Because hackers target Microsoft's Windows operating systems more than any other OSes, one could argue that it would be only fitting for the software maker to offer its users a free security suite, and that's exactly what Microsoft intends to do. Noting the rapid increase in the prominence of malware, Microsoft says it will discontinue retails sales of it's fee-based Live OneCare subscription service by June 30, 2009 and replace it with a free security suite currently code-named "Morrow."
"Customers around the world have told us that they need comprehensive, ongoing protection from new and existing threats, and we take that concern seriously,” said Amy Barzdukas, senior director of product management for the Online Services and Windows Division at Microsoft. “This new, no-cost offering will give us the ability to protect an even greater number of consumers, especially in markets where the growth of new PC purchases is outpaced only by the growth of malware."
Morrow, which will offer protection against viruses, spyware, rootkis, Trojans, and other malware, will be built to use fewer resources, which Microsoft claims will make it well suited for both low bandwidth situations and low-power PCs. According to Microsoft, Morrow's protection will be on the same level as the company's enterprise solutions.
While that sounds like good news for Windows users, McAfee sees it as an even better opportunity for themselves and doesn't appear worried that it might lose paying customers to Morrow.
"Consumers have voted; OneCare, in its two years on the market, has achieved less than 2 percent market share," he said in an interview. "Microsoft is giving up and has defaulted to a dressed-down freeware model that does not meet consumer security needs. This is good news for McAfee."
Is McAfee underestimating Morrow? Hit the jump and give us your thoughts.
It's that time of year again when scorching hot deals start to scatter the web in anticipation of Black Friday, one of the biggest online shopping days of the year. Despite still being almost two weeks away, several retailers have already posted Black Friday ads, giving bargain hunters a head start. But lest the hunter becomes the hunted, buyers should take caution not to fall prey to identity thieves.
According to the FTC, consumers were stung for more than $1.2 billion in losses last year as a result of identity theft and fraud. Consumers, who are already stretched thin amid a struggling economy, should be extra cautious this shopping season.
"While the holiday season is surely a time for cheer and celebration, it is also a time when identity thieves are waiting for the perfect opportunity to pounce on unsuspecting consumers," said LifeLock CEO Todd Davis. "Whether it takes place at shopping malls or online, identity theft can increase over the holidays."
Most, if not all of LifeLock's recommended safety precautions will rank as obvious to seasoned shoppers and the tech savvy alike, but they're worth brushing up on before going on that holiday spending spree.
Given the widespread availability of free solutions, we know how power users hate to pay for security software. If you fall into this category, your options will become slightly more robust this Tuesday, November 18.
According to a spattering of reports, a company spokeswoman for Check Point said the company plans to celebrate its 15th anniversary by giving away a 1-year subscription to its ZoneAlarm Pro software security suite. For those not familiar with the program, ZoneAlarm Pro expands on the company's popular firewall solution by throwing in a spyware remover, protection against rootkits, ID theft protection, and other security odds and ends. The full program typically sells for $40/year.
If the reports hold true, you can download your copy from this link beginning at 6:00 AM PDT Tuesday morning. Procrastinators be warned, the link will only stay active for 24 hours.
Thanks to a borked update, some PC users running AVG's free antivirus were in for a long and frustrating weekend. The virus definition update, which was released on Saturday, erroneously detected the "user32.dll" file for the Trojan Horse PSW.Banker4.APSA instead of recognizing it as a critical Windows component. Once the scanner went active, users found their AVG software recommending that they delete the quarantined file. Doing so caused systems to either stop booting or enter into a continuous reboot loop. Whoops!
The misinformed update affected both AVG 7.5 and AVG 8.0 installations on Windows XP. Vista users appear to be in the clear, though a spattering of user comments around the web have indicated otherwise. In any event, another update has corrected the error. For those who already deleted the critical system file, AVG is providing step-by-step instructions on how to restore your system back to a working state. Whether or not it restores your faith back in the program is another question altogether.
Hit the jump and let us know what security software you're using.
This month's Patch Tuesday, unlike October's, is a quiet one, with just two security bulletins:
MS08-069 solves a remote code execution vulnerability in Microsoft's XML Core Service that is rated as Critical for version 3.0 and Important for later versions. All 32-bit and 64-bit desktop versions of Windows from Windows 2000 SP4 through Windows Vista SP1 are affected, as well as Microsoft Office 2003 and 2007. The Exploitability Index is 1 (Consistent Exploit Code Likely - the most serious ranking) or 2 (Inconsistent Exploit Code Likely), depending upon the version of XML Core Services installed. Windows Server 2003 and some installations of Windows Server 2008 are also affected.
MS08-068 patches a remote code execution vulnerability in the SMB protocol. MS08-068 is rated as Important for Windows 2000 SP4 and Windows XP, and Moderate for Windows Vista. Windows Server 2003 and all Windows Server 2008 installations are also affected. Despite Microsoft's rating this vulnerability as only Important rather than Critical, MS08-068's Exploitability Index is 1 because exploit code targeting Windows XP is already public.
That's it for Patch Tuesday security bulletins, both of which will be arriving soon via Windows Update (or can be downloaded manually if you prefer). What else has Microsoft served up?
The only non-security content this time is the usual monthly update for the Malicious Software Removal Tool (KB890830; not yet updated as this article was posted now updated) and the usual monthly update for the Windows Mail junk mail filter (KB905866), available in 32-bit and 64-bit versions.
Microsoft last week released the fifth volume of its Security Intelligence Report (SIR) covering the period between January through June of 2008. The report, which purports to offer an "in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software," uses data derived from what Microsoft claims are hundreds of millions of Windows users, all of which is analyzed and laid out in a tidy 13MB PDF download.
According to the 150-page report, hackers are increasingly honing in on third party applications rather than attempting to attack Microsoft directly. Vulnerabilities in programs like RealPlayer, QuickTime, WinZip, and other non-operating system software provide hackers with a greater number of exploits requiring a low degree of complexity, the report claims.
"It is alarming to see that more than 90 percent of vulnerabilities disclosed in 1H08 affected applications, and nearly half of all industry vulnerabilities are rated as High Severity," Microsoft says in its report. "Additionally, 1H08 showed how threats are increasingly affecting a variety of vendors beyond Microsoft."
The report also notes several geographical trends in security threats. Among them, password stealers such are Win32/Bancos are most prominent in Brazil where the overall infection rate has risen an alarming 81.8 percent from 2H07 to 1H08. In the U.S., trojan downloaders, like Win32/Zlob, account for the largest single category of threat.
Here’s one more reason to be glad that there’s not a big overlap between the “computer scientists” and “burglars” demographics: UC San Diego scientists have developed a program that can duplicate a key from a single photograph.
The software’s more powerful than you might think, too. It can copy keys seen from almost any angle, not just those seen in profile, and it can copy keys from a source as low-res as a cell phone camera picture. With a telephoto lens, the group was able to copy a whole ring of keys sitting on a table from a rooftop 195 feet away.
The group is not releasing the program to the public, but they are hoping the exposure will help raise awareness of the shortcomings of traditional keys. Stefan Savage, the program leader said "We argue that the threat has turned a corner--cheap image sensors have made digital cameras pervasive and basic computer vision techniques can automatically extract a key's information without requiring any expertise.”
For shame, Google. The G1 has barely even launched, and it’s already faced with its first major breach. An exploit has been discovered by an independent security expert which could potentially allow hackers to hijack the web browser on the G1, allowing them access to users’ passwords, cookies and text messages.
The exploit was discovered by Charlie Miller of Independent Security Evaluators, who first noticed the hole in the Android SDK. He bought an early G1 off a T-Mobile employee on eBay, confirmed that the exploit worked on the real deal, and reported the problem to Google two days before the G1 launched.
The exploit takes advantage of a buffer overrun flaw in one of Androids 80 open-source components. Android uses an out-of-date version of the component, newer versions have addressed the flaw. To protect G1 early-adopters, Miller hasn’t publicized which of the 80 components is the one with the weakness.
Google’s response? “We are working with T-Mobile to include a fix for the browser exploit, which will soon be delivered over the air to all devices, and have addressed this in the Android open-source platform.”
Redmond usually releases security patches once a month, on Patch Tuesday, but Microsoft's security experts are worried enough about a newly reported vulnerability in the Server service to post an "out-of-band" security update, MS08-067, yesterday for all versions of Windows from Windows 2000 SP4 through Windows Server 2008 and Windows 7 pre-beta. Microsoft hasn't issued a security update between Patch Tuesday releases since April 2007, so this is a significant security issue.
Although all supported versions of Windows are vulnerable, Windows 2000 SP4, Windows XP, and Windows Server 2003 versions are especially vulnerable to this flaw, which can permit remote code execution via a specially crafted RFC request.
To find out what makes this vulnerability so critical, and to learn how to get the update, join us after the jump.
And now, a whole new way for your privacy to be invaded. Computer scientists at the EPFL in Switzerland have developed a way to eavesdrop on what you type by detecting the electromagnetic radiation emitted with every keystroke, Engadget reports.
The group developed four techniques for listening in on keystrokes, and tested them on 11 keyboards, produced from 2001 to 2008 and including USB, PS/2 and laptop keyboards. Every one of the devices was vulnerable to at least one of the methods. Some of the techniques are effective from as far away as 65 feet, and through walls.
Martin Vuagnoux, one of the scientists responsible, has posted twovideos demonstrating the vulnerability on Vimeo. The first of the two videos shows a meter-long wire being used as an antenna to detect the emissions of a keyboard several feet away. A program successfully decodes the message “trust no one” from these emissions. The second video shows an antenna that looks a bit like a pair of gigantic egg beaters eavesdropping on a keyboard from one room over.
The technique is pretty cool to see in motion (if a bit scary) so check out those videos and hit the jump to give us your thoughts.