Security Protection – Harry Waldron MVP Rotating Header Image

Microsoft Security Essentials improves in AV-Comparatives Prevalence test

Microsoft Security Essentials improved from 22nd to 6th place in recent AV-Comparatives Prevalence testing.  The most common and prevalent threats were tested among different AV products and Microsoft scored well in this area.

Microsoft commissioned the well-known lab AV-Comparatives to re-evaluate a recent test taking prevalence of samples into account. This was a simple file detection test—run an antivirus scan with each product and note how many of over 100,000 samples it detects.  The samples are selected to represent malware prevalent in the wild and to avoid over-representation of any one malware family. However, in calculating the detection rate, every sample gets the same weight. The new report takes the same data and applies weighting based on Microsoft’s reported prevalence. The results were vastly different from the original, as you can see in the chart below.

Ransomeware – F-Secure August 2014 article series

F-Secure is featuring an excellent series of articles during August 2014 related to dangers of ransomeware attacks


Ransomware Race (Part 1): CryptoWall ups the ante

This summer has included the appearance of two strong new malware families onto the file encrypting Windows ransomware market: CryptoWall and CTB-Locker. Of these, CTB-Locker has been the more advanced family, with its use of elliptic curve cryptography for file encryption and Tor for communication with the command & control server. CryptoWall, meanwhile, has used the more traditional combination of RSA and AES for file encryption and HTTP for C&C communication.  

Ransomware Race (part 2): Personal media the next frontier?

It seems malware authors have recently taken a liking to the network-attached storage (NAS) devices manufactured by Synology Inc. First they were hit by Bitcoin mining malware in the beginning of this year and now by file encrypting ransomware similar to CryptoLocker. NAS devices are used by home and business users alike to easily store and share files over a network. Many, like ones manufactured by Synology, also feature remote access. In this case, it would seem hackers were able to abuse the remote access feature, possibly by exploiting a vulnerability in older versions of the Synology DSM -operating system, to gain access to the devices. Once they had access, they proceeded to install a ransomware they have dubbed “SynoLocker”.  

Ransomware Race (Part 3): SynoLocker Under The Hood

On the surface, SynoLocker and CryptoLocker share many similarities, not the least of which are a similar name, similar choice of encryption algorithms and the idea of extorting money from victims. Under the surface however, the similarities quickly end. When first infected with SynoLocker, a unique RSA key pair is generated for the victim. The private key never leaves the malware operator(s) but the public key is stored onto the victim device. This public key can be used to encrypt data in such a way that it can only be decrypted with the associated private key. As long as the malware operator(s) are in control of the private key, they can deny the victim access to their encrypted files.

Ransomware Race (Part 4): Adult Content, Browlock’s Staying Power

Compared to other Ransomware families, Browlock does not encrypt the victim’s files, and does not add nor run any files on the victim’s machine. It only scares the user by “locking” the browser with an alert that claims to be from the police or authorities, stating that the victim has committed a crime by viewing inappropriate websites or downloading pirated software. It prevents the user from closing the browser, but terminating the browser process using task manager, for example, resolves the problem.

Community Health Systems over 4 million patients impacted by data breach

Approximately 4.5 million Community Health System patients appear to be impacted by major data breach recently reported:

Hackers got into the hospital’s systems and installed a virus that stole upwards of 4.5 million patient records. The information stolen includes names, Social Security numbers, patients’ home addresses, birthdays and telephone numbers. So far it seems hackers didn’t get medical history information or credit card numbers. Still, that’s a small comfort given the damage they can do with what they did get. The hospital group in question is Community Health Systems, which has 206 branches in 28 states:  Alabama, Alaska, Arizona, Arkansas, California, Florida, Georgia, Illinois, Indiana, Kansas, Kentucky, Mississippi, Nevada, New Jersey, New Mexico, North Carolina, Ohio, Oklahoma, Oregon, Pennsylvania, South Carolina, Tennessee, Texas, Utah, Virginia, Washington, West Virginia and Wyoming.

Windows 9 – Ten desired features for next version

The 10 features and ideas enumerated in this article provide an excellent list of features to consider for the Threshold project.

QUOTE: Windows 9, also known as “Threshold”, is expected to arrive sometime in 2015 and hopes and wishes from users definitely aren’t in short supply ahead of its unveiling. Tickets to the Build Developer conference 2014 in San Francisco sold out in 24 hours when rumors of Windows 9 hit the internet, highlighting – perhaps – just how much appetite there is out there for a Windows 8 successor. It was rumored that Windows 9 would see a release date as soon as April 2015, but a third update to Windows 8 in the same month means that we will likely have to wait until later in the year.

Windows 7 – MS14-018 is a foundation for further IE 11 updates

This recent article documents that APR2014 MS14-018 cumulative update provides foundational base for Win7′s version of IE 11 to continue installing updates

QUOTE: Users who have not installed the IE security update issued on April 8 — identified by Microsoft as MS14-018 — on Windows 7, and who rely on Windows Update to download and install fixes, did not receive the June 10 IE update. Nor will IE11 receive any future updates, security or otherwise, until that MS14-018 has been installed. Windows Update will not display the appropriate IE11 patches.

As far as Computerworld could determine, this is the first time that Microsoft selectively shut off patches to IE while still providing updates to the operating system.  It’s unclear why Microsoft did this — unlike the situation with Windows 8.1, the firm has not publicly explained the move or even publicized the requirement — but it may be attributed to the significance of the IE11 update in April. In a support document, Microsoft listed numerous changes to IE11 on Windows 7.

Admittedly, most users who have Windows Update set to automatically download and install updates — a majority of consumers — do not need to be aware of such requirements, assuming those updates are successfully installed. But Windows and IE updates are not foolproof: They sometimes fail to take. In that case, users on Windows 7 running IE11 might not know that they are now unprotected, and will remain so until MS14-018 is deployed.

Microsoft Security Updates – AUGUST 2014

Critical Security updates to Microsoft Windows, Internet Explorer, Sharepoint, Framework, and other products became available on Patch Tuesday.  Users should promptly update to enjoy best levels of protection.

Akamai Study – Virginia has fastest Internet Speed in USA

In the Akamai Study below, Virginia was rated as having fastest Internet speed in USA

QUOTE: If you’re looking for the fastest Internet service in the US, you should pack your bags for Virginia. With an average of 13.7 megabits per second, Virginia tops the country for the speediest Internet access, according to Broadview Networks.  Broadview Networks created a map (seen above) that shows which states have the fastest Internet service and which ones lag. The cloud services provider got the data from Akamai’s “State of the Internet” report (PDF) released in June.

1 Virginia 13.7 -4.3% 30%
2 Delaware 13.1 6.3% 18%
3 Massachusetts 13.1 2.6% 22%
4 Rhode Island 12.9 11% 35%
5 District Of Columbia 12.8 5.0% 18%
6 Washington 12.5 8.5% 29%
7 New Hampshire 12.3 4.0% 6.0%
8 Utah 12.1 6.0% 17%
9 Michigan 11.8 13% 42%
10 Connecticut 11.7 7.2% 18%

WORLD’S FASTEST SPEEDS: Akamai’s report also looks at Internet speeds around the world. The country with the fastest service is South Korea with an average of 23.6 Mbps. In second place, and far behind South Korea, is Japan with an average of 14.6 Mbps. How does the US rank overall worldwide? It’s No. 10 with an average of 10.5 Mbps.

Internet Explorer – Blocking of outdated ActiveX controls starts on SEP 9th

Some users may get unusual messages after applying September Patch Tuesday updates where out-of-date Active X controls are present.  For example, new controls to block outdated JAVA and FLASH extensions may require users to update these components to completely resolve these warning messages. While transition may be a little painful, this serves to better protect users long term from dangerous exploits in outdated IE plug-ins.

QUOTE: As part of our ongoing commitment to delivering a more secure browser, starting September 9th Internet Explorer will block out-of-date ActiveX controls. Note: The original post stated that the ActiveX blocking would begin on August 12th.

ActiveX controls are small apps that let Web sites provide content, like videos and games, and let you interact with content like toolbars. Unfortunately, because many ActiveX controls aren’t automatically updated, they can become outdated as new versions are released. It’s very important that you keep your ActiveX controls up-to-date because malicious or compromised Web pages can target security flaws in outdated controls to collect information, install dangerous software, or by let someone else control your computer remotely.

For example, according to the latest Microsoft Security Intelligence Report, Java exploits represented 84.6% to 98.5% of exploit kit-related detections each month in 2013. These vulnerabilities may have been fixed in recent versions, but users may not know to upgrade. To help avoid this situation with ActiveX controls, an update to Internet Explorer on September 9, 2014 will introduce a new security feature, called out-of-date ActiveX control blocking.

The out-of-date ActiveX control blocking feature works with:

* On Windows 7 SP1, Internet Explorer 8 through Internet Explorer 11
* On Windows 8 and up, Internet Explorer for the desktop
* All Security Zones—such as the Internet Zone—but not the Local Intranet Zone and the Trusted Sites Zone

This feature does not warn about or block ActiveX controls in the Local Intranet Zone or Trusted Sites Zone.

Windows 8.1 – How to create tile based Start application menu

The use of small 70×70 pixel tiles to emulate the classic START menu for frequently used programs from START menu or even a full menu are presented well in attached article:

I told you that I’d decided to stop pining away for the Start Menu and take a closer look at what’s available in Windows 8.1. I started by investigation with the Apps view and its new features, such as the new sorting feature, the ability to configure it as the target of the Start button, and the ability to increase the number of icons that it can display. I then showed you how to configure and use the Apps view as a Start Menu replacement. While this works quite well, I carried my experimentation a bit further over the last few days and have found that there are several new enhancements to the Start Screen that you can use to make it look and feel more like the Start Menu. In this article, I’ll show you what I discovered.

Mobile Malware – ScarePakage masquerades as FBI lock on smartphone

Lookout mobile security warns of new ScarePakage that masquerades as FBI lock on smartphone demanding money to unlock

Lookout has discovered a highly concerning piece of malware that targets the U.S. The malware can render your phone inoperable, can cause loss of access to data, and otherwise attempts to extort you with a fairly scary message: you’re being investigated by the FBI, you’re a criminal. We call this family ScarePakage. It masquerades as well-known apps, such as Adobe Flash and a number of anti-virus applications, and pretends to scan your phone upon launch. After completing the fake scan it locks your phone. You can’t navigate away and if you try to reboot, the fake FBI message will be the first thing you see when the phone turns on. ScarePakage demands several hundred dollars in a MoneyPak voucher to release your device. The app performs a validation check to see if the code is long enough, but not if it will actually work.

Network-wide options by YD - Freelance Wordpress Developer