Virus.gr tested quite a few different software companies to see how they would stack up against each other. How did the 147,000+ virus test pan out? Here are the results (the ones in bold are the ones I expected to do good):

1. Kaspersky version 6.0.0.303 – 99.62%
2. Active Virus Shield by AOL version 6.0.0.299 – 99.62%
3. F-Secure 2006 version 6.12.90 – 96.86%
4. BitDefender Professional version 9 – 96.63%
5. CyberScrub version 1.0 – 95.98%
6. eScan version 8.0.671.1 – 95.82%
7. BitDefender freeware version 8.0.202 – 95.57%
8. BullGuard version 6.1 – 95.57%
9. AntiVir Premium version 7.01.01.02 – 95.45%
10. Nod32 version 2.51.30 – 95.14%
11. AntiVir Classic version 7.01.01.02 – 94.26%
12. ViruScape 2006 version 1.02.0935.0137 – 93.87%
13. McAfee version 10.0.27 – 93.03%
14. McAfee Enterprise version 8.0.0 – 91.76%
15. F-Prot version 6.0.4.3 beta – 87.88%
16. Avast Professional version 4.7.871 – 87.46%
17. Avast freeware version 4.7.871 – 87.46%
18. Dr. Web version 4.33.2 – 86.03%
19. Norman version 5.90.23 – 85.65%
20. F-Prot version 3.16f – 85.14%
21. ArcaVir 2006 – 83.44%
22. Norton Professional 2006 – 83.18%
23. AVG Professional version 7.1.405 – 82.82%
24. AVG freeware version 7.1.405 – 82.82%
25. Panda 2007 version 2.00.01 – 82.23%
26. Virus Chaser version 5.0a – 81.47%
27. PC-Cillin 2006 version 14.10.1051 – 80.90%
28. VBA32 version 3.11.0 – 79.12%
29. ViRobot Expert version 4.0 – 76.22%
30. UNA version 1.83 – 75.44%

I expected NOD32, Avast, and AVG to perform a little better than they did but NOD32 and AVG definitely fought back at the heuristic testing. Heuristic testing is extremely important because that is what gives an Antivirus the ability to catch a virus even it is not in the database.

Read the rest of this page »

In a rare alert, the U.S. Department of Homeland Security has urged Windows users to plug a potential worm hole in the Microsoft operating system. The agency, which also runs the United States Computer Emergency Readiness Team (US-CERT), sent out a news release on Wednesday recommending that people apply Microsoft’s MS06-040 patch as quickly as possible. The software maker released the “critical” fix Tuesday as part of its monthly patch cycle.

“Users are encouraged to avoid delay in applying this security patch,” the Department of Homeland Security said in the statement. The patch fixes a serious flaw that, if exploited, could enable an attacker to remotely take complete control of an affected system, the agency said.

The flaw has some similarities to the Windows bug that enabled the notorious MSBlast worm to spread in 2003. Both security vulnerabilities are related to a Windows component called “remote procedure call,” which provides support for networking features such as file sharing and printer sharing.

View: Microsoft Security Bulletin MS06-040
View: Full Story
Source: C|Net News via MSFN

While Microsoft talked up Windows Vista security at Black Hat, a researcher in another room demonstrated how to hack the operating system. Joanna Rutkowska, a Polish researcher at Singapore-based Coseinc, showed that it is possible to bypass security measures in Vista that should prevent unsigned code from running.

In the second part of her talk, Rutkowska explained how it is possible to use virtualisation technology to make malicious code undetectable, in the same way a rootkit does. She code-named this malicious software Blue Pill.”Microsoft is investigating solutions for the final release of Windows Vista to help protect against the attacks demonstrated,” a representative for the software maker said. “In addition, we are working with our hardware partners to investigate ways to help prevent the virtualisation attack used by the Blue Pill.”

View: Full Story
Source: ZDnet via MSFN

After Apple had their record breaking 43 software problems patched in may, the company has squashed another 26 bugs yesterday. 17 of these were marked critical because they made it possible to execute code remotely on the affected systems. 7 bugs were in the ImageIO-module, 4 are related to the AFP server and 2 for the dyld- and gunzip components. The other bugs are several on applicational level, from fetchmail to telnet. Besides the leak solving, there’s also an update for Bluetooth so that auto generated keys can now be up to 8 in stead of the previous 6 characters.

Two hackers have succeeded in gaining control over a Macbook in 60 seconds though. They used at least two errors in the wireless communication. Although the demo was done with a Macbook, the hackers state there are comparable leaks like this in the wireless networkcards for Windows systems.

The fact that the two hackers want to publish a program which can scan for the chipset- and driverversions of wireless hardware points towards the by Intel patched errors. The Intel patch isn’t available for Apple’s OS though.

The reason the hackers chose a Macbook to show their knowledge is as they claim “The self-confidence in which Mac-users endulge themselves when it comes to security”

Source: Tweakers (Dutch) via Flexbeta

If you want to grab the attention of a roomful of hackers, one sure fire way to do it is to show them a new method for remotely circumventing the security of an Apple Macbook computer to seize total control over the machine.
That’s exactly what hackers Jon “Johnny Cache” Ellch and David Maynor plan to show today in their Black Hat presentation on hacking the low-level computer code that powers many internal and external wireless cards on the market today.

The video shows Ellch and Maynor targeting a specific security flaw in the Macbook’s wireless “device driver,” the software that allows the internal wireless card to communicate with the underlying OS X operating system. While those device driver flaws are particular to the Macbook — and presently not publicly disclosed — Maynor said the two have found at least two similar flaws in device drivers for wireless cards either designed for or embedded in machines running the Windows OS. Still, the presenters said they ultimately decided to run the demo against a Mac due to what Maynor called the “Mac user base aura of smugness on security.”

View: Full Story
Source: Washington Post via Flexbeta

More than 170 Australians have had their tax file numbers stolen by online scammers who captured the information from their home computers when they were using the online e-tax system.

The Australian Tax Office has issued a warning about the attack, but said the security breach was not specific to the Tax Office or the e-tax system.

A spokeswoman said the data theft had resulted from an attack on the victims’ own computers after they were infected by a trojan horse – which is similar to a computer virus.

The trojan is called Backdoor.Haxdoor.M and it steals information by recording the key strokes entered into the computers, including bank account numbers, passwords and other personal information.

View: Full Story
Source: SMH

RemoveWGA enables you to remove the Microsoft “Windows Genuine Advantage Notifications” tool, which is calling home and connect to Microsoft servers every time you boot. Once the WGA Notification tool has checked your OS and has confirmed you had a legit copy, there is no decent point or reason to check it again and again every boot.

Also, Windows Genuine Advantage Notifications is different than Windows Genuine Advantage Validation. RemoveWGA only removes the notification part, phoning home, and does not touch the Validation part. As the time I’m writting this, the Validation part is mandatory for some not critical downloads from Microsoft, but the Notification part is not mandatory at all, and you are able to install all of the security updates without installing this one. This may change in the future thought, I don’t know what are the Microsoft plans.

Latest Changes:
- Now uses the “RunOnce” registry entry instead of “Run” (starts sooner)
- Added a clean removal procedure for the final WGA notification update
- If every removal procedure fails (possibly for futur WGA versions), offers the brutal removal procedure

Source: BetaNews

As part of Microsoft’s routine, monthly security update cycle we released the following security updates on July, 2006:

MS06-033 – addresses a vulnerability in Microsoft Windows (Important)
MS06-034 – addresses a vulnerability in Microsoft Windows (Important)
MS06-035 – addresses a vulnerability in Microsoft Windows (Critical)
MS06-036 – addresses a vulnerability in Microsoft Windows (Critical)
MS06-037 – addresses a vulnerability in Microsoft Office (Critical)
MS06-038 – addresses a vulnerability in Microsoft Office (Critical)
MS06-039 – addresses a vulnerability in Microsoft Office (Critical)

View: Microsoft Update
View: Microsoft Security Bulletin Summary for July, 2006
Source: MSFN

From today, Microsoft will no longer issue security updates or provide support for Windows 98 and Windows ME, which could lead users to trying alternative operating systems such as Linux.

Eight years after launching Windows 98, Microsoft will finally wash its hands of updating and plugging security gaps in its ageing operating system. The software giant originally planned to pull the plug in January 2004 but decided to extend support because of the increasing threat from Linux.

This time round, Microsoft is hoping that the remaining users of Windows 98 and Windows ME will upgrade to Windows XP, according to Peter Watson, chief security advisor, Microsoft Australia.

View: Full Story
Source: ZDNet Australia via MSFN

A hole in Microsoft Excel has been identified that could allow attackers to take control of a computer, a security group said Thursday–the third vulnerability affecting the popular spreadsheet program to surface in less than a month.

The flaw is due to a memory corruption error that occurs when handling or repairing a document containing overly long styles, the French Security Incident Response Team said in an advisory.

The flaw, which affects Excel 2000, 2002 and 2003 and Office 2000, XP and 2003, “could be exploited by attackers to execute arbitrary commands by convincing a user to open and repair a specially crafted Excel file,” the advisory said.

View: Full Story
Source: ZDNet via MSFN