Linux an easy alternative
CHEBUCTO COMMUNITY NET
THE INTERNET in the year 2006 has become a scary place.
You run a Windows computer without anti-virus protection or forget to update your software,
boom, your computer is taken over by the bad guys and
serves as part of abotnet, a zombie army of home computers
that are the source of more than 80 per cent of junk e-mail,
among other nastiness.
Odds are that more than half the Windows users reading this column
have computers that have been compromised in some manner
without their owners knowing it.
One solution is to switch your computer from Windows to
the Open Source operating system Linux.
Open Source means that the software code for all the programs
is both
free of charge and open for inspection.
Linux is much less of a target for bad guys because of
its smaller market share and the greater difficulty
to infect a Linux system.
The trouble is you really still need more than average
computer skills
to set up and run Linux.
Linux developers realize this and are working on
improving the interface for more general use.
The developers at Knoppix have a bootable CD and DVD
that allow you to stick the disk in your drive,
start up the computer and start using Linux,
simple as that.
It detects your computer’s hardware, sets it up for you
and puts you into a point-and-click interface
Windows
users will be instantly familiar with.
If you’re on a high-speed Internet connection,
that will be set up automatically as well.
Every piece of software you might want is included —
web browsers, e-mail software, Open Office, an office software suite
compatible with Microsoft Office formats and a host of other programs,
everything from games to graphics editing programs.
The Knoppix DVD contains more software,
but even the CD holds an impressive amount.
Want Windows back?
Simply reboot the computer without the Knoppix
disk in the drive.
The good news is you can use Linux whenever you want
without a lot of hassle or risk of damaging anything.
The bad news is that if you use the standard Windows
2000/XP NTFS file system on your hard drive,
Linux can read your files but cannot modify them
or write any new ones.
If you have a disk drive using the FAT32 file system
standard with Windows 95B, Windows 98 and Windows ME,
you can save Knoppix settings permanently and update
the software packages that came with the Knoppix disk.
You don’t need to know anything at all about Linux
to plunge in and start using Knoppix.
You’ll need a Bitorrent client to download the Knoppix
CD or DVD disk image and you will need a CD or DVD
burner and burner software to write the disk image
to a blank CD or DVD.
Once created, the Knoppixdisk can be used on any x86
compatible personal computer that can be
set to boot from a CD or DVD drive.
It makes for a great backup in case you need to use
your computer and Windows won’t start.
Knoppix is not perfect but is under active development.
Windows users will find Linux naming conventions unfamiliar
—your C: drive is called hda1, for example — and
setting up hardware not automatically detected
can be problematic.
Once set up though, Linux computers are
low-maintenance, secure and rock-solid stable,
capable of running for months without crashing or
having to reboot.
Knoppix home site:
http://www.knopper.net/knoppix/index-en.html
The Mousepad runs every two weeks.
It’s a service of Chebucto CommunityNet,
a community-owned Internet provider.
If you have a question about computing, e-mail
mousepad@chebucto.ns.ca.
If we use your question in a column, we’ll send you a free mousepad.
January 4, 2006
Wait for Microsoft WMF patch, no thanks!
Posted by George Ou @ 3:12 am
By now, you've probably heard of the unofficial WMF Vulnerability patch by programming genius Ilfak Guilfanov.
Some experts say install it now! Others say you better wait till next week for the official patch from Microsoft.
Since I've spent a good part of New Years day weekend researching and testing this bug,
I would tell you that this vulnerability is so dangerous that you better install the unofficial patch
now and then uninstall it when the official Microsoft patch is hopefully released next week.
The highly respected SANS.org has fully vetted the patch and they're so impressed that they've
even started hosting copies of the patch on their own website.
For your convenience, Guilfanov created an EXE version of the patch which you canfind here.
For the corporate types that want to install this across the enterprise through Active Directory,
they can push out the MSI version repackaged by Evan Anderson of
Wellbury Information Services, L.L.C.
If you're wondering why this is such a high priority patch, it's because existing workarounds
are weak at best and the exploit is extremely dangerous.
There are those who say this isn't anymore dangerous than an Internet worm but worms can't infect you through firewall perimeters.
Even Antivirus and Intrusion Detection Systems are having a hard time with the WMF exploits
since a group released proof-of-concept code that automatically generates randomized headers
and fragmented packets to defeat nearly every AV and IDSsignature.
With the WMF exploit, you just need to look at an infected image file while surfing the web
or checking your email and you're instantly infected with nasty spyware or rootkit.
Since there are no official patches available, there was little you could do to
protect yourself until now.
Hardware-enforced DEP seems to work pretty well only if you have a more recent CPU
that supports AMD NX or Intel XD technology.
NX and XD technology enforces Windows DEP (Data Execution Prevention) in hardware
but you most likely have to change the default DEP settings and apply DEP to "all programs
and services on your computer
". Microsoft's official workaround of un-registering a specific DLL
file not only breaks a ton of useful functionality like the ability to view image thumbnails,
but it doesn't even protect you from MS Paint or Lotus Notes.
Guilfanov's patch doesn't seem to break anything and it protects you much better than
Microsoft's official workaround.
Microsoft's official negative stance on the unofficial patch is understandable
since Microsoft can't take responsibility for a 3rd party patch which
they haven't tested and they're busy cranking out the official patch.
But this vulnerability is so serious that I personally just can't wait
till next week for the official patch.
For now, Guilfanov is a big life saver and I'll keep his patch installed until the official Microsoft
patch hopefully comes out next week.
Windows flaw spawns dozens of attacks
By Dawn Kawamoto, CNET News.com
Published on ZDNet News: January 3, 2006, 11:55 AM PT
A flaw in Microsoft's Windows Meta File has spawned
dozens of attacks since its discovery last week,
security experts warned Tuesday.
The attacks so far have been wide-ranging, the experts
said, citing everything from an MSN Messenger worm
to spam that attempts to lure people to click
on malicious Web sites.
The vulnerability can be easily exploited in
Windows XP with Service Pack 1 and 2, as well
as Windows Server 2003, security experts said.
Older versions of the operating system, including
Windows 2000 and Windows ME, are also at risk,
though in those cases the flaw is more
difficult to exploit, said Mikko Hypponen,
chief research officer at F-Secure.
"Right now, the situation is bad, but it could be much worse. The potential for problems is bigger than we have ever seen," Hypponen said. "We estimate 99 percent of computers worldwide are vulnerable to this attack."
....continued
Windows zero day nightmare exploited
Aaargh! Updated No fix for Windows XP SP2
By INQUIRER staff: Wednesday 28 December 2005, 12:11
F-SECURE, Bugtraq and a number of other security aware
outfits have warned of a zero day vulnerability that's
being actively exploited as we write.
Fully patched Windows XP SP2 machines are vulnerable
and there's no known fix as yet.
A number of trojans are being distributed using the
vulnerability, related to Windows' image rendering.
F-Secure says you can get blatted if you visit a site
with an image file containing the exploit. IE users may
automatically be infected.
Firefox users can get infected if the image file
is downloaded. There's more solid advice at F-Secure.
We await a patch from Microsoft. µ
* UPDATE Ken Dunham, director at iDefense, said the
zero day WMF exploitation threat affecting fully
patched versions of XP and Windows 2003 Web Server is
underway.
It has been exploited by multiple sites and added to
the infamous Meetasploit tools. Attacks in the last 12
hours, said Dunham, have been minor. But systems so far
attacked have shown clear signs of infection. He warned
further attacks were likely.
There is no solid workaround against emerging WMF
exploits.
Locking down WMF files on the gateway and building
network detection signatures may mitigate known
threats. The impact of attacks may also increase.
TECH NEWS
Symantec antivirus security scare
Wed, 21 Dec 2005
According to a prominent security researcher,
Symantec's anti-virus software range, which includes
the popular Norton AntiVirus program,
is vulnerable to attack.
Although Symantec has released an advisory there is not
yet a patch to correct the vulnerability that could
allow malware to corrupt the program and run
malicious software on a user's computer.
According to Alex Wheeler, a security researcher
formerly with Internet Security Systems, there's a
problem with how Symantec's AntiVirus library handles
RAR files — a type of file compression similar
to ZIP files.
He discovered that a virus hidden inside a specially
crafted RAR file could be made to run
on the user's machine.
Labeled as "High" risk by Symantec this worm can cause
a heap overflow that may then allow a hacker to
execute additional code, and take complete control
over the computer running the anti-virus software.
Wheeler warns that if the Symantec software is set to
scan all incoming email automatically, hackers can
take advantage of the vulnerability remotely — without
any action on the user's part.
According to Symantec the problem applies to
Symantec Antivirus Corporate Edition,
Symantec Brightmail Anti-Spam,
Symantec Client Security, Symantec Gateway Security
(widely used in corporate environments),
Norton Antivirus (for Windows and Mac),
Norton Antivirus for MS Exchange,
and Norton Internet Security.
Microsoft Gets Flak for Zotob
A poll finds more than one-third of businesses blame the software giant for the worm that crashed computer networks.
August 18, 2005
With frustrations mounting as the Zotob worm continues to crash computer networks, a poll Thursday found more than one-third of businesses blame Microsoft for the outbreak, and not the creators of the worm that exploits a vulnerability in the software giant’s Windows operating system.
In a web poll of more than 1000 users, 35 percent of the respondents held Microsoft responsible for the mess as Windows had a software flaw that allowed the worm to sneak in, Sophos, the IT security firm that conducted the survey, said.
The Redmond company is not alone in incurring the wrath of business users. Some 20 percent of respondents pointed the finger at system administrators for not patching the systems quickly enough.
Oddly, less than half of those polled, 45 percent, blamed the writers of Zotob and its many variants that first began striking computers Sunday (See Zotob Virus Strikes Windows).
“It is most surprising that so many people blame Microsoft for having the software flaw in the first place,” said Graham Cluley, senior technology consultant at Sophos. “Many respondents appear to be incredibly frustrated by the constant need to roll out emergency patches across their organizations."
Mutating Fast
Zotob has infected computers in major media organizations like CNN, ABC, and The New York Times by exploiting a vulnerability in Microsoft’s Windows 2000 operating system that allows it to seize control of users’ PCs. It also struck payment giant Visa (See Zotob Morphs into 11 Variants).
Since Wednesday, seven more variants had been detected, bringing the total number of Zotob variants to 18, said Sophos.
Despite the havoc that Zotob has wreaked and any damage it has caused to Microsoft’s image, the incident is unlikely to have any impact on the Redmond giant’s sales, analysts said.
“In the past, we have seen that even after a worm or virus attack that is severe, it is mostly business as usual for Microsoft,” said Matt Watchinski, director of vulnerabilities for Sourcefire, an enterprise security company. “We just don’t have any data to support the idea that users switch their systems if they face security issues on Microsoft products.”
Another Sophos survey showed only 28 percent of respondents rated Microsoft as their most trusted operating system when it comes to security. Meanwhile, 47 percent believe open-source Linux and Unix are the most secure.
But this perception is unlikely to lead to more enterprise users switching to alternative operating systems, analysts said.
By Joris Evers, CNET News.com
Published on ZDNet News: June 20, 2005, 6:35 PM PT
As the pool of easily exploitable Windows security bugs dries up, hackers are looking for holes in security software to break into PCs, analysts said.
Software makers of ubiquitous antivirus products have not yet been forced to acknowledge and fix potential problems in their code, analysts with Yankee Group wrote in a research paper published Monday. As a result, antivirus software is like low-hanging fruit to hackers, according to the analysts.
Microsoft's Windows operating system has been a favorite target of hackers, but new security flaws are being discovered in security products at a faster rate than in Microsoft's products, the analysts wrote. In the 15-month period ending March 31, 77 separate vulnerabilities have been reported by security vendors, they wrote.
Symantec, F-Secure and CheckPoint Software Technologies are among the vendors that have seen a rise in the number of security issues that affect their products in the past years, according to Yankee Group.
If the trend continues, the number of vulnerabilities for security products will be 50 percent higher than 2004 levels, according to the analysts. While Microsoft flaws continue to flow, the rate has decreased notably, according to the analysts. They credit the release last year of Windows XP Service Pack 2, a security-focused update.
Yankee Group predicts a "rising tide" of vulnerabilities will be found in security products. Software makers should look at their security processes, and users need to get ready to patch security products, the analysts wrote. Also, buyers should ask tough security questions when buying new products, they advise.
Thursday 31 March 2005, 13:56
ONLINE SECURITY firm Symantec said some of it anti-virus software
has holes in it.
The company admitted its Norton Antivirus, Norton Internet Security and
Norton System Works,
2004 and 2005 editions, were so flawed hackers
could quite easily sneak in and knobble computers running the
software.
Japan's Information-Technology Promotion Agency told Symantec about one
situation with both Windows versions of Norton AntiVirus 2004 and 2005,
where a real-time scan of a specific file type can cause the Blue Screen
of Death to appear.
The programs' Auto-Protect and SmartScan features were found to be
faulty and susceptible to Denial of Service attacks.
Red-faced company engineers released patches for the holes and
distributed updates to users of its LiveUpdate automatic update service.
Symantec said it assessed the Risk Impact of the discoveries as low. Here's Symantec's security response.
IE 'Unsafe' 98 Percent Of 2004, Says ScanIT
By Gregg Keizer, TechWeb News
As Mozilla and Microsoft executives argue about which browser -- Firefox or Internet Explorer -- is more secure, fans of the former have numbers on their side, a Belgian security consultancy said this week.
According to Brussels-based ScanIT, users of Microsoft's Internet Explorer (IE) were "unsafe" 98 percent of the time during 2004, while Mozilla users -- which would include those using Mozilla and Firefox -- were "unsafe" only 15 percent of last year...IE was vulnerable all but seven days of 2004, or 98 percent of the year. "There was only one period in 2004 when there were no publicly known remote code execution bugs," said ScanIT's report. "Between the 12th and the 19th of October. That means a fully patched Internet Explorer installation was known to be unsafe for 98 percent of 2004."
During 200 days (54 percent of the time), there was a worm or virus on the loose that exploited one of the unpatched IE vulnerabilities. (ScanIT's IE vulnerability timeline can be found here.)
In comparison, Firefox (and the other Mozilla browsers) was vulnerable only 56 days in 2004 (15 percent of the time) during off-and-on stretches starting in May. At no time in 2004 were worms or viruses circulating that exploited one of the unpatched Firefox vulnerabilities. http://www.techweb.com/wire/security/159906119
Microsoft warns of future security danger
Kernel Rootkits could be the next bad thing
By Nick Farrell:
Friday 18 February 2005, 08:25
A HITHERTO OBSCURE security expert and software colossus, based in Redmond and called Microsoft has warned of a new generation of spyware that is almost impossible to detect.
According to Computerworld, Volish experts told the RSA security conference that system monitoring programs, or "kernel rootkits", are undergoing a transformation at the moment.
Mike Danseglio and Kurt Dillard, both of Microsoft's Security Solutions Group said that the malicious snooping programs are becoming more common and could soon be used to create a new generation of mass-distributed spyware and worms.
Rootkits run quietly in the background and can be spotted by looking for memory processes that are running on the infected system.
However, kernel rootkits, which modify the kernel, or core request processing, component of an operating system, are becoming more common, Vole says.
Newer rootkits can intercept system calls that are passed to the kernel and filter out queries generated by the software. This makes them invisible to administrators and to detection tools, says Danseglio.
Microsoft researchers have developed a tool, named "Strider Ghostbuster" that can detect rootkits by comparing clean and suspect versions of Windows and looking for differences.
However the paper admits that the only way to be sure that you have killed a kernel rootkit is to completely erase an infected hard drive and reinstall the operating system from scratch.
Vicious spyware continues to savage home PCs
User incompetence?
By INQUIRER staff:
Wednesday 02 February 2005, 14:33
A SURVEY sponsored by Earthlink claimed that the number of keystroke loggers and system monitors soared in the last three months of 2004, compromising consumer PCs and their owners' bank accounts.
The report claimed that system monitor numbers soared by 230 per cent in the last three months of the year and trojans rose by 114 per cent.
Spyware rose by 72 per cent between October and December 2004, said Earthlink, causing an executive to say: "Spyware is becoming one of the Internet's most dangerous threats."
The Spyaudit report is created by Earthlink and Webroot - both companies make anti-spyware software. Sometimes we wonder whether or not home PC users should undergo an exam, a bit like a driving test, to get a licence which they would need before they were allowed to buy a PC. Or should it be OS vendors that require such licences before they're allowed to release their products on poor consumers?
By Nick Farrell:
Wednesday 16 February 2005, 08:19
THE MIGHTY and all powerful Microsoft is finally getting around to replacing the ancient browser IE for something it claims will be more secure.
William Gates said at the RSA Security Conference in San Francisco yesterday that IE 7 was on the drawing board.
He said that the new version of IE will be released for preliminary testing this summer. It will have new protections against viruses, spyware and phishing scams.
According to Gates, IE 7 will only work with SP2. There are no indications that it will come with any extra functionality.
Most analysts think that if IE were made more secure it could kick other browsers like Firefox out of the business market.
Gates told the conference that spyware was quickly becoming a major threat to computing.
He said that "all of our Windows licensees should have antispyware capability".
This is seen as a hint that its free anti-spyware tool will continue to be available at no extra charge to those who have legitimate versions of their operating systems.
Gates confirmed that Microsoft will have an AV product on the market "by year's end" although there is no indication that such a product would be free.
Removing Pests from Windows (Part 1)
Date Launched: Sep 22, 2004
Last Updated: Sep 22, 2004
Section: Articles :: Misc Network Security
Author: Ricky M. Magalhaes
In this two part article I will discuss pests and potential issues associated with pests that may be encountered within windows. IT security professionals are faced with these resource and information divulging threats daily and because at his point there is not mature technology to deal with the problem officially it is challenging to remove these pests form the computer or server manually. These pests are like parasites of the digital world. These parasites feed off the electronic resources of the host machine, eventually draining the machine to standstill point.
Worms turn as Trojans take over
SecurityPosted on Wednesday,
January 05 @ 16:35:31 PST by manunkind
Worms have fallen out of favour with virus writers to be superseded by Trojans as the most virulent malicious code, according to antivirus firm Panda Software.
The Downloader.GK Trojan has topped the company's 2004 problem chart, accounting for 14 per cent of reported incidents. The next most common infection, the Netsky worm, managed less than half this level.
The Downloader Trojan is transferred when the user visits a website using a poorly patched browser. Once downloaded it activates a spyware program called BetterInet, and software called SearchCentrix which generates pop-up advertising.
"Trojans are very much on the up," said Professor Neil Barrett of Cranfield University's computer science department.
"They have become the tool of choice for spreading malicious code, including Java applets from web pages. This has links with the efforts of spammers and phishers to boost visits to certain websites."
But Professor Barrett also pointed out that part of the reason for the increasing numbers of Trojans is that advertising software is now included in the statistics.
Until recently many security specialists did not classify advertising software with Trojans because it caused no harm to the user's PC.
There were four Trojans affecting browsers and common applications in the top 10 last year, accounting for nearly a quarter of all problems, according to Panda.
Top 10 for 2004
1. Downloader.GK (14 per cent)
2. Netsky.P (6.92 per cent)
3. Sasser.ftp (4.97 per cent)
4. Gaobot.gen (4.31 per cent)
5. Mhtredir.gen (4.22 per cent)
6. Netsky.D (3.98 per cent)
7. Downloader.L (3.56 per cent)
8. Qhost.gen (3.48 per cent)
9. Netsky.B (3.45 per cent)
10. StartPage.FH (3.34 per cent)
http://www.vnunet.com/news/1160286
