Adobe has a dismal record for addressing security vulnerabilities in their software, some of which, e.g., Acrobat Reader and Shockwave, is widely used. Right on the heels of their announcement that they plan to step up their reactions to security issues, we see this story from ZDNet:

Critical Adobe Shockwave flaw affects millions
by Ryan Naraine
June 24th, 2009

Adobe’s Shockwave Player contains a critical vulnerability that could be exploited by remote hackers to take complete control of Windows computers, according to a warning from the software maker.

The flaw affects Adobe Shockwave Player 11.5.0.596 and earlier versions. Details from Adobe’s advisory:

This vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Adobe has provided a solution for the reported vulnerability (CVE-2009-1860). This issue was previously resolved in Shockwave Player 11.0.0.465; the Shockwave Player 11.5.0.600 update resolves a backwards compatibility mode variation of the issue with Shockwave Player 10 content. To resolve this issue, Shockwave Player users on Windows should uninstall Shockwave version 11.5.0.596 and earlier on their systems, restart, and install Shockwave version 11.5.0.600, available here: Adobe – Adobe Shockwave Player. This issue is remotely exploitable.

Adobe boasts that 450 million Internet-enabled desktops have installed Adobe Shockwave Player.

Another Adobe Critical Security Flaw – Shockwave is a post from: PsychNet Reviews and Recommendations

©2010 PsychNet Reviews and Recommendations. All Rights Reserved.

Related posts

• WordPress Install File Poses Security Risk (2)
• Basic Computer Security 2009 Part 2 (2)
• Basic Computer Security 2009 Part 1 (0)
• Adobe promises quarterly security updates. Quarterly??!!? (0)

Adobe Reader and Acrobat Security Initiative

by Brad Arkin, Director of Product Security and Privacy, Adobe

May 20, 2009

The recent JBIG2 vulnerability (CVE-2009-0658), the associated exploits, and Adobe’s response (APSB09-04) were the subject of much discussion in the security community in February and March. The JBIG2 issue also sparked a lot of conversation internally at Adobe from executives to testers and developers. What started out as a routine incident response expanded to a broader effort by Adobe Reader and Acrobat engineers, culminating in permanent changes to our software security approach for those products.

Since February, Adobe Reader and Acrobat engineers have been executing a major project focused on software security. Everything from our security team’s communications during an incident to our security update process to the code itself has been carefully reviewed. Security is an ongoing process, so while we believe our plan will eliminate or mitigate many potential security risks, we are also working to enhance our ability to respond to externally found vulnerabilities in Adobe Reader and Acrobat in the future.

…

Regular Security Updates – Starting this summer with the initial output of our security code hardening effort, we plan to release security updates for all major supported versions and platforms of Adobe Reader and Acrobat on a quarterly basis.

…more

The amazing thing to me about this announcement is that the author seems proud of it.

Seriously – quarterly updates to security vulnerabilities that can take down someone’s computer? That’s nothing to boast about. That’s not even an adequate response.

But what it does succeed in doing is delivering the message loud and clear that nobody, absolutely nobody, should be counting on Adobe products for security.

Ditch Adobe Acrobat Reader now and replace it with Foxit Reader!

Adobe promises quarterly security updates. Quarterly??!!? is a post from: PsychNet Reviews and Recommendations

©2010 PsychNet Reviews and Recommendations. All Rights Reserved.

Related posts

• WordPress Install File Poses Security Risk (2)
• Basic Computer Security 2009 Part 2 (2)
• Basic Computer Security 2009 Part 1 (0)
• Another Adobe Critical Security Flaw – Shockwave (0)
• Adobe finally patches Reader; Apple patches OS-X (0)

Part 2: Keeping Your Computer Safe

 Once you’ve ascertained that your system is clean, or removed whatever malware infections were found, you’ll want to keep it that way. Here’s how to do that.

Install a real-time antivirus scanner

Over the years, I’ve used most antivirus programs and suites. I was for a long time a fan of Norton AntiVirus but as time went on NAV became increasingly bloated and resource hungry to the point where it could slow even the speediest system to a turtle’s pace. Recently, I’ve seen ads for the latest version claiming that it now has a smaller footprint and is less resource-intensive. That may be true but I think Norton lost me as a customer a long time ago.

I also used McAfee AntiVirus for a while. My complaint about McAfee was that it produced too many gave me too many false positives (identifying a file as containing a virus when in fact it was clean). It also seemed to become increasingly bloated and slow as time went on.

Most recently, I gave up on my long-time favorite, AVG. This used to be a very nice, compact, efficient, and fast AV program, available in both a free version and a commercial Pro version. A couple of versions ago, however, Grisoft began to emulate Norton and their product became huge and cumbersome, and,  worse, less accurate in identifying malware in my experience. Interestingly, at the same time they seemed to have gone to some lengths to make it more difficult to find the download link for the free version, although it continued to be available.

I then went in search of a new replacement which would have the following characteristics:

1. It needed to be fast and efficient with a small footprint (i.e., not resource intensive).
2. It needed to be effective at identifying and intercepting malware with a minimum of false positives.
3. It needed to be a stand-alone antivirus program, rather than an all-in-one security suite (more about that below).
4. It needed to offer automatic updates and real time antimalware scanning.

As a result of my research, I narrowed the field down to two or three, including Avast!. I tried Avast first and my experience to date has given me no reason to change (i.e., I never did get to try Avira although it is well rated).

Other antivirus programs that are generally well-rated include NOD32, Kaspersky,  and Avira.

As noted, I recommend against one-size-fits-all security suites. In part, this is a longstanding prejudice against jack-of-all-trades technology, going back to my stereophile days. I prefer to get the best individual components that meet my criteria and my general experience has been that the best antivirus program is not necessarily the best firewall, anti-spam, or ant-spyware solution. Also note that it is not a good idea to have more than one antivirus program active at the same time since they may conflict with one another. If you do install a suite, disable or uninstall any stand-alone products previously installed.

Once you have selected and installed an AV program, do an initial total system scan and then and have it set to autoscan any files that are created, all files from your diskette and CD-ROM drives as they are copied or installed, and all incoming email (if you’ve done everything else right, you really don’t need to scan outgoing email but you can usually set your AV program to do to be extra safe if you wish). Then do a full system scan at least once a month as a safety net, or any time you are concerned that you may have visited an unsafe website.

Activate Windows Firewall or Install a Third Party Firewall

From its introduction in Windows XP, the built-in Windows firewall has been the target of a lot of undeserved bad press, primarily because it monitored incoming connections only, not outgoing connections. On the other hand, the primary reason for monitoring outgoing connections is to prevent unauthorized scripts from accessing the net. If you follow the recommendations in the current series and use a bit of common sense, monitoring outgoing connections isn’t essential, and the Windows Firewall will cloak your ports to external probes.  (To prove this for yourself, you can test your defenses using try the free utilities at Gibson Research, in particular Shields UP!, with all but the Windows Firewall disabled). If you are using any of the various versions of Windows Vista, the version of Windows Firewall shipping with that operating system also monitors outgoing ports.

I am currently using the Windows Firewall in combination with a router. Note that you should not have two software firewalls active at the same time.

Still, there are some who feel that the Windows Firewall just isn’t enough. If you believe you must install a software firewall, I would recommend the free Comodo Personal Firewall which now comes bundled with Comodo’s antivirus program. Previously, I’ve used Norton Personal Firewall (which no longer appears to be available as a stand-alone but must be purchased as part of a suite) and ZoneAlarm. Again, I found that both of these products became bloated and sluggish over time. You can obtain similar products from McAfee and others, again usually as part of “internet security suites”.

 If you use a third party firewall, once it is installed, go through any list of “safe” programs it may have created on setup and delete or disable any entires you know nothing about. If they are legitimate programs, you’ll later get pop-up warnings from the firewall informing you that “program-name.exe” is trying to connect to the internet and asking you if you want to allow that to happen, so if it’s genuine all you have to do is say “yes – it’s safe”.

Activate Windows Defender

Install and run Windows Defender. I’ve found this to be an entirely satisfactory antispyware utility and this runs on startup as my default. If you wish, you can also download and install Ad-Aware and Spybot Search & Destroy. Disable real-time scanning for these so they don’t clash with Windows Defender and run them monthly. Another option is SpywareBlaster.

Monitor Programs That Autostart on Windows Boot

For Windows XP, install Mike Lin’s freeware Startup Control Panel 2.8 to easily see what programs are starting up automatically when you boot. Disable any you’re not sure you want (if they absolutely must run, you’ll find out soon enough and the utility allows you to easily re-enable it). While you’re at Mike Lin’s website, also download and install Startup Monitor: this little program sits in the background of your system and warns you when any program tries to install something to load automatically at system boot, with the option of allowing or disallowing that function.

For Vista, or as an alternative or augmentation to Mike Lin’s utilities, download and periodically run Autoruns for Windows or the more comprehensive but perhaps less user-friendly for novices SysInternals Suite, both from Microsoft. Other useful diagnostic utilities from Microsoft include RootkitRevealer, Process Explorer, and Process Monitor. Another option is WhatInStartup from Nirsoft.

You can also install HiJackThis! from TrendMicro. However, be very cautious about deleting things detected by this utility unless you know what they are. HiJackThis! detects both harmful and useful or needed add-ons.

Download and install ShellExView from Nirsoft, a small utility which displays the details of shell extensions installed on your computer, and allows you to easily disable and enable each shell extension. You’ll find a large number of other useful freeware utilities at the Nirsoft site.

Spyware Doctor AV

PCTools Internet Security

Basic Computer Security 2009 Part 2 is a post from: PsychNet Reviews and Recommendations

©2010 PsychNet Reviews and Recommendations. All Rights Reserved.

Related posts

• Basic Computer Security 2009 Part 1 (0)
• Review: Microsoft Security Essentials (1)
• System Mechanic – Automatic system optimization for Windows XP and Vista (0)
• WordPress Install File Poses Security Risk (2)
• Update: Microsoft Security Essentials (1)

Important Security Fix for WordPress
By Jeff Starr
Tuesday, May 5, 2009

The other day, my server crashed and Perishable Press was unable to connect to the MySQL database…

The problem that I painfully discovered when my server crashed is that WordPress does not always display the default page for all database-related issues. Apparently, if the database is missing entirely, WordPress assumes that it has not yet been installed and loads the Installation Page.

Yikes! This is exactly what happened when my server crashed, MySQL was unavailable, and the WordPress Installation Page was displayed to over 100 visitors while I scrambled to resolve the issue.

During the event, there were several attempts to assume control of my site through the Installation Page. Fortunately, I was working on the site (via FTP, cPanel, phpMyAdmin, and so on) during the attacks, and was able to terminate an inevitable hostile takeover…

It happened to me, and it could happen to you
To me, this scenario represents an enormous security risk for all currently available versions of WordPress (up to 2.8 at the time of this writing). If WordPress serves up the Installation Page the next time your database goes down, anyone could easily gain full control of your entire server…

A temporary solution, until WordPress does it better
After restoring full functionality to my site, deleting multiple “Hello world!” posts and “About” pages, and removing the newly added Administrator, it was time to prevent this situation from happening again. The easiest way to do this involves deleting, blocking, or modifying the wp-admin/install.php file, which contains the script that generates the Installation Page.

See full post for additional measures

WordPress Install File Poses Security Risk is a post from: PsychNet Reviews and Recommendations

©2010 PsychNet Reviews and Recommendations. All Rights Reserved.

Related posts

• Another Adobe Critical Security Flaw – Shockwave (0)
• Basic Computer Security 2009 Part 2 (2)
• Basic Computer Security 2009 Part 1 (0)
• Adobe promises quarterly security updates. Quarterly??!!? (0)

About three years ago, I wrote a short blog entry titled Basic Computer Security. I recently came across this again and realized that much of what I said three years ago has changed. It’s time to update that article for 2009.

Part 1: Scanning and Disinfecting Your Computer

First, you should check to see if your system may already have been compromised. Start by downloading and running the latest Microsoft® Windows® Malicious Software Removal Tool. If you have your system set for Automatic Windows Update or Microsoft Update, you are already receiving and running the latest version as the other security updates are downloaded. The Microsoft Tool removes the currently most prevalent active malicious threats to your system:

The Microsoft Malicious Software Removal Tool differs from an antivirus product in three key ways:

• The tool removes malicious software from an already-infected computer. Antivirus products block malicious software from running on a computer. It is significantly more desirable to block malicious software from running on a computer than to remove it after infection.
• The tool removes only specific prevalent malicious software. Specific prevalent malicious software is a small subset of all the malicious software that exists today.
• The tool focuses on the detection and removal of active malicious software. Active malicious software is malicious software that is currently running on the computer. The tool cannot remove malicious software that is not running. However, an antivirus product can perform this task.

You can also run  Trend Micro’s Housecall free online virus scaner (this is a good idea even if you have an AV program but fear it may have been compromised). If the online scanner finds anything and can remove it, great. If it finds something it can’t remove, make a note of whatever virus-trojan-worm is identified and do a search for a removal tool – the best place to start for finding and downloading one of these is probably the Symantec Removal Tools Page.

You should also check for rootkits, using one of these free tools:

• F-Secure BlackLight
• GMER
• McAfee Rootkit Detective
• Sophos Anti-Rootkit
• TrendMicro Rootkit Buster

Note: If one or more of these procedures has located a malware threat that cannot be removed, you may have to default to a hard drive reformat. If you do not feel comfortable doing this yourself, take it to a reputable computer repair outlet and have them do it for a fee. Otherwise, follow the following steps:

1. First and foremost, back up all your important data files because a hard drive format will erase everything.
2. Make sure you have the original installation CDs (or backup copies of those setup disks) and the Product Keys for your Windows XP or Vista operating system, your essential software (e.g., Microsoft Office, your banking software, etc.), your antivirus software,  any other security software and system utilities, and the System Drivers CD for your specific computer manufacturer. All of these will need to be reinstalled following the reformat, along with your data files.
3. For more detailed instructions on how to proceed, see How to partition and format a hard disk by using Windows XP Setup or How to install Windows Vista. Additional detailed instructions and suggestions are available at So you are going to reformat and re-install Windows.

See also:

• Part 2: Keeping Your Computer Safe
• Part 3: Keeping It All Running Smoothly

Spyware Doctor AV

PCTools Internet Security

Basic Computer Security 2009 Part 1 is a post from: PsychNet Reviews and Recommendations

©2010 PsychNet Reviews and Recommendations. All Rights Reserved.

Related posts

• Basic Computer Security 2009 Part 2 (2)
• Review: Microsoft Security Essentials (1)
• System Mechanic – Automatic system optimization for Windows XP and Vista (0)
• WordPress Install File Poses Security Risk (2)
• Update: Microsoft Security Essentials (1)