[SecurityRatty] tag: suites

Summarizing Zero Day's Posts for October

Tue, 04 Nov 2008 05:28:07 +0000

Here's a brief summary of all of my posts at Zero Day for October. You can also go through previous summaries for September, August and July, as well as subscribe to my personal RSS feed or Zero Day's main feed.

Notable articles for October - Scammers introduce ATM skimmers with built-in SMS notification; Inside an affiliate spam program for pharmaceuticals; CardCops: Stolen credit card details getting cheaper.

01. Cybercriminals syndicating Google Trends keywords to serve malware
02. Scammers introduce ATM skimmers with built-in SMS notification
03. Atrivo/Intercage's disconnection briefly disrupts spam levels
04. Adobe posts workaround for clickjacking flaw, NoScript releases ClearClick
05. Asus ships Eee Box PCs with malware
06. Fake Microsoft Patch Tuesday malware campaign spreading
07. Secunia: popular security suites failing to block exploits
08. Survey: 88% of Mumbai's wireless networks easy to compromise
09. Adobe's Serious Magic site SQL Injected by Asprox botnet
10. Inside an affiliate spam program for pharmaceuticals
11. Google to introduce warnings for potentially hackable sites
12. Lack of phishing attacks data sharing puts $300M at stake annually
13. CardCops: Stolen credit card details getting cheaper
14. Cybercrime friendly EstDomains loses ICANN registrar accreditation
15. Phishers apply quality assurance, start validating credit card numbers
16. Spammers targeting Bebo, generate thousands of bogus accounts

Tests Expose Internet Security Suites Failures To Protect Against Exploits

Mon, 13 Oct 2008 19:05:33 +0000

Danish security notification firm Secunia is urging security suites vendors to rethink how their products are designed, moving away from “ineffective signature-based detection” to a smarter form of defense. According to Secunia, internet security suites do little to protect users against online exploits. Secunia tested 12 suites (which include firewall, anti-malware and anti-spam functions) against a [...]

Top security suites fail exploit tests

Mon, 13 Oct 2008 00:00:00 +0000

Security software suites don't protect users from real-world exploits, a bug-tracking company charged after launching 300 test attacks against a dozen programs, including software from McAfee, Symantec and Trend Micro.

Security software performs poorly in exploit test

Sun, 12 Oct 2008 20:00:00 +0000

Security software suites are doing a poor job of detecting when a PC's software is under attack, according to Danish vendor Secunia.

Top security suites fail exploit tests

Sun, 12 Oct 2008 20:00:00 +0000

Security software suites don't protect users from real-world exploits, a bug tracking company charged today after launching 300 test attacks against a dozen programs, including popular software from McAfee, Symantec and Trend Micro.

All-in-one security suites do make it easier on casual users.

Wed, 17 Sep 2008 20:04:36 +0000

It will be interesting to see how the all-in-ones do with speed.

clipped from www.pcmag.com

Security Suites Speed Up

Modern suites look at your browsing activity in a number of different ways. They block drive-by downloads, check for fraud, and perhaps block inappropriate content for your kids. To see if this analysis slows down the browsing experience I used an ActiveX control that measures when a page has completely loaded, along with a script that launches dozens of URLs with lots of content. Norton had the least impact on surfing speed, adding about 13 percent to the time required for this test. Kaspersky, which did well in most of my other performance tests, slowed browsing by over 60 percent. Given the amount of time the average person spends surfing the Web, this is a tough one for Kaspersky to fall down on.

Build your own free security suite

Tue, 26 Aug 2008 20:00:00 +0000

Do-it-all suites are the name of the security game these days. Sure, you can gather free programs that cover the bases much as a suite would, but who wants to bother with finding out which apps work together and which ones might leave you pulling your hair out?

Eight Steps to Responsible Surfing

Wed, 06 Aug 2008 20:30:41 +0000

Web threats and attacks will continue to evolve, but surfers can protect themselves against the majority of malicious code by following eight different steps. To provide the greatest degree of security, surfers cannot rely entirely on technology, and should also address the behavioral issues that are most likely to create risky situations.

Changing Behavior

The safest way to deal with a danger is avoidance. By surfing safely and adapting offline sensibilities online, surfers can greatly reduce their danger of exposure to malware.

1. Educate yourself.
At least every 6 to 12 months, surfers should browse the educational information provided by their operating system and security vendors and subscribe to any security-related newsletters they might offer. According to David Perry, familiarity with the latest threats, dangers, and recommended safety tips will allow surfers to make safe choices. “Until you know what’s out there, you’re just flying blind. Without an education, you’re wide open”.
2. Avoid suspect sites.
While criminals can infect even mainstream Web sites, sites such as gambling sites, adult Internet sites, and illegal file-sharing sites are far more likely to carry malicious code. Web sites that offer “something for nothing” frequently recoup their losses by infecting visitors’ PCs.
3. Lose Your Comfort Zone.

Web surfers should migrate their offline precautions to their online experience. By beginning with an attitude of healthy skepticism and only doing business with trusted Web sites, surfers can bypass a good deal of risk.

Recommended Technology

Despite the best precautions, every user will encounter Web-based malware. While no technology can guarantee protection against all attacks, a combination of preventive technologies provides the most comprehensive protection possible.

4. Use an updated virus scanning suite.
The most important component of any threat mitigation system is a virus scanning suite. In addition to detecting and removing known viruses and malware, modern virus scanning suites provide additional protections against new attacks by disabling their known protocols. For example, Trend Micro™ Internet Security encrypts keyboard traffic, protecting personal data from keyboard logging programs that might go unnoticed. Users should update their scanner and virus definitions as frequently as possible to ensure the best possible coverage.
5. Upgrade your OS and browser.
In addition to offering more features, Microsoft’s Internet Explorer version 7 and the latest Mozilla Firefox are both substantially more secure than previous-generation browsers. Users of older browsers should upgrade immediately to take advantage of increased security. Similarly, Windows Vista and Mac OS X are more secure than their predecessors, and users of older operating systems should consider upgrading, as well.
6. Disable scripting and “widgets.”
Many Web-based attacks use various scripting languages to run infectious programs in a browser or use downloadable “widgets” to execute infections locally. By disabling scripting and avoiding downloadable widgets wherever possible, surfers disable these common attack vectors.
7. Rate your Web pages.
Some available services rate the risk of Web pages in search results, allowing surfers to avoid unwanted content and hidden threats before viewing the pages. Rating applications (e.g., Trend Micro TrendProtect™) consume few system resources and run unobtrusively, so they are suitable for any Web-enabled personal computer.
8. Ask your provider.
Commerce companies, banks, and credit card associations are all interested in computer security, and many offer additional features. For example, Visa’s Verified By Visa program requires cardholders to enter a second password to identify themselves during a transaction, while businesses in Poland require cell-phone confirmation of credit card purchases. While nothing will be 100 percent effective, any additional security measure provided by a trusted source will increase protection, and surfers should adopt as many as possible.

This article provided for your reading pleasure by Trend Micro.

Norton Internet Security 2009 beta ramps up

Mon, 28 Jul 2008 20:00:00 +0000

Security software customers are speaking with their feet: They want security updates and other security interruptions out of their faces, and they won't hesitate to dump their security suites because of performance drag -- whether or not it's actually the security software that's to blame.

When your hotel does funerals

Tue, 22 Jul 2008 19:41:36 +0000

So another week, another travel nightmare. This week I am in the DC area for a few days, than flying over to Ohio and then back home. Staying in the DC/Northern Va area I made hotel reservations through our corporate Expedia account (which is now called Egencia BTW). Though it is fine for airline reservations, I regret it every time I make a hotel reservation on Expedia. This time I reserved a room at the Virginian Suites. I had never heard of it, but it was only $158, which is really cheap for around here. It had 3 stars and sounded good, so I booked it.

I arrived tonight and as I pulled up I have to say that I thought I made a good choice. It is a converted apartment building and every room is actually a studio type of apartment. It has free parking and is located near where I have meetings in Arlington. I gave my name at the desk and they had my reservation, looking good! I was given keys to room 707 and headed on up. I got to room 707 and tried to open the door. No luck, the keys didn???t work. After a moment or two of trying to make the keys work, the door opens and the guy who is staying in the room wants to know what I am doing trying to get in. Well I was reminded of an old Robert Schimmel comedy routine and ran away from there as fast as I could.

I went back down to the desk and told them what happened. The woman at the desk apologized, she meant to write room 700, not 707. While I am waiting for her to correct this and issue new keys, I am looking at the schedule of events at the hotel today. That is when I notice that one of the main events of the day was a someone???s funeral! Thats right, it seems the hotel is used for funerals in the area. That just freaked me out. Now I am getting Six Feet Under deja vu here. I don???t know, call me squeamish, but I just don???t feel good about staying at a hotel that doubles as a funeral home. To top it off, the Internet access here sucks. It is so slow that I am watching the paint dry. Maybe I should go down and catch a funeral or two while I wait for a page to load. In any event, I think this will be the last time I stay here. I just can???t wait for what the rest of this week brings!