- WinPE 2.0 already publicly available
- XP SP3 to come out in 2008
- Firefox 2.0 to be released on Oct. 24th
- Virus installs and uses Kaspersky AV engine to protect itself, plus more
- Windows versus everyone else exploit numbers
- Apple ships virus with iPods
- Funny Amazon Entries For the Tech Head
- Companion worms making it harder to discover malware
- Internet Explorer 7 to be pushed to XP this month
- Great book for new PGP or GPG users
October 27, 2006 | Comments: (0)
WinPE 2.0 already publicly available
MVP and Microsoft security expert Alun Jones wrote to tell me that WinPE 2.0 is already available.
-----
Saw references to Bart's PE and WinPE 2.0 in your recent Security advisor column.
You state that WinPE 2.0 only comes with Vista - that's not quite correct. The beta version of BDD 2007 is available for free download from connect.microsoft.com - and it's not difficult to get your application approved.
When BDD 2007 is released, at least at the last briefing I heard (TechEd), it will remain a free download.
Alun Jones
Posted by Roger Grimes on October 27, 2006 09:43 AM
October 24, 2006 | Comments: (0)
Microsoft to update XP Pro to SP3 in 1st half of 2008.
Read more about it here.
Posted by Roger Grimes on October 24, 2006 01:59 PM
October 24, 2006 | Comments: (0)
Firefox 2.0 to be released on Oct. 24th
Firefox 2.0 to be released on Oct. 24th
A review of Firefox 2.0's features is here.
You can find a comparative review between Firefox 2.0 and IE 7 here.
Posted by Roger Grimes on October 24, 2006 06:23 AM
October 21, 2006 | Comments: (0)
Virus installs and uses Kaspersky AV engine to protect itself, plus more
Interesting example of an advanced spambot.
Joe Stewart at SecureWorks analyzed and reported on a spambot that uses Kaspersky antivirus to protect itself. Not only that, but it also:
-Command and control bot with multiple server ports
-Uses AES encryption to protect itself.
-Adds random pixels to the end of the spam gif it uses to fool anti-spam software looking for static images.
-Very modular
-Uses a custom, binary, P2P network.
Thanks to my friend Steve from SecurityAppraisers for the hint.
Posted by Roger Grimes on October 21, 2006 12:27 PM
October 18, 2006 | Comments: (0)
Windows versus everyone else exploit numbers
Surprise, Microsoft Windows is no worse than most other popular platforms in terms of the number of vulnerabilities.
Jeff Jones' blog entry shows the relative statistics of different OSs versus each other, and OS versus application vulnerabilities.
Numbers alone never tell the whole story, but you can't read the figures and come away feeling that the Mac OS X or Linux is somehow doing a better job. Overall, all the compared OSs are doing a less than stellar job. If you want true security, use OpenBSD, otherwise what you use is going to have a fair amount of publicly announced exploits on a regular basis.
The most interesting points for me were:
Table 6-showing that most exploits were not OS-related. They were app related instead.
Tables 7a and 7b-shows that regarding OS vulnerabilities only, Unix, Linux, Mac OS X, and Windows all had about the same amount of exploits, with Windows actually being slightly lower.
Jeff Jones, of course, is a Microsoft employee. But he compiled his figures from the commonly respected, vender neutral, CVE list.
Posted by Roger Grimes on October 18, 2006 06:14 AM
October 17, 2006 | Comments: (0)
Apple apparently shipped about 1% of the latest iPods with a computer virus installed.
Apple is far from the first vendor to do this, but with all the vendors it has happened to lately, it makes you wonder how strong their other security policies are enforced at third party manufacturing plants?
Click here for the story.
Here's a link to McAfee's site on the virus.
On a completely different, but slightly related note, I'm in love with the CopyPod program. When I upgraded iTunes from 7.0x to the latest version last week, all my music and podcast library disappeared. When I tried to re-import my exported library, iTunes said the file format was not recognized. With 688 songs (it's only a 4GB version), I didn't relish re-installing all that music, most of it from my own physical CDs. CopyPod ($20) recovered the music from my iPod and re-sync'd it with iTunes. Best $20 I've spent this week.
Posted by Roger Grimes on October 17, 2006 05:21 PM
October 15, 2006 | Comments: (0)
Funny Amazon Entries For the Tech Head
If you're the type of person who loves to read fake RFC's, then you can't pass up these great books. The humor is more in the reviewer's comments than anything else.
Note 1: Thanks to Bruce Schneier's Cyptogram newsletter for the book link.
Note 2: It kills me that a book about nothing but random digits has vastly outsold anything I've ever written.
The Story About Ping
The most popular review, usually the first one, is the must read.
Posted by Roger Grimes on October 15, 2006 01:49 PM
October 15, 2006 | Comments: (0)
Companion worms making it harder to discover malware
A new series of worms (called Downloader.Agent.awf by some AV products) read infected computer's HKLM (or HKCU) \Run keys to find previously installed programs.
Then the worm copies the original executable to a new location, and replaces the original copy with a copy of the worm. When the computer executes the \Run keys, it runs the worm instead, which then launches the original program.
(Malware which renames itself as other legitimate called files are known as spawners, twins, or companions).
This complicates detection and removal process, because the worm will appear as a "known and trusted", previously installed executable. While this behavior is not new, it's apparently becoming popular again. So, when looking for malicious code, you cannot simply trust file names and locations. You must verify each file's integrity hash against a known good copy.
There are many free hash programs available for Windows and Linux. The book 'PGP and GPG' turned me onto one for Windows called DigestIT 2004. It like it because it does MD5 and SHA-1 hashs and integrates into Windows as a right-click context menu.
Posted by Roger Grimes on October 15, 2006 09:38 AM
October 09, 2006 | Comments: (0)
Internet Explorer 7 to be pushed to XP this month
News out of Redmond is that IE 7 will be pushed to XP customers this month.
The automatic push (if you have Automatic Updates) can be denied or delayed, but will be pushed out and offered automatically. I love IE 7, but it will break some applications, so test thoroughly before committing in your environment.
Posted by Roger Grimes on October 9, 2006 05:11 AM
October 04, 2006 | Comments: (0)
Great book for new PGP or GPG users
I just got through reveiewing a great book on PGP and GPG on email encryption.
It's called PGP & GPG: Email for the Practical Paranoid by Michael W. Lucas, by No Starch Press ($24.95 list price).
I've had Phil Zimmerman's original book on PGP for almost a decade, but I'd recommend this book to any one new to PGP-related technologies or to Windows or Linux/Unix users trying to get up and running quickly.
Excellent tutorial, quick read, and enough humor to make it enjoyable. The publishers sent it to me a few months ago to review. I'm sorry I didn't read it then. It's an easy recommendation to friends and co-workers who want to encrypt and authenticate their email.
Posted by Roger Grimes on October 4, 2006 07:22 PM
TOP STORIES
IBM boosts BlackBerry accessIntel to develop PC with Alibaba
Adobe refreshes Flash Player
Cybercriminals can rent a botnet
Comcast to buy Plaxo social network
Rootkit for Cisco routers
Leopard interface tweaks
Icahn to launch proxy fight
Office VBA and Mac IT
Test your Geek IQ
ADDITIONAL RESOURCES
- Application Security: Threats and How to Counter Them
- Why Linux Threats Mean Business
- Minding the Machines: PC Disaster Recovery for the Enterprise
- Protect Your Data with SSL
- Prevent Your Next Microsoft Exchange Outage
- 11 Myths About Microsoft Exchange Backup & Recovery
