Despite all the advertising from Jobs’ Mob which says otherwise, Miller told One IT Security that Windows 7 is slightly more difficult because it has full address space layout randomization. It also has a smaller attack surface with no Java or Flash installed by default.

Even before Windows 7, Microsoft’s stuff was harder to crack than OS-X because it had a data execution prevention. Recently however it is easy to get around these protections in a browser in Windows.

Linux is just as easy to hack because the vulnerabilities are in the browsers.

Generally most of the problems for both Windows and OS-X are based around Adobe Flash. He agrees with Steve Jobs that you have to be barking to run Flash on any operating system.

Miller has made his name hacking OS-X and the iPhone. He said most of his hacks can be found in fairly common Mac hacking books.

Source: techeye.net

Bogusware, scareware or rogueware – whatever you prefer to call them, are all different names given to describe roughly the same thing: rogue security products that masquerade as the real thing.

According to numbers published by the Anti-Phishing Working Group (APWG), more than 485,000 rogue security samples were detected for 2009 – an astoundingly large figure, when you consider that is more than double the statistical total for 2008.

More so, June was a watershed month for malware: 152,197 examples of anti-malware products were analysed overall.

The APWG estimates more than 200 gangs throughout the world are responsible for the bulk of rogue security software applications floating around the internet, although only 10 of these gangs are responsible for more than 77% of the rogue malware infections.

How they work

Generally, web surfers are prompted to download rogue security software via an advertisement that pretends to offer authentic anti-virus or spyware scanning tools.

Other methods also include drive-by-downloads via infected websites and fake BitTorrent downloads carried over popular P2P networks.

In some cases, the extent of infection only extends to credit card fraud: users are asked to register for a lifetime product licence by entering their credit card details.

But in other more sinister cases, fake malware products can install hidden Trojans onto the user’s computer unsuspectingly and then log email actions, bank account passwords and other personal data by sending it covertly back to the gang operating the scam. This data is often used in numerous identity and banking fraud schemes.

Where will you most likely come across rogue security software?

At first, it was assumed that most of the software applications were only showing up on porn, P2P and warez sites. Now that’s changing. In recent months, mainsteam websites such The New York Times came under attack for hosting an advertisement on its site that redirected readers to a fake anti-virus package.

Google plays a key part in the dissemination of not-so-honest links. Fake anti-virus applications still routinely show up in the pretext of Google adwords and in search results when you are searching out new anti-virus suites to download.

Downloading antivirus products over Bittorrent or P2P can be just as dangerous – many so called genuine products (such as Norton 2009 for example) can contain Trojan horses that work in the same way to infect machines.

A quick Wikipedia search will often tell you plenty of things about your program of choice. It comes down to a great deal of common sense, including downloading from trusted sites, reading reviews and taking some time to consider why a flashing ad is prompting you to install a mysterious antivirus scanner. If it’s too good to be true, it probably is.

Removing and cleaning rogue invaders

Not all mainstream software security packages will pick up and detect the latest scareware. This has much to do with the concept of polymorphic malware, a type of viral threat that constantly changes its own binary structure to evade detection, making it extremely difficult to be picked up by traditional signature based scanning.

As most rogue security titles are polymorphic by nature, their malware signatures are often dynamic, which makes it very hard for some antivirus software to detect.

To keep one step ahead of the security companies, malware programmers regularly change their name and logo to keep up with the latest signature scanners. As a result, many of the same rogue software titles compete under different titles, names that sound much like the real thing including “MS Antivirus”.

Smaller spyware scanners tend to do a good job specialising in removing the fakes and these include programs such as Malwarebytes Anti Malware and Spyware Doctor. Combo-fix is a bare-bones piece of freeware used for catching spyware and malware and is a effective free alternative to cleaning vulnerable machines. HijackThis can sometimes be used to delete registery information if spyware scanners cannot clean all aspects of an infection.

5 rogue security software titles to avoid:

1) SpySherrif

How it works: This piece of malware does it best work by informing computers of false threats to their system. It’s mostly found via web typo’s (Toggle) and via infected software downloaded over P2P networks.

Threat value: SpySherrif is extremely difficult to remove by traditional security scanners. In additional to credit card fraud, this piece of crafty spyware can block internet connections, create multiple administration accounts, stop critical programs from responding and block access to several useful websites that might be used to clean any malware infection.

Also known as: System Security, SpywareStrike, SpyShredder and Spybot – just to name a few.

2) WinFixer

How it works: Frequently launches pop-ups that offer trial versions of anti-virus suites that can scan machines for non-existent infections. To remove the fake Trojan, users must purchase the program.

Threat value: Used mainly to extort users through credit card fraud.

Also Known as: WinFixer goes by many names, titles that sound much like genuine security suites. These include WinAntiSpyware, AVSystemCare, WinAntiSpy and Windows Police Pro. There are among 20 other given names for WinFixer.

3) MacSweeper

How it works: Known as one of the first rogue security applications to target the Mac Operating systems. It’s easy to catch too: web typos, drive-by downloads and piggyback downloads hidden in other applications.

Threat value: This one has been busted by the big security firms already and there are instructions for removal available online. The usual credit card fraud aspect applies and encourages users to pay for a full trial version.

Also known as: KiVVi Software, Cleanator.

4) Green Antivirus 2009

How it works: Green Antivirus is unique because it places a spin on the traditional fake anti-virus suite, by adding a moral incentive to users. The fake program often promotes to donate $2 of each downloaded software title to a particular charity in need. This is done to make the software appear more legitimate.

Threat value: Credit card fraud warning.

Also know as: Green AV.

5) MS Antivirus 2009

How it works: With a name bearing the false credentials of the biggest software company in the world, this particular rogue security suite is particularly well positioned to take advantage of number one branding. Works in same manner of other rogue security suites by offering to scan computer for free.

Threat value: It’s Microsoft OS dependent, so you’ll need to be on a Windows machine to be a viable target. However, once downloaded, the malware can disable genuine virus scanners and make it difficult to remove.

Also known as: Extremely popular and ever changing its name, it’s also known as Windows Antivirus, Win Antivirus, Antivirus Pro and Antivirus Pro 2009 – among many many others.

Source: http://www.pcauthority.com.au

However, Microsoft still walked away with a slight rise in shares, up 2.7-percent by mid-day according to Reuters. “Microsoft is finally making the conversion through the Web-based world. First, we saw that through Bing. Now we are seeing that through Office,” said Jefferies & Co analyst Katherine Egbert.

But will the web-based Office make money? The company is counting on it, hoping that consumers will follow the software to its ad-supported websites. However, the online software may hurt the sales of the retail version; the home version, Microsoft’s most popular Office title, retails for $150.

“Microsoft is in a tough spot. Their competition isn’t just undercutting them. They are giving away the competitive product,” said Sheri McLeish, an analyst with Forrester Research.

Microsoft’s free Office Web Applications are due in August.

With the incredibly large Office user-base, we suspect that Microsoft would have an instant hit on its hands with Office Online. So far, Google Docs hasn’t really become the hit that Google hoped it would be. Time will tell.

Source: http://www.tomshardware.com

While some types of badware seem more annoying than dangerous, the consequences of badware infections can be quite harsh. Badware can cause computers to become slow, unresponsive, or even unusable. Personal information gathered by spyware can be abused, and financial or other personal data that falls into the wrong hands can lead to identity theft. Some forms of badware steal resources instead of information, perhaps by adding your computer to a network of hijacked machines called a botnet, that can then use your computer to send spam and phishing emails or even to help distribute more badware.

Badware producers are constantly developing new, creative ways to install badware onto your computer. Badware distribution has been expanded beyond traditional channels like email viruses to harder-to-avoid methods like automated “drive-by downloads” that are launched by compromised web pages.

Badware can be difficult to avoid, especially because it is not always obvious when your machine is affected. Some manufacturers bundle badware with other applications without disclosing that it’s part of the package. You can even be infected with badware simply by visiting a website that has been compromised by attackers; these attackers embed ‘drive-by downloads’ in otherwise legitimate websites, which then silently install applications on your computer, completely without your knowledge or consent. These programs are usually also hidden on your computer, making it difficult to identify and remove them.

Why do badware producers go to the effort of producing harmful software? Badware has become a booming industry, with an estimated annual value of over $2 billion USD. Some badware is produced for outright theft, while other badware is designed to support shady marketing schemes which drive web traffic or product sales. An estimated 59 million Americans currently have spyware or other malicious badware installed on their computers.

Badware production and distribution is only profitable if enough computers can be infected to support the costs and risks associated with developing software that exploits consumers. We hope that by educating users to avoid and remove malicious software, we can help reduce the profitability of badware business models.

Source: http://www.stopbadware.org

Exactly one week after it was supposed to get its ducks in a line, reports began to trickle in claiming that Conficker had began updating via P2P between infected computers and dropping a mystery payload on infected machines.

According to PCWorld, researchers at Trend Micro reported that infected machines had begun receiving a binary update which tells Conficker to start scanning for other computers that haven’t patched the Microsoft vulnerability the virus exploits.

The new update also tells Conficker to contact MySpace.com, MSN.com, Ebay.com, CNN.com and AOL.com apparently to confirm that the infected machine is connected to the Internet, Rik Ferguson of Trend Micro told PCWorld. What’s more Conficker also blocks infected PCs from visiting specific sites. Previous Conficker versions wouldn’t let people browse to the website of security companies. This new update is timed to stop running on May 3 although it’s unclear if this deadline will pass as uneventfully as the last.

Source: http://www.tomshardware.com/