Secure IT Foundation

Posts Tagged ‘Windows

While your Windows Security updates will automatically download and install themselves, to date there has been limited options for home computer users to automatically patch all the other applications installed.  Thankfully a nice Danish company has released the home version of their enterprise tool for automatically updating computers. A fully patched computer makes a much harder computer to break into, while you still need Anti Virus software, you are not relying on a single security approach to protect yourself. Most drive-by malware and self replicating viruses depend on your lack of security to work. Much like your teeth, if there is no hole the risk of cavities is much lower.

Secunia PSI is a free tool for home use which checks all the applications on your computer and tells you which need to updated for security. The latest version of Secunia PSI, recently updated to version 3.0 includes automatic updating for many applications like Oracle’s Java, Adobe Flash and Adobe Reader, possibly the worst security offenders in 2012.  We have completed our testing of the product and while it does not automatically update everything it is the best tool out there for home computer security. If they have any sense Microsoft will purchase Secunia and make it a standard security tool on all home computers… At our shop in Rotterdam, Secunia PSI has been a standard addition to all our customer installations of Windows.

SecurityBrad

Update  – 04/01/2012

Microsoft release a proper patch in the December monthly update release, so if you ran the FixIt then ideally you need to run the remove FixIt tool before updating Windows.

We did test applying the update over the FixIt and it does appear to work successfully but this is not the Microsoft recommended approach…

When you run Windows Update you may notice a new .Net update. This is a new emergency patch issued by Microsoft for another .net security flaw.

SecurityBrad

—————————————–

You may have heard of a new security problem with all version of Windows, originally identified as a virus called Duqu. What made this virus count is that it uses a previously unknown bug in Windows to install itself.

The Duqu file may come from any source, not just what appears to be a word document as was stated from the initial reports. To protect yourself until there is a proper fix for Windows, Microsoft has made a FixIt, a temporary software plaster, available.

Our advice is to run the FixIt as soon as possible (Do choose the ‘Enable’ FixIt!) and also check that your Anti Virus software is up to date and updated. Eventually a proper fix will be released but that may be too late for some people…

SecurityBrad

It has been difficult to avoid the news stories regarding a Dutch company called Diginotar and the prediction of the end of Internet security as we know it. Some stories have been based on facts, while others have clearly been written just to sell news or by those who have little comprehension of how the Internet and computers work.

To help explain the saga we have written a FAQ based on queries we have received.

Who is Diginotar?

Diginotar is a private company set up in 1998 to supply electronic identity management products including the issuing of ‘digital certificates’ for secure Internet transactions. In 2004 the Dutch government trusted Diginotar with the responsibility for providing digital certificates for all government / citizen interactions under a scheme called ‘PKIoverheid‘.

What are digital certificates?

Digital certificates are part of the technology which allows a home computer user to communicate securely over the Internet for important transactions like banking, paying bills, interacting with government services online etc.

Each time you see padlock in your browser, or the address bar turns green or you see https:// in the address you browser has established a secure channel over the Internet using complex mathematics to provide encryption.

If you think that most of your Internet activity does not involve using a secure channel, you can liken it to using a postcard to send a message to a friend in the real world. Anyone can read the message between you and your friend. This may be fine for arranging a meet in a bar but you would not the world to be able to view your banking transactions in the same way. This is where digital certificates come in, to provide secure electronic communications.

Each major company who wants you to communicate with them purchase digital certificates from companies like Diginotar, called Certificate Authorities officially. These Certificate Authorities verify the identity of the company wishing to buy a certificate, and issues the company with a unique code. When you want to establish a secure channel with your bank, your browser receives part of the unique code and checks that is really does belong to the company it claims to be. This proves that you are talking to the right company and allows a secure channel to start.

How does my browser know the identity of my bank?

Your browser e.g. Google Chrome, Apple Safari, Mozilla Firefox, Microsoft’s Internet Explorer etc all contain a list of trusted Certificate Authorities including Diginotar, each represented by a unique code. These companies around the world are trusted to provide digital certificates, some government owned but mostly private companies.

When your browser wants to verify the identity of the company or organisation e.g. a bank, it obtains the unique code from the digital certificate for the bank and mathematically checks it that it is valid with the unique code stored by the browser for the issuing certificate authority. If all checks pass then a secure channel is started. The proper name for this secure channel is an ‘SSL‘ connection.

The digital certificate gives you trust that you are communicating with the right organisation or company. Extra checks are made for a scheme called Extended Verification SSL certificates. When used, these ‘EVSSL‘ certificates are the type that make your browser address bar change colour to green, which highlights the verified nature of the company you are communicating with.

So what actually happened?

Based on the information published by Fox-IT BV, a major Dutch computer forensics company sited close to the Secure IT Foundation base in Rotterdam. It seems that hackers gained access to Diginotar’s internal computer systems as early as 6th June 2011. The hackers then attempted to make their own digital certificates. On the 10th July they succeeded in making a certificate which allow them to impersonate Google. The hackers continued for 10 more days making hundreds of digital certificates for major companies and computer systems.

Finally a security breach was detected by Diginotar on the 22nd July and an unnamed security company was called in to report, which they did on 27th July 2011. The same day, other security experts began to report unusual use of Google’s digital certificate and the next day traced it and it was being used in Iran. Diginotar went public on the security breach on the 30th August 2011, with the consequence that Diginotar’s validity as a certificate authority has been revoked by most browsers in recent updates.

While information is still being gathered and full facts may never be known publicly, it appears that the Iranian authorities have been able to intercept ‘secure communications’ with any of the companies impersonated by these rogue digital certificates by anyone using an Iranian computer network for about a month. In addition there was a potential for people outside of Iran to have been redirected to websites under the Iran authorities control, allowing for interception to occur to non Iranian citizens.

A similar attack on another certificate authority was made earlier in March 2011 on a US company called Comodo, which Comodo blamed fully at the Iranian authorities. However in this case only 9 rogue digital certificates were produced and the incident was stopped in a much shorter time frame than Diginotar.

How does this affect my home computer?

You may have noticed Mozilla and Google updated their browsers recently and Microsoft issued a patch via Windows Update. These changes remove the use of Diginotar as a valid certificate authority. If you visit a website using on of the rogue digital certificates then you should get a message not to trust the website you are communicating with. If you see a browser warning about the website’s authenticity then it is best not to continue the session and seek expert advice.

Outside of The Netherlands and Iran, most people will not see any impact from this security breach. Secure communications in Iran have become significantly harder but the most affect country so far is The Netherlands. Diginotar also managed part of the PKIoverheid system for secure Government communications so there has been some disruption to the service while new digital certificates have been issued to replace Diginotar supplied certificates. Thankfully the Dutch government had the sense to use multiple suppliers so the digital certificates issued by Diginotar have been replaced by one of the other three accepted certificate providers, without collapsing the whole Dutch system.

Is the problem now solved?

The dust has yet to settle and there are claims that other certificate authorities like Diginotar have also been compromised, however until new information is confirmed it does appear that the matter has been finalised. Diginotar’s continuing ability to trade is certainly going to be questioned as the initial findings from Fox-IT show Diginotar to be well below best practice for a security business.

If you only ever update your computer’s operating system and applications once every few months, if at all, then it is time you checked your updates as June proved to be a busy month for security exploits used to take over your computer.

Adobe has released updates to their Flash player, Shockwave Player and Reader products plus a host of other updates for their paid versions.

Java has been updated to Version 6 Update 26

Sumatra PDF has been updated to version 1.6, but do choose not to install the plugins for browsers.

Microsoft issued 16 new security updates for multiple versions of Windows. Link only works for Internet Explorer users sadly. If you have already installed the June updates, there has been an update released on the 28th June to fix an additional problem with TLS/SSL.

Apple released new versions for Itunes, Quicktime and MobileMe. From Windows run Apple Software Update but mind their trick of showing you items not installed in the hope you leave then selected!

Mozilla updated both Firefox to version 5.0 and Thunderbird to 3.1.11.

While you are running updates, Skype also should be updated from the built in check for updates option.

If that hasn’t got you rushing to patch your PC, then either you do not consider your computer’s security important yet or you have already installed Secunia’s PSI application to check your patch level on a regular basis for you…

SecurityBrad

September 2010 we said it was time for a brand new start to computing, well it is starting to take shape…

PrentOS is the official public name for the project to develop a new open source licensed operating system with the goal of making a simple, secure computer.

Why PrentOS? Simple really, as it PrentOS is being developed primarily by Brad Prent, the owner of SecurityBrad and Brads Computer Service Station

For now, we have parked the domains www.prentos.com and www.prentos.org while we work on producing the Alpha version and we aim to launch limited public testing via the shop in Rotterdam by the end of 2011.

SecurityBrad

As usual, whenever the topic of “which Anti Virus product should I use” comes up, people always mention the product they use. Wrong place to start, as you need to focus on which products perform well in independent testing. You would be shocked at the results from some free and paid companies.

Anti Virus is also the last line of defence against malware not the first. When did you last run Windows Update? Have you updated your applications recently? Malware finds holes in your computer using ‘exploits’ and burrows in. The more up to date you are then the less risk of malware. Use a highly recommended free program called Secunia PSI to see how many updates you are missing… In the configuration you can turn on the secure browsing option and see if your browser is even secure for Internet use. We normally recommend people use Firefox with the extensions ‘Adblock Plus’ and ‘NoScript’ for safer surfing.

Not only can exploits be used but the current form of spreading malware is to exploit the user. By downloading files from torrents and file sharing networks, magic fix programs, cracked games etc you are always taking a big risk. If you agree to a install a program then unless your anti virus realises what is going on quick enough, then the malware can install and disable your security before it works. You can read our advice on home computer security and try our risk profiling at our site

Once you have a fully up to date computer, and are using a secure browser then you can think about what will be the way to save your butt when all else fails. Any single Anti anything solution is always flawed as the bad guys know what is popular and write malware around these single provider solutions.

Our recommended layered approach consists of the use of four products. All are free and trustworthy. For computer security you need to think of having a team rather than just a single player.

For your defence you need a strong Anti Virus program that stops almost everything. We suggest Microsoft’s own free Anti Virus called Microsoft Security Essentials . Consider it their gift to Windows users to atone for their other security sins.

There is little benefit for paying for Anti Virus programs as the best they can offer is support once you have a virus. Save your money, and use a computer shop for emergency virus removals when all else fails. You can get two or three visits for the cost of the Anti Virus program.

Your midfield should be a cloud based Anti Virus program called Immunet. This works by checking files in real time and catches items that signature based Anti Virus like Microsoft Security Essentials can miss.  You can choose the cloud only or use the Clam AV database as part of the product for free. By the way Clam AV for Windows is the Immunet product!

Time for some proactive forwards in your team as security doesn’t have to be passive! Spybot Search and Destroy  is a free Anti Spyware program written by one bloke and sadly the user interface looks like it. Be patient with it as its rewards are worth it. Bit like a temperamental star, needs a bit of work but scores well. Once installed, you make a backup of your ‘Register’ for sanity. Then update it, let it restart, immunise your computer and let it check for problems. Remove anything found, reboot and repeat. The tea timer can time tea, but its main function is to stop malware getting on your computer through changing security settings.

If any malware has got past that lot then your fourth program will help root it out. MalwareBytes is a program that offers free and paid versions. For our use, the free version works fine but if you want to use the full version it has our blessing. Once a week run a quick scan after updating the program. Once a month run a full scan over your entire computer and external drives. As each file is accessed it will be checked by your other anti virus programs so you can see if anything is suddenly detected, that way you know if anything had been missed. If everything is clear then it would be a good time to make a full backup to an external drive only used for backups.

Next time you are asked what Anti Virus program to use copy this information or point them here, our free security advice website!

SecurityBrad

When did you last make a backup? Simple question that can provoke the strangest of responses from computer users, ranging from ‘There is nothing important on the computer apart from my photos and work stuff but I could lose my job if the work stuff went missing’ to ‘They can have the lot’. When did you last invite a burglar into your house intentionally to be robbed? In the real world, without a recent backup any problem with your computer or the latest encryption ransomware virus can make your data unavailable, often without warning.

So make sure you have an external hard drive at least the size of your computer’s hard drive, install a simple backup program like Runtime’s DriveImage XML and make a backup of your hard drive to the external hard drive. Store away from the computer in a safe place then repeat the backup process every few months or sooner if you add documents, pictures and videos more frequently. Then when there is a problem you can always recover your data regardless of how or why it happened.

SecurityBrad



  • None
  • Coldwind: Couldn't agree more. I downloaded a piece of software just now, disabled the 'toolbar' 'offer' (which fortunately for me has become a reflex); but co
  • ModemJunki: I only discovered this today - I had updated the firmware to the latest out of habit, and I could STILL access my TrendNet cams on the local network w
  • PrentOS – a Simple Secure Computer « Secure IT Foundation: [...] September 2010 we said it was time for a brand new start to computing, well it is starting to take shape… [...]

Categories