Monthly Archives: October 2010

Handy Tool to Check your Web Browser Security

There are two ways attacks from hackers can be executed when it comes to your web browser (Internet Explorer, Firefox, Chrome, Safari, Opera, etc.). One is the through vulnerabilities in the browser itself and the other one is through the vulnerabilities in the plug-ins your browser uses. To minimize how vulnerable they both are, it’s recommended to keep them up-to-date to their latest version which includes all the patches for different exploits.

Here’s a tool to check the plug-ins your web browser has installed and see if they need to be updated or not, PLUS the web browser itself. Click on the below link and then in the landing page click on “Install Plug-in” and follow the directions. Once the plug-in is installed, click on “Scan Now”. You’ll see if your browser is not up-to-date and which plug-ins need newer versions and links to the respective websites to update them all. Repeat for all web browsers you have installed, if you use more than one:

https://browsercheck.qualys.com/

Speeding Up Your Web Browser

A client recently complained of extreme slowness in his computer, especially when browsing the Internet. Now, as many of you know, that is a possible sign of a malware infection and the client correctly suspected so. And so did I at first. A thorough check with specialized detection tools and detailed running programs analysis revealed… nothing. So with that possibility out of the way, I just went down the list of other possible reasons for the problem. The computer itself was not very fast, but even so the browsing was excruciatingly slow.

I checked the internet connection speed, which at some point had been a problem in the past. But not anymore, speed was very decent. The default browser was Mozilla Firefox, and although that’s not the fastest browser, it is at least faster than Internet Explorer (in case you’re wondering, as of this writing Chrome and Opera are the fastest). So I decided to look into the browser’s installed plug-ins (in general terms, plug-ins are small additions to a larger program that enable certain additional functions). I directed the client to use Firefox without ANY plug-ins running, and the speed change result was instantaneous and considerable. So we had the general area to address.

Rather than trying to find out which individual plug-ins were slowing the browser down to then proceed to disable them, I tried a different approach: I got ALL the plug-ins disabled, and enabled only the couple that were absolutely needed for the browser to function properly. At the end of that the browser was still quite faster than before.

Therefore, if your browser is slow as hell and pages take forever to load, providing your computer is not from 2000 or you use Internet Explorer ( 🙂 ), has no malware infection or a really slow internet connection (read this on how to test your internet connection speed), this is something you might want to look into, for this is one of the cases where less is more.

Record Number of Windows Updates Released Today

This number of monthly updates released today (October 12) by Microsoft is a record one at a total of sixteen. Windows updates can have 3 different enhancement purposes: stability, performance and security. In this case, the whole batch is classified under enhanced security. Products affected include both the operating system and the Office products (all versions actively supported currently on both); even, in the case of Office, Macs.

Four of the updates are classified as critical (the top classification as far as urgency is concerned). Ten are classified as important, the next level down, and two as moderate, the next one down from important. Nine of the sixteen updates are designed to prevent remote code execution (i.e. a hacker taking control of your computer remotely by exploiting a vulnerability in your computer).

If you have Windows Update set to automatically download and install updates in your computer, there is no action required (other than a restart when the updates have been installed). If you have Windows Update set to notify you but not download, or set to download but not install automatically, or turned off, installing these updates will require user intervention (Of course if you have Windows Update set to anything but automatic, you might have more than these 16 updates to install).

This Piece of Malware is a Little Scary

You may have read about it on the news. Stuxnet is the name of this piece of malware. Before you get the impulse of turning off your computer after you read about what it can do, let me say that this one targets specific windows based computers that manage industrial control systems (ICS), so the normal user computer is not a target, although that doesn’t mean your computer cannot get infected by it. It’s just not going to make your computer the target of its payload (what the virus does when it becomes active or executesÂť). But even that is one of the remarkable things about this piece of malware – we’ll circle back to that.

The first unprecedented fact is the amount of zero-day exploits this malware uses: four, including this vulnerability I wrote about a little while ago. The second is the techniques it uses to infect and spread, including rootkit technology. The third is its size, unusually big for a virus. The forth is the fact that it uses two different stolen digital certificates to pretend being legit software and thus adding to its stealthiness. So it wasn’t long before it became evident that the amount of resources that came into play to generate such piece of malware, dubbed “the first cyber super-weapon” and “best malware ever”, were probably state-backed. Speculations have been flying around as to what is its country of origin. It apparently has been seen infecting industrial computer systems in Iran. It is very cleverly programmed. Although its main attack vector (entrance point) is USB flash drives, it is programmed to infect no more than 3 computers per infected USB flash drive, so it doesn’t spread too fast and thus it adds to its stealthiness.

One last thing about stuxnet, and this is the icing on the cake: the subject is so trendy that if you were to search for “stuxnet” on Google and other search engines, some of the search results are landing users in malicious websites that will infect your computer (not with stuxnet) in the usual drive-by download infection technique I’ve covered before. For the common user, it is ironically the most dangerous aspect of stuxnet.