bytebyte :: Blog

10 immutable Laws of Security

http://technet.microsoft.com/en-us/library/cc722487.aspx

From Microsoft Technet library

The Laws have since been revisited in Technet Magazine - security watch

I would presume browser vulnerabilities as opposed to desktop vulnerabilities 

"78 percent of the total reported vulnerabilities affected Web technologies, such as Web servers, applications, Web browsers, Plugins and ActiveX, which is a significant increase from last year" 

 http://blogs.zdnet.com/hardware/?p=6094

Be careful out there.                       

 Find safe-browser technologies that really work

http://windowssecrets.com/comp/091105#story1

 Take  a malware infection and view the extent of the damage.

 Virus causes £500,000 IT damage
http://news.bbc.co.uk/2/hi/uk_news/england/london/8237085.stm

Sourced from avast webforum.

avast! Blog -- Various info from avast staff -- Win32:Induc, new concept of file infector?

http://blog.avast.com/2009/08/19/win32induc-new-concept-of-file-infector/

I run Microsoft Security Essentials as resident antimalware on this particular machine that I am using, alongside my resident antivirus, which is obviously avast! antivirus. Here is the report on Win32:Induc from Microsoft security portal -- report is dated 18th Aug so Definition: 1.63.1599.0 applies to that date.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Virus%3aWin32%2fInduc.A&threatid=2147627628 

testing a new desktop defence is not just about sitting inside a walled garden reading event logs and waiting for alerts... 

All my computers now run Firefox browser except for this laptop, which runs Internet Explorer and has google search as its home page. I am sticking with Microsoft on this project because I am trialing their new antivirus / antispyware solution, which is called Microsoft Security Essentials. Today is day one for me - June 26 2009.

What is testing without taking a few risks.
I've already broken one rule by running two resident antivirus at the same time. I just could not go to the web without the tried and true resident avast antivirus and at the same time I am querying whether the new Microsoft solution (MSE) is an antivirus as we have come to understand the term. I could be wrong, of course, and I stand to get crunched if this trial all turns to custard.

On top of that I am leaving a door open for malware to come through, by running the ASK toolbar as a permanently active sound and video recorder - that is, I do not have to turn my recorder on at all, it runs 24/7 such that anything that I play on the web - video or audio - becomes automatically recorded. Testing should not be all hard work, it also helps if you have a bit of fun - as above, where I am recording a video by Last Town Chorus. The ASK toolbar is custom-build and is not used for search, which task is taken care of by having the google search box as my front page.

I've highlighted with a red rectangle the defence plan as it currently stands in my system tray. I have outlined below the various defence solutions and their purpose.

Personal firewall --- Outpost 2009

Virus detection and identification --- Microsoft Security Essentials

Resident antivirus --- avast antivirus

System Monitor --- Scotty on duty at WinPatrol

Not nice to be conveniently provided with an example of drive-by malware attack.

http://securitylabs.websense.com/content/Alerts/3405.aspx

The alert from Websense security Labs would indicate that the insertion of malcode into poorly defended websites and servers for drive-by attacks is increasingly becoming the new face of malware perpetration. Anti-malware agencies are very aware of this recent trend, which over the last year, and particularly in the last 6 months, has increased to almost critical proportions, such that broadcast media - radio, TV, and especially web - are now alerting computer users on a daily basis.

Here is where our recent alert was sparked. The ZDNet bloggers being alerted by the Websense report.

http://blogs.zdnet.com/security/?p=3476&tag=nl.e589

My source for the alert provides a good indication of how the problem becomes acted upon. Avast have been quick to respond to these kinds of alerts.

http://forum.avast.com/index.php?topic=45793.msg383758#msg3837

Because the malware initially resides off the computer user's system and instead sits on a website or server, the onus is on owners and webmasters to take appropriate action once they have been alerted to the infection.

Otherwise the outcome is obvious - whoever clicks the site will have the malware injected into their computer system. In worse case scenario, the injection may activate dormant trojans and viral malware that had been dowloaded at an earlier period, and were patiently waiting the trigger to execute their malicious payloads.

But hold on a minute, weren't we told it was going to be the other way round? Weren't we told that Conficker was going to explode out of our computers and connect with botnets all around the world? Well that is a very possible scenario as well, and that will likely happen, but it will happen more as an everyday occurence, hurting people personally and businesses or networks individually, rather than manifesting as the scourge against humankind that hollywood science fiction might make it out to be.

This is why it is important to protect yourself at an individual level - yourself, your family, your business, your network - on an everyday basis through constant and updated security surveillance. You always need the most recent updates to your systems, your programs and apps, and your browsers - when Windows updates fail, for example, this may be your first signal that you have malware problems.

Obviously, malware perpetration will be changing on a never-ending basis despite certain trends like drive-by attacks becoming the flavor of the times. This will always be the nature of the beast. There are clear indications that Gumblar, a more recent derivative, and inheritor and further propagator of viral infestations that plagued servers through 2008, has supplanted conficker as the prime spreader of malware infections.

http://news.cnet.com/8301-1009_3-10251779-83.html

The most recent alert initiated by Websense would indicate that the trend to drive-by malware attacks from infected websites and servers has yet to reach a peak. It is up to owners and webmasters, who administer these infected sites and servers, to act promptly and securely to clean up their acts.

This is the kind of thing that we want to see.

http://forum.avast.com/index.php?topic=45819.0

News bulletins from The Register

President Barack Obama enters the cyber security fray

http://www.theregister.co.uk/2009/05/29/obama_creates_cyber_post/

just as  US Army appears subject to another SQL injection attack

http://www.theregister.co.uk/2009/05/29/army_website_breaches/

          Conficker
          Hold the funeral, it's not dead yet 

          Conficker working group has been quiet lately.