Thursday, December 15, 2005
Who's on First?
[This was written back in December and not posted until now]
Interesting article in eWeek from Paul Roberts before the holiday, Antispyware Battles Rootkits with Rootkit Tactics.
This whole issue points out the need for user education, esp. with an emotionally-charged, redhot topic like rootkits.
Security hardening is a vital job for any security app. Good security apps - not just antispyware apps as Paul says in his article - use a variety of techniques for hardening and fortification. These techniques include masking certain processes in memory, for example, so attackers can't disable a security app that a user has chosen for their protection.
What's new is that *the malware creators* are now fortifying *their* apps using some of these security techniques as well as using rootkits.
These malware creators are crafting evasive threats, malware designed to circumvent legacy security applications. They're using every tool, technique and trick they can find to do so. We'll see more of these techniques in 2006.
Interesting article in eWeek from Paul Roberts before the holiday, Antispyware Battles Rootkits with Rootkit Tactics.
This whole issue points out the need for user education, esp. with an emotionally-charged, redhot topic like rootkits.
Security hardening is a vital job for any security app. Good security apps - not just antispyware apps as Paul says in his article - use a variety of techniques for hardening and fortification. These techniques include masking certain processes in memory, for example, so attackers can't disable a security app that a user has chosen for their protection.
What's new is that *the malware creators* are now fortifying *their* apps using some of these security techniques as well as using rootkits.
These malware creators are crafting evasive threats, malware designed to circumvent legacy security applications. They're using every tool, technique and trick they can find to do so. We'll see more of these techniques in 2006.
Thursday, December 08, 2005
AOL and National CyberSecurity Alliance User Stats
Short news piece over at CNET yesterday reporting on weaknesses in user security from a recent study by AOL and the National Cyber Security Alliance. Link to story here.
Study found that 81% of surveyed users lack at least one of the 'big 3' security apps - a firewall, antivirus and antispyware protection. A lot of education still needs to be done by vendors, ISPs, the media, schools, savvy users - you name it. Every link (no pun intended! ;>) has a role to play in helping people to be safe online.
While 44% of respondents didn't have a properly configured firewall, 56% of surveyed users either didn't have antivirus software or hadn't updated it within the last week. Given that antivirus products have been around for far longer than PC firewall products, I'd have expected the gulf in those numbers to have been wider. In other words, I'd expect more folks to have antivirus after all these years just because conventional wisdom had so much longer to push antivirus.
Then again, there are at least two great personal firewalls out there for free and I only know of one great antivirus product. Anyone know of more?
Finally, as with all surveys, you really have to read the questionnaire and understand the methodology. The survey also found that the number of PCs with spyware or adware installed dropped from 80% last year to 61% this year. Given all the activity we've all witnessed w/sneaky spyware and adware as well as increasingly sophisticated programming techniques used by those malware creators, I find it hard to believe in such a dramatic decline.
Study found that 81% of surveyed users lack at least one of the 'big 3' security apps - a firewall, antivirus and antispyware protection. A lot of education still needs to be done by vendors, ISPs, the media, schools, savvy users - you name it. Every link (no pun intended! ;>) has a role to play in helping people to be safe online.
While 44% of respondents didn't have a properly configured firewall, 56% of surveyed users either didn't have antivirus software or hadn't updated it within the last week. Given that antivirus products have been around for far longer than PC firewall products, I'd have expected the gulf in those numbers to have been wider. In other words, I'd expect more folks to have antivirus after all these years just because conventional wisdom had so much longer to push antivirus.
Then again, there are at least two great personal firewalls out there for free and I only know of one great antivirus product. Anyone know of more?
Finally, as with all surveys, you really have to read the questionnaire and understand the methodology. The survey also found that the number of PCs with spyware or adware installed dropped from 80% last year to 61% this year. Given all the activity we've all witnessed w/sneaky spyware and adware as well as increasingly sophisticated programming techniques used by those malware creators, I find it hard to believe in such a dramatic decline.
More Rootkits on the Horizon
Really interesting article in eWeek yesterday from Ryan Naraine:
Where are Rootkits Coming From?
http://www.eweek.com/article2/0,1895,1897728,00.asp
Cites research from F-Secure and Microsoft citing increased detections of simple rootkits which can be cut/pasted into worms and bots, as well as other lovely apps, I'm sure.
F-Secure sees a lot of a 'simple' rootkit called FU but is more worried about rootkits like HackerDefender (Backdoor.Win32.HacDef) which is used on corporate servers and can create far more havoc.
Full link to the F-Secure blog w/details here.
Where are Rootkits Coming From?
http://www.eweek.com/article2/0,1895,1897728,00.asp
Cites research from F-Secure and Microsoft citing increased detections of simple rootkits which can be cut/pasted into worms and bots, as well as other lovely apps, I'm sure.
F-Secure sees a lot of a 'simple' rootkit called FU but is more worried about rootkits like HackerDefender (Backdoor.Win32.HacDef) which is used on corporate servers and can create far more havoc.
Full link to the F-Secure blog w/details here.
Tuesday, December 06, 2005
Yin and Yang Press for Zone Labs/180 Solutions
I cheered last night when I read Ed Foster's Gripe Line blog post about Zone Labs and 180 Solutions in Infoworld.com. He pulled no punches in Case Against Zone Labs is 180 Degrees Off:
- It's a sad fact that, as the big guys like Symantec and Microsoft have moved into the anti-spyware game, the trend is to be much more euphemistic about what you label as spyware, particularly when the spyware vendor claims to have gotten the user's consent to the installation through a EULA. While "potentially unwanted software" like 180's apps will still be tagged by the anti-spyware scan, the default setting now will often not be to remove it. Increasingly, anti-spyware vendors simply aren't calling a spade a spade, and that of course is a trend the adware crowd like 180Solutions wants to encourage.
So the real point of this lawsuit is not that ZoneAlarm is saying misleading things about 180, but that it's being too clear and accurate.
Then I read Andrew Brandt's post in PC World on the same topic and got concerned.
- A lot of other common (and completely safe) software also triggered this same ZoneAlarm warning about keystroke logging/mouse movement monitoring.
And
- The fact of the matter is, ZoneAlarm is alerting people to something that is a fundmental, underlying component of many applications--both legitimate and dangerous--but the adware industry in general is super-sensitive about other companies characterizing their software as a keystroke logger.
Andrew's points about the technology implementation in the new revs of the ZoneAlarm products may be technically correct, i.e., that's how the code is working. But I think he's missing the real point. The issue is NOT about how 'the adware industry in general is super-sensitive'. It's about informing consumers and, when necessary, giving them a choice.
I think Ed Foster got this one right and then some.
Monday, December 05, 2005
Rootkit Basics
Good post by Suzi Turner of SpywareWarrior and ZDNet on rootkits today.
Definitions, graphics and lots of good links.
Excuse the plug, but a good way to identify rootkits and stop 'em from getting on your PC is our very ownSpyCatcher Express. It's free, check it out. ;>
Rootkits part II: what does a rootkit look like? by ZDNet's Suzi Turner -- The Sony DRM rootkit drama lives on and a new question is being asked. "Why didn't security vendors catch the problem sooner?"
Definitions, graphics and lots of good links.
Excuse the plug, but a good way to identify rootkits and stop 'em from getting on your PC is our very ownSpyCatcher Express. It's free, check it out. ;>
Friday, December 02, 2005
Nine Inch Nailheads
180 Solutions is also railing against comments made by Suzi Turner of SpywareWarrior.com.
Kudos to Eric Howes of SpywareWarrior.com for his response to 180 Solutions. He hits the nail on the head. Link here.
Words matter but so does behavior and intent. Alex Eckleberry of Sunbelt blogs about these points, too. Worth reading.
Kudos to Eric Howes of SpywareWarrior.com for his response to 180 Solutions. He hits the nail on the head. Link here.
Words matter but so does behavior and intent. Alex Eckleberry of Sunbelt blogs about these points, too. Worth reading.
Battle of Words
Thought-provoking article in the December Wired is online, detailing how Gator became Claria, cleaned up its image and started carting a boatload of cash to the bank. I'm afraid that Harvard Business School will use Gator, I mean, Claria as a case study in how to polish a corporate image, citing the many tactics that come right out of the old marketing manual.
To me, this illustrates the power of words. Claria changed their name and got religion (not to mention a raft of lawyers) about their position as an adware vendor, not a spyware vendor.
180 Solutions is using some of the same tactics in their battle with Zone Labs about being labeled as spyware. Latest salvo in their blog alleges that ZoneAlarm now calls their behavior 'suspicious' rather than 'dangerous' because of the 180 Solutions lawsuit. Too bad they didn't notice that the two different screenshots refer to two different 180 Solutions 'products'.
The ZoneAlarm security alert labeled 'Dangerous' refers to 180sa.exe while the 'Suspicious' alert refers to Zango.
Duh.
To me, this illustrates the power of words. Claria changed their name and got religion (not to mention a raft of lawyers) about their position as an adware vendor, not a spyware vendor.
180 Solutions is using some of the same tactics in their battle with Zone Labs about being labeled as spyware. Latest salvo in their blog alleges that ZoneAlarm now calls their behavior 'suspicious' rather than 'dangerous' because of the 180 Solutions lawsuit. Too bad they didn't notice that the two different screenshots refer to two different 180 Solutions 'products'.
The ZoneAlarm security alert labeled 'Dangerous' refers to 180sa.exe while the 'Suspicious' alert refers to Zango.
Duh.
Subscribe to:
Posts (Atom)