Free Republic

Report Considering the publicity that has surrounded - and, despite super new security-focused Service Packs, continues to surround - Windows security issues, Microsoft's determination to demonstrate that Linux is less secure than Windows shows a certain chutzpah. The company has however had some support here; Forrester, for example, provides some numbers that can be used to support the contention that Microsoft flaws are less severe, less numerous and fixed faster. And although there's a general readiness among users to believe that Windows is a security disaster area, there's also a reasonable amount of support for the view that Linux would...

Internet users at home are not nearly as safe online as they believe, according to a nationwide inspection by researchers. They found most consumers have no firewall protection, outdated antivirus software and dozens of spyware programs secretly running on their computers. One beleaguered home user in the government-backed study had more than 1,000 spyware programs running on his sluggish computer when researchers examined it. Bill Mines, a personal trainer in South Riding, Va., did not fare much better. His family's 3-year-old Dell computer was found infected with viruses and more than 600 pieces of spyware surreptitiously monitoring his online activities....

IT security experts have warned that a newly intercepted mutant of the infamous mass-mailing Bagle worm, dubbed Bagle.bb, has begun to spread rapidly across the internet.Over one million email infections were reported within a few hours of the virus being discovered in the wild on Friday morning. The peak infection rate was between 8am and 9am, when virus infection rates trebled from the hour previously, according to email security company BlackSpider Technologies.This latest Bagle variant, a mass-mailing worm containing its own SMTP engine, comes packed with PeX with the attachment in the executable of a name, McAfee's Avert antivirus team...

Salinas, Calif. — Though less than a year old, the PC took more than åfive minutes to start up and never shut down without stalling on error messages. Attempts to Web surf generated at least a half-dozen pop-up ads and — frequently — system freezes. Internet Explorer's home page was hijacked. Attempts to reach some sites, including eBay — were redirected to random search engines that only called up more ads. Google search results were altered. And the modem, without permission, tried to dial distant lands in search of porn. Welcome to the nasty world of a PC infected with...

David Eckstein turned on his computer one day and launched his Web browser, just as he had every day. This time, however, CNN.com did not automatically open. Instead, the page was a search engine he'd never heard of. Eckstein tried changing the browser settings back to CNN but the search engine would return whenever he rebooted. Finally, he just gave up. The San Francisco marketing consultant is yet another victim of spyware, an amorphous class of software that mostly gets onto people's computers without their knowledge. So resource-hungry, it often renders the machines unusable. "It makes you want to throw...

The site has multiple forums for various computing problems, but the overwhelming number of inquiries in the last year has dealt with spyware, which on the site has a variety of less neutral names, "scumware" being one of the more polite. Scumware had been an epidemic; in the last year it grew into a pandemic, said Steve Wechsler, one of those drawn to Eshelman's site. Wechsler was tending bar at a public golf course in South San Francisco when he bought his first computer less than a decade ago. "I brought it home and turned it on, clicked on Netscape...

Corporate PCs 'riddled with spyware' By John Leyden Published Thursday 2nd December 2004 17:23 GMT Corporate systems are riddled with spyware, according to a study by an anti-spyware firm. Companies voluntarily using Webroot's Corporate SpyAudit tool had an average of 20 nasties per PC, Webroot reports.Most of the items found were harmless cookies. But average five per cent of the PCs scanned had system monitors and 5.5 per cent had Trojan horse programs, the two most nefarious and potentially malicious forms of spyware. The audit - based on scans of more than 10,000 systems, used by more than 4,100 companies...

Citing security risks, a state university is urging students to drop Internet Explorer in favor of alternative Web browsers such as Firefox and Safari. In a notice sent to students on Wednesday, Pennsylvania State University's Information Technology Services department recommended that students download other browsers to reduce attacks through vulnerabilities in the Microsoft software. The university said "media reports" and a string of warnings by Carnegie Mellon University's Computer Emergency and Response Team led to its recommendation. "We're not telling people to wipe off IE, because you need IE to do operating-system updates," Robin Anderson, a spokeswoman for Penn State's...

Microsoft may charge extra for security softwareThursday, December 16, 2004 Posted: 7:57 PM EST (0057 GMT) WASHINGTON (AP) -- Microsoft Corp. disclosed plans Thursday to offer frustrated users of its Windows software new tools within 30 days to remove spyware programs secretly running on computers. But it might cost extra in coming months.In a shift from past practice, the world's largest software manufacturer said it may charge consumers for future versions of the new protective technology, which Microsoft acquired by buying a small New York software firm. Terms of the sale of Giant Company Software Inc. weren't disclosed.

Symantec Corp.'s Security Response service on Friday confirmed that unpatched Windows vulnerabilities could pose a serious risk for exploits via malicious Web pages and e-mail messages. One of the three security vulnerabilities involves image handling—a source of recent exploits on Windows and Unix (news - web sites) operating systems. The other two risks are found in the Help system and in Window's ANI (Automatic Number Identification) authentication. Symantec said the Microsoft Windows LoadImage API Function Integer Overflow Vulnerability could be exploited via browsers or e-mail client software. Users who open an HTML message or Web page bearing the image could...

Hi All: PC World has a pair of articles about a potentially dangerous new development on the spyware/adware front: WMA (Windows Media) files being used to install adware and spyware. See: Risk Your PC’s Health for a Song? http://www.pcworld.com/news/article/0,aid,119016,00.asp Protect Yourself From Audio Adware http://www.pcworld.com/news/article/0,aid,119063,00.asp In short, the well-known copyright management/protection firm Overpeer has figured out how to install adware through Windows Media files. The technique exploits features of the Windows Media DRM functionality to launch special Internet Explorer windows that display popup ads and that also attempt to download and install adware/spyware. This happens when the user opens the...

Users have a lot to worry about when downloading and playing media files. Are the files legal? Can their computers play the required file formats? Now there's yet another problem to add to the list: Will a media file try to install spyware? When Windows Media Player encounters a file with certain "rights management" features enabled, it opens the web page specified by the file's creator. This page is intended to help a content providers promote its products -- perhaps other music by the same artist or label. But the specified web page can show deceptive messages, including pop-ups that...

Microsoft releases its Beta 1 version of its new Anti-Spyware software. It blocks over 50 ways for spyware to enter your computer. I have downloaded it and checked it out. It’s very upfront and to the point. I have some REALLY nasty test programs and it stops everything I can find in its tracks. One of the very cool parts of this software is that it will kill spyware that is currently memory resident. Most spyware software will require a reboot and then rescan at system start up. Firefox/Mozilla had an issue downloading it, so just use IE for the...

Microsoft has announced that it will release three patches for its Windows operating system next week. The fixes, which will carry a maximum threat rating of "critical," will be issued Tuesday, the company said. Under its two-month-old advance notification program, Microsoft typically gives the public early notice of the number of updates it plans to deliver and of the severity of the vulnerabilities the updates fix. The only other detail the software giant revealed Thursday was that people may have to restart their Windows systems for the patches to take effect. Microsoft did not say whether the patches will fix...

The Register » Security » Network Security » Original URL: http://www.theregister.co.uk/2005/01/10/ie_sp2_exploit/Exploit code attacks unpatched IE bug By John Leyden (john.leyden at theregister.co.uk) Published Monday 10th January 2005 12:08 GMT Code which exploits a vulnerability in the HTML Help control of Internet Explorer has been released onto the net. Secunia has upgraded the vulnerability (http://secunia.com/SA12889), uncovered in October 2004, to "extremely critical". Even users who have upgraded to Windows XP SP2 with all available patches are affected, the security reporting firm warns. "The vulnerability can be exploited by malicious people to place and execute arbitrary programs on a client system if a...

Secunia recommends users drop IE and use an alternative browser. "Although hundreds of millions of dollars have been spent on securing SP2, perfection is impossible," the security firm said in a statement. Millions of Internet Explorer 6 users are at risk from three "extremely critical" security holes that give hackers open access to PCs running the browser -- even if Windows XP Service Pack Two has been installed. The first issue centers on the browser's drag-and-drop capability, which does not validate new files correctly. This means that, potentially, a document downloaded from a Web page using drag and drop may...

Microsoft on Tuesday released the year's first three security patches to Windows, including two it called "Critical," but did not patch all the vulnerabilities that have surfaced in the last several months. "These are exactly what we expected this month, a couple of patches against threats that are 'wormable'," said Mike Murray, the director of research at nCircle, the vulnerability management vendor whose flagship product is IP360. The first critical flaw is in Windows Server 2003, and in Windows 98, Me, 2000, and XP, including Service Pack 2, the security update that Microsoft rolled out last October. The ancient Windows...

Downloads malicious application when video files are runSecurity experts have intercepted two malicious Trojans hidden in video files that download and install spyware, diallers and computer viruses when played in Microsoft Windows Media player. PandaLabs warned that Trj/WmvDownloader.A and Trj/WmvDownloader.B, are spreading through P2P networks hidden in video files. These Trojans take advantage of technology incorporated in Microsoft Windows Media player called Windows Media Digital Rights Management (DRM), designed to protect the intellectual property rights of multimedia content. When a user tries to play a protected Windows media file, this technology demands a valid licence. If the license is...

E Flaw Exploited Security firm identifies exploit technique for known browser hole. Matthew Broersma, Techworld.com Friday, January 07, 2005 Internet Explorer has become an even bigger security risk--even under Windows XP SP2--with the publication of a new and extensive exploit. Advertisement Security researchers have warned that the exploit, which takes advantage of known loopholes in SP2, could allow an attacker to run script code on a user's system via a specially crafted Web page. Known Hole The holes involved have been known publicly for more than two months, but previous exploit techniques required the user to take actions such as...

Disable Internet Explorer Active X support, turn off the "drag-and-drop" or "copy-and-paste files" option across a domain, or switch to another Web browser unless you want to face a Hack attack on your PC, warns the security firm Secunia. They have discovered three very critical flaws in the IE and have issued security notice on its website. The company has rated the flaw as of a very high risk nature and has said that this is their last warning for people to secure their data. “The flaw affects IE 6, and can enable hackers to run pornographic dialers to be...