Tag: security software

Keeping hackers away from your Webcam and microphone

Article

Creative Labs LiveCam Connect HD Webcam

Software now exists so you can gain better control over your Webcam

How To Stop Hackers From Spying With Your Webcam | Gizmodo

My Comments

A privacy issue that is being raised regarding the use of cameras and microphones connected to your computer is the fact that malware could be written to turn your computer in to a covert listening device.

Those of us who use a traditional “three-piece” desktop computer and have a physically-separate external Webcam may find this an easier issue because you cam simply disconnect the camera from your computer. But the issue of your Webcam or your computer’s microphone being hacked to spy on you would be of concern for those of us who have the camera or microphone integrated in the computer as with portable or all-in-one equipment, or the monitor which is something that could be offered as a product differentiator by display manufacturers.

The simplest technique that has been advocated to deal with this risk is to attach an opaque sticker or opaque sticky tape over the camera’s lens. Some computer and monitor manufacturers have approached this problem using a panel that slides over the Webcam as a privacy shield. But you wouldn’t be able to control the use of your computer’s integrated microphone unless it had a hardware on-off switch.

Most of the mobile computing platforms require that newly-installed software that wants to use the camera, microphone, GPS device or other phone sensors have to ask permission from the phone’s owner before the software can be installed or use these devices. The Apple iOS App Store even vets software to make sure it is doing the right thing before it is made available through that storefront and this is also becoming so for software sold through the Google Play Android storefront and the Microsoft Store Windows storefront.

Lately there have been some software solutions written for the Windows and Macintosh platforms that allow you to take back control of the camera and microphone due to the fact that these regular-computer platforms have historically made it easier for users to install software from anywhere. But I would also suggest that you scan the computer for malware and make sure that all of the software on the computer, including the operating system, is up-to-date and patched properly.

One of these solutions is Oversight which has been written for the Macintosh platforms and can detect if software is gaining access to your Mac’s Webcam or microphone. It also can detect of two or more programs are gaining access to the Webcam which is a new tactic for Webcam-based spyware because it can take advantage of people using the Webcam for business and personal videocalls and record these conversations. The user has the ability to allow or block a program’s access to the Webcam or microphone.

For the Windows platform, a similar program called “Who Stalks My Cam” detects events relating to your computer’s Webcam such as software wanting to acquire material from it.  This has the abilities for you to stop a program that is using the Webcam running or to shut down the Webcam process. But there is also the ability to track processes that are running while the computer system is idle because some spyware processes can be set up to come alive when the system isn’t being actively used. The program even allows you to “whitelist” programs that you trust like over-the-top communications programs or video-recording software so that it doesn’t get in their way.

The ability to track usage of attached / connected cameras and microphones or similar hardware like GPS units by software running on your computer will end up becoming part of a typical desktop/endpoint security program’s feature set as people become concerned about the use of these devices by spyware. This is in conjunction with operating systems also hardening access to devices that can be used to spy on their users by implementing software certification, sandboxing, privileged access and similar techniques.

It is definitely another threat vector that we are being concerned about when it comes to data security and personal privacy.

The issue of cybercrime now reaches the national level

Article (Broadcast transcript)

HACKED! – Four Corners (ABC) Video and transcript through this link

Previous coverage on HomeNetworking01.info

Interview and Presentation–Security Issues associated with cloud-based computing (Interview with Alastair MacGibbon and Brahman Thyagalingham )

Symantec Symposium 2012 – My Observations From This Event

My Comments

I had watched the Four Corners “Hacked” broadcast concerning data security and cyber espionage, which encompassed the issue of the cyber attacks affecting nations as a whole.

The show had touched on a few key points, some of which were raised in the previous events that I attended. Here, it underscored the factor of hacking being part of espionage by nation-states like China. The targets of this espionage were intellectual-property belonging to private-sector companies or government departments, especially where military information was involved.

Example incidents include the recent theft of blueprints for ASIO’s new offices along with a cyber attack against Codan who is an electronics supplier to Australian and allied defence forces. The tactics that were used against Codan included use of a public-access Wi-Fi network to install malware on a laptop belonging to a representative of that company when they visited China, along with a “spear-phishing” attack on their email. It also underscored the fact that it is not the entity’s computer networks that are at risk but the “crown jewels” i.e. the key intellectual property that belongs to the entity.

The same show also underscored the use of malware to target essential-services systems like a nuclear enrichment plant in Iran and an Indian telecommunications satellite. Here, they raised the spectre of electricity grids, telecommunications backbones and similar infrastructure being targeted by sophisticated cyber attacks. This becomes more real as most essential-services systems become computer-controlled and connected to the Internet and I would like to see the issue of these systems designed with fail-safe operation in mind such as working offline and providing the core services at known specifications if things go wrong online.

Later on in this show, Alastair MacGibbon had called for the Australian government to require businesses and other organisations to publicly disclose cyber attacks and wanted this across the board for all entities. This was previously underscored by him through the interview and presentation where he described Australia’s data protection laws as being careless as typical of the “She’ll Be Right” nation.

The Australian Government had improved their data-protection laws by tabling bills that require cyber-attack disclosure on the larger public companies rather than all companies.

As well, the issue of cyber espionage by nation-states was being considered as the equivalent of wartime activities like nuclear war and treatment of civillians and needed to be tackled on an international level in a similar way that other similar wartime activities have been dealt with. Personally, I see the latest cyber-attacks, especially those emanating from countries that were behind the Iron Curtain, as the makings of another “Cold War” and these have to be treated accordingly.

Symantec Symposium 2012–My observations from this event

Introduction

Yesterday, I attended the Symantec Symposium 2012 conference which was a chance to demonstrate the computing technologies Symantec was involved in developing and selling that were becoming important to big business computing.

Relevance to this site’s readership

Most solutions exhibited at this conference are pitched at big business with a fleet of 200 or more computers. But there were resellers and IT contractors at this event who buy these large-quantity solutions to sell on to small-business sites who will typically have ten to 100 computers.

I even raised an issue in one of the breakout sessions about how manageability would be assured in a franchised business model such as most fast-food or service-industry chains. Here, this goal could be achieved through the use of thin-client computers or pre-configured equipment bought or leased through the franchisor.

As well, the issues and solution types of the kind shown at this Symposium tend to cross over between small sites and the “big end of town” just like a lot of office technology including the telephone and the fax machine have done so.

Key issues that were being focused were achieving a secure computing environment, supoorting the BYOD device-management model and the trend towards cloud computing for the systems-support tasks.

Secure computing

As part of the Keynote speech, we had a guest speaker from the Australian Federal Police touch on the realities of cybercrime and how it affects the whole of the computing ecosystem. Like what was raised in the previous interview with Alastair MacGibbon and Brahman Thiyagalingham about secure computing in the cloud-computing environment, the kind of people committing cybercrime is now moving towards organised crime like East-European mafia alongside nation states engaging in espionage or sabotage. He also raised that it’s not just regular computers that are at risk, but mobile devices (smartphones and tablets), point-of-sale equipment like EFTPOS terminals and other dedicated-purpose computing devices that are also at risk. He emphasised issues like keeping regular and other computer systems up to date with the latest patches for the operating environment and the application software.

This encompassed the availability of a cloud-driven email and Website verification system that implements a proxy-server setup. This is designed to cater for the real world of business computing where computer equipment is likely to be taken and used out of the office and used with the home network or public networks like hotel or café hotspots. It stays away from the classic site-based corporate firewall and VPN arrangement to provide controlled Internet access for roaming computers. It also was exposing real Internet-usage needs like operating a company’s Social-Web presence, personal Internet services like Internet banking or home monitoring so as to cater for the ever-increasing workday, and the like. Yet this can still allow for an organisation to have control over the resources to prevent cyberslacking or viewing of inappropriate material.

Another technique that I observed is the ability to facilitate two-factor authentication for business resources or customer-facing Websites. This is where the username and password are further protected by something else in the similar way that your bank account is protected at the ATM using your card and your PIN. It was initially achieved through the use of hardware tokens – those key fobs or card-like devices that showed a random number on their display and you had to enter them in your VPN login; or a smart card or SIM that required the use of a hardware reader. Instead Symantec developed a software token that works with most desktop or mobile operating systems and generates this random code. It even exploits integrated hardware security setups in order to make this more robust such as what is part of the Intel Ivy Bridge chipset in second-generation Ultrabooks.

Advanced machine-learning has also played a stronger part in two more secure-computing solutions. For example, there is a risk assessment setup being made available where an environment to fulfill a connection or transaction can be assessed against what is normal for a users’s operating environment and practices. It is similar to the fraud-detection mechanisms that most payment-card companies are implementing where they could detect and alert customers to abnormal transactions that are about to occur, like ANZ Falcon. This can trigger verification requirements for the connection or transaction like the requirement to enter a one-time-password from a software token or an out-of-band voice or SMS confirmation sequence.

The other area where advanced machine-learning plays a role in secure computing is data loss prevention. As we hear of information being leaked out to the press or, at worst, laptops, mobile computing devices and removable storage full of confidential information disappearing and falling in to wrong hands, this field of information security is becoming more important across the board. Here, they used the ability to “fingerprint” confidential data like payment card information and apply handling rules to this information. This includes implementation of on-the-fly encryptions for the data, establishment of secure-access Web portals, and sandboxing of the data. The rules can be applied at different levels and affect the different ways the data is transferred between computers such as shared folders, public-hosted storage services (Dropbox, Evernote, GMail, etc), email (both client-based and Webmail) and removable media (USB memory keys, optical disks). The demonstration focused more on the payment-card numbers but I raised questions regarding information like customer/patient/guest lists or similar reports and this system supports the ability to create the necessary fingerprint of the information to the requirements desired.  

Cloud-focused computing support

The abovementioned secure-computing application makes use of the cloud-computing technology which relies on many of the data centres scattered around the world.

But the Norton 360 online backup solution that is typically packaged with some newer laptops is the basis for cloud-driven data backup. This could support endpoint backup as well as backup for servers, virtual machines and the like.

Mobile computing and BYOD

Symantec have approached the mobile computing and BYOD issues in two different paths. They have catered for the fully-managed devices which may appeal to businesses running fleets of devices that they own or using tablets as interactive customer displays. But they allowed for “object-specific” management where particular objects (apps, files, etc) can be managed or run to particular policies.

It includes the ability to provide a corporate app store with the ability to provide in-house apps, Web links or commercial apps so users know what to “pick up” on their devices. These apps are then set up to run to the policies that affect how that user runs them, including control of data transfer. This setup may also please the big businesses who provide those services that small businesses often provide as an agent or reseller, such as Interflora. Here, they could run the business-specific app store with the line-of-business apps like a flower-delivery-list app that runs on a smartphone. There is the ability to remotely vary and revoke permissions concerning the apps, which could come in handy when the device’s owner walks out of the organisation.

Conclusion

What this conference shows at least is the direction that business computing is taking and was also a chance to see core trends that were affecting this class of computing whether you are at the “big end of town” or not.

Google Secure Search–more than just privacy-enhancing

Article

Scareware slingers stumped by Google secure search • The Register

My Comments

Google has allowed users to perform a “Secure Search” option where their search-engine transactions are encrypted between the Google servers and their computer. This can be either facilitated through the user typing https://www.google.com or setting it as a default for their Google services account.

Obviously this feature is intended to provide a private secure-search sessions over open networks like Wi-Fi hotspots that are set up in the common open manner. But this also has a side benefit where destination Web sites don’t know what search terms are passed to them, thus making it harder to tune search search listings without the use of tools like Google Analytics.

The key obvious benefit is to stop the appearance of “poisoned” search listings that lead users to “scareware”. These are Trojan Horses which appear to be legitimate system utilities but are intended to separate the user from their money by spruiking horrendous system conditions to the user. Of course, I have had to deal with this menace by removing these programs from various friends’ computers.

The only limitation with this setup is that it only applies by default for people who are currently logged in to a Google service of some form like GMail. For users who share computers, they would have to start a Google-services session then head to the Google.com Website to start searching; or simply remember to type the https prefix. This can be achieved through the Google bookmark, favourite item or Intranet page hyperlink pointing to https://www.google.com .

At least this is another Web security item that offers more than is typically highlighted.

What are the issues involved with updating device firmware

Article

Firmware modders keep legal storm brewing

My comments

There is an increasing trend to design devices as though they are a computer similinar to a regular desktop computer. Here, the operating software for these devices, commonly known as “firmware”, is designed so it can be updated in the location where the device is used.

Typically newer versions of this software are delivered over the Internet, most likely via the manufacturer’s Web site or, in some cases, through device-support forums.

Methods

One common way of delivering this software is to deliver the update as a binary package that you download using your regular computer, then upload to the device in one or more different ways.

This may involve physically transferring the package to the device using removable media which you install in the device. Then you may either restart the device or select a “Firmware Update” menu option to load this software in the device. An example of this may be a digital camera or an MP3 player.

It may also include uploading the software to the device’s Web management interface as is commonly done with wireless routers. On the other hand you may have to run a firmware-update program on your regular computer which delivers the software to your directly-connected device such as a printer or, in some cases, your network-connected device.

Some consumer-focused devices like the Cyrus Lyric network CD receiver or a lot of appliances require you to connect your regular computer to a “debug” port and run a firmware-update program on that computer to install the new firmware. This can be very tedious for ordinary end-users, but a lot of these manufacturers who take this approach presume that the ordinary consumer will run the device with “out-of-the-box” software.

An increasingly-common method that is used for devices that are connected to the Internet is to invoke a firmware-update routine through the setup menu. Here, the device visits a special server run by its manufacturer, checks the version of the firmware on that server and downloads the latest version if it exists on that server. This may be performed as part of the setup routine for a new device or the device may poll the server for new firmware updates at specified times.

Benefits

The main benefit from device firmware that is updated through the device’s lifespan is that there is a chance for the device’s manufacturer to “iron out” bugs that may have been overlooked in the haste to get the device to market as soon as possible. This also includes “tuning” the device’s performance at handling particular tasks as newer algorithms come along.

In some cases, a firmware update may be about improving security, which is part of the increasingly-common “cat and mouse” game between the device manufacturer and the device-modding community. It also is about adding extra functions to the device that it didn’t come with when it was launched. An example of this include Draytek adding 3G wireless-broadband WAN functionality to their VPN routers or supporting newer wireless-broadband modems on these routers.

The security issue has in recent years come to light with respect to distributed denial-of-service attacks caused by the Mirai botnet and with home-network routers running compromised firmware. Here, software engineers are calling out for manufacturers to adopt a similar process to what Apple, Microsoft and Google are doing with their operating systems where security exploits that are identified in the software are rectified as quickly as possible.

The field-updatable firmware packages can allow a device to enjoy a longer service life as newer requirements can be “baked” in to the software and rapidly pushed out to customers. Examples of this can include support for newer peripheral hardware or newer operating standards.

Drawbacks

There may be cases where some functions offered by the device may be broken due to a firmware update; or the device’s user has to learn new operating procedures to perform some of the functions.

As well, firmware updates that are drawn down by the device may chew up bandwidth especially if there are more of the same device to be update. This can also extend to frequently-delivered large firmware updates for the same device.

Experiences

One situation that I had observed was the use of a Creative Labs Nomad Jukebox as a music-playout device at the church I go to. Initially, there were problems with using this music play because the previous music-playout device, which was a MiniDisc deck had a time-remaining indicator for the currently-playing track.

Subsequent to the purchase of this music player, Creative Labs delivered a major firmware update across the Nomad Jukebox range and this firmware had a “fuel-gauge” indicator to show how far in to the currently-playing track the unit was as well as a time-remaining indicator. Once the latest firmware was applied to this Nomad Jukebox, it became easier to use the device for the purpose that the church bought it for.

Another example was the Western Digital WDTV Live network media adaptor. Through the time I had the unit, there had been many firmware updates with UPnP AV / DLNA media playback being delivered through one of the updates and full MediaRenderer functionality being delivered at a subsequent update. Similarly, this device acquired Facebook, TuneIn Internet radio and other network-service functionality.

Yet another example was where I reviewed two HP business laser printers for this site. I had noticed that once these printers received firmware updates, they were able to work with HP’s ePrint ecosystem.

Issues

A large software image for a small problem

One main issue with firmware updating is that the company typically needs to deliver a complete firmware image to fix a small problem in the device. This can be annoying as devices have a firmware size equivalent to earlier incarnations of the Windows operating environment and this figure is increasing rapidly.

A direction that may have to be looked at for firmware-update delivery is to implement practices associated with updating regular-computer operating systems. This is where smaller incremental updates are delivered to the device and installed by that device. Apple has headed in to that direction with the iOS and this has become easier for them due to the regular desktop computing system being their founding stone. This direction may not work if the firmware is to be subject to a major rewrite with a changed user-interface.

Making and breaking preferred content distribution mechanisms

The article looked at the issue of field-updatable device software as making or breaking a preferred content-distribution model. There are examples of this with games consoles having their software modified so they can play pirated, homebrew or grey-import games titles; the “jailbreaking” of iOS devices (iPhone, iPad, iPod Touch) so they run software not provided by the iTunes App Store; or DVD and Blu-Ray players modified to play pirated and grey-import movies.

The manufacturers are in a game of “cat and mouse” with these devices with the software-modification community to keep these preferred distribution mechanisms alive. This is especially with devices like printers or games consoles that may be sold at loss-leading prices so that customers buy software or accessories at higher prices through preferred distribution chains.

Limiting “out-of-the-box” functionality unless updates are performed

This can lead to devices and partner software being unable to function fully unless the device is updated.

Some examples of this may include the PlayStation 3 games console package cited in the original article where you needed to download a significant update to play a game that was packaged with the console. Then you had to download extra software on to the console from the game supplier before you could play online.

Another example would be the previously-mentioned HP LaserJet printers which needed to be updated before they could run with the ePrint ecosystem. This situation may happen if the new software requirement was ran out just after the hardware was released.

Update loops

A situation that can occur with devices that implement Internet-based updating is what I call an “update loop” or “update chain”. This is where the device completes many firmware-update cycles before it becomes useable. It has happened with the WDTV Live network media adaptor but can happen with other devices.

What manufacturers could do is to allow a “once and for all” update cycle that obtains and installs the latest firmware. The server software could prepare a software build that is particular to the device’s current firmware and supply that build rather than supplying earlier software builds.

PC-style functionality addition

The trend now is to have our devices work in a similar vein to a regular personal computer, where users can add accessory hardware and software at a later date through the product’s lifecycle.

This is intensified with the “app” ecosystem that has been driven by smartphones and tablets, where users visit an “app store” to download programs to their devices. Similarly, TV manufacturers are integrating programs like Skype in their network-enabled TVs and allowing customers to add on Webcams to these sets for video conferencing.

Here, we could the thinking of adding software functionality to devices either through apps and “drivers” that are downloaded as hardware is installed or subsequent full firmware updates. The former method could work well with devices that can have their functionality evolved by the customer or installer whereas the latter method would work with devices that perform the same function all the time.

What could be looked at with device software management

UPnP Device Management

The UPnP Forum have recently released a DeviceManagement Device Control Protocol which allows for network-based configuration and management of devices. This includes a SoftwareManagement Service which looks after the issue of software delivery for these devices.

This may be of relevance where another device works as a management point for another networked device with no user interface or a limited user interface. An example of this setup may be a regular computer or a tablet running an application that co-ordinates and manages firmware updates for a variety of devices; or an IPTV set-top box that is part of a “triple-play” setup managing the software on the router that is at the network-Internet “edge”.

Use of a network-attached storage to keep device software images

An increasing number of home networks are or will be equipped with a network-attached storage device which shares data held on a hard disk across the local network. One main application for this would be to keep music, picture and video files so that they can be shared across the network.

The industry could look at ways of using these NAS (network attached storage) to track down and keep a local cache of new firmware for devices on the home network. Then the devices can check this resource for newer software images when they need to update their firmware.  This may suit home networks where there are multiple devices running the same software, such as multiple units of the same games console or multiple TVs made by the same manufacturer within a close time frame.

It may sound like a practice associated with computing in the “big end of town” where the desire by business IT teams is to maintain standard operating environments; but this technique could be used to keep multiple devices from the same manufacturer up to date without using up bandwidth for firmware updates. As well, with the appropriate protocols, it could allow for a “hands-off” approach when adding new devices to the network or maintaining existing devices.

Conclusion

As more and more dedicated-purpose devices move towards the computing model used by regular computers, we will need to think of issues concerning keeping the software up to date and using the updates to improve the devices.

Fake “virus-infection” phone calls–be aware of them

News Article

Phone scammers target computer owners | ABC News Australia

Alert over scam phone calls about bogus computer virus | Wolverhampton City Council (United Kingdom)

My Comments

Just today, a friend of mine who I live with received a phone call on our house phone saying that their computer is infected with a virus and she was being instructed to do certain procedures on the household computer. Luckily she told the caller to hang up and put the phone down and didn’t head towards the computer. This was very good for someone who hasn’t much familiarity with computer technology.

This is part of a scourge that is affecting home and small-business computer users and computer novices are more likely to be at risk of this fraud because they may not know the difference between a virus attack or a computer being very sluggish.

There has been some press coverage and coverage in government consumer-protection Websites and bulletins around the world concerning this topic, with a lot of weight placed on reference to the scammers claiming they represent Microsoft. But the scammers can pretend they represent other legitimate IT companies like antivirus software firms.

If you needed outside help regarding computer issues, you will most likely have initiated the contact yourself, whether through your computer-expert neighbour, relative, friend or acquaintance; your workplace’s IT support if your workplace has such a department or your computer supplier.

What these callers tend to do is to lead the user to download and install malware, usually in the form of spyware or fill in forms with email addresses and credit-card details in order to facilitate various forms of fraud against the user. This can be in the form of milking their bank account and credit-card of useable funds, inundating their email inbox with spam email or stealing other information that is confidential to them or their business operations.

So I would encourage all users to be careful of unfamiliar “call-centre” phone calls about computer viruses or similar issues and simply hang up when they receive these calls. As well, they should keep their desktop security programs on their computers up-to-date so as to protect against the various scams.

Other tactics that you may consider would be to threaten the scammers with legal action or question them about whether they can do business legally in your country. A good example would be asking them for their tax-registration details that are required of them if they do business in your country, such as the VAT registration details if you are in Europe or the Australian Business Number if you are in Australia.

Mobile Users Becoming More Susceptible to Phishing Scams

Article

Mobile Users More Susceptible to Phishing Scams – www.enterprisemobiletoday.com

My comments

Why are mobile (smartphone and tablet-computer) users more susceptible to phishing scams?

The main reason is that the operating interface on the mobile computing devices is totally different to the operating environment on a desktop or laptop computer.

One main reason is that most of these devices don’t have a large display area in their Web browsers or email clients due to them having smaller display screens. This leads to the software designers designing a “clean and simple” user-interface for software pitched at these devices with minimal controls on the interface; which eliminates such concepts as fully-qualified email addresses and URLs. A lot of these devices even conceal the address bar where the user enters the URL of the page to be visited unless the user directly enters a URL that they intend to visit. Similarly, the email client only shows the display name for the incoming email, especially in the commonly-used “list-view”.

It is also augmented by the lack of a “B-option” interface in a mobile operating system. This is compared to what is accepted in a desktop operating environment with functions like right-clicking with a multi-button mouse or using Ctrl-Click on a single-button-mouse-equipped Macintosh to gain access to a context-sensitive secondary menu. Similarly, all scientific calculators used an [F] key and / or an [INV] key to modify the function of formula buttons either to gain access to the inverse of a formula or obtain another formula.

Such an option would allow the user to select a “function” button before selecting the option or displayed item in order to open a context-sensitive secondary-function menu or select a secondary function.

This discourages users from checking the URL they intend to click on in an email or the fully-qualified email address for an incoming email.

What could be done?

The Web browser and email client could support “phish detection” which could provide a highly-visible warning that one is heading to a “phishy” Web site or receiving a suspicious email. This function is just about provided in every desktop email client that most of us use but could be implemented in a mobile email client. Similarly, an email service could integrate filtering for phishy emails as part of its value-added spam-filter service.

There could even be the ability to have a “magnifying glass” touch button on the browser or email-client user interface which, when selected before you select an email address or URL, would show the fully-qualified email address or URL as a “pop-up”. This would have the domain name emphasised or written in a distinct colour so you know where you are going. This same interface could also be in place if one enters a URL directly in to their Web browser.

The mobile browsers could also support the Enhanced Validation SSL functionality through the use of a distinct graphic for the fully-validated sites. As well, a wireless-broadband provider or Wi-Fi hotspot could offer a “phish-verify” proxy service so that users can see a “red flag” if they attempt to visit a phishy Website similar to what happens in Internet Explorer when a user visits a suspicious Website.  This is similar to how some mobile providers warn that you are heading to a website that isn’t part of their “free-use” Website list and they could integrate this logic in to these proxy servers.

Conclusion

In general, the industry needs to look at the various user scenarios that are or are likely to be in place to improve secure Web browsing and email. Then they have to enable user-experience measure that can allow the user to verify the authenticity of Websites and emails.

This is more so as the small screens end handheld devices end up as the principal Web user interface for people who are on the move. It will also become more so as the “10-foot” TV interface, with its large screen with large text and graphics, D-pad navigation technique and use by relaxed and mostly-tired viewers relaxing on comfortable furniture becomes a mainstream “lounge-room” interface for the Web.

Criminal legal action now being taken concerning “scareware”

 Articles

Scareware Indictments Put Cybercriminals on Notice – Microsoft On The Issues

Swede charged in US over ‘scareware’ scheme | The Local (Sweden’s News in English) – Sweden

US-Behörden klagen Scareware-Betrüger an | Der Standard (Austria – German language)

From the horse’s mouth

FBI Press release

My comments

What is scareware

Scareware is a form of malware that presents itself as desktop security software. Typically this software uses a lot of emphasis on “flashing-up” of user-interface dialogs that mimic known desktop security programs, whether as add-on programs or functions that are integral to the operating system. They also put up dialogs requiring you to “register” or “activate” the software in a similar manner to most respected programs. This usually leads you to Web sites that require you to enter your credit-card number to pay for the program.

In reality, they are simply another form of Trojan Horse that is in a similar manner to the easy-to-write “fake login screen” Trojans that computer hackers have created in order to capture an administrator’s high-privilege login credentials. Some of the scareware is even written to take over the computer user’s interactive session, usually with processes that start when the computer starts, so as to “ring-fence” the user from vital system-control utilities like Task Manager, Control Panel or command-line options. In some cases, they also stop any executable files from running unless it is one of a narrow list of approved executable files. They are also known to nobble regular desktop anti-malware programs so that they don’t interfere with their nefarious activities. This behaviour outlined here is from observations that I had made over the last few weeks when I was trying to get a teenager’s computer that was infested with “scareware” back to normal operation.

Who ends up with this scareware on their computer

Typically the kind of user who will end up with such software on their computer would be consumers and small-business operators who are computer-naive or computer-illiterate and are most likely to respond to banner ads hawking “free anti-virus software”. They may not know which free consumer-grade anti-virus programs exist for their computing environment. In a similar context, they may have found their computer is operating below par and they have often heard advice that their computer is infested with viruses.

What you should do to avoid scareware and how should you handle an infestation

The proper steps to take to avoid your computer being infested with scareware is to make sure you are using reputable desktop security software on your computer. If you are strapped for cash, you should consider using AVG, Avast, Avira or Microsoft Security Essentials which have the links in the links column on the right of your screen when reading this article on the site.

If you have a computer that is already infected with this menace, it is a good idea to use another computer, whether on your home network or at your workplace, to download a “process-kill” utility like rkill.com to a USB memory key or CD-R and run this on the infected computer immediately after you log in. It may alos be worth visiting the “Bleeping Computer” resource site for further information regarding removing that particular scareware threat that is affecting your computer. This is because I have had very good experience with this site as a resource when I handled a computer that was infested with scareware.

If you are at a large workplace with a system administrator, ask them to prepare a “rescue CD” with the utilities from the “bleeping-computer” Web site or provide a link or “safe-site” option on your work-home laptop to this site so you can use this computer as a “reference” unit for finding out how to remove scareware from a computer on your home network.

How the criminal law fits in to this equation

The criminal law is now being used to target the “scareware” epidemic through the use of charges centred around fraud or deception. Like other criminal cases involving the online world, the situation will touch on legal situations where the offenders are resident in one or more differing countries and the victims are in the same or different other countries at the time of the offence.

This case could raise questions concerning different standards of proof concerning trans-national criminal offences as well as the point of trial for any such offences. 

Conclusion

Once you know what the “scareware” menace is, you are able to know that criminal-law measures are being used to tackle it and that you can recognise these threats and handle an infestation.

Disclaimer regarding ongoing criminal cases

This article pertains to an ongoing criminal-law action that is likely to go to trial. Nothing in this article is written to infer guilt on the accused parties who are innocent until proven guilty beyond reasonable doubt in a court of law. All comments are based either on previously-published material or my personal observations relevant to the facts commonly known.

Criminal legal action now being taken concerning “scareware”

Articles

Scareware Indictments Put Cybercriminals on Notice – Microsoft On The Issues

Swede charged in US over ‘scareware’ scheme | The Local (Sweden’s News in English) – Sweden

US-Behörden klagen Scareware-Betrüger an | Der Standard (Austria – German language)

From the horse’s mouth

FBI Press release

My comments

What is scareware

Scareware is a form of malware that presents itself as desktop security software. Typically this software uses a lot of emphasis on “flashing-up” of user-interface dialogs that mimic known desktop security programs, whether as add-on programs or functions that are integral to the operating system. They also put up dialogs requiring you to “register” or “activate” the software in a similar manner to most respected programs. This usually leads you to Web sites that require you to enter your credit-card number to pay for the program.

In reality, they are simply another form of Trojan Horse that is in a similar manner to the easy-to-write “fake login screen” Trojans that computer hackers have created in order to capture an administrator’s high-privilege login credentials. Some of the scareware is even written to take over the computer user’s interactive session, usually with processes that start when the computer starts, so as to “ring-fence” the user from vital system-control utilities like Task Manager, Control Panel or command-line options. In some cases, they also stop any executable files from running unless it is one of a narrow list of approved executable files. They are also known to nobble regular desktop anti-malware programs so that they don’t interfere with their nefarious activities. This behaviour outlined here is from observations that I had made over the last few weeks when I was trying to get a teenager’s computer that was infested with “scareware” back to normal operation.

Who ends up with this scareware on their computer

Typically the kind of user who will end up with such software on their computer would be consumers and small-business operators who are computer-naive or computer-illiterate and are most likely to respond to banner ads hawking “free anti-virus software”. They may not know which free consumer-grade anti-virus programs exist for their computing environment. In a similar context, they may have found their computer is operating below par and they have often heard advice that their computer is infested with viruses.

What you should do to avoid scareware and how should you handle an infestation

The proper steps to take to avoid your computer being infested with scareware is to make sure you are using reputable desktop security software on your computer. If you are strapped for cash, you should consider using AVG, Avast, Avira or Microsoft Security Essentials which have the links in the links column on the right of your screen when reading this article on the site.

If you have a computer that is already infected with this menace, it is a good idea to use another computer, whether on your home network or at your workplace, to download a “process-kill” utility like rkill.com to a USB memory key or CD-R and run this on the infected computer immediately after you log in. It may alos be worth visiting the “Bleeping Computer” resource site for further information regarding removing that particular scareware threat that is affecting your computer. This is because I have had very good experience with this site as a resource when I handled a computer that was infested with scareware.

If you are at a large workplace with a system administrator, ask them to prepare a “rescue CD” with the utilities from the “bleeping-computer” Web site or provide a link or “safe-site” option on your work-home laptop to this site so you can use this computer as a “reference” unit for finding out how to remove scareware from a computer on your home network.

How the criminal law fits in to this equation

The criminal law is now being used to target the “scareware” epidemic through the use of charges centred around fraud or deception. Like other criminal cases involving the online world, the situation will touch on legal situations where the offenders are resident in one or more differing countries and the victims are in the same or different other countries at the time of the offence.

This case could raise questions concerning different standards of proof concerning trans-national criminal offences as well as the point of trial for any such offences.

Conclusion

Once you know what the “scareware” menace is, you are able to know that criminal-law measures are being used to tackle it and that you can recognise these threats and handle an infestation.

Disclaimer regarding ongoing criminal cases

This article pertains to an ongoing criminal-law action that is likely to go to trial. Nothing in this article is written to infer guilt on the accused parties who are innocent until proven guilty beyond reasonable doubt in a court of law. All comments are based either on previously-published material or my personal observations relevant to the facts commonly known.

Product Review – Kaspersky Internet Security 2010

This is my first Internet-security product review for this blog and this product class is a very competitive one, now that there are free “home edition” or “entry edition” programs being offered to Windows platform users from the likes of AVG, Avast and Microsoft. Kaspersky has been known to offer a line of affordable desktop and network security programs that have been built on a strong security platform and this program is no exception.

Installation and Use

The installation went ahead very smoothly and was able to draw attention to a clash between this program and my prior setup which was Windows Firewall as the desktop firewall solution and Avast Home Edition as the anti-malware solution, and offered to uninstall Avast Home Edition before installing itself.

Kaspersky - dashboard

Kaspersky's main operating console

The main software dashboard has a “traffic-light” bar at the top which glows green for a safe environment, yellow for situations that need your attention and red for dangerous environments. It uses a tabbed interface which can show information that pertains to particular aspects of the program. This dashboard can be minimised to a “red K” indicator located in the System Notification Area on the Taskbar and ends up being relative unobtrusive. If it needs to draw your attention, a coloured “pop-up” message shows near that area. You don’t even see “splash screens” when the program starts during the system’s boot cycle, unlike what happens with Norton AntiVirus and other computer-security software delivered as “crapware” with many Windows computers.

Kaspersky - notification bar

Notification Tray icon

The program does download many updates through the day because of the nature of the computer-security threats that evolve too quickly. This is typically indicated with a “globe” symbol underneath the “red K” indicator when the program is minimised to the System Notification Area.

Performance

Kaspersky’s performance under a “full-scan” situation is typical for may desktop computer-security applications because this involves reading files from the computer’s hard disk which is competitive with applications that need use of the hard disk. It had highlighted a password-protected executable file as a risk because of the fact that this can become a way of concealing malware.

The software’s “behind-the-scenes” behaviour can impinge on system performance if you are doing anything that is graphic intensive. But there is an option to have the program concede resources to other computing tasks.

Kaspersky - Gaming profile

Gaming Profile option

The program also has options available for optimising its behaviour to particular situations. For example, there is an option to disable scheduled scans when a laptop computer is running on batteries and a “gaming mode” which reduces its presence and can disable scheduled scans and updates when you are playing a full-screen game or video and you don’t want the program to interrupt you.

From what I have observed, Kaspersky does a very good job at maintaining a “sterile zone” for your computer. For example, if you plug in a USB memory key, the program will scan the memory key for malware. This is important with malware like the Conficker worm that has been attacking Windows computers and creeping on to USB memory keys.

Privacy protection and security options

There is an optional on-screen virtual keyboard that works against keystroke loggers which capture data from the hardware keyboard.It may not be a defence against keystroke loggers that capture the character stream that is received by an application or software that records on-screen activity.

There is also an anti-banner-ad module which may appeal only to those who “hear no ads, see no ads, speak no ads”. I wouldn’t use this for most Web browsing activities and you still need to be careful that you run only one “pop-up blocker” at a time. I would rather that this can be used to filter advertising that is used for “fly-by-night” offers.

The e-mail protection does work with Windows Live Mail but, if you want to run it as an anti-spam solution for any e-mail client, you have to have it list your mail on a separate screen so you can tell which mail is which. This feature may be useless if you are running multiple other anti-spam measures such as a spam filter integrated in to your mail client or provided as part of your email service.

Desktop content filter

I do have a personal reservation about desktop-based “parental-control” programs because these programs only control the content that arrives at the computer that they run on. This may be OK for situations where the Internet access is primarily on the general-purpose computer that they run on. It doesn’t suit an increasingly-real environment where Internet access is being done on other terminals such as smartphones, multifunction Internet devices, games consoles, and Internet-enabled TVs. Here, I would prefer a “clean feed” that is provided as an option in the Internet service or the content-filtering software to be installed in a very fast router. The desktop filter can work well if a computer is taken to places like hotspots that don’t provide a filtered Internet service.

The content control is also limited to few categories such as the “usual suspects” (porn, gambling, drugs, violence, weapons, explicit language). There isn’t the ability to filter on “hatred” and “intolerance” sites which may be a real issue in today’s world, although the weapons and violence categories may encompass some of that material. I would like to see more granular filtering to suit different age groups and needs.

Nice to have

A feature that this program could have is management of interface to UPnP IGD routers. This could include identifying port-forward requests by applications and checking that these port-forward requests are destroyed when the application is stopped. This could include destroying port-forward requests when the application crashes or clearing all port-forward requests when the system starts so as to clean up port-forwarding “holes” left when a UPnP-enabled application or the system crashes. This is because I have noticed port-forward settings being left standing when an instant-messaging application, game or similar UPnP-enabled application crashes and the router’s UPnP port-forward list has settings from these prior sessions still open. This can provide various back door opportunities to exist for hackers and botnets to operate.

Macintosh users are looked after by Kaspersky through the “Kaspersky AntiVirus For Mac” program which provides virus protection for that platform. It doesn’t provide the full Internet security options that this program has to offer but there may be a desktop firewall built in to MacOS X which can protect against Internet hacks.

As far as the desktop content filter is concerned, I would like to see increased filtering options like an option to filter out “hatred” / “intolerance” sites; and “games and sports” for business needs. There should also be the ability to set up granular filtering options to suit different user needs.

Conclusion

This program may be a valid option for those of us who want to pay for “that bit more” out of our computer security software and want to go beyond the operating-system-standard desktop firewall and the free anti-virus programs like AVG and Avast.

Statement of benefit: I have been provided with the 3-computer 2-year subscription which is worth AUD$159.95 including GST (street price $84 including GST) as a complementary product in order for me to review it.