Secure your PC for free!


BufferZone Security SoftwareSecurity, when it comes to computers, is as important as it is with most things. Trouble with computers though is that its difficult to keep ahead of the hackers and other scoundrels who are out to get you.

Well, help is at hand from Trustware, with their free software, BufferZone. According to their site:

“BufferZone creates an isolated environment called the Virtual Zone. The Virtual Zone “buffers” your PC from all forms of known or unknown attacks that originate from the Internet and external devices. All of your private information is secured in a trusted and separated environment.”

It does this by creating a virtual environment, within which your PC is isolated from any threats. By creating a special directory – C:\Virtual in your computer’s registry, it keeps external programs and files in an isolated environment, separated from your trusted personal files and your PC’s operating system.

According to Trustware, even your online banking is safe, as are your documents. It promises to prevent spyware, keyloggers, botnets or any other Internet born malware from stealing your personal data and documents, even if anti-virus and anti-malware hasn’t yet identified the threats. If it truly lives up to the claims then this is one piece of software you should seriously consider installing.

You can read more about BufferZone on the company’s website. If you are wondering just how safe your PC is they also have a free security test you can download from their site.

You can rest assured that the software is trustworthy as CNET gives it 5 stars!

Advertisements

Safari Gets Security Update, along with iOS and Mac


Apple Safari icon

Image via Wikipedia

Apple has released an update for Safari on both the Mac and Windows platforms. At the same time it has released updates for iOS and the Mac. These are security updates to close an exploit recently demonstrated at the PWN2OWN security challenge. It was Charlie Miller, a security researcher, who  successfully exploited iOS earlier this year by successfully hacking into an iPhone. Apple’s iOS also uses the WebKit rendering engine, which was exploited by VUPEN security in their 5 second attack on Mac OS X.

Here is what Apple says about the Safari update:

Products Affected

Safari 5 (Windows), Safari 5 (Mac OS X 10.6), Safari 5 (Mac OS X 10.5), Product Security

Safari 5.0.5

  • WebKitAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.5 or later, Mac OS X Server v10.6.5 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An integer overflow issue existed in the handling of nodesets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

    CVE-ID

    CVE-2011-1290 : Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann working with TippingPoint‘s Zero Day Initiative

  • WebKitAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.5 or later, Mac OS X Server v10.6.5 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue existed in the handling of text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

    CVE-ID

    CVE-2011-1344 : Vupen Security working with TippingPoint’s Zero Day Initiative, and Martin Barbella

Note:

Certificates Trust Policy

Several fraudulent SSL certificates were issued by a Comodo affiliate registration authority. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. Safari relies on the certificate store of the host operating system to determine if an SSL server certificate is trustworthy. For Mac OS X systems, this issue is addressed with Security Update 2011-002. For iOS, this issue is addressed with iOS 4.3.2 and iOS 4.2.7. For Windows systems, applying the update described in Microsoft Knowledge Base Article 2524375 will cause Safari to regard these certificates as untrusted. The article is available athttp://support.microsoft.com/kb/2524375

Here is what it has to say about the Security Update for Mac:

This document describes Security Update 2011-002, which can be downloaded and installed via Software Updatepreferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see “How to use the Apple Product Security PGP Key.”

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see “Apple Security Updates“.

Products Affected

Mac OS X 10.6, Product Security

Security Update 2011-002

  • Certificate Trust PolicyAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.7, Mac OS X Server v10.6.7

    Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

    Description: Several fraudulent SSL certificates were issued by a Comodo affiliate registration authority. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue is addressed by blacklisting the fraudulent certificates.

    Note: For iOS, this issue is addressed with iOS 4.3.2 and iOS 4.2.7. For Windows systems, Safari relies on the certificate store of the host operating system to determine if an SSL server certificate is trustworthy. Applying the update described in Microsoft Knowledge Base Article 2524375 will cause Safari to regard these certificates as untrusted. The article is available at http://support.microsoft.com/kb/2524375

    For mre info on all the recent updates visit http://support.apple.com/kb/HT1222

MacScan 2.8 Released for Mac


MacScan anti-spyware and anti-malware software for Mac

According to the press release, MacScan 2.8 Anti-Malware Privacy & Security for Mac OS X “enhances protection against the latest threats for Mac OS X” whilst “adding usability enhancements and bug fixes. Apparently, it has also been updated to work with Firefox 4 when removing blacklisted tracking cookies. Users can now remove over 10000 known cookies for adware and malware with a single click and without losing any of their saved cookies. Originally introduced in January 2006, the software has been continually developed by SecureMac. It protects against Spyware and rogue cookies.

Upgrades for previous 2.x versions is free. You can also download a demo at http://macscan.securemac.com

It is available for $29.99 or you can purchase a Family Pack (for three Macs) for $49.99. UK pricing depends on currency conversion at the time of purchase (PayPal’s conversion isn’t as favourable as some other means of payment).

Free Kaspersky Anti-Virus 2011 for Mac


Kaspersky Anti-Virus 2001 for Max OS XIf you are a Barclays Bank online banking customer you can get Kaspersky Ant-Virus 2011 for the Mac for free. Kaspersky Anti-Virus for Mac provides advanced protection for your Mac with a familiar Mac-style user interface and award-winning Kaspersky technology.

Kaspersky Anti-Virus (Mac OS X) protects home users of Apple Macintosh-based computers against malware.

New in protection:

  • Kaspersky Anti-Virus is developed based on an enhanced anti-virus kernel that has a high efficiency in malware detection
  • File scan runs automatically in real-time mode or by user’s demand
  • Automatic updating of application databases

New in the application interface:

  • The application interface is designed in Mac style, with the use of principles and agreements developed for this platform, thus making the use of Kaspersky Anti-Virus more convenient to Mac users
  • Kaspersky Anti-Virus integrates the security assistant which allows the user to solve all security problems in a single window on his or her computer

The minimum system requirements for proper functioning of Kaspersky Anti-Virus (Mac OS X) are as follows:

  • Mac-based computer with Intel processor
  • 512 MB RAM
  • 100 MB available hard drive space
  • CD-ROM (for installing Kaspersky Anti-Virus (Mac OS X) from installation CD)
  • Mac OS X 10.4.11 and higher.

Visit https://activation.kaspersky.com/en/barclays_protection to get your copy.

Adobe products still full of security holes


Adobe Shockwave Player Logo
Image via Wikipedia

Adobe security holes are just like No. 73 buses, you don’t have to wait long before another one comes along. Now it seems that Adobe Shockwave Player has a zero-day vulnerability which could potentially allow an attacker control of your computer.

This is unwelcome news to say the least, with millions of computer users having installed Shockwave Player. Of these, the majority will either be totally unaware of the issue and have poor security, or not sure about what to do. It doesn’t help that Adobe is notoriously slow in patching its products.

Adobe has acknowledged the hole affects Shockwave Player 11.5.8.612 and earlier versions on the Windows and Mac operating systems. This is after a researcher made the exploit code public. The security flaw means a hacker could theoretically take control of your computer, with all the implications that has for loss of personal data and your computer becoming a ‘zombie’ computer, spreading trojans and spam across the net to other computers.

So, if you have Adobe Shockwave Player installed on your computer you need to follow these steps:

1. Make sure you are using the very latest version as out of date versions are even more insecure, remaining unpatched for earlier vulnerabilities.

2. Make sure you are fully protected with anti-virus and anti-spyware software. Make sure too that it is fully up to date and that you regularly scan your computer for problems.

Of course, if you are a Mac user then you are less vulnerable but its best to be vigilant and never give permission for any process that you are not sure is genuine.

Enhanced by Zemanta

Phishing schemes targeting MobileMe users


Phishing schemes targeting MobileMe users

by Mel Martin (RSS feed) on Jan 13th, 2010(original article posted on TUAW)

Phishing MobileMeBe very careful if you get an email from Apple telling you they need to re-check your credit card information. One of our readers got just such an email, and he didn’t fall for it. This particular rip-off comes from an ‘Apple-bills.com’ domain, which has nothing to do with Apple. They’ll be glad to take your credit card info, and give you a big surprise when you get your next billing statement. An Apple representative confirmed that the email is not from Apple.

They also suggest you send copies of the email and relevant details to spam@me.com if you get one. This isn’t the first time this scam has gone after MobileMe users. We reported on some MobileMe scams in May. In February another scam site was telling people their MobileMe renewal was not received and to do it again. Back in 2008, ComputerWorld reported on another phony scheme that fleeced about 200 MobileMe customers in a single day. It’s probably a good idea to not click on links in emails that ask for financial or credit card information, and it is easy to check with any vendor to see if the request is legitimate. If you ever have questions about a MobileMe renewal, you can go to: http://www.apple.com/support/mobileme/ and do a live chat with an Apple support agent.

Also, don’t update from an email. Log into your account and update there. Just before posting this I tried the link our reader sent. The first time I clicked I saw the fake Apple page. Now there is an error page there instead. Thanks to Asif for the tip. Tags: credit cards, fraud, MobileMe, phishing, scams, schemes, spam * Source * Email this * Share * Tweet this! * Comments (6) Filed under: Rumors, iPhone Rumor: Apple tablet said to be “iPhone on steroids” by Sang Tang (RSS feed) on Jan 13th, 2010 If there’s anything consistently consistent about the purported Apple tablet, it’s that it’s said to be, in essence, a larger iPhone. Expanding on this, Boy Genius Report cites its “close Apple contact” that claims the device is “an iPhone on steroids.”

Like its iPhone brethren, the tablet is said to sport an ARM processor, adding the caveat that the processor will be “incredibly fast.” Also according to the report, the tablet will support multi-touch gestures that are said to be “out of control.” Back in 2005, Apple acquired FingerWorks, a company that specialized in gesture-based computing. According to former Apple engineers, FingerWorks will have its footprint — er, fingerprints — on the purported tablet. The meat behind these potatoes is said to be the iPhone OS kernel. For this reason, there hasn’t been an updated build of the iPhone OS out of fears that tablet-related references in the code would leak.

Reblog this post [with Zemanta]

MacUser report SX/Jahlav-D infectin hiding in hacked Quicktime update


First for mac news, reviews and know-how
MacUser is reporting that a fake Quicktime installer has been identified. The installer package contains the . Previous versions of the trojan have been distributed in hacked copies of iWork and Photoshop, or have masqueraded as updates to Adobe’s Flash player and as plugins said to be necessary to watch web videos.

The potential infection serves again as a reminder not to install software unless it is comes from the developers’ own website, or in Apple’s case via Software Update, or from a trusted third-party site such as MacUpdate or Version Tracker.

Currently, installing hacked software is the only way to allow an infection onto a Mac. There is no self-propagating malware that kind find its way onto a system without the user’s help.

Original article by Simon Aughton. Visit the MacUser site here: http://www.macuser.co.uk/news/266320/mac-infection-masquerades-as-quicktime-update.html

Reblog this post [with Zemanta]