AudioPill Podcast

AudioPill the podcast with the Excessive Shownotes

Root-Kits, Viruses & Win updates

 

Episode 04: Listeners feedback
Download/ Listen Now

Topics:
Decimal vs. Binary, Rootkit, FireFox Vs IE, Web 2.0
Virus: Animated Cursor (Virus History explained).
Windows updates, Rootkit & Safe Email Client.
How do I check if my computer is Infected?

Hard drive showing wrong capacity?
Here’s why: Decimal vs. Binary http://forum.pcmech.com/showthread.php?t=118330

How to Remove a Rootkit

In order to really check if your computer is infected:
Boot from a boot CD using a Root-Kit revealer.

Best
Solution is to Reinstall or restore from an image!

You can check For rootkit on your pc using these tools:
Rootkit Revealer (Mark Russinovich Tool, Microsoft/Systernals).
F-Secure Blacklight , Panda Anti-Rootkit.

FireFox Vs IE
Firefox Has reached the 25% , Checkout Statistics by country.

Microsoft enables FireFox to work with Media Player
Security Issues: Firefox is safer then IE6 by default, however
IE7 on Vista is more secure then
FireFox (by default) because of IE7 protected mode feature.
You can add the NoScript extension to Firefox in order to break even.

Note that no browser is save its all depends on yourbrowsing behavior!
Same principle as: No safe car only safe drives…

Web 2.0 name generator
Names like: Riffspace, Youlinks, Topicware

Ani- HTML Virus
Animated cursor vulnerability
Can run malicious code into your system.
The File is loaded in HTML that loads an animated cursor routine
which triggers the .ini file in the animated cursor.
Doesn’t matter if you install animated cursor on your machine or not.

What happened?
Animated cursor vulnerability was discovers by EEye, 3 month ago
EEye Told Microsoft, Microsoft did nothing…
Mean while the hackers found out about the vulnerability
By visiting a web site or by reading mail in an HTML format,
Windows 2000, Windows XP include SP2 and even Vista systems
started to get infected.
It can be: Trojan, Key stroke logger, spyware or even a Root-Kit
Both IE and Firefox are vulnerable
EEye have release a patch to fix the problem due to Microsoft
silence.
Also released a free Internet security suite: Blink that can
protect you from the flaw.
The free edition is Limited to North America.
The Microsoft released an out of cycle Patch
(UOC Patch): Microsoft release updated once a month not on a
regular basis.
(Released 7 bug fixes to Windows and Last week they released 8).

How to avoid:
Browsing behavior: Be careful with Sites you visit prior to the security patch
Using Vista?
Make sure the IE Protected Mode is enable at your machine (on by default).
IE/Tools/Internet options/Security/Enable or disable Protected mode.
(IE Protected Mode Same as NoScript with Firefox).

Avoid open E-mails you don’t recognize
Don’t use Auto preview & Use Message format in a plain text
Enable Automatic Updates /WSUS in Org
Note: Windows updates can cause problems in your Display card
drivers.

Subscribe for at least one Security Advisories site to stay
updated.
Antivirus and firewalls are useless in this situation.
Note: of course you should always make sure your Anti Virus, Antimalware and Firewall are updated.

Security Advisories sites:
http://eeye.com
http://www.securityfocus.com/
http://xforce.iss.net/xforce/alerts
http://securinfos.info/

http://www.securiteam.com

Software Update Checker
Application Updates Software Inspector (secunia.com)
http://www.filehippo.com/updatechecker/

Email Client safety
Safe Email Client – Smart tips
Clicking a link in an E-mail is dangerous because it’s an HTML mail format
Use plain Text Mail Format
Don’t use Auto preview…

Advertisements

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: