Vigilante router security

Last week, Symantec discovered a worm that infects routers and takes measures to make them more secure. For lack of anything else to call it, Symantec is calling it malware, and most of the security echo chamber is probably howling over this, but I think I understand why it was created.

Read more

What is Winshock?

So the other day I got blindsided with a question at work: What are we doing about Winshock. Winshock, I asked? I had to go look it up, and I found that’s what they dubbed what I’ve been calling MS14-066, the vulnerability in Schannel, which is Microsoft’s implementation of SSL/TLS for Windows.

Based on that, I’d argue it has more in common with Heartbleed than Shellshock, but I guess “Winshock” is catchier than “Winbleed.”

Then the lead of another team asked me to brief his team on Winshock. I actually managed to anticipate all but three of the questions they asked, too, which was better than I expected. Some of what I shared with them is probably worth sharing further.

Read more

Rick Broida thinks he doesn’t use antivirus software

C’mon. You knew I’d get around to writing a response to Rick Broida’s claim that he doesn’t use antivirus software.

Actually, he’s not nuts. But he’s also mistaken if he thinks he doesn’t use antivirus software. His editorial is kind of like saying, “I don’t use a web browser. I use Internet Explorer.”

Although he’s mistaken that he doesn’t use antivirus software, and not all of his advice is spot-on, you can do a lot worse than follow his advice.

Read more

Why you need to guard your Backup Exec servers

If you have a Windows domain, there’s a fairly good chance you have Backup Exec servers, because you probably want to take backups. Because you need them. (As a security guy, I no longer care how you get backups; just that you’re getting them somehow.) Backup Exec is a popular solution for that. But there’s a problem.

A security problem, that is. The quality of Backup Exec as a product hasn’t been my problem since 2005. The problem I have with it now is that Backup Exec stores its passwords in a database. The passwords are encrypted, but it’s possible to decrypt the backup copy, if you’re determined enough.

Read more

What’s going on with Macintosh security?

The latest figures I’ve read say there are perhaps a half-million infected Macintoshes still floating around out there, an improvement from the high of 600,000 that I was seeing a few weeks ago, but probably not what Apple had hoped after releasing its most recent fix.

I argued three weeks ago that the end of the innocence was either here or very near. I’ll argue now that it’s gone: There are now 250 known Macintosh OS X viruses in existence. In 2003 there were none. Read more

The old days of viruses

Blogging pioneer John Dominik, inspired by my Michelangelo memories, wrote about his memories of viruses later in the decade. So now I’ll take inspiration of him and share my memories of some of those viruses. I searched my archives, and at the time it was going on, I didn’t write a lot. I was tired and angry, as you can tell from the terse posts I did write.

Read more

Living with a past-its-prime computer

I’m playing catch-up a bit. This weekend, Lifehacker ran a guide about living with a computer that’s past its prime.

I’ve made a career of that. One of my desktop PCs at work (arguably the more important one) is old enough that I ought to be preparing to send it off to second grade. And for a few years I administered a server farm that was in a similar state. They finally started upgrading the hardware as I was walking out the door. (I might have stayed longer if they’d done that sooner.) And at home, I ran with out-of-date computer equipment for about a decade, just this summer buying something current. Buying something current is very nice, but not always practical.

So of course I’ll comment on a few of Lifehacker’s points.

Read more

Is that file safe?

So you’ve downloaded this great new piece of free software, but you’re not sure if it’s safe to install. Your antivirus software says it’s not infected, so you can assume it’s safe, right?

Not so fast. Nothing detects everything. Using multiple virus scanners dramatically decreases the chances of something getting through.

Read more

Appremover can remove stubborn antivirus software

Antivirus software can be among the hardest software to uninstall, because its hooks dig so deeply into the operating system. I’ve seen it fail to uninstall for a variety of reasons. Sometimes it requires a password, which was entered by someone other than you and never written down. Or sometimes something gets corrupted, and the program’s uninstaller fails. If you need to remove stubborn antivirus software, there’s a solution.

Enter Appremover.

Read more