Microsoft AntiSpyware ‘now’ detects Hotbar

Earlier this month, we published a simple study (test) comparing few antispyware program’s real time protection – Does your antispyware’s real-time protection work? One of the antispyware programs that we studied is Microsoft’s Windows AntiSpyware Beta 1 which failed to protect the system in real time while installing a common threat Hotbar and did not detect Hotbar as adware or spyware. Microsoft released 5729 definitions earlier today so I did another test using Windows AntiSpyware’s real time protection with 5729 definitions and using Hotbar’s installer again: See the result in Calendar of Updates http://www.dozleng.com/updates/index.php?showtopic=5524

Symantec end ties with ComScore, maker of spyware program

A good move by Symantec! eWeek reports: Anti-virus vendor Symantec is ending its relationship with online market research company ComScore, which makes the “Marketscore” spyware program. Symantec Corp., of Cupertino, Calif., is in the process of severing its e-mail scanning services from ComScore Networks Inc.’s online behavior-tracking programs, according to Genevieve Haldeman, a Symantec spokesperson. The relationship had raised the eyebrows of anti-spyware activists critical of ComScore’s programs, which capture and store information from online sessions, including encrypted traffic from sensitive online transactions. Marketscore, also known as OpinionSquare, NetSetter and JDCouncil, is a Web proxy agent that directs all Web … Continue reading Symantec end ties with ComScore, maker of spyware program

FTC busted another antispyware company – SpyKiller

The Federal Trade Commission has busted another spyware company (yay!) An operation that used bogus “scans” and illegal spam to market an anti-spyware program that didn’t work as claimed has had its assets frozen and been barred from making deceptive claims by a stipulated preliminary injunction order issued by a U.S. District Court judge at the request of the Federal Trade Commission. The agency alleges that the operation violated federal laws and has asked the court to permanently bar the deceptive marketing and order redress for consumers. The FTC alleges that to capitalize on legitimate consumer concerns about spyware and … Continue reading FTC busted another antispyware company – SpyKiller

50% of IT Pro were not very confident that passwords were stored securely in their organization

Cyber-Ark revealed the results of recent research illuminating the industry-wide struggle to safely and easily share and manage administrative passwords that provide access to the network, systems and application backbone of enterprises worldwide. The survey of nearly 200 information technology (IT) security professionals, conducted at Europe’s largest information security event, Infosecurity, revealed: Half (50 percent) of survey participants were not very confident that passwords were stored securely in their organization. One quarter (25 percent) said that IT staff can access administrative passwords without permission. Less than a third (32 percent) were storing administrative passwords digitally. The remainder continue to use … Continue reading 50% of IT Pro were not very confident that passwords were stored securely in their organization

Google – Source of hackers to find vulnerable pages

According to IS Digital Networks hackers can search for vulnerable pages on a site easily.  This is done thru Google’s advanced search operators, which are legitimately used to more precisely refine the results returned from the search engine. Examples include: inurl: to search within the URLintitle: to search within the page titledaterange: to search pages created within specific days+ (Plus) forces a search of a common word– (Minus) excludes a word from the search. (Period) is a single character wildcardSite: Restricts the search to a specific site IS Digital Networks provided some recommendations to help prevent Google Hacking searches: · … Continue reading Google – Source of hackers to find vulnerable pages

ClamAV Quantum Decompressor DoS Vulnerability

A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error, which causes ClamAV to crash when scanning an archive compressed using Quantum compression with a window size that is less than 32KB. The vulnerability has been reported in version 0.86. Prior versions may also be affected. Solution: Update to version 0.86.1 http://secunia.com/advisories/15811/

RealNetworks Releases Update to Address Security Vulnerabilities discovered by eEye

RealNetworks, Inc. has addressed the discovered vulnerability by eEye http://eeye.com/html/research/advisories/AD20050623.html The vulnerability allows a remote attacker to reliably overwrite heap memory with arbitrary data and execute arbitrary code in the context of the user who executed the player. This specific flaw exists within the vidplin.dll file used by RealPlayer. By specially crafting a malformed .avi movie file, a direct heap overwrite is triggered, and reliable code execution is then possible. This vulnerability can be trigger when a user views a webpage, or opens an .avi file via email, instant messenger, or other common file transfer programs. For affected products and … Continue reading RealNetworks Releases Update to Address Security Vulnerabilities discovered by eEye

Outages for LinuxWorld Web Site

The web site for LinuxWorld magazine was offline for more than two hours yesterday, the latest in a series of performance problems over the last month. While many of the outages have been brief, the sites for LinuxWorld and its parent company, tech publisher Sys-Con Media, were down for more than 12 hours on June 12. The LinuxWorld and Sys-Con sites experienced downtime in mid-May after a controversy involving articles by a Sys-Con freelancer led several senior LinuxWorld editors to resign. Sys-Con publisher Fuat Kircaali said his company’s sites had been hit with a distributed denial of service (DDoS) attack. … Continue reading Outages for LinuxWorld Web Site

Study Shows Windows Beats Linux on Security

A survey of 90 enterprises finds better total cost of ownership and fewer risks with Microsoft’s streamlined security tools. Microsoft recently commissioned Wipro Technologies Ltd., an independent consulting firm, to study the cost of updating Microsoft and open source software in a real-world environment for desktops, servers and database servers. Wipro surveyed 90 companies in the U.S. and Western Europe with 2,500 to 113,000 employees where both the Windows and open source operating systems were simultaneously being run. When the costs of updating are distributed across the size of the environment and evaluated on a per-asset basis, the study shows … Continue reading Study Shows Windows Beats Linux on Security