Monday, October 29, 2007

ESET Smart Security and ESET NOD32 Antivirus V3.0 Launched

I’m not a big fan of Security Suites… for my own reasons, they may suit some people but they don’t really suit me.

However I was excited to learn that ESET has launched ESET Smart Security and ESET Nod32 Antivirus v3.0 today.

Bournemouth, UK (29th October 2007) – ESET, the leader in proactive threat protection, today announced ESET Smart Security, a new, integrated security solution for consumers and SMEs, built on ESET’s award-winning advanced heuristic ThreatSense® detection system and the ESET NOD32 scanning engine. Unlike security suites that combine standalone products, ESET Smart Security tightly integrates the antispyware, antispam and firewall features, with the new version of ESET’s flagship ESET NOD32 Antivirus scanning engine. This tight integration allows each module to share information with the other to evaluate and classify every threat appropriately.

“Threats no longer appear in the form of pure viruses or spam or phishing. They now come as ‘blended’ threats which require an integration and intelligence among individual security features. Smart computer users are looking for the best level of integrated protection with the minimal amount of inconvenience,” said Phil Hochmuth, senior analyst at the Yankee Group. “This drives users to look for malware solutions that provide great protection, are easy to install, don’t slow down their computers, and work completely behind the scenes.”

Full blurb here

If you are interested in some of the issues that came up as it was being tested then check out the official support forums at Wilders

Saturday, October 27, 2007

Winpatrol Update - Will Now Warn of Changed to Windows Update

Winpatrol v12.2.2007 was made available for download on Friday. This new version will now alert you if changes are made to your Automatic Update settings. Like most features, the intention is to protect users from changes made by malicious programs. As a side however, it will also detect if Microsoft or one of their applications decide to change these settings without your knowledge.

My personal preference for Automatic Updates, like Bill P of Winpatrol is to ‘Check for Updates, but let me choose whether to download and install them‘.

See Bills blog, Bits From Bill for the full lowdown

Wednesday, October 24, 2007

Direct Revenue is Dead

Take it away Paperghost!

I’ll just have a little dance about whilst everyone involved in this great result enjoys the feeling of a good job jobbed as my mum used to say! Photo Sharing and Video Hosting at Photobucket

Friday, October 19, 2007

Firefox 2.0.0.8 Released

Firefox 2.0.0.8 was released today, there are a few security fixes and support for Mac OX x 10.5 and updated language support.

Your browser should ask you to update automatically… however, having said that, my Firefox hasn’t asked to update yet. In which case all you need to do is go to Help > Check For Updates. You will then be prompted to download the update and run it.

Happy Surfing! surfing.gif

Thursday, October 18, 2007

Windows Live OneCare - Contact Help Center

After an install or an upgrade of Windows Live OneCare, the antivirus and spyware component may not start properly. Users are shown a red action item entitled: “Urgent, Contact Help Center - OneCare virus and spyware protection encountered a problem and cannot start”.
This tool will attempt to repair the virus and spyware protection component of OneCare on this computer.

You MUST save this file to your computer and then run it. Do NOT select ‘Run’ from the download dialogue.

Download and installation instructions

Saturday, October 13, 2007

Bad Kitty

Websense® Security Labs™ are warning of a new website that is being spammed out by those behind the Storm Worm attacks.

This site poses as a free Ecard Web site. Users with unpatched computers are automatically exploited. Users with patched computers are prompted to download and run a file called “SuperLaugh.exe.” This file contains the Storm payload code.

Sample email text:

View your Kitty Card now! (URL REMOVED)

Go to Websense to see a screenshot of the website.

I haven’t had one of these yet… but I suppose it’s only a matter of time.

Tuesday, October 09, 2007

SpySweeper Now Bundling Toolbars

When you are fighting malware you sometimes need to be able to direct users to tools that they can download and use without worrying about cost or unexpected surprises. There are a lot of dedicated developers who donate a heck of a lot of time and expertise in providing us with a powerful arsenal. But a lot of those tools are for a specific type of infection and/or may cause problems if not used properly. So we try not to use them if possible.

Having a fully functional trial version of a commercial spyware scanner and cleaner that will scan, provide a log and clean up a machine is a boon… and quite often the user who has been directed to use it will decide to purchase that product.

One of the products that we used to use was Spysweeper.. but unfortunately the trial version will no longer clean the machine.. it just scans and identifies problems… and even worse, it comes with bundled software where the option to install is on by default!! :(

Spysweeper install

I don’t like toolbars, but if I want one then I will decide for myself whether to download and install it or not.

I must stress that you do have the option to opt out of the installation of this extra software… but personally I think it should be the other way around… you have the option to opt in.

If you ask me.. it’s a real shame. An example of marketing gone mad.

Friday, October 05, 2007

Microsoft Security Bulletin Advance Notification for October 2007

Microsoft have released an advance notification for the normal monthly updates that are due to be released next Tuesday. Don?t forget to prepare for the updates as I?ve outlined in an earlier entry - How To Prepare for Patch Tuesday.

On 09 October 2007 Microsoft is planning to release:

Security Updates

Four Critical Bulletins in total.

  • Three Microsoft Security Bulletins affecting Microsoft Windows with a Maximum Severity rating of Critical. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting Outlook Express and Windows Mail with a Maximum Severity rating of Critical. The update will not require a restart, except in certain situations and for Windows Vista and will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Update Scan Tool.
  • One Microsoft Security Bulletin affecting Internet Explorer with a Maximum Severity rating of Critical. This update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting Office with a Maximum Severity rating of Critical. This update will not require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

Three Important Bulletins in total.

  • Three Microsoft Security Bulletins affecting Windows with a Maximum Severity rating of Important. This update may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting Office with a Maximum Severity rating of Important. This update will not require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

Microsoft Windows Malicious Software Removal Tool

  • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.

Non-security High Priority updates on MU, WU,WSUS and SUS

  • Microsoft will release one NON-SECURITY High-Priority Updates for Windows on Windows Update (WU)
  • Microsoft will release three NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

Microsoft Security Bulletin Advance Notification

Obtaining Other Security Updates

Updates for other security issues are available from the following locations:

  • Security updates are available from Microsoft Download Center. You can find them most easily by doing a keyword search for ?security_patch?.
  • Updates for consumer platforms are available from Microsoft Update.
  • You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086

Internet Explorer 7 Update

IE7 was re-released yesterday for Windows XP users.

Internet Explorer 7 installation will no longer require Windows Genuine Advantage validation and will be available to all Windows XP users. If you are not already running IE7, you can get it now from the Internet Explorer home page on Microsoft.com, get a customized version from a third-party site, or, if you haven’t already received it via Automatic Updates, this version will be delivered to you as we described previously. If you are already running IE7, you will not be offered IE7 again by Automatic Updates.

Additionally, we’ve made minor changes to IE7 for Windows XP based on customer feedback:

  • The menu bar is now visible by default.
  • The Internet Explorer 7 online tour has updated how-to’s. Also, the “first-run” experience includes a new overview.
  • We’ve included a new MSI installer that simplifies deployment for IT administrators in enterprises. Learn more about it here.

Please see IE Blog for full details

Tuesday, October 02, 2007

Botmasters Take Heed – You Are Being Put On Notice

As an active member of the security community I am painfully aware of the constant attack that our servers suffer. Most of the time this can be managed, but sometimes it gets just a little too much.

Back in February of this year, my friends at Castlecops suffered a massive DDoS attack, but even though it spoiled Paul and Robin’s valentines day celebrations.. they kept the site going.

Today, Greg King of Fairfield in California was arrested and charged with being responsible for the DDoS against CastleCops last February.

Read what Robin has to say in her announcement here.

Good guys = 1 Bad guys = 0

Update - Excellent write up at The Register

Monday, October 01, 2007

Media Motor Gets Slammed by FTC

The Federal Trade Commission slammed Media Motor with a $330,000 fine and a possible forfeiture of $3,595,925 in money that was "ill-gotten" according to the FTC. While the whole amount should be turned over, it is good to see that another malware maker has been slammed for ripping people off.

Back in November, the FTC charged ERG Ventures, LLC with tricking people into downloading Media Motor by hiding it in free downloads. Screen savers and video files were two of the most common types of files. Even today, many spyware programs use free videos to get their crap onto your computer. The Zlob trojan, responsible for the likes of SpyAxe, SpyFalcon and VirusRescue, used videos and a fake codec to get on your computer. Anyways, once Media Motor got on your computer, it would your home page, track you, try to disable your antispyware programs and generally be a pain to get rid of.

Here's an excerpt from the FTC report describing the penalties that Media Motor is subject to:

The order will permanently bar the defendants from distributing software that interferes with consumers’ computers, including software that tracks consumers’ Internet activity or collects other personal information; generates disruptive pop-up advertising; tampers with or disables other installed programs; or installs other advertising software onto consumers’ computers. The defendants will also be required to fully disclose the name and function of all software they install on consumers’ computers in the future, and to provide consumers with the option to cancel the installation after viewing the disclosure.


You can read the full report on the FTC media Motor press release here.

The Federal Trade Commission is the branch of the US Federal Government that handles fraudulent Internet web sites and programs. You can file a complaint against any web site or computer program by visiting the FTC complaint page and filing a complaint. You can also call 1 877 382 4357 to complain as well.

Sitemeter