Windows 7 Security Fail – Big Shock Indeed

Windows 7 is going to be the salvation release that Windows users have been waiting for. And on the performance front when compared to that of Vista, based on my own tests with the beta releases, it is not half bad.

Sadly however, the good times suddenly come into a healthy dose of reality as Windows Explorer comes to oops-ville once again. Despite all of the improvements made to Windows in this release candidate, it appears that something as OBVIOUS the old renaming malware trick has been stopped in this release, right? Nope.

As F-Secure demonstrates here, horrible_malware.txt can actually be seen via the command line a horrible_malware.txt.exe. Yes kids, that is really an executable file. And yes, it can create malware headaches if the malware creator knows what they are doing.

Now I want to once again, go on record as stating that Linux and OS X, also have their security vulnerabilities. I mean, I can whip up a nasty bash script that will do terrible things to one’s system. But I can tell by looking at it in Linux (and in OS X), that it is an executable. In Windows explorer for Windows 7, you better trust the command line. You know, that ancient bit of silliness Windows users were in such a rush to give up on. Funny, looks like it is telling the truth here whereas the GUI is not being totally forthcoming.

Who wants to bet this goes unfixed by the time Windows 7 goes into stores? Bets, anyone?

How Many Anti-Virus Programs Should You Use?

First of all this is not going to be about what anti-virus program is the best, because quite frankly, most A/V programs do a fairly good job of protecting your system. If you wish to argue about the best of the best in A/V protection, there are plenty of forums to vent your preference on. Or if you want to do a statistical analysis go here and knock yourself out. Better yet, do a Google, and you will find enough information to occupy your mind for a day or two.

But during the past month or so, which seems to coincide with the release of the new AVG version 8, there appears to be a commonality that is beginning to surface. As I read some of the comments posted here at The Blade, in the forums that I associate myself with and in general when doing a Google for information, it seems that some of you believe that running more than one A/V program is preferable than a single program for protection.

Which begs me to ask. Do you also have two or more automobile insurance policies as well? After all, having two or more policies should make you feel double or triple secure in case of an accident.

If you are using two or more A/V programs and have the resident shields/real time scanners in place for both, you will experience problems such as slowdowns with your system. You may also experience other undesirable problems as well.

Find one program that you trust. You can also supplement your protections by periodically doing online scans of your system as well. Most of the major security companies such as Symantec, Trend Micro, F-Secure, BitDefender and others provide for free online scans.

Comments welcome.

Symantec Security Check

Trend Micro House Call

F-Secure Online Scanner

BitDefender Online Scanner

PS If you only want to bash one program over another, please don’t leave a comment. We have all heard it before and your comment will not be posted.

Rivalry Between Media Web Sites Results In Netscape Being Hacked Via XSS Attack

Netscape.com, an online social media Web site, has been hacked through a cross-site scripting (XSS) vulnerability in their recently launched news service. It is reported that the attack was allegedly launched by fans of Digg.com, a competing social networking Web site. The hackers used the XSS vulnerability to inject their own JavaScript code into the homepage and other pages on the site.

The hack was discovered by Finnish security vendor (F-Secure), during their research work around cross-site scripting vulnerabilities on social networking sites. Digg fans used cross-site scripting attacks to display JavaScript pop-up alerts with “comical” messages aimed at redirecting visitors to their site. Fortunately no malicious code was injected. Netscape released a statement yesterday afternoon stating that the vulnerability had been patched and that visitors are once again safe.
Continue reading “Rivalry Between Media Web Sites Results In Netscape Being Hacked Via XSS Attack”

New Zero Day Exploit Seen In The Wild

This is another report on the Windows vulnerability I posted a bit earlier. Suzi Turner of ZDNet.com writes:

…Sunbelt researchers have collected more than 50 variants of the WindowsMetafiles (WMF) and documented a number of domains running this exploit. Email, blog talkbacks, guestbook links, all could be used to spread this infection. In fact, I know someone who got infected by clicking on a user’s homepage link at a forum.
Continue reading “New Zero Day Exploit Seen In The Wild”