Do Not Track Plus

Written by Ed on February 14, 2012 – 2:42 pm -

Posted in Computer Tips | No Comments »

Microsoft’s Windows 8 Demo From D9

Written by Ed on September 12, 2011 – 11:12 pm -

You’ve heard about it and now you can see it.
Here’s the full Windows 8 demo from Microsoft Windows Unit President Steven Sinofsky and VP Julie Larson-Green.
For more on Windows 8, check out our analysis, as well as a post on several factors still unknown about the forthcoming operating system.

Posted in Computer Tips | No Comments »

New scam targets Windows users

Written by Ed on September 7, 2011 – 11:12 pm -

A new piece of malware is literally “holding up” Windows users. The malware claims that counterfeit Microsoft software has been detected on a PC and demands $143 to resolve the issue. The malware is obtained from malicious emails and peer-to-peer download programs. You need reliable security software to avoid this type of scam.

Free antivirus software:
AVG AntiVirus
Avira AntiVir Personal
Microsoft Security Essentials
Panda Cloud Antivirus

Posted in Computer Tips | No Comments »

Microsoft Labels WebGL A Fundamental, Unacceptable Security Risk

Written by Ed on June 22, 2011 – 11:00 pm -

The past 18 months have seen a significant evolution in browser graphics. Chrome, Firefox, Safari, and Opera have all added support for such standards as OpenCL, HTML5, and Direct2D acceleration. (HTML5 isn’t a graphics standard, strictly speaking, but it allows the browser to handle certain activities that once required Flash plugins). Support for WebGL, a browser-friendly derivative of OpenGL, has been added to Firefox and Safari (with Chrome and Opera versions under development). Microsoft, however, has announced it won’t be including WebGL support, claiming that the standard is far too insecure to be safely deployed.

As it turns out, the software giant has good reason to be concerned. Ever since the introduction of Windows XP, Microsoft has progressively sandboxed video drivers and limited their ability to cause system crashes. Beginning with Windows Vista, video drivers were split into a kernel mode driver (very streamlined) and a user-space driver that handles virtually all of the heavy lifting.

WebGL doesn’t communicate with a GPU through a browser API; it addresses the graphics hardware directly. This undoubtedly reduces lag and improves performance, but it also bypasses all of the security features and remote access limitations that have been baked into modern browsers. Attacks written to take advantage of this fact can therefore waltz right into a system. Since GPU drivers aren’t written with security in mind (they’ve never needed to be), there’s very little to prevent this from occurring.

In theory, Intel, AMD, and Nvidia could harden the video drivers for their respective products and bake in watchdogs to monitor WebGL execution in real-time. In practice, this is highly unlikely. It would take a significant amount of time to create this sort of system and the programs in question would need to be coupled to specific browser versions. Updating a browser without simultaneously updating a browser could create a crack in the security foundation.

In its blog post, Microsoft also notes: “Users are not accustomed to ensuring they are up-to-date on the latest graphics card drivers, as would be required for them to have a secure web experience. In some cases where OEM graphics products are included with PCs, retail drivers are blocked from installing. OEMs often only update their drivers once per year, a reality that is just not compatible with the needs of a security update process.”

Although scarcely out of infancy, WebGL can handle some impressive rendering for a browser.

The company’s final reason for avoiding WebGL for the foreseeable future lies is that the security measures currently baked into WebGL (and there are some) are untested. “Modern operating systems and graphics infrastructure were never designed to fully defend against attacker-supplied shaders and geometry. Although mitigations such as ARB_robustness and the forthcoming ARB_robustness_2 may help, they have not proven themselves capable of comprehensively addressing the DoS threat. While traditionally client-side DoS is not a high severity threat, if this problem is not addressed holistically it will be possible for any web site to freeze or reboot systems at will. This is an issue for some important usage scenarios such as in critical infrastructure.”

Microsoft has particularly good reasons to take the stance it does. From 1997-2004 the words “Microsoft” and “Laughable Security” were interchangeable. A sizeable number Industry veterans from the 1996-2001 timeframe still experience terrifying flashbacks if they hear the name “Outlook Express.”

Beginning with Windows XP SP2, the company devoted enormous resources to hardening the OS, limiting available attack vectors, and warning users when their systems were vulnerable. Some of these efforts have been more effective than others, but Windows Firewall, Microsoft Security Essentials, XP2’s Security Center, and changes to how Windows Updates were handled have all been aimed at increasing OS security. Having spent the last seven years repairing its reputation, the company is scarcely going to want to risk another issue.

The other reason is related to IE’s market share. The median estimate for IE’s penetration across all tracking firms is 43.5 percent. While it no longer commands an absolute majority of the market, IE’s user base is still 1.5x larger than Firefox at 27.9 percent. That’s going to make the company doubly wary of potential security flaws–an issue with IE affects a much larger number of people.

Posted in Computer Tips | No Comments »

Beware Microsoft support scam

Written by Ed on May 27, 2011 – 7:39 pm -

Here’s a new twist on an old trick: people are receiving calls purporting to be from Microsoft Support, informing them that the Support team has received an alert from their computers and instructing them to install teamviewer or a similar remote control/assistance tool so the phony “Support” person can take control of your machine and infect it with malware. Don’t fall for this ploy, and be sure to warn your less tech-savvy friends about it.

Posted in Computer Tips | No Comments »

Online banking trojans target Chrome and Opera

Written by Ed on May 1, 2011 – 11:45 pm -

The latest version of the SpyEye trojan reportedly includes new capabilities that specifically target Windows users running Google Chrome or the Opera web browser. According to a blog post by security blogger Brian Krebs, these include new “form grabbing” capabilities that can collect data entered into web forms by victims, including credit card or account information used for online banking, as well as the URL for the site they are visiting, before it can be encrypted.

Read more:

Posted in Computer Tips | No Comments »

New Attack Disguised as DHL Parcel Delivery Notice

Written by Ed on April 4, 2011 – 11:00 pm -

Some malware attacks are exceedingly clever and innovative, while others just rely on tried and true techniques that are fairly reliable no matter how much users are told to avoid them. AppRiver is reporting a new threat that falls into this latter category–a fake DHL shipping receipt designed with a malicious file attachment.

Read more:

Posted in Computer Tips | No Comments »

GFI Malware Minute weekly video feature

Written by Ed on March 21, 2011 – 11:00 pm -

Posted in Computer Tips | No Comments »

Microsoft phone scam hits Northwest

Written by Ed on February 10, 2011 – 11:00 pm -

Microsoft phone scam hits Northwest
By Oregon Better Business Bureau

Better Business Bureau warns that consumers in multiple countries have received phishing phone calls impersonating Microsoft. BBB serving Alaska, Oregon and Western Washington confirms the scam has hit the region.

Read more:

Posted in Computer Tips | No Comments »

2010 in Review: 2010′s Most Dangerous List

Written by Ed on January 12, 2011 – 11:00 pm -

2010′s Most Dangerous List:

Posted in Computer Tips | No Comments »