ZDNet Must Read:
February 2013 - The date when Firefox could pass Internet Explorer
Mark this date in your diaries and on your calendars: February 2013. It's my best guess date based on the data I have for when Firefox's global market share will... Continued »
Category: Security
November 9th, 2009
Counting vulnerabilities is pointless
Application security vendor Cenzic released a report today highlighting Mozilla Firefox as the most vulnerable web browser based on vulnerability count. Problem is, counting vulnerabilities is pointless. In fact, it’s worse than pointless, it can lead us to draw false conclusions.
Sure, the report makes interesting reading, highlights of which are:
- 78 percent of the total reported vulnerabilities affected Web technologies, such as Web servers, applications, Web browsers, Plugins and ActiveX, which is a significant increase from last year.
- Of Web browser vulnerabilities, Firefox had the largest percentage, at 44 percent. Safari vulnerabilities came in at 35 percent, significantly higher than even Internet Explorer.
- Sun Java, PHP, and Apache continue to be among the Top 10 vendors having the most severe vulnerabilities for the first half of 2009.
Problem is, the information you get form a vulnerability count is next to pointless. Why? Because it’s a Read the rest of this entry »
November 8th, 2009
Worm inflicts Rick Astley wallpaper on jailbroken iPhones
The first worm targeting Apple’s iPhone is alive and spreading in the wild. But most iPhone owners need not worry about it.
The worm, known as Ikee, is as malware goes, pretty harmless in that all it does is change the lock screen wallpaper to a picture of 80’s signer Rick Astley before looking for other devices to infect. Users who try to un-Rickroll themselves by changing the wallpaper back to the one they want find that Astley is back when the iPhone restarts.
Note: The name comes from the message displayed on the wallpaper: “ikee is never going to give you up.“
Most iPhones are safe from Ikee because the malicious code can only run on devices that Read the rest of this entry »
October 13th, 2009
Time to ditch Windows for online banking and shopping [UPDATED]
It’s time to ditch Windows for online banking and shopping.
There, I’ve said it.
Last week, FBI Director Robert Mueller told an audience in San Francisco how he nearly fell for a bank phishing email. As a result of this Mueller now doesn’t do any banking on line.
Then Washington Post “Security Fix” columnist Brian Krebs advises businesses not to carry out online banking on Windows-based machines and to use a Linux-based LiveCD.
I’m going one step further, and suggest that no one use Windows for either banking or online shopping. Period.
So, am I saying this to be controversial? No. Am I attacking Windows or Microsoft? Am I trying to start a flame war? No.
So why am I saying this? Simply because I believe that the Read the rest of this entry »
October 5th, 2009
Adobe Flash for all smartphones ... except iPhone
Today Adobe has unveiled Flash Player 10.1 for smartphones, netbooks, PCs along with other Internet-connected devices. The only glaring exception … no iPhone support.
Flash support on smartphones isn’t new, but until now, smartphone users have had to use Flash Lite. Problem is, there’s always been a huge gulf between Flash Player and Flash Lite, which has meant that compatibility has been patchy at best.
Flash Player 10.1 will introduce a number of mobile-friendly features such as support for multi-touch, gestures, and accelerometers. Also, Adobe claims that Flash Player 10.1 is more energy efficient.
A public beta of Flash Player 10.1 is expected to be made available for Windows Mobile, Palm webOS and desktop operating systems including Windows, Macintosh and Linux later this year. Public betas for the Google Android and Symbian OS are expected see light early in 2010. If you’re a BlackBerry owner, well, Adobe and RIM are working to bring you a compatible Flash Player.
What about iPhone owners? Well, you’re out of luck as there’s nothing for you to see here. Move alone …
But is that such a bad thing? After all, Flash Player is an absolute security nightmare on desktop PCs, and requiring endless updates. I’m not sure how thrilled I’d be to be faced with Flash Player updates on my smartphone every time I was to go browsing. If I’m paying per MB, on on a dodgy connection (and chances are that one, if not both of these factors will come into play), I’d be even more upset. I know that the modern web relies heavily on Flash, but this announcement worries me because it’s creating a huge tech monoculture that’s ripe for attack. Unless Adobe is planning on beefing up security, this could be one of the worst things to happen to smartphone users.
Maybe iPhone users are being spared more than they are being left out …
Thoughts?
October 1st, 2009
Google Chrome update doesn't remove older, vulnerable version
When you receive an update, you naturally expect that update to remove old code from your system, especially where that code is vulnerable.It seems that the latest release of Google Chrome broke this simple rule.
The latest Google Chrome 3.0.195.24 update plugs up a vulnerability that allowed attackers to run code within the browser’s sandbox. However, installing the latest update keeps the old code on the system.
I’ve duplicated this behavior on Windows XP, Vista and 7 systems. Seems like Google needs to roll out another update to fix this problem.
(Thanks to F-Secure for the heads-up)
September 29th, 2009
What will the fallout be from Microsoft Security Essentials?
Microsoft Security Essentials, the freeware security application from Microsoft, has only been available for download for a few hours and some of you have already been in touch wanting to know what I think the fallout will be from it.
A free antivirus applications isn’t a new thing, but a big player like Microsoft making a security application available for free is bound to cause waves. So, what is the likely fallout?
- While publicly the major security vendors have been playing things cool, privately they are scrabbling to come up with a decent response.
- The first response from the big security firms is likely to be a PR/white paper barrage telling us all how good their product is and how rubbish everyone else’s is, especially Microsoft’s.
- Following that, I think that a price war is inevitable, although price is a weak point for anyone trying to sell a product when going up against Microsoft’s free offering. Still, looking at the price of security software nowadays, there’s plenty of wriggle room.
- Innovation … you never know, this might be just the catalyst that the security industry needs to start innovating. I just hope it’s not innovation that leads to pointless bloat.
- One area that Microsoft Security Essentials is likely to have an effect on is free antivirus. People who provide unpaid tech support for family and friends are likely to turn to Microsoft Security Essentials as a quick and easy way to provide protection. With Microsoft Security Essentials there’s no nag screens, toolbars, and other crapware to worry about.
- Microsoft Security Essentials doesn’t affect the enterprise market at all, so no one is affected there.
- Expect the security industry to start pushing “security suites” even harder than they do now. This could even be the end of the stand alone antivirus software as we know it.
- Will Microsoft Security Essentials force some vendors to the wall? I doubt it.
Before I close, I do want to highlight one move that I think was bone-headed on Microsoft’s part, and that was requiring users to pass Windows validation before installation. The folks running pirated software are just the folks that need free antivirus. Microsoft shouldn’t look at it as giving something for free to those who aren’t paying, but as a way of making the web a safer place for those who do pay for their software.
Thoughts?
September 29th, 2009
First Look: Microsoft Security Essentials
Microsoft’s new anti-malware solution, Microsoft Security Essentials, is now available for free download to Windows XP, Windows Vista, and Windows 7 users.
Check out the Microsoft Security Essentials gallery here!
After a three-month beta program, the release version of Microsoft Security Essentials is, essentially, the same application that we saw released for beta. I’m assuming that there are under-the-hood changes, but the UI looks and feels like the beta.
Note: For the record, the final build of Microsoft Security Essentials is 1.0.1611.0.
I’ve been using the beta of Microsoft Security Essentials on a number of systems and overall I’ve been very pleased with it. Sure, its simplistic interface doesn’t satisfy my inner-geek, but Microsoft Security Essentials is aimed at the average user who isn’t interested in all things geek.
Let’s take a look at Microsoft Security Essentials in a little more detail.
Installation
Installation is a snap. The only real hurdle to jump over is Windows validation.
Next –>
September 29th, 2009
Microsoft Security Essentials available today
Microsoft has confirmed that it is releasing Microsoft Security Essentials, its free anti-malware product, today (September 29). The cut-down, basic anti-malware solution replaces Microsoft’s Windows Live OneCare.
The Microsoft Security Essentials is a freeware application which provides the user with protection against malware. It’s important to bear in mind that while Microsoft Security Essentials is a replacement for OneCare, Microsoft Security Essentials does not come with a software firewall, data backup facility or troubleshooting tools. Instead, Microsoft Security Essentials focuses only on offering anti-malware and anti-rootkit functionality.
“In November 2008, Microsoft announced plans to deliver a new no-cost anti-malware solution—code-named Morro—to consumers in the second half of calendar year 2009. By providing this core anti-malware solution to consumers at no cost … Microsoft [is able] to better address the security needs created by smaller PC form factors, explosive growth of PCs in emerging markets and rapid increases in the incidence of global malware, and … remove some of the barriers that stand in the way of consumers having quality anti-malware protection.”
According to Microsoft, Security Essentials is “the first Microsoft security product to make use of the company’s new Dynamic Signature Service, a technology that helps ensure [that] users stay protected by the most current virus definitions available without having to wait for the next scheduled download.”
Note: For the record, the final build of Microsoft Security Essentials is 1.0.1611.0.
Microsoft Security Essentials will be available in eight languages and 19 countries: Australia, Austria, Belgium, Brazil, Canada, France, Germany, Ireland, Israel, Italy, Japan, Mexico, the Netherlands, New Zealand, Singapore, Spain, Switzerland, the United Kingdom and the United States.
September 25th, 2009
When it comes to security, who do you trust more - Microsoft or Google?
Chrome Frame browser plug-in for Internet Explorer seems to have kicked off a war of words between Google and Microsoft. When it comes to security, who do you trust more - Microsoft or Google?
In case you haven’t been keeping up with developments, Chrome Frame is a plug-in developed by Google for IE that brings the performance and standards compatibility of the Chrome browser to IE users. To put it another way, Google came out with a plug-in that dramatically improves IE.
Loading ...But Microsoft isn’t taking this lying down. Yesterday the Redmond software giant claimed that Chrome Frame put IE users at risk by expanding the attack surface available to hackers:
“With Internet Explorer 8, we made significant advancements and updates to make the browser safer for our customers. Given the security issues with plug-ins in general and Google Chrome in particular, Google Chrome Frame running as a plug-in has doubled the attack area for malware and malicious scripts. This is not a risk we would recommend our friends and families take.”
Later Google Read the rest of this entry »
September 21st, 2009
Should "Patch Tuesday" updates include a free virus scan?
Nobody like computer malware. Well, OK, those that make it do, and those that make a livelihood protecting us from it do, but for everyone else it’s a malignant scourge. Given that every month Microsoft sends all us Windows users a big bundle of patches, shouldn’t that update come with a complimentary virus scan?
OK, before you all start jumping up and down, let’s look at what Microsoft does right now to protect users. First, Microsoft does include a small scale malware scanner in the form of the Malicious Software Removal Tool (MSRT) which comes in every Patch Tuesday. Sure, it covers quite a few bases, but it’s still pretty basic.
Then there’s Microsoft Security Essentials (still available for download if you know where to Read the rest of this entry »
Adrian is a technology journalist and author who has devoted over a decade to helping users get the most from technology. He also runs a popular blog called The PC Doctor. See his full profile and disclosure of his industry affiliations
Want to get in touch? Got a tip? Feel free to drop me a note! I ALWAYS respect anonymity. I'm also on Twitter (@the_pc_doc)
Right to Reply: Should any industry representatives wish to comment on any posts on Hardware 2.0, I will be happy to publish their reply verbatim on this blog.
Subscribe to Hardware 2.0 via Email alerts or RSS.
SponsoredWhite Papers, Webcasts, and Downloads
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
- Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now
- See why AND is the new OR. Watch the video.
- The Creeps Are Coming: Are You Ready?
- See how much space you can save with our calculator.
- Stay current on the latest trends in our blogs.
Recent Entries
- Apple seeks injunction to end Psystar Mac clones … oh, and $2.1m
- Does Amazon know where it’s going with the Kindle?
- Apple ads dodge the network coverage issues
- “Turkey Day” tech support survival kit
- Law firm interested in hearing from banned Xbox Live gamers
Blogs From Our Sponsors
Most Popular Posts
- Seven great (and free!) applications for Windows 7
- Apple nukes Psystar
- Did Microsoft copy Mac OS for Windows 7? Yes ... uh, wait ... no ...
- Hardware 2.0 'Very Best Kit List' for Nov/Dec 09
- Chrome OS - The good, the bad and the ugly, and how it fits in with Windows, Mac and Linux
- Windows 7 vs. Ubuntu 9.10 - Strengths and weaknesses
Top Rated
- Windows 7 vs. Ubuntu 9.10 - Strengths and weaknesses+35 votes
- Seven great (and free!) applications for Windows 7+26 votes
- "Turkey Day" tech support survival kit+22 votes
- Apple nukes Psystar+21 votes
- Hardware 2.0 'Very Best Kit List' for Nov/Dec 09+16 votes
- Chrome OS - The good, the bad and the ugly, and how it fits in with Windows, Mac and Linux+14 votes
- HP Pavilion Elite owner resorts to lawsuit over 'inherently defective' PC+13 votes
- Microsoft gives up to 1 million Xbox modders the boot from Live+11 votes
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Reduce risk. Reduce complexity. Increase reliability.
-
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
- Learn more >>
- Save time with automated shipping solutions
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Visit the UPS Business Essentials Guide
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
Archives
ZDNet Blogs
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- On Sustainability
- Rational Rants
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Technology and the Global Supply Chain
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
White Papers, Webcasts, and Downloads
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
- Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
- Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
Enterprise Applications
- Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
- New Online Dashboard
-
- Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline
-
