A lot of people ask me for computer security tips. I wanted to cover a little of that today, especially since there’s been a security product announcement from Microsoft. I’ve always found it silly that Microsoft would itself enter the antivirus market since viruses take advantage of security flaws in the operating system that they, Microsoft, had built. It was especially bizarre that Microsoft would charge a subscription for such an oddly self-serving purpose; almost as if making their operating system vulnerable would contribute to their income stream.

Thankfully Microsoft wasn’t totally insane and has made their Microsoft Security Essentials (MSE) program free for home users. It has managed to make a name for itself and stand out amongst the other free home antivirus possibilities. It’s balance of quick scanning time, low processor utilization, and its ability to stop common malware make it an excellent choice for any home PC.

Microsoft has just released a new public Beta for the next version of MSE; which they promise includes an improved scanning engine and will integrate better with Microsoft Windows Firewall (don’t care too much about that myself).

Antivirus scanners won’t completely protect you against 100% of all security threats, but they provide a strong defense which minimizes the attack surface of your system. I suggest a four-pronged system of protection to keep you as safe as possible from malicious code.

1. Software Updates

Stay up-to-date on Windows Updates, as well as updates to frequently compromised software addons. Software in this category would include Windows, Office, Adobe Reader and Flash, Java, Firefox, and Chrome (automatically updated). Updating your software will help eliminate vulnerabilities that would open your system up to attack.

2. Use a Firewall

If you’re not a power user, at least take advantage of the Windows built-In firewall. If your router comes equipped with stateful packet inspection, this is a good idea as well. Firewalls filter the traffic you receive and send to the internet and protect your computer from being compromised remotely by a hostile attacker.

3. Run Antiviral Software

There are many free antiviral vendors out there. Don’t settle with purchasing that Symantec or McAfee product that came loaded on your new computer. These two vendors are pretty much junk, don’t pay money for something that you can do better for free.

Antivirus software helps to intercept malicious code BEFORE its run on your machine. Many of them include a web component that will help to scan webpages that you visit. Check out one of the following resources:

AVG Free
Microsoft Security Essentials
Avira (Ads, bleck)

4. Anti-Malware Software

In addition to Antiviral software, it’s a good idea to have a decent anti-malware scanner, which may have the ability to catch stuff that your antivirus would miss. These types of software are more geared toward web-based malware threats than your file system, that’s what your Antivirus is for. Here are some suggestions:

Spybot Search & Destroy
Malwarebytes Anti-Malware
HiJack This

These important steps are all part of your Anti-Viral Barrier. Following these tips will help prevent your system from being compromised. If you have any questions, feel free to drop me a line via my contact page.

The punches keep on coming for my favorite PC manufacturer. Dell has started warning customers this week that spyware managed to be shipped in the firmware for their PowerEdge R410 Server Series. The malicious software is installed on the hardware itself in firmware. Dell was not specific about the type or name of the spyware detected, or how to get rid of it.

What is known is that the spyware is windows-centric and will not affect other operating systems. New servers ordered through Dell will not be infected, although why you’re ordering from them, I don’t know.

If you happen to have recently bought a R410, Dell should be contacting you via phone and mail. If I were you though, I’d get on the phone right now and let them know just how unhappy you are and how this is causing a production-level disruption to your organization.

Sources:

PowerEdge R410 replacement motherboard contains malware?! (Dell Support Forums)
Dell warns on spyware infected server motherboards (The Register)

Recently, an article titled “SSL Certificates In Use Today Aren’t All Valid” hit the top of popular news aggregator Slashdot.org and was picked up by other popular news outlets. This wildly speculative piece produced by Qualys, a reputable security research firm attempted to state that only 3% of all SSL Certificates in use on the web are actually valid.

SSL Certificates are used to validate identities on the web and are especially critical for E-Commerce and identity validation. You’re using a SSL certificate whenever you type https:// into your browser. The claim that only 3% of these certificates are actually valid is definitely a big deal.

Fortunately for us, the conclusions of this article don’t hold water when you dig into the methods used to obtain them. I can assure you that this claim is totally false. There is an easy way to know if a particular SSL certificate is valid, this works for all of the major browsers in use today. If there is a problem with the validation of a SSL certificate, your browser will tell you. In the case of IE8 and Firefox, the color of the bar on top changes depending on the validity of the certificate; Green for good, Red for Bad.

I’m surprised this article was allowed to be published because of the flawed method which the conclusion was drawn from.

The article author basically took the list of all the domains that exist, then pulled out all the ones that had resolver issues or wouldn’t respond. He did a reverse lookup on the domain name to get the ip that the domain was hosted on. Once the ip was obtained, the author connected over port 443 to that ip in order to obtain the SSL certificate running on that ip. With a certificate in hand, the author compared the certificate to the domain name which was used to obtain the ip address. When 97% of all domains didn’t match, this article was spawned with its headline snatching subject.

The problem was that it appears the author failed to consider several key issues. The primary problem is Shared Hosting, which is utilized as a standard on the web. Many different virtual domains can be hosted from the same server or ip address. I’m utilizing shared hosting for this very page. I host a bunch of domains from the same physical ip. According to this author’s methods, my SSL certificates would be invalid even though there totally legitimate.

I have a certificate that I use for Kozick.com, but I also host the domain coretechconsulting.com. Using the author’s method, coretechconsulting.com resolves to the same ip as Kozick.com. If he were to connect and obtain my certificate, it would say Kozick.com. He would compare that certificate to the original domain and say that it is invalid because it does not match coretechconsulting.com. One server may host multiple domains, but that does not mean that there is a SSL certificate in use for each of them. We have to consider their use when judging if it is indeed invalid. It’s totally legitimate for a server to respond with a certificate with one domain, while hosting multiple domains from the same ip address. This does not qualify as invalid.

This headline was meant to be inflammatory, however the methods used to obtain the actually data and information in the article do not stand up to peer scrutiny. You heard it here, this article is bogus.

Sources:

SSL Certificates In Use Today Aren't All Valid

About the Author

Greg J. Kozick is an experienced IT Professional with experience in many emerging IT technologies. His services are available for hire at http://www.coretechconsulting.com. You can also follow his tech blog The Akron IT Guy. You can contact greg at > greg@kozick.com.

0 Comments  //  Leave A Comment  //  Topics: e-commerce, hype, security, SSL

There’s a pretty bad vulnerability out there with the Microsoft Help function. It has been acknowledged by Microsoft; after having been found by a Google employee. This vulnerability ONLY EXISTS for Windows XP and Windows Server 2003; later versions are NOT affected.

This is important because the guy who announced the vulnerability provided explicit documentation on how the vulnerability could be exploited. It involves the “hcp” protocol handler (like the http:// or ftp:// protocol handlers).

It could take Microsoft up to a month to get a patch out for this.

Sources:

Vulnerability in Help Center could allow remote code execution - Microsoft Support
HCO 0-Day Quick Fix - Steve Gibson's Blog