or your browser closes whenever you try to visit an anti-spyware site, check our CWS.SmartKiller removal utility on this page."

Dana Epp's ramblings at the Sanctuary : Order the Windows Security Update CD

2004-02-18T07:58:00.000-07:00

Who says there's no such thing as a free lunch? Get this free CD today and make sure PC is up to date.

Microsoft has a web page up now that will allow you to order the Windows Security Update CD free of charge.... and they will even ship it to you. This CD includes Microsoft critical updates released through October 2003 and information to help you protect your PC. In addition, you will also receive free antivirus and firewall trial software.

This CD is only available for Windows XP, Windows Me, Windows 2000, Windows 98, and Windows 98 Second Edition (SE).

They say to allow 2-4 weeks for delivery.

Enjoy.

InfoWorld: New Bagle e-mail worm on a roll: February 17, 2004: By : Security

2004-02-17T14:30:00.000-07:00

New version of a worm that appeared in January is spreading, customers advised to update anti-virus software

By Paul Roberts, IDG News ServiceFebruary 17, 2004

BOSTON - Antivirus software companies are warning of a new computer virus that spreads using e-mail messages and installs a Trojan horse program on machines it infects.

The virus, named Bagle.B, is a new version of a similar e-mail worm that appeared in January and is programmed to spread until Feb. 25, 2004. Antivirus companies said Tuesday that Bagle.B is spreading rapidly on the Internet and advised customers to to update their antivirus software to spot it.

Like its predecessor, Bagle.B arrives in e-mail messages with randomly generated subject lines. The virus is stored in an e-mail file attachment, also with a randomly generated name, said antivirus company F-Secure Corp. of Helsinki."

Spyware makers attack anti-spyware sites

2004-02-17T05:47:00.000-07:00

The bad guys are fighting back!

Warriors Under Siege

Since the middle of last week, SpywareInfo.com has been knocked off the web by a DDOS attack. Other warriors, Tom Coyote and Merijn (author of HijackThis and CWShredder) were hit too because they were hosted on spywarinfo's servers.

TomCoyote.org and Merijn.org were moved to new hosts and apparently they have been attacked again.

It seems as though the spyware pushers are behind these attacks. SpywareInfo is probably *the* leading anti-spyware site. And Merijn has written two very powerful anti-spyware programs. Bottom line is this - the spyware pushers are losing money thanks to the efforts of the warriors! As one poster on computing.net said:

The creators of spyware and "Browser Hijackers" make money from redirecting peoples browsers. They get paid for the number of redirected page hits to sites and ADs. So this is just a counter attack on those who are cutting into "their profits".

The people who put out the Browser Hijackers, those that allow them on their web sites, and the people who pay for all of this are doing it for money. Big bucks.

No Rumor: Windows Source Code Leaked on the 'Net

2004-02-13T05:45:00.000-07:00

This is potentially a very big deal. Windows NT and Windows 2000 represent the majority of server installations in the world. The new WIndows Server 2003, which apparently is not part of the code leaked, has only been available for a few months and is not yet widely deployed. We'll be following this story closely. The potential for a whole new storm of hacker attacks is chilling. Stay tuned to this blog and plan on running Windows Update frequently to check for new critical updates.

No Rumor: Windows Source Code Leaked on the 'Net: "No Rumor: Windows Source Code Loose on the 'Net

February 12, 2004
By Dennis Fisher

Microsoft Corp. was busy denying rumors late Thursday that a copy of the source code for Windows NT and Windows 2000 had leaked and been posted on the Internet. Later in the night, the company confirmed the leak.

Several tech sites, most notably Slashdot, had message threads reporting that the code had leaked and speculation was rampant on how the alleged leak may have happened.

However, in an Associated Press report filed later in the evening, Microsoft officials confirmed the leak. The spokesman said that 'some incomplete portions of its Windows 2000 and Windows NT4 source code had been 'illegally made available on the Internet'.'

The potential economic damage to the company would be incalculable. The Windows code is Microsoft's main intellectual property asset and is the basis for its ability to dominate the desktop OS market. "

Microsoft: Avoid the seamier side of the Internet

2004-02-12T05:43:00.000-07:00

Today's Insider Update from Microsoft has some excellent suggestions on avoiding online scams and the 'seamier side of the Internet'. A good read and an excellent public service.

Microsoft on the Issues: Staying Safe Online

Staying Safe Online
A few basic precautions can help everyone avoid the Net's seedier side

Posted January 28, 2004

Consumer fraud is one of America's fastest-growing crimes. Last week the Federal Trade Commission reported that fraud complaints in 2003 increased by 28 percent. And for the first time, a majority of complaints were Internet related.

The Internet has brought innumerable benefits to millions of people, but the Web and e-mail are misused by scam artists. Other hazards also lurk online: viruses, spam and content inappropriate for children.

Microsoft and other industry leaders are making significant investments to help curb such abuses and safeguard consumers on the Internet. By taking a few basic precautions, all of us can help protect our families and ourselves. Here are a few suggestions for safety measures you can take.

Read the list of excellent suggestions and pass it along to those you know."

Wired News: Adware Spreads Quickly on AOL IM

2004-02-12T05:22:00.000-07:00

Don't do it. Spam and adware have definitely invaded Instant Messagin (IM). If you (or someone in your home or office) is an IM fan, you can not only infect yourself, but everyone on your Buddy List. And that's not being a buddy!

Wired News: Adware Spreads Quickly on AOL IM: "A surreptitious program spreading Wednesday morning is turning AOL Instant Messenger users into advertising spammers.
The problem starts when users receive an instant message that appears to come from someone on their Buddy List (a list of friends and co-workers who also use the AOL Instant Messenger service). The message reads 'check this out' and includes a link that contains a reference to 'osama capture.php.'

If users click on the link, a program that is supposedly a game asks permission to be downloaded and installed onto their computers. Installing the game gives the company that produces it -- purportedly, an outfit called PSD Tools -- permission to display ads on the users' computers. In addition, the software spreads the 'fun links' to everyone on the users' Buddy Lists. "