Recently in Security Category

Try as I might, my limited free time has hindered all attempts at keeping up with the Sony Rootkit scandal. I knew bits and pieces. I was aware of the rootkit their CDs automatically installed on Windows systems. I knew that there was a kernel extension installed on OS X systems, but that it required the user to enter their administrative password to do so. I'd heard that the copy protection code illegally used LAME's libraries.

In the back of my mind I was asking some questions: how does it work, why will it damage Windows if you remove it, and why has it taken this long to be exposed? Bruce Schneier wrote a column for Wired News that outlines the entire debacle. It's thorough, and filled with links explaining the things he mentions. And, most importantly for me, he addresses the greatest concern: why has it taken this long for security companies to notice and do something about it? Is anyone actively working to find a way to remove the code without damaging Windows?

One of Apple's Mac OS X's best selling points was the lack of virii out there to attack it. But that's all in the process of changing. A very interesting vulnerability was recently discovered by Integro. Rather than write all about it, I'd like to direct you to this Q&A which is very detailed. I don't think I can explain it much better.

Isn't this rather neat? Okay, terribly malicious, but kind of neat. Admit it! So all a cracker has to do now is get a mac or a linux / unix machine, install an SMTP server on it, configure it properly, which is, of course, improperly, and then they send an e-mail from the guy they want to attack to as many addresses as they can, and then all of the bounces hit the target. Now get four or five mail servers you can do this from in colo.

Look, a full mailbox doesn't bother a user much. But you fill the mail queue on a server, and that server becomes super slow. You can do some serious damage with this one. I'm impressed.

Administrators, double check your servers. Make sure your server can't be used to do this by accident. Because now there are people out there looking for open relays in the hopes that they're configured this way, and when they find one they'll use it.

I've said for a long time that, no matter how good the anti-virus, anti-trojan, and anti-spyware on a computer is, it is up to the user to use these tools properly and have a good head on their shoulders if they want to avoid getting infected with something. This article compares technology to the users and says that the users need to be more aware of what they're doing and what's going on in order to avoid being infected.

Nobody is saying that you don't need these scanners when you're on the internet; nobody would dare assert that a human alone is perfect. But there are prevention methods. Sometimes you get infected before the scanner updates to see the virus you've caught. Sometimes the virus hardly counts as one to anyone outside a specific community. So here are some rules of thumb for those of you running Windows.

1. Always run a modern anti-virus scanner, such as PC-Cillin, and keep it up to date daily. Scan regularly.
2. Always run a modern anti-trojan scanner, such as The Cleaner, and keep it up to date daily. Scan regularly.
3. Always run a modern anti-spyware scanner, such as Ad-Aware, and keep it up to date daily. Scan regularly.
4. Run your Windows Updates every week and install everything critical or security related.
5. Never open attachments you're not expecting; some virii come masquerading as attachments from your friends. Remember, your friends might get infected before you. Be prepared.
6. Never run commands or follow instructions if you don't know exactly what they do. Some hoaxes will suggest that you delete windows critical files by saying they are virii, or ask you to type a command to give yourself some special power over your computer. These will really cause damage to your computer. Beware.

While these are good tips, they are far from all of them. You should make sure to educate yourself when online. Be as internet smart as you would be street smart.

Microsoft has released a public beta of the Windows XP Service Pack 2. I'd rave about all the great features this adds, but the register does a good enough job of it here. I can honestly say that, even as someone who has consistently disliked Microsoft products, I think this is a huge step in the right direction for this company.

So here's a fun one. The very software that's supposed to protect you from people sending unwanted packets to your machine is now the target. Meet the witty worm, so called because of the small message it sends when it broadcasts packets. This nasty little worm exploits problems with BlackIce and RealSecure products, so I'd suggest shutting them down until a fix is released for said products.

Beware! This worm is particularly nasty. We haven't seen one in a long time that had a goal that ended in damaging hard drives. On the up side, it should slow down propagation.

Now we need to discuss the definition of "destructive nature." Does a virus have a more destructive nature if it attacks hard-to-hurt servers belonging to large corporations, or if it destroys the hard drive of the machine it's infected while in the process of sending itself out? Which is more malicious -- the one that damages the infected party directly, or the one that damages a company while the infected person is safely unaware. Of course, Witty will inspire people to be more careful with updating their antivirus software. Well, hopefully it will. But the question remains: which is worse?