Posted on 01/21/2008 11:25:06 AM PST by Ernest_at_the_Beach
A small minority of users - as few as one in 20 - is running fully-patched Windows PCs.
Just five per cent of newly-registered users of an online security inspection service Secunia came out with a clean bill of health, while more than 40 per cent have at least 11 insecure applications installed.
The data is based on scans of 20,009 computers whose users recently installed Secunia's freely available software inspection tool. Secunia claims a total user base of more than 200,000 users for its free Secunia PSI tool. A survey of a different sample set of Secunia PSI recently discovered that one in five software apps installed on computers are insecure or out of date.
The Danish security firm said stats from its service show users are struggling to keep their PCs up to date. "Patching a PC is as important as running anti-virus and a personal firewall," said Thomas Kristensen, Secunia's CTO. ®
I’m going to include several things on this thread...cause the Bad Guys are up to some new tricks that last years anti spyware may not be catching...
********************************
Microsoft on Tuesday issued two security updates, one of them rated critical that fixes nasty bugs in Windows Vista that could allow an attacker to gain complete control over a user's machine.
The patch, which also applies to the XP, 2003 Server and 2000 versions of Windows, plugs two holes in the way the operating systems process Transmission Control Protocol/Internet Protocol (TCP/IP). Attackers could exploit them to remotely execute malicious code without requiring any user interaction.
Windows Vista was the first OS to be spawned from Microsoft's Security Development Lifecycle, a process designed to produce more secure products. The bugs addressed by Microsoft Security Bulletin MS08-001 are evidence that the program doesn't always work as advertised. The vulnerabilities are rated "critical" in Vista and XP. By contrast, they are described as only "moderate" in Windows 2000 and "important" in Windows 2003.
Redmond issued a separate patch for 2000, 2003 and XP versions of Windows for a bug rated "important." It affected the Windows Local Security Authority Subsystem Service (LSASS) and allowed attackers to run arbitrary code with elevated privileges. Vista is not susceptible. ®
******************EXCERPT************************
Welcome to iDefense Labs. This website is dedicated to Vulnerability, Malicious Code and Cyber Threat research. It supports the iDefense Research Teams and provides tools and resources for independent security researchers.
It’s impossible to fully patch a windows PC and still have a usable system. I could double my staff and still not be able to test all of Microsoft’s patches and then roll them out to my users. If you download and apply every patch they put out then you are rebooting constantly. It is much easier to keep your firewall/anti-virus/spyware/other filters up to date, keep clean fire resistant underwear handy at all times, and hope for the best.
*********************
So, You Think You've Got Spyware?
05.30.07
Neil J. Rubenking
**********************************
*********************************
But I don't think he says anything about the new and Nasty ...Rootkits....I will drop some stuff on that next here.......
Well...the latest is really bad news since it comes in to the system in a new way...notes at post #3.
Microsoft has an XP Service Pack 3 beta out. Someone on a tech website touted it as upping XP's performance. I downloaded and installed it. XP on reboot ran considerably slower than without it. I happily went back to my old configuration. And Vista will never touch this hardware.
********************Intro EXCERPT******************
Security experts are warning about a stealthy Windows virus that steals login details for online bank accounts. In the last month, the malicious program has racked up about 5,000 victims - most of whom are in Europe.
Many are falling victim via booby-trapped websites that use vulnerabilities in Microsoft's browser to install the attack code.
Experts say the virus is dangerous because it buries itself deep inside Windows to avoid detection.
Old tricks
The malicious program is a type of virus known as a rootkit and it tries to overwrite part of a computer's hard drive called the Master Boot Record (MBR).
This is where a computer looks when it is switched on for information about the operating system it will be running.
"If you can control the MBR, you can control the operating system and therefore the computer it resides on," wrote Elia Florio on security company Symantec's blog.
Mr Florio pointed out that many viruses dating from the days before Windows used the Master Boot Record to get a grip on a computer.
Once installed the virus, dubbed Mebroot by Symantec, usually downloads other malicious programs, such as keyloggers, to do the work of stealing confidential information.
Most of these associated programs lie in wait on a machine until its owner logs in to the online banking systems of one of more than 900 financial institutions.
The Russian virus-writing group behind Mebroot is thought to have created the torpig family of viruses that are known to have been installed on more than 200,000 systems. This group specialises in stealing bank login information.
************************************EXCERPT***************************
~SNIP~ Independent security firm GMER has produced a utility that will scan and remove the stealthy program ~SNIP~
GMER HERE...
fyi
IT News Digest
Host: Sonja Thompson, News Editor
Sites spewing Trojans stump security researchers
**************************EXCERPT******************************
The Register reports on a large scale outbreak of malicious attacks originating from several hundred sites.
Over the past four days, 15 per cent of the blocked malicious traffic has come from just a few hundred sites, which appear to be legitimate ecommerce destinations that have been compromised by attackers. This prompted Landesman to do some digging, and what she uncovered is unlike anything she’s seen before.
For one thing, the sites themselves are hosting the malware, which is then foisted on visitors. Most of the time attackers are unable to gain such a high degree of control over the sites they hack, so they redirect end users to servers under the control of bad guys and use them to drop malicious payloads.
The sites are hosted on different servers, and no direct link has been found between them. Researchers have found the Trojan spewed by the sites to be of a Rbot type with only three anti-viruses being able to detect it (Kaspersky is one among them).
Wait until the final patch is out, then wait a little longer, then check to see if anyone is having problems, then download on a test machine, the apply to just a few machines, then wait a little longer. Does it work as Microsoft advertises after all of this? If the answer is yes, forget that patch because the one that supercedes it has already been released, so start over again.
****************************************EXCERPTS****************************
Sites spewing trojans, stump security researchers
Discussion - Post 60 of 61
**************************EXCERPT**************************
Oh, yes. The ol’ Microsoft update rules. I’d forgotten them. How silly of me.
*********************EXCERPT***********************
Does anybody know how to restore a windows MBR without using the recovery console on the windows CD?
Namely, I am getting tired of the dual boot thing, and I want to take GNU/Linux off of one of my boxen in favor of XP only. Normally I would simply put the recovery CD in and use the FIXMBR command. However, the manufacturer of this particular machine (asus), in what appears to be an attempt to combat "piracy", has replaced the standard windows setup with their own application that pretty much copies a pre-made disk image to the hard drive and lacks all the windows recovery utilities
******************************
I think the Ultimate Boot CD also has quite a few MBR tools you can try (including TestDisk).
******************************************
There were a couple of Linux rescue Kits just released...Trinity and SystemRescueCd 0.4.3....not sure what they have included....
***************************EXCERPT***********************
Trinity Rescue Kit (TRK) is a bootable Linux distribution aimed specifically at offline operations for Windows and Linux systems such as rescue, repair, password resets and cloning. It has custom tools to easily recover deleted files, clone Windows installations over the network, perform antivirus sweeps with two different antivirus products, reset windows passwords, read and write on NTFS partitions, edit partition layout and much much more. Trinity Rescue Kit is mostly based on Mandriva Linux and heavily adapted start-up scripts.
Chkrootkit is a tool to locally check for signs of a rootkit.
January 17th, 2008
Don’t dawdle on Microsoft latest batch of patches
******************************EXCERPT***************************
Simply put, Microsoft didn’t have a lot of patches to kick off 2008, but the ones it delivered shouldn’t be ignored.
Naturally there are complications. The biggest one is that this patch may not be easy to install.
Holly Stewart at IBM ISS sums it up:
MS08-001 poses some unique problems from a remediation and protection standpoint. First of all, you have the update itself. It changes the core TCP/IP driver, and does so for a very good reason. If you don’t already know the severity of CVE-2007-0069 patched in MS08-001, let me just say a few words here…
* affects all currently supported Microsoft operating systems
* on by default except on 2003 Server
* remotely exploitable
* requires no user interaction
This equals bad.
In addition, this patch may break your apps.
Stewart writes:
Although I’m sure Microsoft has quality standards way beyond my wildest QA department fantasy, and I know they have a huge lab and excellent program dedicated to interoperability, it is difficult to predict how driver changes will interact with everything. If I were a customer running a network with a lot of home-grown apps that tapped into network drivers, this update would scare the bejesus out of me.
Scary your not, you need to take this Microsoft patch batch seriously. That said, I don’t envy IT folks that have to implement this patch. Critical patch and broken apps could be ahead.
Ohh, thank you Ernest! Bookmarking this thread!
*Bookmark*
I think at some point everyone is going to have to have two computers...one for their personal financial data that only goes on the internet rarely and one that they use for internet browsing....with some of the KVM switches it isn't near that expensive now....
I think this is the one I have....has an audio switch capability:
IOGEAR GCS612A 2-Port PS/2 KVM switch build-in cables and audio support - Retail
$29.99 3 Business Day Shipping $6.54
As a woman, I do pretty well at maintaining my own Dell computer so I am always on the lookout for reliable news.
Have a laptop now too but I elected to stay with XP rather than Vista. Hope I won’t be sorry in the future.
Do you have personal stuff on both?
[Do you have personal stuff on both?]
No. As a matter of fact I don’t do any banking or bill paying on the computer but have bought things on the internet.
So none of my personal information regarding those things is ‘in’ my computer.
But, I have over 12 thousand graphics and umpteen megs of music if they want to steal them, lol.
My new laptop is pretty bare right now.
Watch out for the RIAA.... Recording Industry Association of America.
.
My MSFT WebTV-Plus is cooking with all viruses & trojans filtered out at the MSN servers in Southern California
Now if I can just jump from my 56K dialup (now on fiberoptic-cable by Optimum) to the Motorola modem here I’ll connect 10 times faster - 5 times faster that DSL
I hope you get that faster connection, lol, but we won’t get into the ‘no virus and trojans’ bit AGAIN!!!
[Watch out for the RIAA....]
Oh no, I don’t download from any of those ‘file sharing’ sites. I go to AltaVista and find my music, usually in WAV file format but it sounds great and records to CD and DVDs really well.
Are we neighbors?
.
I know that feeling....I have a menagerie of computers some of which are acting sickly recently....
I’m out of here...to get a bite to eat and some repairs....
Lol, have fun.
.
No - Not a SoCal neighbor
All WebTV & MSN-TV users have info stored in the MSN servers in SoCal
No hard drive on WebTV or MSN-TV (newer/smaller set-top but not as good as the earlier WebTV-Plus like mine)
You have probably mentioned to me that the MSN servers are in SoCal. I didn’t recall that.
.
Smaller simpler PCs are the future
Integrated with interactive TVs
I have all my Linux boxes set for auto updates. Heck even the wife switched to Ubuntu, she says the games are better ... They are never more than a day out of date. All free, the best part :-)
Smaller simpler PCs are the future.
They are here JB!! One of my grandsons got a cellphone with built in computer and I can’t recall the name. You and I are not ‘up’ on all the latest things now!!
You know what I think of cellphones
With or without tiny screens and text messaging
Huge plasma wall TV screens at home
Mini screens & keys on cellphones
Phoning while walking on a sidewalk or in a store
Getting calls in restaurants and talking VERY LOUDLY for all to here
A strange social life and need to be in contact all the time
A sick new society that will only get more weird
Optometrists love those tiny screens
[Optometrists love those tiny screens]
And so do the very young people and they are very adept with them. They may have more trouble once they pass 40yrs and need some reading glasses to see the tiny keys, lol.
This brings up a question, why are we using decades-old MBR?
I just bought myself one of these! Ordering another one this week for my son.
I’d be interested to know the OS of these otherwise legitimate servers that were hosting the malware. Is it just another windows hack, or is it something more serious?
Yes, that would be good to know.....
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.
