• home
• bookstore
• tips
• software
• archives

Archives: Security

This is probably the single largest category on this site. You'll find information about tools, technologies, and techniques for protecting your PC, along with information about how viruses, spyware, and adware work. I've divided this category into several subcategories as well.

Employees unleashing viruses on purpose?

I'm always suspicious when someone selling security services tries to tell me how serious a particular security problem is. For the latest case in point, see this week's Computerworld: A recent study sponsored by Risk Control Strategies, a threat management and risk assessment firm, found that an overwhelming majority of 223 security...

Worm attacks ABC, CNN, New York Times

Last week, Microsoft issued a critical update for a serious vulnerability in Windows 2000 and versions of Windows XP before Service Pack 1. Today, a worm that exploited that vulnerability hit some of the United States' media giants: A computer worm shut down computer systems running the Windows 2000 operating...

Trash your PC because of spyware? Rubbish!

This post is from guest blogger Carl Siechert: On Sunday, the New York Times published "Corrupted PC's Find New Home in the Dumpster": "I was spending time every week trying to keep the machine free of viruses and worms," said Mr. Tucker, [an Internet industry executive who holds a Ph.D....

A must-have download for security geeks

Microsoft has a 311-page PDF-formatted download called Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP (registration and Passport account required). This is seriously geeky stuff. It's overkill if all you have is one computer at home, but valuable if you are in charge of a business network....

More on Microsoft and Claria

This is a follow-up to my earlier post about the rumor that Microsoft is negotiating to buy Claria. Claria actually has five product lines: The GAIN advertising network, which serves pop-up ads. BehaviorLink, another advertising network which says it delivers ads that are "targeted based on consumer behavior." These are not pop-ups but can...

Why does Comcast need my Social Security number?

We're moving in a few weeks, into a neighborhood where Comcast provides cable and Internet service. The good news is they have high-speed access and high-definition DVR service. The bad news is that Comcast insists I have to give them my Social Security number before they'll start my service. The sales...

This is not the Windows AntiSpyware Beta you're looking for

A new version of the Windows AntiSpyware Beta is now available for download. This isn't the long-awaited Beta 2, but instead is a refresh of Beta 1: In this second beta refresh (Build 1.0.613), we’ve made other enhancements to the detection and removal capabilities, including improved Winsock LSP removal capabilities and support...

Sometimes it's best to just start over

Brian Krebs writes about his experience trying to clean up a PC that was infested with malware: I just spent nearly seven hours doing emergency surgery on a Windows PC that belongs to a dear, longtime friend. The experience was so harrowing that I decided to blog it. Been there, done that....

The password is mE0w

At first I thought this was a joke: Bank of America will require Internet clients to register their computers and assign a digital image, such as a photo of a pet, to their accounts in an effort to cut down on fraud, the bank announced. The free service, called SiteKey,...

Block tracking cookies the easy way

Prof. Froomkin (welcome back!) links to a tracking cookie opt-out page: With a few clicks you can block cookies from Doubleclick and six other Internet tracking/marketers. Ironically, you must allow the site to set a “no thanks” cookie, so cookie blockers must be turned off to make this work. Although...

Feds flunk the cyber-security test

Brian Krebs at the Washington Post reports: The Department of Homeland Security today received more lumps for failing to implement programs to protect the nation's most vital computer systems from attack or disruption. The Government Accountability Office issued a report today concluding that the department's failure to make meaningful progress...

War games

This AP story appeared this morning: The CIA is conducting a secretive war game, dubbed "Silent Horizon," this week to practice defending against an electronic assault on the same scale as the Sept. 11 terrorism attacks. The three-day exercise, ending Thursday, was meant to test the ability of government and...

AP tries to stir up security fears

Associated Press Technology Writer Ted Bridis tries to stir up panic with an alarming story headlined "Hackers Holding Computer Files 'Hostage'": Computer users already anxious about viruses and identity theft have new reason to worry: Hackers have found a way to lock up the electronic documents on your computer and...

"Poisoned" media files wrap-up

The other day I mentioned Microsoft’s new Security Advisory service. The first update in the series has been released, and (surprise!) Microsoft Security Advisory (892313) covers the issue of Windows Media files that can serve as vehicles for delivering unwanted software: In March 2005, Microsoft issued an update to Windows...

Microsoft kicks off new security service

Ryan Naraine at eWeek has word of a new Microsoft security service: Microsoft plans to unveil a new security advisories service next Tuesday as part of an aggressive long-term effort to revamp the way it reacts to publicly reported software vulnerabilities. The pilot project, which is independent of the scheduled...

Gmail blocks phishers

I just received yet another "phishing" attempt from someone trying to get me to give up my eBay account information. It came to my Gmail account, and like most such attempts it was a painfully obvious fraud. What was most impressive, though, was how Gmail handled the message. For starters,...

Finally, a (partial) solution for "poisoned" Windows Media files!

Update: The original version of this post contained an error. According to my testing, the most recent version of Windows Media Player 10 does not include all of the fixes referred to in this article. The Windows Media FAQ offers this confusing explanation: "If you installed the latest update to Windows Media...

More on Firefox Critical Updates

In the comments to my previous post, Ryan Walters notes that he's running Firefox 1.0 and doesn't see any update icon. That's not good. Here's what the generic icon looks like: When you click the green icon, it checks for updates. After it completes the check it displays this dialog...

Firefox exploits now in the wild

F-Secure reports: Proof-of-concept exploits for the popular Mozilla and Firefox web browsers have been posted on public mailing lists. They target the following vulnerabilities: - Code execution through favicons link- Arbitrary code execution from Firefox sidebar panel These exploits allow the attacker to run arbitrary commands on Firefox before version...

A worm with demo files

The Mytob worm is making the rounds. In the past four days, the copy of PC-cillin on my main working PC has successfully blocked seven copies of messages containing an infected attachment, and I've deleted a few more copies that arrived with corrupted (and therefore harmless) attachments. But the one...

Tip of the day: Protect yourself from unwanted ActiveX controls

WARNING: The following tip contains script code that makes changes to your Windows registry. Although I have tested this script and believe it performs as described, I am not responsible for any damage that may occur to your computer if you choose to download and run this script. The single...

Where's the patch?

It's Patch Tuesday, and Ryan Naraine at eWeek has the same question I do. Where's the patch? It's been almost three months since Microsoft promised a Windows Media Player update to help thwart the threat of spyware infection but, to date, users of the WMP 9 Series remain at risk....

Is this new Firefox feature a security hole?

Earlier today I posted an item about the "link prefetch" feature recently introduced in Firefox and used by Google for all searches run using Firefox. To see exactly how this works, I performed a simple experiment. First, I completely deleted the contents of the Cache folder in my Firefox profile....

WaPo's new security blog finds a Firefox flaw

The Washington Post has just rolled out a new blog, Security Fix. In one of the first posts, Brian Krebs describes an e-mail he received recently, which was forwarded by someone who was concerned about phishing scams: The phishing e-mail my contact sent tried to hijack my computer in addition...

Microsoft and security: Giving credit where it's due

Dana Epp has a fascinating post about Microsoft's security development lifecycle: In the past decade it has been easy to slag Microsoft for their stance on security. It has appeared that the drive for profits have always trumped the safety and security of the code. When Microsoft decided to STOP...

From the annals of ineffective security

InformationWeek points to a new study from Jupiter Research that says Web surfers are going overboard with deleting cookies: 58 percent of Internet users have deleted the tiny files, essentially making many consumers anonymous during site visits, and crippling website operators' ability to gather information, JupiterResearch found through surveys this year...

War of the worms?

Oh, great. F-Secure says they’re seeing an alarming spike in worms spreading over instant messaging channels: Recently we have noticed an increase in IM (Instant Messaging) worm numbers. We are regularly adding detection for new Bropia worm variants. The last one, Bropia.K, appeared yesterday, on Sunday. Today there appeared 2 more...

Antivirus update goes haywire, security firm deletes thousands of e-mails

Silicon.com reports: An email security scanning company has accidentally deleted thousands of its customers' emails. GFI, a Microsoft "gold certified partner", is now offering free upgrades to all its customers after it trashed their emails by sending out incorrect update information. According to GFI, the problem occurred because of a...

No security patches next Tuesday

The second Tuesday of each month is when Microsoft releases its security patches. Last month, there was a bumper crop – 11 in all. This month? None. That’s good news....

More Firefox security vulnerabilities

Secunia’s Vulnerability Report for Mozilla Firefox 1.x shows seven advisories for 2005, making a total of 11 since the browser was officially released last November. Three of the 11 issues (27%) are unpatched, and five are shown as partially fixed. In the same period of time, Secunia has issued 15 advisories...

How to fumble a security update

Microsoft’s response to the current flap over “poisoned” Windows Media files is a case study in how not to respond to a security issue. On February 15, Microsoft issued two updates to Windows Media Player 10 – a comprehensive roll-up that changes the version number from 3646 to 3802, and a smaller...

An update on the Windows Media Player security snafu

eWeek’s Ryan Naraine has an excellent update on the “poisoned Windows Media files” controversy that I’ve been covering here for the past few weeks. (See this post for a roundup of the confusion over the WMP10 update; and see “Someone at Microsoft doesn’t get it,” which I posted on January 14, for...

A leading maker of spam software goes offline

How do spammers send out millions of messages at a time? One tool is a program called Send-Safe, which is marketed and sold by a company in Russia. Some have speculated, in fact, that the program’s makers are directly or indirectly related to the authors of the Mydoom, Bagle, and Sobig...

More on Virus Hunter and BitDefender

Recently I reported on iDownload’com’s Virus Hunter, which bears a strong resemblance to the highly regarded BitDefender. (See “iDownload: A case history in unethical marketing” for more details.) I wrote to BitDefender and asked them to explain the relationship. Today, I received this reply from a spokesperson for BitDefender: iDownload is...

iDownload: Follow the money

Yesterday I published two articles about iDownload.com, a company that makes a product called iSearch, which is installed using deceptive techniques. The company has recently sent cease-and-desist letters to the owners of several Web sites that referred to iSearch as “spyware” or “malware.” It also makes commercial security products, including Virus Hunter, which it sells using...

iDownload: A case history in unethical marketing

Earlier today, I wrote about the efforts of a company called iDownload to suppress apparently accurate descriptions of their product by several anti-spyware activists. Since that time, I have done more research on the company, and I can report exclusively that they have used the trademark of a widely respected security...

Kids' laptop riddled with spyware!

I was depressed to read this post from a Microsoft blogger who claims to be involved with security: Argh! Kids' laptop riddled with spyware! I downloaded the current beta version of MS' new Anti-SpyWare tool yesterday and installed it on my kids' laptop. When I ran the scan, I found...

Yet another reason to install SP2

In the comments to an earlier post, someone noted a screen shot of an ActiveX dialog box that included the “Always trust content from this company” option. He asked the obvious question: Why isn’t there a “Never trust content…” option? Short answer: There is. But only if you’re running the...

Support the fight against spyware

This makes my blood boil. At Spyware Warrior, Suzi just posted the full text of a letter she received from the legal counsel for iDownload. They’re demanding that she remove pages that refer to their product as spyware and/or malware. Suzi says: As owner of this domain, netrn.net, the home...

Joel Spolsky doesn't trust Microsoft AntiSpyware

Joel Spolsky of Joel on Software is rightly considered one of the smartest developers around. When he writes something, it gets read – especially in Redmond. So his remarks yesterday on Microsoft AntiSpyware deserve a fair parsing: So far, it looks like this is a nifty program, and consumers should be happy...

New version of Windows AntiSpyware Beta is out

If you’re using the beta release of Windows AntiSpyware, be sure to get the latest update: Since releasing Windows AntiSpyware (Beta) on January 6, 2005, we have received feedback from customers and have made enhancements to the software based on this feedback. We have enhanced some of the real-time protection...

Multi-layered defenses

I’ve been reading a couple of long discussions about antispyware software lately, and one piece of advice that comes up a lot is the need for a multi-layered defense. I agree that multi-layered defenses are essential, but I’ve seen advice from too many people who are unclear on the concept....

Will new Microsoft add-ons trigger new antitrust charges? No.

In a comment on another post, Thomas Brock asks: So... Will these additions to AV services, the anti-spyware services, the media playsforsure services and the internet and desktop search services add to the monopoly charges? Short answer: No. Everything Microsoft does with Windows has to be cleared by the Department...

Microsoft to offer antivirus software

Bill Gates' announcement at the RSA security conference today also included the bombshell that Microsoft will provide a consumer-level antivirus product sooner than anyone thinks. Gates expanded on Microsoft's recently announced plans to acquire security vendor Sybari Software Inc., which provides solutions to help protect messaging and collaboration servers from...

Protect yourself at hotspots

The Security Mentor has some interesting comments on the Windows Firewall that’s included with Windows XP SP2. He notes that, unlike the Internet Connection Firewall in SP1 and earlier, the Windows Firewall assumes that you want to trust all computers on your local network: So the built-in Windows firewall hides file...

Trend Micro fails the spyware test

A little over a year ago, I evaluated five antivirus programs and decided to switch from Norton AntiVirus to Trend Micro’s PC-cillin. Since then I’ve been happy with its performance. It updates itself regularly, identifies and quarantines those virus-infected attachments that make it past my e-mail gateway, and is generally unobtrusive....

Protecting kids from Kazaa

In the comments to an earlier post, Ken asks: Is there a way, e.g., a setting from within Internet Explorer, or perhaps his antivirus program (Norton, I think), to prevent his teenage daugher (the real culprit here) from downloading this especially malicious crudware in the first place?    Sure there is,...

Using Norton AV? Get this fix

Earlier this week, Symantec published technical details of a security flaw that affects many of its consumer and enterprise products. (Read Symantec UPX Parsing Engine Heap Overflow for the gory details.) If you use Norton AntiVirus 2003 or 2005, you’re OK. If you use Norton AntiVirus 2004 or Norton Internet Security...

More on Macs and viruses

Remember the old Melissa virus from Word 97? It was one of the first truly widespread macro viruses, appearing for the first time in March 1999. It did the usual stuff you expect from a mass-mailing worm, with one mildly amusing twist: The virus activates if it is executed when the...

Firefox spyware to show up this year?

The Linux/open source publication NewsForge interviewed several security experts who believe that Firefox spyware will show up this year: Webroot Vice President of Threat Research Richard Stiennon said he expects there will be spyware for Firefox this year, adding that while the browser was designed to be immune from the...

A workaround for the Firefox IDN vulnerability

Update: The fix that is documented in the original advisory and recommended by Mozilla doesn’t work reliably. As soon as you restart Firefox, you;re vulnerable again. Worse, the about:config file continues to show that you’ve properly disabled the setting. This issue is throughly discussed in this thread on the MozillaZine Forums,...

Oops! This Firefox security exploit is a doozy

Last month, I predicted that as Firefox became more popular it would face more and more attacks from the Internet’s dark side. A security bulletin issued today appears to identify the first widespread security exploit aimed at non-Microsoft browsers. Ironically, you’re protected if you use Internet Explorer, but you’re vulnerable if you use most Mozilla-based...

Test your antivirus software

So, you want to show one of your kids or co-workers how your anti-virus software works. You don't need a live virus to trigger a virus alert. Instead, download a copy of the official antivirus test file from the European Institute for Computer Anti-Virus Research (EICAR). This is a simple text file...

Anyone out there using Prevx?

I ran across Prevx while researching software to protect Windows users from viruses, adware, and spyware. It promises to “prevent attacks on your computer that other security products don’t even see.” I plan to test it, of course, but am curious whether anyone out there has personal experience they’d like to share....

Next week's security updates

Yesterday, Microsoft published its advance notification of the security bulletins scheduled to be released next Tuesday. In all, the list contains 13 updates, some of which will be listed as Critical. If you’re set up to receive Automatic Updates, you’ll get them without any extra steps. (And if you’re not set...

The national digital identity card

This ominous news comes from a new blog called The Identity Corner. The author is Stefan Brands, one of the top applied cryptographers in the world and author of Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy: The Belgian State Secretary and Microsoft yesterday jointly announced an alliance...

A bold suggestion to stop spyware and adware

Ben Edelman explains How VeriSign Could Stop Drive-By Downloads. VeriSign, in case you don’t recognize the name, is the company that controls 95% of the digital certificates used on the Internet today. These certificates are passed out like bubble gum cards to any company that has an address and a check (typically...

How often do you need to scan for spyware?

Last week, in “Ten things you need to know about spyware,” I got some vigorous disagreement with two items on my list. It was good feedback, so I wanted to revisit both issues. In item #4, I wrote: “If you have to scan your system for spyware every week, you’re doing...

Six steps you can take to block unwanted software

Last week, I published “Ten things you need to know about spyware” and got some great feedback. Today, I’m following up with some advice on how you can prevent unwanted software from ending up on your PC in the first place. This piece, like the last one, is an extremely condensed (and preliminary)...

Is that Internet Explorer add-on safe?

Internet Explorer supports all sorts of add-ons and extensions. The most popular are Browser Helper Objects (BHOs), browser extensions, and toolbars. If you run Windows XP Service Pack 2, you can view a list of all installed add-ons by choosing Tools, Manage Add-ons. From this dialog box you can enable, disable,...

Category-specific RSS feeds

As an experiment, I’ve created two new RSS feeds for this site. The main feed includes every post. The two new feeds provide only posts that are in the Security or Windows Media Center Edition categories. Both feeds are RSS 2.0 with full content. Full site feed Security feed Windows...

New version of Microsoft Baseline Security Analyzer is out

If you’ve never used the Microsoft Baseline Security Analyzer, this might be a good time to give it a try. Version 1.2.1 is now available for download here. The documentation is intimidating (and the accompanying FAQ is only a little less so), but the application itself is pretty straightforward. It scans every...

Microsoft to expand Genuine Advantage program

This story in today’s Washington Post is confusing: Microsoft to Launch Anti-Piracy Initiative: Microsoft Corp. will combat piracy of its flagship operating system by requiring Windows users to verify that their copy of the software is genuine in order to receive timely updates and security fixes, the world's largest software maker...

Ten things you need to know about spyware

Update: I've made some small but significant changes to this list based on excellent feedback from the anti-spyware community. I've also published a second installment in this series. See "Six steps you can take to block unwanted software." Carl Siechert and I are currently working on an update to our 2002...

Get your own biometric desktop

No, not bionic. Biometric. As in Microsoft’s Optical Desktop with Fingerprint Reader. Amazon is currently selling this package, which includes a keyboard and optical mouse, for $59 with free shipping. A $10 mail-in rebate brings the net price to $49. My co-author Carl Siechert tested this for a chapter in our...

Give your security feedback to Microsoft

Steve Lamb is lead Technical Security Advisor for Microsoft's ITPro community in the UK. He’s in Redmond this week and is soliciting feedback for Microsoft product groups. I'm working with the product groups for the entire week and am keen to give your feedback regarding security functionality of our products(Windows, Office, Security...

Microsoft: OK, OK, we'll fix the Windows Media DRM flaw!

Chris Pirillo hears from Matt Calder at Microsoft with an official response to the DRM debacle: While this issue is not the result of any exploit of Windows Media DRM, we do recognize it may cause problems for some of our customers. To help mitigate these problems, Microsoft is committed...

Someone at Microsoft doesn't get it

According to a report at eWeek.com, Microsoft has no plans to fix a security flaw that affects Windows Media Player. (I’ve written extensively about this earlier; see this entry and the follow-ups here, here, and here.) This quote, if accurate, is wrong on many levels: Microsoft officials stressed that the latest attack scenario does...

How to completely eliminate tracking cookies

Some people seem really concerned about cookies. The worst offenders, they argue, are so-called “tracking cookies,” which supposedly allow companies like Doubleclick to track your movements on the Internet. If you think this is a big deal, fine. You don’t need anti-spyware software to get rid of these cookies. Instead,...

Malicious Software Removal Tool

I’ve been getting a lot of search requests today for the new Microsoft Malicious Software Removal Tool. So here it is. The Microsoft Windows Malicious Software Removal Tool checks Windows XP, Windows 2000, and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious software—including Blaster, Sasser,...

Misplaced criticism

Joe Wilcox at Microsoft Monitor is unhappy about Microsoft’s attempts to steer people to its paid services. They’re practically guilty of shipping spyware themselves, he concludes, based on this experience: I started up the Averatec 6100H this morning and got a warning that http://www.averatec.com was trying to change the default home page...

Another Firefox security issue

As Firefox becomes more and more popular, it faces more and more attacks from bad guys. A new report this morning claims that phishers have found a hole in Firefox: A security flaw in the increasingly popular Firefox browser is exposing millions of users to phishing scams, security experts have warned.Jakob Balle, security...

MS antivirus tool on the way?

In the comments, Glenn points to a section of today's press release that I just plain missed. Microsoft Announces Availability of New Solutions to Help Protect Customers Against Spyware and Viruses: In January 2004 Microsoft released a series of removal tools, each of which targeted a single virus or worm...

Shouldn't everyone be spyware-free?

Joe Wilcox is probably going to think I'm stalking him. I'm not, honest. It just so happens that his beat is identical to mine, so we cover a lot of the same topics. In a new post this afternoon, he reports on evidence that Microsoft may soon restrict access to...

MS AntiSpyware: First impressions

OK, I uninstalled my old evaluation copy of GIANT AntiSpyware and installed the new Microsoft version. As I suspected, it's quite similar. Two noteworthy changes: In the Advanced Tools section, the System Inoculation item is gone. This appears to be taken care of during initial setup and in the Real-Time...

Microsoft AntiSpyware beta available now

The beta version of Microsoft Windows AntiSpyware is available now. I'll have more comments after I install it. Given the quick turnaround, I expect it to be essentially identical to the GIANT AntiSpyware product, with the GIANT logos replaced by Microsoft branding. (And who wants to bet that they missed...

Seeing the spyware forest for the trees

Over at Broadband Reports, Eric L. Howes has some more details on the issue of "poisoned WMA files" that I've been writing about for the past few days. (See this entry and the follow-ups here and here.) His post, WMP Adware: A Case Study in Deception is enlightening for its...

Microsoft's secret security plan?

Mary Jo Foley at Microsoft Watch has an interesting report on a rumored security subscription service from Microsoft, code-named "A1": Microsoft's anti-virus/anti-spyware strategy is taking shape. Sources say Redmond's prepping a fee-based bundle, which could go beta soon. Publicly, Microsoft continues to be cagey about packaging and pricing plans for...

Still more on WMA and spyware

Andrew Clover adds a comment to my original post with some interesting observations. Worth reading. One correction to Andrew's note. He writes: I did get one ActiveX download box from MS for the DRM stuff immediately prior to the two bogus downloaders, which looked almost identical. That's not an ActiveX...

More on "poisoned" media files

In a comment posted to my earlier post on "poisoned" Windows Media files, Ben Edelman offers the sort of excellent counterpoint you'd expect from someone who is not only attending Harvard Law School but also studying for a PhD in economics at Harvard: I don't think it's right to say...

"Poisoned" Windows Media files: more details

In an earlier post, I pointed to the fast-spreading but suspicious story alleging that a flaw in WMA files can plant spyware on your computer. This is a follow-up. In the extended portion of this post, I provide details and screen grabs. I'm indebted to Eric L. Howes for his...

Firefox is not a security cure-all

I have lost count of the number of times I have read reviewers telling people that they should switch to Firefox because it is secure, unlike Internet Explorer. This is simply untrue. Mozilla-based browsers are somewhat more secure than IE, for two main reasons: one, they don't support ActiveX controls...

Terminating spyware with extreme prejudice

This Technology > Circuits > Terminating Spyware With Extreme Prejudice" href="http://www.nytimes.com/2004/12/30/technology/circuits/30hard.html?ei=5090&en=afe5af4623aed8d2&ex=1262149200&adxnnl=0&partner=rssuserland&adxnnlx=1104459227-kvNdXkGzBf2a2jss3sKybg&pagewanted=all&position=">first-person account of a reporter's struggle with spyware is amusing and surprisingly accurate: I can trace the decline of my computer's performance to an ill-advised download over the summer. In a pop-music-induced frenzy, I am embarrassed to admit, I went...

Spyware in WMA files? Color me skeptical...

The normally reliable Techdirt admits that the following story raises many more questions than it answers: Is The Recording Industry Hiding spyware In Windows Media Files? When the recording industry first tried to get politicians to shut down file sharing networks, they went with the "it's stealing music" line, which...

Why are people confused about PC security?

Maybe because they read articles like the one in this morning's Washington Post, entitled Trouble Can Be Downloaded Along With Music. The competition is pretty fierce, but I rate this as a strong contender for the worst piece of computer journalism of 2004. The author clearly understands nothing about music...

Security alert for Windows XP

Here's a disturbing report of a Cross-Site Scripting Vulnerability in Internet Explorer, from Secunia. Note that installing SP2 alone will not protect you from this problem, although it does offer a useful tool to fix it temporarily. Clicking the test link on their page opens an IE window that contains...

Charge for security features? No, no, no!

CNN reports that Microsoft may charge extra for security software: Microsoft Corp. disclosed plans Thursday to offer frustrated users of its Windows software new tools within 30 days to remove spyware programs secretly running on computers. But it might cost extra in coming months. In a shift from past practice,...

Anti-spyware software compared

Just ran across this comprehensive Feature Comparison of popular anti-spyware programs. As spyware and adware have become increasingly powerful and difficult to remove, developers of anti-spyware programs have added a wider range of functionality to their applications to give users more powerful tools as well as greater control over those...

Google desktop security...again

An article in today's New York Times reports that some university researchers have found Technology > Rice University Computer Scientists Find a Flaw in Google's New Desktop Search Program" href="http://www.nytimes.com/2004/12/20/technology/20flaw.html?oref=login">a Flaw in Google's New Desktop Search Program. This does seem like a legitimate concern, but here's the part that troubles...

Hotmail dumps McAfee, chooses Trend Micro

FirstAdopter.com points to a CNET News story today: Starting today Microsoft is going to use Trend Micro instead of McAfee for anti-virus on Hotmail. The reason for the change is unclear although an Austrialian Microsoft executive said Trend Micro's products offer "deeper virus protection." Excellent move. I don't recommend McAfee...

Really lame security advice

CNET News tries to spread some panic about desktop search technologies and misses the point completely: Security experts are warning that virus writers could use new desktop search tools to make their malicious software more efficient. Foad Fadaghi, senior industry analyst at Frost & Sullivan Australia, said that most viruses...

Ultimate password protection

Carl Siechert and I are currently updating Windows Security Inside Out for a second edition due early next year. One promising new development that can really help you keep your online identity secure is to use a fingerprint reader manage your logons. Amazon has the Microsoft Optical Desktop with Fingerprint...

A geek's-eye view of security

BigUnix has a fascinating article on computer security. Well, I found it fascinating. If you read it all the way through, then you may be a geek, too: If a system has bugs, sometimes those bugs can be exploited in order to inject new code for the processor to execute....

Dilbert on passwords

This is just too true. Thank goodness I don't have to work in a corporation and try to explain this stuff to people in suits....

A spammer with gall

I just received a lovely piece of e-mail from someone who claims his name is David Van Nuys, President of e-FocusGroups.com. Of course, he wants me to take a survey, in exchange for which he will enter my name in a contest where I will have a chance to be...

Windows 2000 Update Rollup due next year

Microsoft released this Windows 2000 Update Rollup Announcement last week: To make it as easy as possible for customers to maintain the security and stability of their Windows 2000 systems, Microsoft will produce an Update Rollup for Windows 2000 Service Pack 4 (SP4), with a planned release in mid-2005. The...

Anti-spyware software sucks

Mike at Techdirt has a perceptive rant on the current state of anti-spyware software: As spyware becomes a bigger and bigger issue for users, it's becoming clear that the current crop of anti-spyware tools is, in no way, keeping up with the spyware writers. A test of a variety of...

Malware/spyware at a glance

Over at Ars Technica, Adam Baratz and Charles McLaughlin have produced an interesting article entitled Malware: what it is and how to prevent it: You can get infected by malware in several ways. Malware often comes bundled with other programs (Kazaa, iMesh, and other file sharing programs seem to be...

DSO Exploit explained

When you run Spybot S&D, it may complain that your system is vulnerable to something called a "DSO exploit." What's that all about? Maybe a lot less than you think. I stumbled across this excellent article: "dso Exploit" Explained" href="http://forums.net-integration.net/index.php?showtopic=23930">"dso Exploit" Explained at the Net-Integration Forums. In a nutshell, this...

Spreading outdated security advice

Professor Michael Froomkin of the University of Miami School of Law is one of my favorite bloggers. His insights on civil rights and legal issues are always worth reading. However, when the good professor strays into territory where he's not an expert, things sometimes go a little wrong. Witness this...

More misinformation about spyware

In today's Seattle Times, Paul Andrews writes Tired of spyware? Try another browser. The trouble is, he appears to know just enough to spread misinformation. During a recent six-week period, I conducted a small spyware experiment on my Windows computer. I kept track of days I opened Microsoft Internet Explorer....

Busting a virus writer

Larry Seltzer at eWeek has an interesting new article called Who Wrote Sobig? Follow the links to read a series of reports that purport to identify the specific individual who wrote this worm and why he did it. Interesting stuff. As I learned in Journalism school from studying Woodward and...

More on cookies and spyware

Adam Gaffin at Network World Fusion gets comments from people demanding to know why his Web site is trying to install spyware on their computer. His reply: Well, good for you dear sir or madam for running anti-spyware software on your PC. It's a good idea, and I do it...

Why should I trust Yahoo?

While doing research for the forthcoming update to Windows Security Inside Out, I stumbled across Jeremy Zawodny's blog. From a post dated last May, I learned that the Yahoo! Toolbar has anti-spyware features. The fact that Jeremy works for Yahoo makes the following bit of bragging just a little unseemly:...

"Cookies are not spyware"

An excellent post from Jason Dunn at Digital Media Thoughts today: I've had two emails in the past week from Pocket PC Thoughts asking why we're distributing "spyware" onto their computers. We're not - it's that simple. What people are seeing is over-protective anti-spyware software treating normal cookies like spyware.......

Linux security

A little article at Windows IT Pro claims to have the results of a new study that proves Linux is the least secure OS: According to a study the British security firm mi2g, Linux is the world's "most breached" OS and is exploited more frequently than Windows. The company recently...

Wireless security: cracking the code

Network World has put together an excellent, exhaustive article on the ins and outs of deploying a wireless network, entitled Cracking the wireless security code: Is it possible to deploy a secure wireless LAN with technology available today? That question preys on the minds of IT executives who are tempted...

Kazaa use down. Good!

News of an encouraging trend in this morning's headlines. AP: Kazaa losing users: Kazaa's long-standing position as the most popular online file-sharing software appears to be over. Last month, the daily average of file-swappers on the FastTrack peer-to-peer network, which includes Kazaa and related programs, was surpassed for the first...

Victimized by anti-spyware software

Longtime readers of this blog may recall that several months ago I wrote a negative review of a program called SpySweeper. Last night I got this e-mail message from a reader: Ed...I saw your Feb 2004 review of Spy Sweeper and I'm the unsophisticated user you referred to, eg I...

If only this were true

Dana Epp passes along a "golden opportunity" for virus writers to get hired with the FBI. All they have to do is send in an application "with a list of their most successfully deployed computer viruses." The (fake) ad promises that "all applicants will be called in for an interview."...

Mozilla. Security. Oops!

So, you switched to Mozilla. And now you think your computer is secure because you've left behind that notoriously insecure Windows. Oops. Multiple Vulnerabilities in Mozilla based Web Browsers. Mozilla's developers strongly recommend that you get the latest version of Mozilla. Don't get me wrong. I think Mozilla is a...

Spyware removal help

If you're looking for help getting rid of spyware, see this article from michaelhorowitz.com: How to Remove Spyware and Malware from a Windows computer. The following is a blueprint for removing any and all malicious software from an infected Windows computer. This is not customized for a particular malware program,...

Why I hate Kazaa

A new article in the Microsoft Knowledge Base points out an incompatibility between Kazaa and Windows XP Service Pack 2: 878485 - You cannot open Sharman Networks Kazaa version 2.52 in Windows XP with Service Pack 2. Sadly, there's a newer version of Kazaa available that fixes this problem. My...

Spybot S&D instructions

Every so often I get questions about Spybot S&D, which I recommend as an effective spyware/adware detection and removal utility. I'm not an expert on its ins and outs, but the techies at Lehigh University are, and they've put together an excellent Spybot Downloading, Installing and Using guide. Very comprehensive...

The decline of the PC press

I used to be managing editor of PC World, so I think I have some right to say that a story now running on the Today @ PC World blog, Win XP SP2 Halts 15% of Systems, Survey Says is irresponsible nonsense. I don't know where the author went to...

Spyware blog

Scoble points out an interesting blog, Spyware Warrior, which I had not seen before. It's been around six months and seems to be a good source of info for security experts....

Download.ject update available

Microsoft is releasing an update that addresses the most recent security vulnerability. Details in What You Should Know About Download.Ject. On Friday, July 2, 2004, Microsoft is releasing a configuration change for Windows XP, Windows 2000, and Windows Server 2003, to address recent malicious attacks against Internet Explorer, also know...

Security hysteria

The mainstream media is going nuts over a new security warning. Probably the worst reaction came from Dan Gillmor of the San Jose Mercury-News, who is one of the most reasonable people in the world until he hears the word "Microsoft." In Yet More Microsoft Insecurity Outrages, he quotes a...

Mac attack in the works?

Dan Gillmor points to reports of a Horrible Apple OS Security Hole. In fact, he says, Mac users should be "extremely careful in surfing until Apple fixes this." [Update: The link above is dead. Now that Dan has left the Merc and has his own site, all old links redirect...

A pox on McAfee

I spent 15 minutes on the phone yesterday with my old friend Marty, trying to work out why his Web browser was feeding him a steady diet of "page not found" error messages. SBC is taking its own sweet time getting his DSL line set up, so he's stuck on...

Why we patch, reason #145

Techdirt provides A Look Into How Spammers Spam: some anti-spammers have managed to get themselves into the various "spam clubs" where top spammers trade tips with each other. From that they've learned, as we all pretty much knew already, that the state of the art in spamming is using compromised...

You got hacked. Now what?

Jesper M. Jahansson, Security Program Manager at Microsoft, has a new column: Help: I Got Hacked. Now What Do I Do? Let's just say you did not install the patches like we discussed last month. Now you got hacked. What to do? I'll skip to the end for you: The...

Security Update CD

A reader alerts me that he got an e-mail from Microsoft telling him his Windows Security Update CD (ordered last month) is on the way. Have you received yours yet? While it's a good idea, the implementation has a real problem, because it only includes patches through October 23rd of...

What is spyware?

In its current issue, PC Magazine has an interesting review of 11 anti-spyware programs. Spy Stoppers is available online. It's a pretty good overview, marred by one huge omission: The article doesn't include a definition of spyware. In fact, I've found that this sloppy use of the terms spyware and...

Who can you trust?

You'd think that a government agency that specializes in data security could keep its own house clean. But not in Norway, where Yahoo News reports that everyone who subscribed to a new government-sponsored security newsletter received the FunLove virus as a special welcome. For more details, see Norway's Data Agency...

Don't be a virus victim

In the last month, I've cleaned the damn Klez virus off of three computers in my neighborhood. In each case, the person with the infected computer didn't even know they had been hit. Of course, they had antivirus software that hadn't been updated in more than a year, and they...