To the surprise of many (including ourselves), Symantec shed its old bloaty ways with the release of Norton Internet Security Suite 2009, a svelte security suite that earned a 9 verdict and KickAss award in our Antivirus Software Roundup. Now Symantec says its ready to do it again with a revamped version of its Norton 360 software. Has the world turned topsy-turvy?
"Norton 360 has become one of Symantec’s most popular consumer offerings in just two years due to the all-in-one convenience it delivers and the solutions value we have built directly into the suite,” said Janice Chaffin, group president of Symantec’s Consumer Business Unit. “With version 3.0, we are combining the unmatched performance of our 2009 security products with Norton Safe Web to create even more convenience and value for our customers."
Just like NIS 2009, Symantec says its new Norton 360 version 3.0 takes about a minute to install and consumes less than 10MB of system memory. Not only that, but the company claims users will see faster boot times once 360 turns off "unnecessary" startup programs. Other new features shipping with version 3.0 include pulse updates, idle backup routine, botnet protection, and a web rating service called Norton Safe Web.
Coinciding with the 360 v3.0 release, Symantec also announced the official launch of the Norton Users Discussion Forum. Prior to the launch, the forum had been in beta since April 2008 and currently boasts 1,200 new users and 7,000 posts every month.
Norton 360 is available now with an MRRP of $100 (includes 25GB of secured online storage) for the Premier Edition, $130 for the Small Business Edition 5 User Pack (plus 10GB), and $250 for the Small Business Edition 10 User Pack (plus 25GB).
Ouch! It's been a bad week for Adobe Acrobat and Reader users, DailyTech's Jason Mick reports. Some visitors to eweek.com viewed PDF-based ads that attempted to redirect readers to malicious websites and then tried to download Bloodhound.Exploit.213. This vulnerability affects only Acrobat and Reader 8.12 and earlier and was patched back in November with version 8.13, but not everyone's gotten around to updating their Adobe products yet. eWeek's pulled the offending ads, and Adobe was already offering a fix - and that's the good news.
The bad news? There's an even more serious flaw on the loose that targets all versions of Acrobat and Reader, including version 9.0. There are no updates yet (the update for version 9 is expected by March 11, but version 7 and 8 users must wait a bit longer). So, what can you do in the meantime? Lots of MaximumPC readers recommend the free Foxit Reader, but if you must use Adobe, join us after the jump for workarounds that can protect you in the meantime.
Adobe’s PDF reader and creator software continues to be under a seemingly endless attack, and a new vulnerability has the security community very worried. A critical flaw in all editions of its PDF reader and creator software will allow attackers to crash the application and gain control of a person’s computer. This vulnerability has been acknowledged by Adobe, but a fix is still rumored to be 2-3 week away. Initially the company will be working to patch version 9, but will eventually include fixes for version’s 7 & 8 as well.
According to the McAfee security blog, malicious PDF documents are already in the wild, and have been appearing across the web since early January. PDF exploits are of significant concern to the security community since the reader software interfaces very closely with web browsers. In many cases PDF documents are opened within a new browser tab, and displayed even with a user’s consent. According to Symantec this attack has primarily been directed towards government agencies and large corporations, it is not widespread as of yet.
So you thought the facial recognition technology built into your laptop would keep your business and personal information safe? Bwa-ha-ha! Today, the Black Hat DC 2009 security conference found out that, as Vietnam-based security researcher Nguyen Minh Duc puts it, Your Face is NOT Your Password.
Nguyen's paper reveals (PDF link) that it's relatively simple to hack facial recognition systems included in webcam-equipped laptops from Lenovo (Veriface III), ASUS (SmartLogon v1.0.0.0005), and Toshiba (Face Recognition 18.104.22.168). Methods used included using photographs in place of live faces (Facebook, anyone?) and performing brute-force attacks by changing lighting and photo angles in a digitized face until the system permits access.
Are you counting on facial-recogntion technology to keep your stuff safe? Is your company? Join us after the jump for your chance to sound off on this latest "unbreakable," but now broken, access-control technology.
Safe surfing remains the best defense against internet-borne attacks, but it won't provide you that warm fuzzy feeling that an additional layer of protection offers should you slip up. And if you share your PC, your safe computing regime goes straight out the window if your roommate wanders haphazardly across the web.
In an attempt to beef up security, Linksys announced it is teaming up with Trend Micro to integrate the latter's Home Network Defender internet security software into its routers to help block malicious sites from doing harm. Previously offered as a software application, Home Network Defender will be integrated with the Linksys WRT310N and WRT610N routers, offering protection to any computers connected to the network.
The software integration is meant to deny access to sites it deems unsafe with user-adjustable sensitivity controls, as well as embed parental controls and user-activity reporting into the above mentioned routers. What it won't do is offer anti-virus protection, however Linksys says that four licenses of Trend Micro Antivirus plus AntiSpyware will come included as part of the deal.
Existing WRT310N and WRT610N have the option of upgrading their router's firmware for the new software integration, which will carry a 30-day complimentary trial. After that, the service runs $60/year.
The last thing you want to be told when buying a new car is that you shouldn't be driving it, and likewise, HTC G1 owners can't be geeked to learn that at least one security researcher is advising against using the Android-based phone's web browser.
Security researcher Charlie Miller says a vulnerability in Google Android makes it possible for hackers to remotely take control of the phone's web browser and other related processes. At that point, hackers could then gain access to saved information stored in the browser and spy on a user's online transactions, including encrypted ones.
Interestingly, Miller notified Google of the flaw back on January 21 and a patch was put forth, which the search company has given to T-Mobile. But as of this writing, T-Mobile has yet to deploy the fix.
"The Android Security Team responded by contacting PacketVideo, T-Mobile, and oCERT, a public Computer Emergency Response Team. PacketVideo developed a fix on February 5th, and they patched Open Source Android two days later," writes Rich Cannings, a Google Android security engineer. "oCERT assisted PacketVideo with coordinating the fix, and they published an advisory detailing this issue. We offered the patch to T-Mobile when it became available, and G1 users will be updated at T-Mobile’s discretion."
No word has been given on when T-Mobile expects to push out the patch.
Losing a single USB key from a nuclear weapons lab could be cause for concern, but what happens when 67 computers are unaccounted for, including 13 that were reported lost or stolen in the past year alone? What happens in this case is that officials claim no classified information has been lost. 0_o
The missing computers came to light after the watchdog group Project on Government Oversight released a memo dated February 3 from the Energy Department' National Nuclear Security Administration, which listed the missing PCs. According to Kevin Roark, a spokesman for Los Alamos, the lab has initiated a month-long inventory to try and account for the mysteriously missing machines, and while he admitted it's a cybersecurity issue due to personal information being stored, he maintains that none of the PCs hold any classified info.
"The magnitude of exposure and risk to the laboratory is at best unclear as little data on these losses has been collected or pursued given their treatment as property management issues," a security administration memo read.
Of the thirteen missing PCs within the past year, three were taken from a scientist's home in Santa Fe, New Mexico on January 16th. There's also a BlackBerry that has gone missing after being lost "in a sensitive foreign country."
As in previous surveys, respondents recognize that people are both an organization’s greatest asset as well as its weakest link. But security vigilance is even more important in hard economic times, when the increased stress levels can lead people to behave in atypical ways.
Ironically, the French had been warned as far back as October to harden their systems, but as we reported last month, millions of PCs hadn't yet been protected by installing KB958644. How bad was the infection, and how was it spread? Hit your afterburners and join us after the jump for details.