antivirus

What is Winshock?

Dave Farquhar security, Windows , , , , , , , , , , , , , , ,

So the other day I got blindsided with a question at work: What are we doing about Winshock. Winshock, I asked? I had to go look it up, and I found that’s what they dubbed what I’ve been calling MS14-066, the vulnerability in Schannel, which is Microsoft’s implementation of SSL/TLS for Windows.

Based on that, I’d argue it has more in common with Heartbleed than Shellshock, but I guess “Winshock” is catchier than “Winbleed.”

Then the lead of another team asked me to brief his team on Winshock. I actually managed to anticipate all but three of the questions they asked, too, which was better than I expected. Some of what I shared with them is probably worth sharing further.

Read more

How to rebuild a PC in a hurry

Dave Farquhar security, Windows , , ,

Sometimes rebuilding a PC is faster than trying to fix it, and if you’re dealing with a virus infection, it’s better to rebuild than try to clean. It’s impossible to know if the system is 100% clean after infection–unless you rebuild.

If you’re the family CIO, here’s how you can go about rebuilding a Windows PC in a hurry.

Read more

More Home Depot details emerge

Dave Farquhar security , , , , , , , , , , , , , ,

Late last week, Home Depot finally released a statement about its data breach. At least they had the decency to call the attack “custom” and not spin it as “advanced” or “sophisticated.” Even “custom” is really a euphemism, as the attack wasn’t all that different from what other retailers experienced earlier in the year. It may have been as simple as recompressing the BlackPOS malware using a different compression algorithm or compression ratio to evade antivirus.

The breach involves about 56 million cards, making it a bigger breach than Target.  Read more

USB malware: What you need to know

Dave Farquhar security , , , , , , , , ,

Tomorrow morning on Fox 2: How this USB drive could be worse than the worst malware you’ve ever imagined!

Yes, when a security vulnerability hits TV news, it’s a big deal. It’s probably also sensationalized. And it’s not time to panic yet. Read more

Microsoft releases EMET 5

Dave Farquhar security, Software ,

Late last week Microsoft released a new version of EMET. I’ve written about EMET before and I still recommend it. EMET 5.0 adds a couple of new mitigations, tries to be harder to bypass, and offers improved compatibility, so there’s little reason not to upgrade.

EMET does more than anything else I can think of to protect you from the many things that get past your antivirus software and firewall’s defenses, and it’s free. I can’t think of any good reason not to run it. Of course, the people not running it at all stand to benefit the most from it, but if you’re already running EMET 4.1, upgrading to get better protection is worthwhile, too.

Listen to this if you think a router makes you invincible

Dave Farquhar security , , , ,

One myth that I hear over and over is that having a router on your Internet connection makes you invisible, and makes you somehow invincible. I even heard someone say recently that if you have a router/firewall, you don’t need to run antivirus software.

Security researcher HD Moore appeared last week on Risky Business and he talked about ways that entire classes of routers can be compromised. Give it a listen. Read more

Rick Broida thinks he doesn’t use antivirus software

Dave Farquhar security , , , ,

C’mon. You knew I’d get around to writing a response to Rick Broida’s claim that he doesn’t use antivirus software.

Actually, he’s not nuts. But he’s also mistaken if he thinks he doesn’t use antivirus software. His editorial is kind of like saying, “I don’t use a web browser. I use Internet Explorer.”

Although he’s mistaken that he doesn’t use antivirus software, and not all of his advice is spot-on, you can do a lot worse than follow his advice.

Read more

Don’t run unknown executables for a dollar. And PLEASE don’t for a penny!

Dave Farquhar security , , ,

I can’t bribe my preschooler with a penny anymore, but, sadly, a consortium of Carnegie Mellon University, NIST and Penn State University found that 22% of respondents through Amazon’s Mechanical Turk were willing to run a dodgy unknown executable in return for a penny. Fifty-eight percent would do it for 50 cents, and 64 percent would do it for a dollar.

I’ve been telling people for 17 years not to take executable files from strangers. I know the percentage of people who will bend down to pick up a penny off the ground when they see one is less than 22%, so this saddens me. Read more

Some tips for trolling fake technical support calls

Dave Farquhar scams, security, Windows , , , , , , , , , , , , ,

I did a little more digging after getting yet another fake technical support phone call last week, and I’ve done some thinking on my own. If you want to troll these criminals when they call you, here are some ideas. Read more

The publicity around security is a good thing

Dave Farquhar security , , , , , , ,

On one of the podcasts I listen to, two of the hosts questioned whether the publicity around recent security vulnerabilities are a good thing.

As a security professional who once studied journalism, I think it’s a very good thing, and it’s going to get better. I liken it to the rise of computer virus awareness. Read more