|
Security
Issues... |
A new and novel way
of spreading viruses and trojans has come to light over the past
weeks...
Several instances have been reported of
people finding supposedly 'lost' USB sticks just lying on
the pavement or carpark floor. These unlucky souls
subsequently inserted the sticks into their computers or laptops
which instantly became infected with a rather nasty and
insidious Trojan Horse. This file trawls the infected
computer sniffing out internet bank login details.
YOU HAVE BEEN WARNED!
NASTY COPY PROTECTION ON SONY CD'S
Sony BMG said today it will offer a patch for one of its own
exploits - one that comes bundled with its music CDs.
The code cloaks itself and by intercepting and redirecting low
level windows system calls, forces the audio through a custom
player, and restricts the number of CD burns that can be made.
As Sys Internals' Mark Russinovich discovered this week,
removing the Sony code using standard anti-malware tools leaves
the user with an inoperable CD drive.
Russinovich also pointed out that because the cloaking technique
it used to hide itself was so crude, malware authors could hide
their own nefarious programs on users hard disks using Sony's
DRM software.
However, the patch that Sony will offer doesn't remove the 'rootkit'
DRM: it only makes the hidden files visible.
Macintosh and Linux users are unaffected by the DRM kit, which
only works on Windows PCs.
It isn't quite the "bombs" the RIAA once suggested it was
developing to deter music downloads, but it's in the same
spirit.
And here's the patch from First 4 Internet Ltd, the British
company that developed the DRM software .
"This Service Pack removes the cloaking technology component
that has been recently discussed in a number of articles
published regarding the XCP Technology used on SONY BMG content
protected CDs." [our emphasis]
The note continues: "This component is not malicious and does
not compromise security. However to alleviate any concerns that
users may have about the program posing potential security
vulnerabilities, this update has been released to enable users
to remove this component from their computers."
But wait! Don't do that just yet...
Anti-malware company F-Secure discusses the Sony DRM software
here. F-Secure says its rootkit detection software will spot the
hidden files, but strongly advises users not to remove it using
its Blacklight software, and instead advises users to contact
Sony.
"If you find this rootkit from your system, we recommend you
don't remove it with our products. As this DRM system is
implemented as a filter driver for the CD drive, just blindly
removing it might result in an inaccessible CD drive letter,"
advises F-Secure.
It is alarming how little outrage there is from ordinary PC
users. While Register readers are well versed in the
restrictions of DRM and the dangers of malware, there's little
sign the public shares this knowledge.
Incredibly, the Sony DRM malware has been out on the market for
eight months and is bundled on 20 CD titles. Sony said it hadn't
received a single complaint until this week. So, disturbingly,
most people either haven't run into serious problems yet, or
even more disturbingly, don't find the Sony DRM particularly
onerous. We pray it's not the latter.
However, Sony's decision to offer a 'patch' that fails to remove
the DRM code suggests it isn't too concerned by the howls of
outrage heard this week from sophisticated PC users.
And with this level of apathy, the music giants will be
emboldened to try these techniques again. And again. And again.
To combat this it will help you to disable autorun on
your CD/DVD drive(s)
The
UK now holds the mantle of being the worst country in the world
for computer viruses and infestations of malware, spyware and
adware - thanks to the very swift introduction of broadband!
Users who are unaware of these problems have switched to the
super-fast broadband internet connections, unknowing of the
problems ahead.
Judging by the amount of computers 'infested' with spyware,
dialers (software which connects your computer to premium rate
services), pornographic content (unwittingly or unknowingly and
usually automatically downloaded) and general malware (malicious
software) - all managed on a modem dialup connection, the future
looks rosy for the hackers and ne're-do-wells! Once these
machines are permanently connected to the Internet, they will
quite literally be able to 'fill their boots' with information
gleaned from your computer!
ARE
YOU SAFE?...are you SURE?? A security check and update,
including disinfection & immunisation will save you time, sanity
and money in the long run. Don't wait until it's too late.
These are not scare tactics, they are annotations from real-life
computers I have seen over the past year or so: instances are
rapidly on the increase. Don't wait until you have a
telephone bill in the hundreds of pounds or a computer which
steadfastly 'refuses' to connect to the internet any more - it
will, in most instances, actually be connected to the internet,
using your connection for it's own nefarious ends and just denying
you access. Do you use your credit card for transactions?
Brrr, doesn't bear thinking about does it?
Following a consultation and immunisation your Internet experience
will be as safe as is possible to guarantee in this day and age.
|
|
Anti-Virus |
If
you use a computer, THIS IS A MUST!!! The 'It won't happen
to me' or 'I only get email from people I know' brigade are the
first to suffer! Also, this helps the viruses propagate
themselves, they rely on people not being immunised thus passing
the infection on to others. It is the most innocuous piece
of software, rather like buying tyres for a car...They don't make
the car look any better, but when you need to stop in a hurry or
manoeuvre quickly on a wet road you will be glad you fitted the
new tyres! Basically, anti-virus software sits as a safety
net and will catch and quarantine any infected file before it gets
it's grubby mitts on your computer! - Value for money
insurance!! |
|
Free Software? |
Remember, there is
no such thing as a free lunch...usually!
Some free software
is invaluable - most contain some form of spyware or malware.
No truly useful or legitimate software tries to automatically
install itself, or nags you to install it. Think of door
stepping - do you REALLY want everything offered to you on
your doorstep? Do you instantly accept the word of someone
on your doorstep who tells you your roof needs repairing and let
them do it?
Getting free
software via the internet is very much like making love to a
beautiful woman....umm I mean very much like the 'buying off the
doorstep' analogy! Any truly useful FREE software on the
internet has to be sought out, downloaded and installed by the PC
user - it never just presents itself to you as if by magic.
Any window which pops up whilst you are surfing the internet
extolling the virtues of their program and warning you of the dia
consequences of NOT installing their program IS LYING!
DO NOT INSTALL
ANYTHING OFFERED TO YOU VIA A POP-UP WINDOW...or you WILL regret
it! Your PC is not broadcasting anything it shouldn't
be...the pop-up is just 'reading' your IP address - something
EVERY website can and usually NEEDS to do. They will try
every trick in the book, including frightening you into
downloading software; this will end up being porn or premium rate
diallers, webpage hijackers or pop-up generators.
IF IN
DOUBT...LEAVE IT OUT! |
