Monthly Archives: August 2011

Hacking That Affects Google

You may or may not have read in the news about this, but in case you haven’t, here it is. First, a couple of definitions.

Digital certificate: A file generated to verify the authenticity of a website, and to enable the ability to connect to it through a secure, encrypted connection. These certificates are issued by a CA (Certification Authority).

Recently, unidentified hackers were said to have stolen digital certificates from a Dutch company (a CA) called DigiNotar. Several sources reported this, but Vasco, a Chicago based company that recently acquired DigiNotar, has acknowledged the fact today. Apparently the hacking took place last month.

At the time and pretty much up until now, one of the stolen certificates could be used to impersonate Google websites, as part of a phishing or “man-in-the-middle” attack.

Over the past 24 hours Google, Microsoft and Mozilla (maker of the Firefox web browser) have taken steps to block the exploitation of the rogue certificate.

All supported editions of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certificate authority. There is no action required for users of these operating systems because Microsoft has removed the DigiNotar root certificate from the Microsoft Certificate Trust List. Windows XP / Windows Server 2003 users however, beware.

What to do for Windows XP / Windows Server 2003 users

If Google Chrome is your browser of choice, update it to its latest version, which is 13.0.782.218.

Be on the alert for an update of Firefox and apply it when available, if that is the web browser of your choice. 9/3/11: Firefox 6.0.1 has now been released, fixing the vulnerability described in this article.

Be on the alert for a Windows update to help curb the threat.

 

 

Update on Updates

Here’s an update of the most critical programs to keep up to the latest version:

Windows:

A total of 12 bulletins are being released, as it is usual, on the second Tuesday of this month – So Tuesday the 9th. The 12 bulletins handle a total of 22 vulnerabilities found in the Windows operating system, Internet Explorer, and Office. If you have your computer(s) set to automatically receive and install updates, no user intervention is necessary except for a probable restart of the computer at the end of the updates.

Adobe Flash:

Latest version released is 10.3.181.34, for Internet Explorer and Firefox. For the Google Chrome web browser, Flash latest version is 10.3.181.36, and since it’s built into the browser, make sure you have the latest version of Google Chrome installed, 13.0.782.107.

Adobe PDF Reader:

The latest version released is 10.1.0.534.

Java:

Latest version released is 6, update 26.

 

As mentioned before, you can check Flash, PDF reader, Java and some other programs’ versions using the checker by Qualys, https://browsercheck.qualys.com/

Keeping your computer up-to-date is one of the cornerstones of a strong security setup.

 

 

 

Moving an integrated Outlook BCM/Office Accounting 2008, SQL Server 2005 database

Scenario: You use Outlook 2007 with Business Contact Manager, as well as Office Accounting Express 2008, and have integrated both databases. You want to move the integrated database to a new computer.

1. If you haven’t before, download and install Microsoft SQL Server Management Studio Express in the source computer.

2. Open the above. Connect to the database (by default MSSMLBIZ). Under Object Explorer, expand Databases.

3. Right click on MSSmallBusiness database, Tasks, Backup.

4. Select a full backup. Add a new location for the backup, and a filename. Click OK. Note: Change the “files of type” to all files, then type the name you want and navigate to the folder where you want to place your backup file.

6. Copy to the portable media of your choice to be able to access it on the target machine. Alternatively, copy it over the network if both computers are on the same LAN.

5. In the target machine, install Outlook 2007, BCM and Office Accounting 2008. Create a new company in Accounting. Run Outlook for the first time for initial setup, which includes creating a new database for BCM.

6. Integrate both databases. Do it from the Accounting program.

7. Download and install Microsoft updates for Office 2007 as needed.

8. Download and install Microsoft SQL Server Management Studio Express in the target machine.

9. Open, connect, right click on MSSmallBusiness database, Tasks, Restore, Database.

10. Click on “From Device” under “source and location of backup”.

11. Click on Options on the upper left of the restore window. Then check “Overwrite the existing database”.

12. Click OK. A few minutes later, you’re done.

Alternatively,

1. From Outlook or Accounting Express, backup the database in the source machine. Copy file to transferable media or over the network to a location in target machine.

2. Install Outlook with BCM and Accounting in the target machine.

3. Open Outlook and setup BCM.

4. Set up a new company in Accounting. Company name and legal name should be the same as it was in the source machine.

5. Integrate databases, from Accounting program.

6. Download and install all Windows Updates for the newly installed programs.

7. Restore backup from Outlook or Accounting Express using the appropriate .sbb file.

Note: If at all possible, when moving these to a different machine, create the same username to put all this under and restore all documents keeping the directory structure, because if you have any files linked in BCM, you’ll loose them if they are not in the exact same path as they were before the migration.

HTH.

 

Test Drive – Some More Security Suites

Based on the feedback from the last two articles, here’s the review of some more security products. Remember, the test consists simply of accessing a known malicious website and observing how the security program deals with the attempts to infect the computer. Other tests such as conflicts with other programs, system performance taxing, ease of use, and so forth, were not performed. The whole focus of the test was, can it defend the average user against the main cause of malware infections, visiting a malicious website? Here’s the results:

Avira Premium Security Suite:

Wow. I had so much hope on this one. First round: Malicious website accessed, Trojan-ransom downloaded, executed, computer infected, restarted by itself, when it came back on it was unresponsive to keyboard or mouse input, files were being encrypted in the background. In short, fail.

 

Bit Defender Total Security 2012:

In my last article Bit Defender 2011 was evaluated. The 2012 version just came out so I figured I’d give it another try and see how it did. The good news: It did better. The bad: Not by much. First, when installing it, it required I uninstalled an antimalware product I had installed (but it was just the free version of it, with no real-time protection features, firewall, or anything like that. Just a good on-demand scanner that I used to clean-up after some of these products failed). Anyways, reluctantly I uninstalled it, at least for the test. At the first try with a malicious website, Bit Defender real-time protection missed the downloaded malicious program. An on-demand scan resulted in an adjudication of benign…

Bad start, I thought. But kept on testing it just to see if it would redeem itself. Surprisingly, all other attempts to infect the computer were blocked by a Bit Defender web filter feature.

It also has a nice sandbox feature that allows the user to run the web browser (Internet Explorer, Firefox, etc.) in an isolated environment so infections stemming from accessing a malicious or infected website can be better contained. The bad about it: the sandbox feature uses A LOT of space and processor power, so probably not good for any computer that is not powerful.

Oh and one more nice feature: One of the available scan modes is “Rescue mode”. In this mode, the computer will reboot and go into Bit Defender’s own little booting zone, separate from the Windows environment, and run and “offline” check (offline in that the computer has not loaded the Windows operating system). You might say, OK and so what is so great about that? Glad you asked. Booting outside the Windows environment allows for those infections designed to hide themselves and block any attempts to eradicate them, to be exposed and defenseless. So for the really really nasty infections, this is very useful. In fact, one malicious file that was missed by Bit Defender AND my favorite on-demand scanner was detected by using this “offline” scan mode. Very nice.

 

Avast Internet Security 2011:

I had tested this earlier, in fact it was the first one I tested once I put my test computer together. The first time around it failed the test by letting some malicious download execute and failing to detect it as malware. However, the initial procedure I was following to test drive these security suites changed afterwards, so I decided to test it a second time, using the same procedure I used with every other security suite.

This time around AIS 2011 performed well, in fact it almost passed the test. An on-demand scan after a malicious file had been downloaded and executed was missed. But otherwise the real-time protection, web filter and “Safe Zone” (where the web browser is brought up in a sandbox environment) features worked very well. The suite has some nice features such as voiced announcements for certain actions, a “scan at boot time” option that allows it to get to the deeper malware infections, and so on.

Microsoft Security Essentials:

 This free antivirus program put out by Microsoft has impressed me from the moment it was released over 2 years ago. Although by no means a complete security suite, it performs surprisingly well as far as detection of recent malware in real time is concerned. MSE performed as well as the best security suites in this series of articles.

 

 AppGuard:

They key ingredient in my favorite security model, AppGuard is not a security suite, not even an antivirus, at least not in the traditional way users think of one. AppGuard performs four simple tasks: 1) Prevents applications (programs) from launching (opening) outside of the application’s “legal” zone, thus thwarting most of the infected programs attempt to take over a computer, 2) Prevents programs already running in your computer from changing other programs running in it, thus thwarting one of the favorite infection vectors of malicious processes that might be already running, 3) Prevents programs from starting from a USB flash drive or any such USB storage device, thus thwarting the second most common infection vector (some malicious programs propagate by copying themselves to any existing USB storage device and then copying themselves to the next computer the USB device is plugged into), and 4) Prevents unauthorized programs from accessing your files and documents, thus thwarting hackers’ attempts to get a hold of your data. So in short, it does a lot of thwarting.

Just to show what AppGuard can do, I installed in it my test machine, without any other security program installed, and with the default, out-of-the-box Windows firewall provided in Windows 7 enabled. I then proceeded to infect my computer. I of course had to disable AppGuard’s protection first to be able to open the infected sample file I had chosen. So that would not have even happened had AppGuard been, well, en guarde. With that accomplished, I opened the infected file, a trojan named Zeus, which being the case would make AppGuard’s name Cronus 🙂 . Anyways, the program immediately got busy downloading a second file, creating a third, and that third file was the main executor of the whole operation. I was laughing at how something called Zeus looked so powerless as it kept going in circles trying to inject code to other processes, create other files, establish internet connection with a remote website, etc.

Now, AppGuard is not meant to run alone as a full defense, it’s just an additional layer on top of the traditional antivirus that helps prevent infections when the traditional antivirus misses the mark. For detection, eradication steps, an antivirus is needed. For closing the door to most attack vectors, AppGuard is ideal.

Summary

Although the reigning champs in these tests are still Kaspersky Internet Security 2012 and VIPRE Premium, some close competition came from other security companies. But remember, none of the security suites by themselves will provide complete protection unless the 4 elements of protection are implemented in your computer.