Posts Tagged ‘malware’

The conventional answer to this question is that Apple’s “walled garden,” which places restrictions on app developers, creates a more secure environment for iOS whereas Google’s more permissive model puts Android users at greater risk.

As I have posted here before, there is plenty of ammo to bolster that position:

But the story is more complicated than that. For instance, take this recent report from Appthority which finds that “iOS apps leak more personal data than do Android apps”.

The differences are not huge but they do add fuel to the fire regarding which platform is safer. Apple Insider sums it up well:

A number of questionable policies and security concerns have painted Google’s Android platform as inherently less secure than Apple’s iOS. Android does appear to be more vulnerable to malware than iOS, but mobile malware affects only one percent of apps. The larger concern, the study concludes, should be over how mobile apps handle personal information and company data.

In the end, the unsatisfying answer as to which is more secure is, you guessed it, — it depends — so pick your poison … 🙂

 

PC Security Toolbox

Posted: February 21, 2013 in Uncategorized
Tags: , ,

It seems there are about a million things people are telling you that must be done in order to keep your PC secure and about ten times that many different tools that you might use to get the job done. That’s why I particularly liked Eric Geier’s PCWorld.com article entitled “PC security: Your essential software toolbox.”

In the piece he gives a brief overview of the basics — anti-malware tools, firewalls, wireless security and more. It’s far from comprehensive but, then again, who would want to have to pore through the tome that would result from  a treatment of this topic that was?

If you’re pretty security savvy you probably won’t find anything new here but the real value to you is that it’s something that you can easily share with your not-so-security-savvy friends who rely on you as their free tech support. So, just file this under the category of “enlightened self-interest” and make life a little tougher for the bad guys by passing this along …

If my last post regarding Android devices being marshaled into zombie armies sounded a little over the top maybe this one will resonate a little better.

According to forensic blog, which focuses on mobile phone forensics and malware, as of December 26, 2012, there are 115 unique Android malware families known to exist. That number would be significantly higher if you counted all the variations on these that might be circulating.

115 doesn’t sound like a lot compared to the tens of thousands of Windows viruses in existence but its a far cry from zero and should serve as a wake up call regarding the need for malware protection on mobile devices. If that still doesn’t convince you then maybe the analysis regarding the threat that these present might:

Families that steal personal information 51,3 %
Families that send premium rated SMS messages 30,1 %
Families with characteristics of a Botnet 23,5 %
Families that contain Root-Exploits 18,3 %
Families downloaded from the Google-Play Market 11,3 %
Families that install additional applications 10,4 %
Families that steal location related data 8,7 %
Potentially unwanted applications 7,8 %
Online-Banking Trojans 3,5 %

Source: forensic blog, http://forensics.spreitzenbarth.de/

And don’t get too smug because your phone or tablet runs iOS. We had this debate years ago when people claimed that Mac OS was immune and then again with UNIX/Linux. Granted, the relative risk might be lower over the entire population of these install bases but the fact remains that any functional OS can be exploited because none are perfect.

Put more succinctly, all software (of any significant complexity) has bugs and some percentage of those bugs will be security-related, therefore, all software carries with it a set of security risks.

Network World has a good summary of the latest zero-day vulnerability in Internet Explorer. The article states that:

Exploiting the flaw allows hackers to execute code — in other words, plant malware on a machine — and opens Windows XP, Vista and Windows 7 to drive-by attacks that only require getting victims to visit a malicious or compromised website.

That means that:

  1. if you use an unpatched version of Internet Explorer (and at the time of this writing that would be all versions since the patch hasn’t been issued) and
  2. if you visit a web site designed to exploit this vulnerability …

you could end up with malware being downloaded to your system without your knowledge.

Clearly, when the patch comes out, you should apply it. Better still, turn on Windows Update and let it do the dirty work automatically.

In the meantime you can either choose to use another web browser such as Firefox or Chrome or just be really careful which web sites you visit.

In fact, you should do that last bit every day anyway. The problem, of course, with that is that you can’t really know for sure which sites might infect you but you can, however, lower the odds considerably by not visiting unknown or dodgy sites.

Just as in the physical world, sticking to the well traveled streets rather than veering off into the alleyways in bad neighborhoods and you will be safer but, crime can happen anywhere.

That advice holds for any web browser, for that matter too. So, while this particular attack won’t affect you if you use Firefox, there’s no guarantee that the next similar attack won’t. Still, at the end of the day, one argument for using Firefox rather than IE is NoScript plug-in that allows you to turn off Java and JavaScript by default for web sites you don’t know whether you should trust or not. That’s one of the best defenses against drive by attacks.

It can be a pain at times as some sites won’t render correctly without these features turned on but at least it puts you more in control of the situation and that can me the difference between dodging or taking a direct hit on the next drive-by browser attack.

 

 

Here’s a link to a Raleigh News & Observer Stump the Geeks column where I was asked to comment on a user’s recurring nightmare with pop-up ads.

For the most part, pop-ups of the sort described be the unlucky soul submitting this question are the result of downloading stuff you shouldn’t. A search bar, a freeware tool, an email attachment of dubious origins — any of these could result in a surreptitious placement of parasites on your computer that will nag you incessantly to visit some web site whose claims are best categorized with the 2:00 am infomercial ilk.

Ironically, many of these ads promise to speed up a lagging computer that is infested with spyware — the very stuff that likely caused the barrage of pop-ups in the first place. Best not to go down that rabbit hole …

Water is still wet

Posted: July 2, 2012 in Uncategorized
Tags: , , ,

Here’s a good CNET article on the adjustment Apple made recently to their public statement regarding OS X and malware…

http://news.cnet.com/8301-13579_3-57460041-37/apple-adjusts-its-tune-on-security-in-os-x/

 

As I mentioned in a previous post, Apple has previously indicated that Mac users didn’t have to worry about viruses and implied that this was due to some basic invulnerability within the operating system. They have wisely started to back off of that position but may not have really gone far enough just yet.

Where they once used to say that:

“A Macisn’t susceptible to the thousands of viruses plaguing Windows-based computers”

a statement which is misleading since Macs are, in fact, vulnerable to other malware (albeit many fewer instances). Now the wording is:

“Built-in defenses in OS X keep you safe from unknowingly downloading malicious software.”

This is better but still leaves the impression that Macs are inherently safe, which they aren’t. In fact, no computer is.

As long as software contains bugs, a certain percentage of those bugs will be security-related and someone is bound to eventually discover these vulnerabilities and try to exploit them.

That was true then and it’s true now and it always will be regardless of which OS you choose to use.

And in other news, water is still wet …

By now you’ve probably heard the news reports of the recent discovery of the Flame malware that seems to be targeting systems in Iran (and possibly other locations in the Middle East). While there are some similarities with the Stuxnet worm, there are probably even more differences.

At this point it appears that Stuxnet was designed for sabotage — specifically targeted at Iranian nuclear facilities — while Flame seems to be built for espionage. In other words, it’s a software-based spy.

The press has picked up on this aspect as well and has been reporting that Flame can eavesdrop on unsuspecting users through the built-in microphone in their computer, turn on a webcam for remote viewing, take periodic screen captures and store keystrokes. Scary stuff to be sure but it’s not new. Not by a long shot.

In fact, I wrote about a similar threat a dozen years ago in my book, Inside Internet Security: What Hackers Don’t Want You to Know,  in discussing a piece of malware making the rounds then called “Back Orifice.” See if anything in this excerpt sounds familiar…

NetBus control panel – a contemporary of Back Orifice

Among other things [Back Orifice] can:

  • monitor and store keystrokes entered by the user (including ‘hidden’ fields often indicated by a string of asterisks);
  • look over the user’s shoulder by capturing screen images;
  • execute commands of their choosing on the user’s system;
  • rename, copy and delete files on the user’s system;
  • connect to other systems via telnet or FTP;
  • open and close the CD-ROM drive (just for kicks!).

And if that wasn’t scary enough, they can even turn the victim’s machine into their own remote surveillance system. If a microphone or video camera is attached to the user’s system, hackers can turn these devices on and then sit back, listen in, and watch what their victim is doing.

So, not to diminish the seriousness of this latest malware (for those relatively few systems that are infected with it), but try not to get caught up in the hype that would lead you to believe that this is some sort of new quantum leap in the threatscape. In reality, this threat has existed for more than a decade. Most people simply didn’t know about it. But now you do … 🙂