Subscribe in a readerWindows Steady State
If you use Window XP or Windows Vista, Microsoft has a tool that could be useful to some people. It’s meant more for shared computers, or for any PC that’s at greater risk of infection.
What it does is fairly simple. Every time you reboot the PC, Steady State will restore it to how it was before. So no matter how many viruses, spyware and adware you end up accidentally installing. it becomes fresh and anew.
You need to install it and set it up correctly, and for most people it might be a good idea to get some advice from someone who’s IT savvy, just to make sure you take full advantage of this great tool.
Best of all is that it’s free, as long as you have a genuine Windows XP or Vista license.
While you should still be responsible with how you use a computer, what you download and which web sites you visit, this tool is great tool for certain people.
More info and a download link here.
Don’t use old browsers
A new report has concluded that 637 million people are using out of date web browsers. This is bad.
Old web browsers have security flaws and vulnerabilities. You’re meant to update your web browser to the latest version because the developers have worked hard to patch it and fix up security holes. And in almost every case an upgrade is completely free. Why would anyone choose to use an old browser?
There are no legal obligations to upgrade a web browser but with this many people ignoring the very simple task of upgrading maybe it’s time for something to change. Now’s a good time to check for updates (the option is often in the Tools menu of the browser you’re using right now).
The report is here.
Bluetooth Patching
Microsoft has just released June’s lot of Windows patches for XP and Vista. Among the latest patches is one to fix a vulnerability in the Bluetooth stack.
If your computer uses Windows XP or Vista and it has Bluetooth then you need this patch. If your computer doesn’t automatically download and install patches you’ll need to go to Internet Explorer, go to the Tools menu and select Windows Update. Until then you should turn off Bluetooth, otherwise someone could take control of your computer.
Bluetooth has always had security problems from the start. There have been a few fixes along the way but overall it’s an insecure technology.
Technical details about this patch here.
Adobe Flash Flaw
This week everyone’s been talking about a new flaw in Flash that can be exploited to run malicious code on your computer. After a few days of media frenzy Adobe has released a fix for it.
If you use Windows then download the update (this includes users of FireFox, Opera and Internet Explorer). Link here.
The fixed version is 9.0.124.0. If you’re keen you can read more about the vulnerability here.
Mac OS X Update
Apple has released a major update to Mac OS X. If you use a Mac you should first make a good backup of your computer then apply this update.
It patches over 40 security vulnerabilities (don’t let anyone tell you Macs are completely safe and invulnerable). The latest version is 10.5.3.
Ad-Aware 2008
Ad-Aware 2008 is now available. It’s a popular anti-spyware product for Windows that scans your computer for spyware and adware. It comes in three versions:
- Free
- US$26.95, includes features such as real time detection
- US$39.95, includes more advanced features such as network drive scanning
There’s a comparison chart here showing what’s different between the versions. If you’re new to this product and aren’t sure which version you need start with the free version.
Read more about Ad-Aware 2008 here including a download link.
Similar products available for Windows are:
Also note that the larger anti-virus packages such as Trend Internet Security also contain anti-spyware modules.
Update: HP Software Update Tool
Back in January I mentioned that HP’s Software Update Tool was vulnerable to attacks. That was limited to a support program installed on HP laptops. Now the problem appears to be worse than first thought.
A large number of HP’s printers (both laser and inkjet), scanners, cameras and PCs also include this tool. Version 4.0.9.2 or earlier is vulnerable. The problem has been resolved in the latest update, version 4.0.10.8.
So if you have an HP product on your computer check if HP’s Software Update Tool is installed, and the version number. You might need to upgrade it.
The risk is that a malicious web page can be created that activates some code in HP’s Software Update Tool and it can execute code on your computer. This is OK if you’re allowing HP to update your drivers, but it’s a bad thing if random strangers can do this.
Note that this only affects Windows users.
AVG 8.0 Released
AVG has released a new version of their anti virus program. It comes in three versions:
- Free
- US$35
- US$55
8.0 was just released, the main new features are:
- link scanning
- anti spyware
- Email and instant messaging protection
The difference between the three prices are the features included. See this chart for details.
FireFox and Safari Updates
The FireFox and Safari browsers have been updated. If you use either of these then you should upgrade today. The new version numbers are:
- FireFox: 2.0.0.14
- Safari: 3.1.1
This applies to Windows, Mac and Linux users. The updates fix vulnerabilities and hence are important security updates.
QuickTime Patch
Apple has released a new version of QuickTime for Windows and Mac. It fixes 11 vulnerabilities so if you have QuickTime installed on your machine it makes good sense to update it now.
The new version is 7.4.5
Note that QuickTime is usually installed with iTunes, so if you use iTunes you probably also have QuickTime installed.
See Apple’s website for more details.
ActiveX Flaw in Symantec Products
Symantec is well known for making security products (they also use the Norton brand for home products). A serious flaw has been found in some of their products including Norton AntiVirus, Norton Internet Security, Norton SystemWorks and Norton 360.
The flaw is in an ActiveX control that gets installed on the PC (the control is called SymAData.dll). This control is normally used for their AutoFix tool, however it was discovered that it can be exploited by adding some malicious code to a website. The exploit allows someone to take over the computer (generally a bad thing).
Two ways to fix this problem are:
- Engage in an online chat session with Symantec’s technical support team
- Download the patch from Symantec’s website, https://www-secure.symantec.com/techsupp/asa/install.jsp
Earlier we wrote about problems with ActiveX and suggested you disable it.
Flash Vulnerability
People that have Adobe’s Flash player version 9.0.115.0 or earlier, or 8.0.39.0 or earlier, need to update it now. A new exploit for these versions has been discovered and can allow someone to take control of your computer just from visiting a website that has malicious code.
The new version that you need is 9.0.124.0 and it fixed this new vulnerability.
AIR1.0 is also affected because it includes a Flash player built in. If you use AIR upgrade to version 1.0.1.
Adobe’s security bulletin says that this affects all platforms, so that would include all versions of Windows, Macs, and Linux.
iMunizator
iMunizator is an application for the Mac that claims to scan the computer and report problems.
iMunizator actually searches the computer for important files and tells the user that they are dangerous. It then offers to remove them.After removing them the computer is no longer usable.
In other words, iMunizator is a malicious program. Don’t ever run this program on a Mac.
It’s actually another version of MacSweeper, which we warned you about earlier this year.
Imunizator’s website
RealPlayer 11 Vulnerability
RealPlayer 11 has a vulnerability that can be exploited by viewing a video on the wrong web site. If you have version 11 then upgrade to version 11.0.2.
Malware Statistics
Symantec, a large security company, have reported that there are now more malware writers than legitimate software writers.
They state that 65% of the 54,609 Windows applications released to the public in the past 6 months were malicious.
Another interesting statistic from this report is the percentage of browser plug-in vulnerabilities:
- 79% ActiveX
- 8% QuickTime
- 5% Java
- 5% Flash
- 2% Windows MediaPlayer
What this means is that by disabling ActiveX from your web browser (Internet Explorer) you can avoid 79% of web browser plug-in attacks. Here’s an article on how to disable ActiveX.
As for the other types of plug-ins, keep them patched and up to date to reduce the risk of infecting your computer.
Here is Symantec’s internet security report.
WordPress 2.5
Last night I upgraded this website to WordPress 2.5. Why? Because it’s important to always use the latest version of software.
The previous version (2.3.3) was doing well, it did everything I needed. But as with any piece of software vulnerabilities are eventually found and exploited. The good people at WordPress release new versions not only to add new features that I may or may not need, they fix vulnerabilities.
Recently a vulnerability was found in WordPress 2.3.3 (the previous version of WordPress). At last count there were 21,800 websites in the world using that version and are vulnerable to hacking. And on the 19th of March 2008 a vulnerability was found in WordPress 2.1.3.
The solution as always is to upgrade to the latest version as soon as it becomes available (you still need to test the upgrade and backup your files before doing any upgrade).
So version 2.5 is more secure. The new features it provides are nice but security should be the first priority. Imagine if this website were hacked and visitors’ PCs became infected just by browsing this site!
Notes:
- WordPress is the software that powers this website. I highly recommend it to anyone wanting to start a new website.
- I’ve been updating the sidebar on the right, apologies if it doesn’t look right.
-
-
Ads
-
-
Stats