By Michael Santo
Editor-in-Chief, RealTechNews

Depending on how you spin this information, it’s either good news or bad. A study by a decidedly partial observer, security vendor PC Tools Software, showed that Windows Vista, while much improved over Windows XP, is still far too vulnerable.

Not that we needed a study to tell us that …

The study was developed by using data from PC Tools’ ThreatFire program. According to the data, Vista allowed 639 threats per thousand computers through its built-in security, compared with 586 for Windows 2000, 478 for Windows Server 2003, and 1,021 for Windows XP.

So, rather than Windows Vista being Microsoft’s most secure OS, as it’s advertised, it’s really Windows Server 2003?

Simon Clausen, CEO of PC Tools, said in a statement:

“Ironically, the new operating system has been hailed by Microsoft as the most secure version of Windows to date. However, recent research conducted with statistics from over 1.4 million computers within the ThreatFire community has shown that Windows Vista is more susceptible to malware than the eight year old Windows 2000 operating system, and only 37% more secure than Windows XP.”

PC Tools’ flagship product, ThreatFire, is designed to work in concert with standard antivirus programs to protect your PC. ThreatFire uses behavioral analysis to detect malware rather than a signature database. PC Tools says on their ThreatFire site:

Traditional antivirus solutions cannot protect you until after they’ve discovered a new threat and produced a signature to counter it.

ThreatFire is different. It does not rely on signatures, but instead constantly analyzes your computer’s behavior to detect and block any malicious activity. ThreatFire protects immediately so you know your PC and your valuable data is always secure.

While this is the type of protection that I’ve always stressed is important, of the type that might have prevented the recent malware “shipment” in a Firefox language pack, it also means that PC Tools has a vested interest in this type of study.

While ThreatFire is free, PC Tools also sells a anti-spyware product as well as an antivirus product.

By Yan Fortin
Contributing Writer, RealTechNews

You’ve been using your cell phone for years, and up until recently, doing so securely was something most people took for granted. But as time flies by, new means of using mobiles to tap directly into someone’s life are becoming easily available on the Web… and the worse thing is, most of these tools are completely free.

It connects you to the world, but your cell phone could also be giving anyone from your boss to your wife a window into your every move.  The same technology that lets you stay in touch on-the-go can now let others tap into your private world — without you ever even suspecting something is awry.

New Web services and software allow people to track your every move and listen to what you say, even if you are not actively using your phone. Kindda makes the future of mobile communications depressing doesn’t it?

Cell Phone Spying: Is Your Life Being Monitored?

By Michael Santo
Editor-in-Chief, RealTechNews

McAfee and Yahoo! announced on Tuesday a new feature for Yahoo! Search which will supposedly make searching safer: the flagging of potentially unsafe Web sites appearing in Yahoo search results.

The initiative uses McAfee’s SiteAdvisor technology to mark risky sites in search results. SiteAdvisor itself is already free, but not having to install it makes life a whole lot easier for those who might move from PC to PC, or even browser to browser.

According to Yahoo!’s press release:

SearchScan will be turned on by default for all users in the U.S., Canada, UK, France, Italy, Germany, Australia, New Zealand, and Spain, and will scan for three types of risks in our search index:

• Browser Exploits — These are sites that can stealthily harm a user’s computer or install malware simply by visiting the site. Beginning today, any such sites or pages included in McAfee’s data will be removed from search results automatically.
• Dangerous Downloads — SearchScan will display warnings next to search results for sites that offer potentially dangerous software, such as viruses, spyware or adware. Users often may be unaware that these can be passed along with the screensavers, games and other software downloads.
• Unsolicited Email — SearchScan will alert users to scanned sites that send unsolicited emails or inappropriately share email addresses with third parties.

SearchScan will be on by default but users can turn off or even filter all sites with warnings from their results.

This is a feature that’s been available for some time for Google users, as Google has teamed with StopBadware.org. Interestingly, the site flagged above is not flagged in Google’s results. Who are you supposed to trust?

By Michael Santo
Editor-in-Chief, RealTechNews

McAfee’s S.P.A.M. (Spammed Persistently All Month) experiment begins today. This is a global project, with 50 people, 5 from each of the 10 countries that McAfee does business in, selected from over 2,000 respondents via a Craiglist ad.

The entire month of April, participants will expose themselves to spam using a Dell laptop provided by McAfee - which they will keep - sans spam protection and with a fresh email address. As the month goes by, participants will blog about their experiences on http://www.mcafeespamexperiment.com/ (participants will blog in their native languages).

Participants won’t just be receiving spam; they’ll be responding to it, to prove just how harmful spam is. In a press release, Christopher Bolin, chief technology officer for McAfee said:

“Spam isn’t just a nuisance. It’s a tool used by cyber criminals to steal personal and business data. And, as scammers become more adept at writing spam in local languages it’s becoming more difficult for Internet users to detect spam. It’s vital that computer users understand the risks of leaving their computers unprotected.”

A good question would be just how many Nigerian / 419-type scams participants will enjoy.

Dave DeWalt, CEO for McAfee said:

“Cybercrime won’t go away without solving the problem of spam. McAfee is leading the fight against cybercrime and spam. This experiment will raise awareness of the problem by showing that a 30-day diet of spam is bad for your online health.”

Sounds a lot like a Super Size Me type experiment doesn’t it?

There’s no doubt that besides the annoyance of being buried under a mountain of spam, if you’re not wary you can become infected with viruses and trojans - or those who are the most careless can be tricked into giving away sensitive financial information.

At the end of the experiment McAfee’s Avert Labs will be analyzing the spam and writing a report. I assume they will also analyze just how many viruses were introduced to the laptops as well - as well as, since the participants are keeping the laptops, provided a fresh hard drive or formatting the old one.

We Say: It should be noted that McAfee provided both antivirus and antispam products, so it has a vested interest in this study.

Ready, set, start clicking on that spam!

By Michael Santo
Editor-in-Chief, RealTechNews

And people wonder why I have doubts about the future of the human race. An attack by hackers occurred last weekend on the user forums of the Epilepsy Foundation of America (EFA), “the national voluntary agency solely dedicated to the welfare of the more than 3 million people with epilepsy in the U.S. and their families.”

Apparently hackers went into the forums and laced messages with first animated GIF images, and then Javascript in an attempt to trigger seizures in users.

It should be noted that the forum at the National Society of Epilepsy (NSE) in the U.K. was subjected an identical attack last weekend.

Of those diagnosed with epilepsy, 3 - 5% are of the photosensitive type, in which seizures can be triggered by visual stimuli.

Both sets of forums have since been cleaned up, but why would anyone do this? Messages on the forum indicate that some even wondered about ever coming back to the forums. In this EFA thread Bella2 said:

So, it really freaked me out, the events of last week. Disgusting, graphic pictures kept popping up and I got the worst headache ever. I’m sure all of you had the same. I’m sure there were some who had seizures, too. I force quit my computer and all was normal again. The next day, I asked my husband to check it and it seemed fine too but I have been avoiding this site because I didn’t know how long it would take to clean it up.

Here’s a “thank you” note for the hard work the EFA did in cleaning up the forums.

And here’s a general thread at the NSE about the problems of last weekend.

To make matters worse, the hackers laced the forums with viruses and trojans as well. It was noted by Southie in this thread, that her AV program caught the following:

Keylogger
Keystroke
Back-Door
JS/Popupper

Why would anyone do this? And who would do this? As I said previously, it just goes to show that there are some pretty evil people in the human race.

Wired seems to think it was the group Anonymous, which has been waging a cyberwar against Church of Scientology, but I see no reason why they would attack the EFA and NSE. Apparent members of Anonymous have posted on the EFA boards denying responsibility, and actually positing it was the Church of Scientology that attacked the sites, which makes no sense either.

In the end, while it does matter, we will probably never really know who attacked the sites. More importantly, the sites should take some steps to prevent the issues from occurring again: simply disabling Javascript and images in forums posts would be a good first step.

And let’s hope this sort of thing never happens again.

By Michael Santo
Editor-in-Chief, RealTechNews

Nothing is so humorous as when the web site of a security vendor gets hacked. OK, OK, it was hilarious when the RIAA site was hacked, too. And I’ll admit: it’s probably not as funny if it’s your security vendor.

Earlier this week a massive attack on websites via iFrame was launched. According to McAfee’s Avert Labs site:

This attack involves injection of script into valid web page to include a reference to a malicious .JS file (sometimes in the BODY, other times in the TITLE section). The .JS file uses script to write an IFRAME, which loads an HTML file that attempts to exploit several vulnerabilities.

These vulnerabilities have already been patched, but some, as listed on McAfee’s site, appear to involve obscure ActiveX controls that site owners may not have known to patch. That wouldn’t explain Trend Micro’s problems, though.

Users are redirected by the hacked page to another site, which will try to install malware. Of course, a savvy user would cancel such an install. Someone more trusting might accept it. If they’re lucky, their antivirus program will catch it. If not …

Trend Micro confirmed that the web site had been hacked early in the week with these types of pages, but the pages were taken down and scrubbed clean on Tuesday night.

We Say: While this is of course, humorous, it’s more so because Trend Micro is one of the larger security vendors. You’ll recall that earlier in the year a small Indian firm was serving up a virus.

By Jimmy Daniels of Windows Tips
Contributing Writer, RealTechNews

Jeremy Jaynes, once considered one of the top 10 spammers in 2003, was convicted of massive distribution of junk email and sentenced to 9 years in jail. It was suspected that he sent 10 million emails a day, earning $750,000 a month from his spamming “business”, and while the conviction was upheld, it was by a vote of 4-3, not overwhelming by any standard.

Justice Elizabeth Lacy wrote in a dissent that the law is “unconstitutionally overbroad on its face because it prohibits the anonymous transmission of all unsolicited bulk e-mail including those containing political, religious or other speech protected by the First Amendment to the United States Constitution.”

Jaynes allegedly used aliases and false Internet addresses to bombard Web users with junk e-mails peddling sham products and services. The court’s majority said misleading commercial speech is not entitled to First Amendment protection.

“Unfortunately, the state that gave birth to the First Amendment has, with this ruling, diminished that freedom for all of us,” Jaynes’ lawyer, Thomas M. Wolf, said in a written statement. “As three justices pointed out in dissent, the majority’s decision will have far reaching consequences. The statute criminalizes sending bulk anonymous e-mail, even for the purpose of petitioning the government or promoting religion.” Source: Yahoo

We Say: What else can you say but, HA HA!

By Michael Santo
Executive Editor, RealTechNews

You may recall I wrote earlier about the troubles people were having with the prequisite updates that Microsoft said were required in order to get Windows Vista SP1 in March. In a “mea culpa” moment, Microsoft has stopped distribution of the update that seems to be at the heart of the issue, KB937287.

In a post on the official Windows Vista Blog, Microsoft said:

Immediately after receiving reports of this error, we made the decision to temporarily suspend automatic distribution of the update to avoid further customer impact while we investigate possible causes.

So far, we’ve been able to determine that this problem only affects a small number of customers in unique circumstances. We are working to identify possible solutions and will make the update available again shortly after we address the issue.

It should be noted that those who are having issues can call 1-866-PC-Safety - for free. No charge to calls to this line as its typically used for upgrade issues and security issues. You’ll have to tell them what KB update you’re having a problem with.

I have always said that Microsoft has a much tougher time because of the myriad of hardware their OSes have to support, as opposed to Apple which has a relatively closed set of hardware. That said, you would still hope that something this serious would not make it out of their labs.

I’m also not sure sure about that “unique circumstances” line either. I managed to successfully update 2 PCs last week with the prerequisites, but stopped at that point after hearing about the issues.

BTW, if you are having the reboot issue and don’t have a Vista DVD or a system restore point - good luck! You may need it.