Wiz's Computer and Website Security Blog

Lavasoft, the makers of Ad-Aware, have announced the end of life and support for the free version of Ad-Aware SE Personal. All users of this version are urged to upgrade to Ad-Aware 2007 Free Edition. Otherwise, if you are still using Ad-Aware SE and check for updates, you will see this message: "No updated components available."

From Lavasoft's Ad-Aware SE Forum:
Ad-Aware SE will be expiring Dec 31, 2007. If you haven't updated your version to Ad-Aware 2007 please do that now.

Lavasoft has made many improvements over SE, in the new version of Ad-Aware, which will allow it to better deal with the newer threats that are emerging from the dark side of the Force. The criminals behind the malware programs are not standing still, so security programs must be improved to deal with new threat techniques.

Main features of Ad-Aware 2007 Free Edition:

• Free manual updates (you must initiate the check for updates)


• On-demand manual scans detect and remove Trojans, worms, spyware, and other malicious programs


• Full-Feature Quarantine


• Repairs damage left by malware


• Prevents Browser Hijacking


• Internet surfing tracks erased with TrackSweep, on multiple browsers, including Internet Explorer, Firefox, and Opera, with one click.


• Incremental updates for faster downloads


• Efficient computer resource footprint


• Free software updates throughout license/version duration


• Free support from a worldwide security volunteer network, at the Lavasoft Support Forums.


• Advanced Code Sequence Identification (CSI) Technology - Ensure your privacy protection with precise detection of embedded malware including Trojans, worms, spyware, and other forms of deceptive malware.


• Advanced Engine Structure - Benefit from superior program flexibility and more accurate scanning methods with all-new program architecture.


• Creates System Restore Point - Easily revert to your clean system to recover from a spyware attack.


• New Straightforward User Interface


• Operating Systems supported:
  Windows Vista (32-bit), Windows XP (Home and Pro), Windows Server 2003, Windows 2000 (Pro and Server)


• Web Browsers supported:
  Internet Explorer (version 5.5 or higher), Firefox (version 1.5 or higher), Opera (version 9 or higher)

Continue reading "End of support for Ad-Aware SE. Upgrade to 2007" »

Posted by Wiz at 12:12 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Secunia has updated the detections for their online Software Inspector tool. If you are not using this free service to check your computer for insecure versions of typically exploited software you are blowing an excellent opportunity to learn the state of your computer's security. Here is what this tool does:

Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.

How it Works:
The Secunia Software Inspector relies on Secunia File Signatures to recognize applications on your system. The detected applications are then matched against the Secunia Advisory Intelligence to determine whether an application is up-to-date or not. The results are then used to advise you on how to update to more secure releases of the insecure applications, including any missing security updates from Microsoft.

The Secunia Software Inspector covers the most common and popular end user applications:
* Internet browsers
* Internet browser plug-ins
* Instant messaging clients
* Email clients
* Media players
* Operating systems

Note that the Secunia Software Inspector works by inspecting version information on your system and therefore it does not take into account if you have applied a workaround to address a particular vulnerability.

To use the Secunia Software Inspector, go to the Software Inspector web page and click on the "Start Now" button. The tool uses the latest Java Virtual Machine to perform it's tasks, so if you don't have Java support in your browser, you will be prompted to install it (from java.com, a division of Sun Corporation). With Java installed in your browser, when you click on the "Start Now" button the page will change and the button will be replaced with one that just says "Start." Click on this button and wait for about 45 seconds for the scans to complete. The time required depends on the speed of your Internet connection. Mine takes 40 seconds, on a 3 mbps down / 512 kbps up - DSL line.

The results of the scan will be displayed in the browser, under the start button area. If you see all green checkmarks, everything is up to date. If some programs are out of date, or if insecure copies are lying around your hard drive, there will be red Xs that you can click on - to read the details. Insecure versions of Flash or Java can still be exploited and should be deleted.

After I ran the Software Inspector today I learned that my Adobe Flash player and Opera browser had been updated, since I last ran the tool, a week ago. Both of these are security updates to fix critical vulnerabilities. The new version of Flash is 9,0,115,0 and the new version of Opera is 9.25, after upgrading them today.

If you have installed any of the software they scan for in a non-standard location - place a check in the checkbox that offers to scan non-default locations, before you begin the scan.

Note to software firewall users:
If you use ZoneAlarm, or another software firewall, which blocks access to changed executables that access the Internet, be sure to allow the upgraded (changed) Opera browser to continue to access the Internet and tell the firewall to remember your decision. This applies to any program that you upgrade, if it access the Internet and your firewall challenges changed files that try to connect to the 'Net.

Posted by Wiz at 2:58 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Secunia has updated the detections for their online Software Inspector tool. If you are not using this free service to check your computer for insecure versions of typically exploited software you are blowing an excellent opportunity to learn the state of your computer's security. Here is what this tool does:

Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.

How it Works:
The Secunia Software Inspector relies on Secunia File Signatures to recognize applications on your system. The detected applications are then matched against the Secunia Advisory Intelligence to determine whether an application is up-to-date or not. The results are then used to advise you on how to update to more secure releases of the insecure applications, including any missing security updates from Microsoft.

The Secunia Software Inspector covers the most common and popular end user applications:
* Internet browsers
* Internet browser plug-ins
* Instant messaging clients
* Email clients
* Media players
* Operating systems

Note that the Secunia Software Inspector works by inspecting version information on your system and therefore it does not take into account if you have applied a workaround to address a particular vulnerability.

To use the Secunia Software Inspector, go to the Software Inspector web page and click on the "Start Now" button. The tool uses the latest Java Virtual Machine to perform it's tasks, so if you don't have Java support in your browser, you will be prompted to install it (from java.com, a division of Sun Corporation). With Java installed in your browser, when you click on the "Start Now" button the page will change and the button will be replaced with one that just says "Start." Click on this button and wait for about 45 seconds for the scans to complete. The time required depends on the speed of your Internet connection. Mine takes 45 seconds, on a 3 mbps down / 512 kbps up - DSL line.

The results of the scan will be displayed in the browser, under the start button area. If you see all green checkmarks, everything is up to date. If some programs are out of date, or if insecure copies are lying around your hard drive, there will be red Xs that you can click on - to read the details. Insecure versions of Flash or Java can still be exploited and should be deleted.

If you have installed any of the software they scan for in a non-standard location - place a check in the checkbox that offers to scan non-default locations, before you begin the scan.

Posted by Wiz at 1:50 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Originally posted on May 15, 2006

I am currently testing a Firefox/IE security extension called Site Advisor. It is a Beta product from McAfee, and is freeware. It places an icon on the statusbar of the browser. That icon changes colors as you browse websites. Normally it is green, meaning that as far as they know this website is safe to view. Some sites cause it to turn yellow, indicating unsafe associations, while dangerous websites make it turn RED. Those sites are the ones that force downloads by exploiting browser vulnerabilities, or spam you if you sign up for their newsletter/mailing list.

I will try it out in both Firefox and Internet Explorer and report my findings. If you want to try it yourself go to www.siteadvisor.com/

If you like the product and wish to become a Reviewer signup for an account. Then you can post comments about safe or dangerous websites that you visit. This may help save others from having spyware or Trojans installed by driveby downloads, or from visiting spammy websites that unleash a slew of popup windows when you go to that website or try to leave it.

I will be posting comments about my experiences with the Site Advisor toolbar as extensions to this Posting.

The Site Advisor has been updated a few times since it's first release. If you are using a version more than 1 month old you should check for updates. Firefox extensions can be checked en-masse by going to Tools > Extensions > Find Updates.

Continue reading "Site Advisor Security Toolbar Test" »

Posted by Wiz at 6:37 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

SpywareGuard is a freeware program from Javacool Software, the makers of SpywareBlaster, MRU-Blaster, Doc Scrubber, and EULAlyzer.

The last version of SpywareGuard that has been released to date is version 2.2, dated January 22, 2004. There have been no further developments made to either the program or it's definitions since that time. Yet, there are people in the anti-spyware community who stand by the program. Why is that, you ask?

The reason that this senior citizen spyware fighter still has a following is due to the fact that it relies upon heuristic detection of known hostile behaviour, in addition to the installed (out-dated) signatures of (then) known spyware applications. So, although the signatures are way out-of-date the heuristics still work at detecting attempted changes to the Internet Explorer Home Page and other system changes.

It should be noted that the spyware business has not stood still and that many of today's tactics used to hijack your browser will slip past this old Guard. For what it is worth, if you are not using another anti-spyware program that monitors attempted changes to your browser settings, then SpywareGuard may be of use to you. It will probably stop most common threats to your browser settings, which is better than none.

That said, there is still the possibility of future develpoment of the program, according to the following Post, made on January 17, 2005, by it's maker, Javacool Software...

Continue reading "Is SpywareGuard 2.2 still useful for computer protection?" »

Posted by Wiz at 3:47 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Strider URL Tracer with Typo-Patrol

Strider URL Tracer with Typo-Patrol

When a user visits a Web site, her browser may be instructed to visit other third-party domains without her knowledge. Some of these third-party domains raise security, privacy, and safety concerns. The Strider URL Tracer, available for download, is a tool that reveals these third-party domains, and it includes a Typo-Patrol feature that generates and scans sites that capitalize on inadvertent URL misspellings, a process known as typo-squatting. The tool also enables parents to block typo-squatting domains that serve adult ads on typos of children's Web sites.

Strider URL Tracer alerts people when they are redirected to a third-party site, according to a description on Microsoft's research Web site. It can trace pop-up advertising back to the redirecting domains that supplied them. Parents can use it to block domains that may redirect their children to porn.

What is typo-squatting?

Typo-squatting refers to the practice of registering domain names that are typo variations of popular websites.

The risks posed by typo-squatter websites

Typo squatters are companies that exploit slips of the fingers by registering for mistyped versions of popular URLs. Some typo domains are parking lots for pay-per-click and syndicated advertising, according to a Microsoft research paper published alongside the tool. The group's researchers found that a mere six services have a presence on between 40 and 70 percent of active typo domains.

In addition to serving up ad links, typo squatters deliver pop-ups and pop-unders, and can redirect surfers to the intended domain. Often, the users are never even aware that they have visited a third-party site. As a result, many legitimate companies have been blamed for pop-ups advertising porn.

On top of this, companies may end up paying out for the advertising that leads customers to sites they were already aware of and trying to reach.

Consumers can be at risk with typo domains. Some are used in phishing scams, which mimic the look and layout of legitimate online businesses in an effort to dupe people out of personal information such as bank passwords.

Others use wrongly typed URLs for popular children's Web sites to lead surfers to porn sites, or to sites looking to exploit children.

Download page: http://research.microsoft.com/URLTracer/

Posted by Wiz at 11:25 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

A startup funded by the U.S. government's Defense Advanced Research
Projects Agency is ready to emerge from stealth mode with hardware-
and software-based technologies to fight the rapid spread of malicious
rootkits.

Komoku, of College Park, Md., plans to ship a beta of Gamma, a new
rootkit detection tool that builds on a prototype used by several
sensitive U.S. government departments to find operating system
abnormalities that may be linked to malicious rootkit activity.

A rootkit modifies the flow of the kernel to hide the presence of an
attack or compromise on a machine. It gives a hacker remote user
access to a compromised system while avoiding detection from
anti-virus scanners.

The company's prototype, called CoPilot, is a high-assurance PCI card
capable of monitoring the host's memory and file system at the
hardware level. It is specifically geared towards high-security
servers and computers.

Gamma, meanwhile, is a separate, software-only clone of CoPilot that
will target businesses interested in a low-assurance tool for
protecting laptops and personal computers.

Komoku launched quietly in 2004 with about $2.5 million in funding and
rootkit detection contracts from DARPA, the Department of Homeland
Security and the U.S. Navy.

Full Article:
http://www.eweek.com/article2/0,1895,1951941,00.asp

Posted by Wiz at 12:31 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.