Malware percentages

May 23rd, 2008

Greg Garcia (Assistant Secretary for Cyber Security and Communications,
United States Department of Homeland Security) was one of the keynote speakers at Educause Security 2008. He said that “Forty percent of computers on the Internet have Malware installed.”

John W. Thompson (Chairman of the Board and CEO, Symantec Corporation) speaking at the RSA 2008 security conference said that, based on data gathered from Symantec’s products, there is more malicious software now that users are encountering than good.

These statistics are good reasons to use Secunia PSI to check for files that need patching. In addition to other things to keep our computers safe such as patching, anti-virus, etc.

Secunia Personal Software Inspector

May 23rd, 2008

One of the things that I like about Blink is that it has a built in vulnerability assessment tool. However, it reported several false positives on my home machine and the software requires purchase after one year.

Secunia has both commercial tools and free tools that search for software that needs updating on a computer. One of the free versions, for personal use, is called PSI (Personal Software Inspector). PSI doesn’t just look for files that need patching, it is also nice enough to let you know that there is a newer version of installed software and even if software has been EOL’ed (end of life). Of course, the utility has to have information about installed software to keep customers up to date. The application has a “Missing software?” feature so that data about programs can be uploaded to Secunia’s databases.

I’m impressed. Several problems were found on my computer and there was a button for each item that linked to a download to help resolve the issue. By default, PSI only shows “easy to fix” problems but that mode can be turned off. Several other things needed to be fixed and a couple of them were, as indicated, not easy to resolve. For example, after several attempts to update Flash, even after using the utility PSI links to for uninstalling Flash, I had to manually delete some files and then reinstall. Along the way, one of the Flash files that needed deleting was locked and I used handle to find out what program was using it. PSI itself was holding it open, ironically (bug report time).

PSI also gives a button to open up the folder containing the files that need patching. This is handy because on my computer it said that my XML needed updating. At first I thought this to be a false positive but I went through the steps it recommended but the utility still said XML needed patching. There are hints that PSI gives and one of them said to look at the directory where it finds the file(s) in question. The outdated XML binary it found was actually in a directory where I had downloaded and unzipped a program to be installed. Good catch, PSI. Even though that file probably wouldn’t have overwritten the one currently installed, the vendor can now be made aware that the installation bundle needs updating.

I would recommend using Secunia’s PSI on personal computers, unfortunately use on computers owned by “educational institutions”, among others, are not allowed.

Firewire hack

May 15th, 2008

USB ports are something most of us use everyday and they are now near mandatory interfaces on computers. They are commonplace on servers where just a few years ago they weren’t even an option. Many computers now have FireWire ports. Sony calls this interface iLink and the official name is 1394. Firewire is not used nearly as much as USB, even though it is better architecturally and even the slowest 1394 ports can push sustained data faster then the latest USB standards. This port is used mainly for working with digital video cameras and some use this port instead of USB for external drives because it is a bit faster.

There is a new exploit that can take advantage of FireWire ports. Actually, it isn’t that new. Discoverers of the vulnerability notified Microsoft years ago but the world’s largest software maker didn’t consider it that much of a risk. Unfortunately, a hacker has made this a much greater risk by publishing the tools to take advantage of this weakness. An attacker can connect his/her computer to your computer with a 1394 cable and pull your password out of memory…. at in only takes a few seconds. Having a password protected screensaver does not help.

The method used can, actually will, be modified to extract more then just a user’s password. New programs will try to gather disk encryption keys (if any) and even try to get data out of RAM such as information in an open spreadsheet. In short, until OS makers come out with a patch, the current defense is to disable the FireWire port when not in use, or to log off all accounts when the computer is not in use. If a computer is suspended (sleep mode), even hibernating, then it could still be attacked just by waking it up. As much as I prefer using external FW drives, it is wiser to use USB attached drives instead. If you would like steps on how to disable FW ports in Device Manager, post a comment or send an e-mail to ccalvert (at) umw (dot) edu.

The Future of the Internet, and how to stop it

May 15th, 2008

Jonathan Zittrain is a professor at Harvard Law School and a founder of Harvard Law School`s Berkman Center for Internet and Society. He discusses different models for ‘applications’ usage in various computer platforms from mainframes to iPhones to web pages, and the benfits/risks of each. The video is over an hour, but it is a good viewpoint for those who attended Faculty Academy, and others as well.

[kml_flashembed movie="" width="400" height="326" wmode="transparent" /]