Symantec / Norton 60-day intro on Gateway & eMachines

A little bit of news in the anti virus arena showed up today at CNNMoney. Looks like Symantec has struck a deal with Gateway / eMachines for a Symantec / Norton 360 trial on Gateway & eMachines PCs. [Editor's note: since the page on CNNMoney is no longer available, the inactive link has been pulled, too.

All-in-all, we're always glad to see any coverage on a new computer, we're just disappointed it was a chintzy 2-month trial. Given the number of new PCs that will no doubt end up under Ye Olde Christmas trees this year, that will mean a lot of computers start going unprotected towards the end of February 2009 as no doubt some people ignore the update nags and opt to go without antivirus protection.

We have a great deal of respect--a great deal--for Symantec as a company, but we think a 60-day trial is a little lean.

If someone opts for antivirus subscription renewal, that's great; if they decide to give something else a try, just so happens we know where they can look at and compare antivirus software. ;-)


Morro: Microsoft's free anti-virus / anti-malware

Our friends in Redmond, Washington, are at it again. :-)

Microsoft just announced their own free anti-malware / anti-virus software. cnet has full coverage of Microsoft's Morro anti-virus software and the general consensus amongst security industry companies seems to be a universal shrug.

Here's what reps from some of the leading companies had to say in interviews for the article:

Company   Quote
McAfee "With more malware attacks than ever before, we believe our advanced technology... will provide consumers the confidence to choose McAfee as their trusted adviser and expert in security."
Symantec "...it's simply not in Microsoft's DNA to provide high-quality, frequently updated security protection."
Kaspersky "[Microsoft has] continued to hold a very low market share in the consumer market, and we don't expect the exit of OneCare to change the playing field drastically."

Hmmm... doesn't sound like any are quaking at the thought of having Microsoft as a competitor in the antivirus software marketplace anytime soon.


10 IT Security Companies worth Watching

Network World, long one of our favorite magazines / sites for all things network and security related, has a 5-page piece on a few of the many interesting computer security companies.

Each company tries to tackle different challenges many of us face in computer and network security. All-in-all it's an interesting read, but given the nature of Network World, it's really aimed at enterprise security and not so much at the average consumer / home PC user.

An interesting read no less.

Security Company... Noteworthy premise...
1 Behavioral Recognition Systems Takes digital video streams and analyzes them for potential threat information.
2 CoreTrace Keeps track of just the programs that are supposed to be running on a computer rather than trying to catch everything that isn't.
3 Envysion Provides managed video surveillance services including the installation of cameras in business locations.
4 Guardian Analytics Helps banks prevent fraud by analyzing customers accounts to look for suspicious behavior
5 Metaforic Prevents software tampering, piracy and theft. Can shut the program off or take other protective steps.
6 nexTier Networks Monitors and blocks sensitive (i.e. confidential) content in transmission across networks with a data-leak prevention network appliance.
7 NovaShield Detects / blocks so-called "drive-by" downloads. Designed to stop malware not ordinarily detected.
8 Packet Analytics Analyze traffic between computers on a network by looking at the logfiles from those computers to make profiling and analysis easier for network engineers.
9 Purewire Protects enterprise users from malicious-code attacks while surfing the Web online.
10 Rohati Controls user access to applications through access-control lists done at the network level.


Trojans in Microchips / CPUs?!

OK, we're normally a pretty computer security oriented lot around here, but a post we came across today at DailyArtisan.com has us even more concerned than normal. :-(

Trojan Microchips from China is the theme, and if true, it's downright alarming. Even if only partially true, it should raise the hair on the back of all our necks.

The gist of the piece is that Robert Eringer, a former FBI spy, has claimed that China has planted trojans in the microprocessors -- the actual CPUs themselves mind you -- of many computers on the market today and that chances are high your computer may have one of these trojans.

We say "may" because we want to be cautious about laying too much blame where none has yet been definitively established.

Nevertheless, if true, this is ugly stuff. Really ugly stuff in fact.

"'It is there, deep inside your computer, if they decide to call it up,' the security chief of a multinational corporation told The Investigator.

'It is capable of providing Chinese intelligence with everything stored on your system — on everyone’s system — from e- mail to documents.

'I call it Call Home Technology. It doesn't mean to say they're sucking data from everyone's computer today, it means the Chinese think ahead — and they now have the potential to do it when it suits their purposes.'"

Obviously, the identity of the source of this statement is being protected, but given that it's "security chief of a multinational corporation," chances are high this isn't just some chump making idle claims.

Whatever the case, we're going to continue to follow this story.

The question we'll no doubt be getting from many is, "What do I do?"

It's unclear what can be done at this point, but we'd hope that most decent antivirus software--especially that which also includes a firewall--would help you detect any unauthorized connections and allow you to prevent them from happening.

Given that these are the CPUs themselves that Eringer claims have been infected, it's impossible for us to say for sure if the software would detect these connections or if such connections would sneak out unnoticed.

 The best thing to do, we believe, is to be aware of threats such as these and take reasonable precautions--like running  good antivirus software you can afford--and to do your best to be aware of what your security software is actually telling you.

Read the warning messages and do your best to learn what they mean and if you're genuinely at risk or if it's a false alarm.

Years ago, when I personally first began getting interested in computer security, I learned,

"The most dangerous thing you can say to yourself in assessing risk is, 'It's not like....' because as soon as you've told yourself, 'It's not like....' you've just given someone the means by which to attack your system.

 "The smart thing to do is to assess risks honestly and to instead say, 'This is unlikely to be a risk because....' That way you're at least allowing yourself the mental capacity to go back and reassess things again later whereas if you say, 'It's not like....' you're actually closing that mental door altogether. Not smart."

In other words, don't just ignore your antivirus / firewall software when it complains about something! Be smart, listen to it, and learn what it's trying to tell you. What you learn from it in a few minute might just shock you.


Just what *is* Spyware?

Two terms we often hear bandied about out here in the ol' Interwebnets are: spyware and adware.

We used to take the position that adware meant software that didn't steal personal information or "spy" on your Internet habits (namely by reporting them back to a central server) and that spyware was software that did.

Put another way, adware might generate a ton of annoying popups or change your browser settings and such, but as long as it didn't "spy" on you, either by reporting your browsing habit and/or your personal information back to a central server, it was "just" adware and not spyware, per se.

The lines have definitely blurred though, and drawing a clear distinction between one and the other is nigh impossible.

An article on Microsoft.com asks: What is spyware?

The author of this article says,

Spyware is a general term used to describe software that performs certain behaviors such as advertising, collecting personal information, or changing the configuration of your computer, generally without appropriately obtaining your consent first."

Given that this article is (at the time of the writing of our own piece here) +2 years old, we're going to go on record now as saying we agree with this author at Microsoft's definition. 

Whatever the case, one thing is clear: spyware sucks.


Firefox 3.0.4 Released

Firefox, one of our favorite browsers, just released rolled out the latest version, 3.0.4.

Here's the official release notes: http://www.mozilla.com/en-US/firefox/3.0.4/releasenotes/

For a complete list of bugfixes check out: https://bugzilla.mozilla.org/buglist.cgi?....

Here's a recap of what was fixed in this version...

CRITICAL: MFSA 2008-55 Crash and remote code execution in nsFrameManager MFSA 2008-54 Buffer overflow in http-index-format parser MFSA 2008-53 XSS and JavaScript privilege escalation via session restore MFSA 2008-52 Crashes with evidence of memory corruption (rv:
HIGH: MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
MODERATE: MFSA 2008-51 file: URIs inherit chrome privileges when opened from chrome MFSA 2008-47 Information stealing via local shortcut files
LOW: MFSA 2008-58 Parsing error in E4X default namespace

As you can see from the list, there are plenty of reasons why you should upgrade your Firefox if you're using an older version. Download Firefox here...


Major Spam / Scam Source Killed

Good news in the world of anti-spam and anti-virus today: the Washington Post's security blog, the aptly named "Security Fix," announced today that thanks to their data gathering spree, what appears to be a major spam / scam ring hosted by www.McColo.com has been shut down!

Just how much spam was this? A third party security firm, the blog says, estimates McColo was responsible for 75% of the spam today.

Wow. Even if that estimate is off by a factor of 10, even killing 7.5% is impressive.

After presenting the evidence to Hurricane Electric and Global Crossing, two of McColo's major Internet Service Providers, McColo's connections were yanked.

Turns out, according to the Washington Post piece, the fine folks at McColo seem to've been hosting a, "... client list experts say includes some of the most disreputable cyber-criminal gangs in business today."

According to Benny Ng with Hurricane Electric, one of McColo's ISPs,

"We looked into it a bit, saw the size and scope of the problem you were reporting and said 'Holy cow! Within the hour we had terminated all of our connections to them."

Nice work, one and all. 

For full details, check out the original post about their efforts at stopping spam.