Posted on 02/08/2002 11:01:19 PM PST by toupsie
Hole Found in Net Security Program
Fri Feb 8, 6:45 PM ET
By D. IAN HOPPER, AP Technology Writer
WASHINGTON - A programming mistake in a popular consumer Internet protection program can give hackers control over a user's computer, the publisher disclosed Friday.
All current versions of BlackICE Defender and BlackICE Agent, both made by Atlanta-based Internet Security Systems, running on Microsoft Windows 2000 (news - web sites) and Windows XP (news - web sites) are vulnerable to the attack.
The company released an update Friday evening that plugs the hole. It can be downloaded through the ISS Web site, or through the program itself.
Researchers at eEye Digital Security in Aliso Viejo, Calif., found the problem while probing a related hole in the product discovered earlier this week that lets hackers shut down the target computer. The patch fixes both problems.
BlackICE is designed to protect home computers — particularly ones with high-speed connections — from hacker attacks. Market researcher IDC recently named Internet Security Systems as the worldwide leader in intrusion detection products.
The problem, known as a "buffer overflow," is deep within BlackICE, said eEye's "Chief Hacking Officer," Marc Maiffret.
"It's basically the worst you can get," Maiffret said. "It lets you bypass any sort of protection that might be there."
Without the update program, the hole would let hackers remotely control the victim's computer, steal or modify files, or spy on their Internet habits.
Maiffret said his company suspects that the business edition of the product, known as RealSecure, also may be vulnerable, though that program hasn't been fully tested.
Internet Security Systems is a member of the recently announced National Cyber Security Alliance, made up of top technology companies and government security agencies.
In December, the same eEye team discovered a similar problem in Microsoft's Windows XP operating system that would give hackers the same freedom over a person's computer. Microsoft scrambled to create and deploy an update for the system.
On the Net:
Internet Security Systems: http://www.iss.net
eEye Digital Security: http://www.eeye.com
Also run Norton Firewall (formerly AtGuard) on each connected system to prevent Java and other apps from executing within your browser, and to stop cookies from being deposited without your knowledge.
Finally, get the freebie AdAware (from www.lavasoft.org) and run it regularly to make sure that spyware, adbots, and trojans haven't been installed on your system (they occasionally get through even with the above firewalling measures).
Viruses are not the only attack that can be sent against you computer. There are also Trojans and Worms. Not just servers can get hit and or exploited. See:
This could allow the use of your machine by an unknown perpetrator to attack other machines such as a DOS attack. I could just see the Feds showing up at a door; "Sir why did you attack this other web site?" etc.
Here are the software packages I run in real-time. These won’t keep you completely secure but they certainly are better than nothing:
Spyblocker
http://personal.atl.bellsouth.net/mia/k/r/kryp/
Zone Alarm
http://www.zonelabs.com/
Tauscan
http://www.agnitum.com/
Trojan Hunter Guard
http://www.mischel.dhs.org/trojanhunter.asp
Analog-X Script Defender
< http://www.analogx.com/contents/download/system/sdefend.htm
These are the programs I run occasionally to insure my system is clean:
Ad-Aware
http://www.spychecker.com/download.html
TS-3 Trojan detector and remover
http://tds.diamondcs.com.au/
Any good virus checker and remover such as Norton.
This is an EXCELLENT Web site that will give you more information than you ever thought possible about computer security:
Yup. An old Pentium-1 class box with two NICs running any current distro of Linux (2.4 kernel) with an IPTABLES firewall.
Cost-effective, customizable, and an ideal building block for a home network of multiple machines.
Maiffret said his company suspects that the business edition of the product, known as RealSecure, also may be vulnerable, though that program hasn't been fully tested. Oh, noooooooooo!! You mean Real Secure possibly ain't?
Why am I not surprised? I don't care what "market researcher IDC" sez, ZoneAlarm and Norton Antivirus keep me safe.
I don't know what to say except "Yes, it does remove trojans and bots."
I use it, I've tested it, and it does what it claims to do.
From the web site that promotes Ad-Aware:
There are several tools available that let you detect and remove Spyware from your system. We have picked the best of them and listed them in this section with a description, a screenshot and links to the download and home page of the developer. Click on the product name for a detailed description.
Ad-Aware is used to detect and remove spyware specifically left by companies. Trogans such as Sub-7 etc will not even be detected by Ad-Aware.
Take a look at some of the links I provided to detect and remove those threats against your system.
As for Ad-Aware:
http://www.lsfileserv.com/aaw.html
"Ad-aware is a free multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them safely."
Or both.
Roger that.
Yep, that's what I use ;)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.