McAfee: Most Consumers Overestimate PC Safety

It’s self-serving, but a new study by McAfee Inc. and the National Cyber Security Alliance has found that 78 percent of consumer PCs in the U.S. are not protected (defined as having up-to-date AV, spyware and a properly configured firewall).

What’s interesting, though is how many people think they are protected: 93 percent according the survey, which is set to be released Monday.

http://news.yahoo.com/s/pcworld/20070928/tc_pcworld/137856

UK PCs Have Least Malware

An online malware measuring tool has unexpectedly rated U.K. PCs as having the lowest level of infection in Europe.

The Nanoscan tool, which can be downloaded as a plug-in from the site of owner Panda Software, put the U.K. in bottom spot last week, with only 8.1 percent of those scanned showing active malware. By a separate measure, that of ‘latent’ or inactive malware, however, the U.K. fared less well, reaching 20.7 percent.

Top of the infection list for active malware was France (28.2 percent), Mexico (23.1 percent), Brazil (18 percent), the U.S. (17.8 percent), and Argentina (17.4 percent).

http://news.yahoo.com/s/pcworld/20070929/tc_pcworld/137711

Data for 800,000 job applicants stolen

A laptop containing unencrypted personal information for 800,000 people who applied for jobs with clothing retailer Gap Inc. has been stolen.

The computer contained social security numbers and other sensitive information belonging to residents of the US and Puerto Rico who applied online or by phone for jobs from July 2006 to June 2007, the retailer said in this list of frequently asked questions. Details for applicants living in Canada were also exposed, although they didn’t include social insurance numbers.

http://www.theregister.com/2007/09/28/gap_data_breach/

AutoPatcher lives

Windows administrators who have missed AutoPatcher, an independent, free patch distribution tool that was shut down by Microsoft, will be relieved to hear it may be making a comeback.

In August, Microsoft told AutoPatcher to stop making the tool available. AutoPatcher combined Microsoft and other application patches, along with registry tweaks, without remaining connected to the Internet. Antonis Kaladis, AutoPatcher’s project leader, said this week he hopes to have the new version of AutoPatcher available in early October.

Complete article at http://searchwinit.techtarget.com/originalContent/0,289142,sid1_gci1274357,00.html link via GRC.com Newsgroup

Free Norton Internet Security 2008 if…

you got active subscription of Norton Internet Security 2007.  It’s free upgrade as per Symantec:

Norton Internet Security 2007 users with an up-to-date subscription are entitled to an upgrade to 2008 and can use their existing Norton Internet Security 2007 product key to unlock the free trial.

http://www.symantec.com/norton/blog/detail.jsp?blogid=performance_impact&profileid=tom_powledge via Calendar of Updates

Adware.Mirar: False positive by Norton Antivirus if Spybot S&D immunization is enabled

Screenshots and details at http://www.dozleng.com/updates/index.php?showtopic=15769

Update:  Symantec respond and will address the issue in today’s definitions.

2nd Update:  Symantec released their new defs for Sept. 29 rev. 7 but it continues to detect Adware.Mirar if the system is immunized using Spybot S&D.  I reported again to Symantec.  New screenshots at the above link.

3rd Update:  This issue is now fixed if Sept. 30th daily defs update is installed (Definition version 90930r, Extended Version: 9/30/2007 rev. 18).  You can download it from http://www.symantec.com/avcenter/defs.download.html or use LiveUpdate

Five of the Dirtiest Malware Tricks

If the crooks behind viruses, Trojan horses, and other malicious software were as stupid as they are scummy, we’d have a lot less to worry about. But as protective measures get better at stopping the obvious attacks, online creeps respond with underhanded moves to invade your PC. Here are five of their dirtiest tricks, all based on Trojan horses:

1.  Don’t mind me–I’m only here to break your PC
2.  Locked and encrypted Web sites? No problem
3.  Malware that scans your PC for malware
4.  Equal-opportunity encryption
5.  Hi, firewall. I’m Windows Update. Honest

Read the description of each at http://www.pcworld.com/article/id,137364/article.html via http://blogs.stopbadware.org/articles/2007/09/28/new-tricks-old-defenses entitled “New tricks, old defenses

NSA writes more potent malware than hacker

A project aimed at developing defences against malware that attacks unpatched vulnerabilities involved tests on samples developed by the NSA.

The ultra-secretive US spy agency supplied network testing firm Iometrix with eight worms as part of its plans to develop what it describes as the industry’s first Zero-day Attack Test Platform.

Richard Dagnell, VP of sales and marketing at Iometrix, said the six month project also featured tests involving two worm samples developed by a convicted hacker. The potency of the malware supplied by the NSA far exceeded that created by the hacker.

http://www.theregister.com/2007/09/28/nsa_hacker_malware_defense_project/

AOL Working On Patch For Instant Messenger Vulnerability

America Online is working on a patch for what security researchers are calling a “major vulnerability” in the company’s highly popular Instant Messenger application.

Researchers at Core Security Technologies Wednesday disclosed a bug that they say could severely impact the millions of registered users of AOL’s instant-messaging service, AIM. The flaw, according to Core Security, would enable a series of attacks — enabling a remote hacker to execute malicious code, exploit Internet Explorer bugs, and inject scripting code in the IE browser.

http://news.yahoo.com/s/cmp/20070928/tc_cmp/202102449