Friday, March 18, 2011

Your security update

Security news you can use ...

For Windows users:

Microsoft's Malicious Software Removal tool takes out 4th biggest malware:

Microsoft this week used its Malicious Software Removal Tool to take out the fourth-biggest threat in automated program's history, which dates back to at least 2005.

The malware, known as Win32/Renocide, is a crafty backdoor-enabled worm that spreads through removable drives, network shares and popular file-sharing applications. Once installed, it drops copies of itself on all removable drives, possibly by randomizing the the file names. It also spreads by scanning machines on an infected computer's local network and pasting a copy of a file called autorun.inf, which many versions of Windows automatically execute when the drive is attached.
This is a great free tool, and if you're not getting it, you should.  While you're there, you should try Microsoft's Security Essentials antivirus.  It's free, too.

Internet Explorer 9 comes out next week.  I quite like IE 8 (from a security point of view), so this is something to consider.  Looks like I'm mostly over my anti-IE fatwaw ...

Of course, Firefox 4 comes out next week, too.  Hmmm ... competition in the browser market?

For Apple users:

If you have an iPhone 3 (not 3GS; just the old 3 version), the new Apple security update won't work on it.  Security-wise, you're kind of screwed.  But don't try to complain on an Apple forum, because Apple will delete your posts.  Stay classy, Apple.

This also applies to older (pre-3rd Generation) iPod touches.  But remember, Apple doesn't want your backtalk.

Safari is first to fall in hacker conference "Pwn 2 own" challenge:

“Just after visiting the webpage with the affected version of Safari, we can, for example, launch the calculator or open a shell or do anything else we want,” he said a minute or two after demonstrating the exploit at the contest, which was attended by members of Apple's security team. “We have the same privileges as the user who visited the webpage.”

He said users would have no way of knowing their machines have been compromised. There is no prompt asking for a password. The only way to thwart the attack is to run Safari from an account that has been configured to have limited privileges.
On the bright side, you don't typically run as root on your Mac.  This vulnerability hasn't been patched yet.

For Linux users:

Ubuntu will tell you when there's a security update:


I'm installing it right now.

1 comment:

Guffaw in AZ said...

Thanks for the good intel. I've never been bright enough to be a geek.