Archive for the 'Virus & Spyware' Category

Month of Apple Bugs: So VLC is Apple software?

Published on Thursday, January 4, 2007 in Apple, Internet, Microsoft, Noteworthy, Software, Technology and Virus & Spyware. Closed

I have been reading up on this ubiqutous ‘Month of Apple Bugs’, and in light of this article, I have become increasingly angered with the website. The article on AppleGazette makes very valid points, as to why effectively the MOAB project has lost all of its credibility. I want to state upfront that I’m not writing this as an Apple Fanboy (though I am), I am writing this as a user of OS X and Windows, and various Apple products.

The MOAB project aims to show off a vunerability in Apple products over the 31 days of January. The first bug was understandable, a Quicktime based Buffer Overflow that has a “vulnerability in the handling of the rtsp:// URL handler allows remote arbitrary code execution.” This affects Windows an Mac OS X. This is a real flaw in Apple software, and can allow the execution of malcious code, via this buffer overrun, so it is critical.

The second vuneralibility however is debatable. In my eyes, this flaw is neither OS X, nor Apple. This flaw is based within the popular VLC Media Player. Now lets stop here for a second. VLC? Yes, the cross platform and open-source media player available on Windows, Linux, *nix and other platforms. However you look at it, I have no idea how this is an Apple Bug. Yes remember the title of the project. Other than running on OS X, and the actual vunerability allowing execution of arbitrary code (as with the Quicktime flaw above) which as you can see it would allow execution of code on OS X. But does this mean the problem is anything to do with Apple themselves? NO. Do we blame Microsoft for 3rd party software that has holes in it which can cause Windows to get a buffer overrun? Abosultely not. We blame the software developers. Why should Microsoft (or in this case Apple) deal with an application that they do not develop? It makes no sense. If you call your project ‘Month of Apple Bugs’ then please use Apple bugs, and not an open source software that has the same vunerability in every other distribution!
As AppleGazette pointed out, they do state on their website:

Are Apple products the only one target of this initiative?
Not at all, but they are the main focus. We’ll be looking over popular OS X applications as well.

Yeah they do defend themselves, but for goodness sake, if you create a title, which is then missleading what do you expect people to do? How is an OS X application an Apple Bug. It is only on the same OS. I’ll re-iterate myself: Do we blame Microsoft for flaws in developer ‘x’ software? Hell no. The developer is blamed. It seems that they are only seeking attention by putting Apple and Bugs in the same title. Now don’t get me wrong, I’m all for this. After all publicising vunerabilities helps to get them fixed faster, and thus leading to a more secure application. However I don’t like the other statement on their website:

John Doe has written a ‘post’ in his blog, saying he debunks the XXX bug, what’s that?
No worries. It’s probably someone begging for attention or PR-brainwashed.

Maybe they should have a look at their answer, because when you post titles of the project on social websites like Digg, del.icio.us, forums, etc, people will be miss-lead on what the actual flaws are on. Posting an open-source software bug on the second day is no good way to get started, and with their title it seems like they are the ones begging for attention.

The third vunerability is similar to the first one in that it is a vunerability which allows the execution of arbitrary code through Quicktime, but in Windows. Specifically it is “A vulnerability in the handling of the HREFTrack field allows to perform cross-zone scripting, leading to potential remote arbitrary code execution.” I understand that this is Apple bugs, and again this makes sense, even though the proof of concept “uses Microsoft Text Driver ADODB connection which requires an anonymous FTP login to the exploit location, for an unknown reason“. After all, Quicktime is Apple software. It’s like Microsoft patching flaws in Microsoft Office for Mac.

How many actual flaws do they have that are Apple software / OS X bugs? I would like to know, as it seems to me they have little. Displaying a flaw in an a open-source and cross-platform (Windows & Linux included) which is not even developed by Apple on the second day is really shoddy. I for one am quite annoyed, not for the fact that they are displaying Apple bugs, but because they don’t! Granted we have only seen three, and 2 out of these 3 were Apple software (Quicktime) related. I am saying this for all the Diggers and those alike who like to skim read articles and are a lot of time miss-informed by such things.

Get your act together MOAB, this is not a good start (a pretty bad one at that).

Ten reasons to buy Vista and why to hold off

Published on Friday, February 17, 2006 in Microsoft, PC, Software, Technology and Virus & Spyware. 1 Comment

This is a very comprehensive and detailed article which informs you of 10 reasons why you should consider switching to Vista and some other annoyances that may make you want to put down your credit card and think again. These are the areas covered:

Why to Buy

Security
IE
Eye Candy (Aero Glass, etc)
Desktop Search
Better updates
More media
Parental Controls
Better backups
Peer-to-peer collaboration
Quick setup and better code alert

Nuisances

Price
Vista is a power hog
New features require a learning curve
Some ‘new’ programs are just rebadged versions of old programs

I think Windows has become so bloated and slow, plus with all the virus and spyware around (that is not MS’ fault) I’d rather stick to OS X. My dad said that he will not purchase Vista for any of our Windows computer, partly because of the price and the specifications it requires to actually run on a computer (Google for it, you will be blown away!)

A ‘Trojan’ for OS X has been released onto the internet

Published on Thursday, February 16, 2006 in Apple, Internet, Technology and Virus & Spyware. Closed

os x logo

Everyone went all crazy when the story was leaked that the first ever ‘virus’ was made for OS X. However this has been deemed inaccurate and untrue, it a ‘trojan’. For one you need to download the infected file (which claims to be screenshots of the new version of OS X, 10.5 ‘Leopard’) and double click the “latestpics.tgz” to uncompress it. Then you need to open the file that it created. The file has a screenshot embedded into it so it looks like a picture and when you clicked to open the file it would ask you to type in the admin password. This is the part which would stop people from ‘infecting’ the trojan in their machines. Since when would pictures ask you to type in your root password. Unless you are using root, this will come up, and quite frankly if you are root andyou open up such a thing that is your fault. So what does the ‘trojan’ do? Not much. Apart from trying “to propagate itself via iChat, and unintentionally prevent infected applications from running“. So this whole thing is nothing. It is just some people trying to claim fame.

It seems that this is more of a “proof of concept” implementation that could be utilized to actually do something in the future, depending on how successful it is, or it was simply done to garner attention/press.
You cannot simply “catch” the virus. Even if someone does send you the “latestpics.tgz” file, you cannot be infected unless you unarchive the file, and then open it.

A few important points:

This should probably be classified as a Trojan, not a virus, because it doesn’t self-propagate externally (though it could arguably be called a very non-virulent virus)

It does not exploit any security holes; rather it uses “social engineering” to get the user to launch it on their system

It requires the admin password if you’re not running as an admin user

It has a bug in the code that prevents it from working as intended, which has the side-effect of preventing infected applications from launching

It’s not particularly sophisticated

So it isn’t more than a PR stunt. Nothing to see here now, move along…

Windows XP Home loosing support from Microsoft after 2006

Published on Sunday, January 8, 2006 in Microsoft, Technology and Virus & Spyware. Closed

XP Professional and Home are divided into two general product categories for Microsoft, namely business and consumer products. XP Professional, as a business product, will receive mainstream support for two additional years after the release of Windows Vista (whenever that may be). After that, Professional will have an additional five years of extended service (minimum), though this could be lengthened considerably if the OS update after Windows Vista does not ship within three years of Vista’s debut.
“For consumer products, security updates will be available through the end of the mainstream phase. For Windows XP Home Edition, there will be no security updates after 12/31/06.” Regarding paid support for problems unrelated to security patches, I was told that “Users who want to continue to receive support after the Microsoft assisted and paid support offerings have ended may visit the Retired Product Support Options Web site.“

I’m really annoyed about Microsoft for this, particularly because a lot of computers came with Windows XP Home (partially because it is cheaper) and still do. Our Sony VAIO desktop came with Windows XP Home, and no-one wants to pay lots of money to upgrade to Prof to get support because they don’t want to upgrade to Vista. This is Microsoft’s way of getting people to upgrade. So after I loose support on my VAIO (though I don’t use it much), it may mean that it will be open to new holes and exploits that are found in XP, to which I can’t download the updates for. A lot of people will be mad at Microsoft for this, mainly because less people will upgrade from XP to Vista than upgraded from 2000 to XP. Read the article for yourself as it goes into quite a bit of detail.

Symantec AntiVirus causes a “Highly critical” flaw in OS X

Published on Thursday, December 22, 2005 in Apple, Internet, Technology and Virus & Spyware. Closed

It seems like the “world’s most trusted” antivirus software for Mac has some flaws that actually makes OS X more vulnerable.

The vulnerability occurs when AntiVirus is decompressing files compressed in the RAR format for scanning. When AntiVirus is performing this operation, it is susceptible to to multiple heap overflows allowing attackers complete control of the system(s) being protected. “Successful exploitation of Symantec protected systems allows attackers unauthorized control of data and related privileges. It also provides leverage for further network compromise. Symantec implementations are likely vulnerable in their default configuration. In default configurations users are likely vulnerable regardless of whether they choose to open or read the email.”
The only solution at this point is to filter RAR archives at email or proxy gateways, or disable and uninstall Norton AntiVirus.

When I was using Symantec AntiVirus for PC I really hated it because it was an enourmous memory hog, and it didn’t do much. I had soon realised there was a piece of software out from Eset called NOD32 which is a much better antivirus software. I have found it to be a lot better and has some other features including sending an email when a virus is found. As for my Mac, I don’t use any antivirus. Well, sort of, I once downloaded ClamXav which is a free “virus checker for Mac OS X. It uses the tried, tested and very popular ClamAV open source antivirus engine as a back end.” I have only used it once, and it found nothing. I have yet to run it again as I believe that it is not needed. So far there are no viruses for OS X. I think Symantec is over priced and over rated. They should fix this soon otherwise they will loose a lot more customers.

BitTorrent installed using rookit infected PCs and downloads movies

Published on Wednesday, December 21, 2005 in Internet, Shorts, Technology and Virus & Spyware. Closed

A group in the middle east who previously infected PCs with a rootkit via IM, apparently installed BitTorrent without user permission on infected machines, then started piping movies to the end users. As a new technique used by the bad guys, thats pretty scary stuff.
And…they piped Mr Bean?!? [digg]

Best Buy offering Spyware installation for $129

Published on Sunday, December 18, 2005 in Technology and Virus & Spyware. Closed

It looks like that Best Buy Canada is offering Spyware Installation for $129 (Canadian). It’s obviously a typo error, because when you click on a link, it gives you information about Best Buy setting up an anti-spyware software for your system. It’s a bit pricy really, any tech savvy person could do it in ten minutes. This is just another way of Best Buy crossing the line. The advert is 8th down the list on the page.
read more

Top 10 hacks of all time

Published on Sunday, November 27, 2005 in Internet, Technology and Virus & Spyware. Closed

Even as the National Association of Software and Services Companies (Nasscom) is collaborating with Mumbai Police to observe Cyber Safety Week, DNA takes a look at the top 10 hacking incidents of all time — instances where some of the most seemingly secure computer networks were compromised

Really not much to explain here. It is interesting to see these, I haven’t heard of most.

IO Data ships Hard Drives with a free trojan

Published on Thursday, November 24, 2005 in Internet, PC, Technology and Virus & Spyware. Closed

IO Data, a Japanese company, has released information that some models in their ‘HDP-U’ line have ‘picked up’ the “W32/Tompai-A” trojan.

What might be even worse is how IO Data Device handled the problem; they didn’t release the serial numbers of infected drives until some 14 hours after the announcement of the infection. We realize that even a good six sigma program won’t pick up every defect, but this kind of muck up should really never occur — and IO Data isn’t even offering a removal tool (yet). Apparently they expect you to use your own software or download a 30 day trial of Trend Micro’s software; thanks for the help, IO Data!

It seems scary that some companies can let this happen, after all they are big corporations with lots of money and power. But for me it doesn’t really matter as I have a Mac! Yay!

Watch a PSP getting ‘bricked’ on camera

Published on Thursday, October 20, 2005 in Gaming, Technology and Virus & Spyware. 1 Comment

If you have heard all the news about a PSP ‘trojan’ that ‘bricks’ your PSP and you want to see it on camera, then your in luck. Well known anti-virus company F-Secure has bit the bullet and spent the £179.99 to get a PSP and brick it for you to see. It is quite interedting to see something like this as I have never experienced it before, nor seen it before. I hope this never happens to my PSP, which btw I accidently left at my friends house so I need to collect later today. See it for yourself. Be warned: It is not for the faint hearted.
Watch (WMV – 14MB)