With a new year comes new computers, and that means new security problems. Viruses, spyware, rootkits, hackers--a fresh machine can be susceptible to the most insidious of plots. Lucky for you, here in the CNET Download.com defense bunker, we've devised a list of essential and free top-rated security programs to protect the honor of your computer and ensure that your sanity will last longer than your resolutions.
The US Army is starting to buy Macs in order to improve its resistance to security threats. It makes sense that having the army completely standardized on Windows is a bad idea, just as being completely standardized on Macs would be a bad idea. Perhaps enterprises should take note?Wallington, a division chief in the Army's office of enterprise information systems, says the military is quietly working to integrate Macintosh computers into its systems to make them harder to hack. That's because fewer attacks have been designed to infiltrate Mac computers, and adding more Macs to the military'… Read more
Update Dec. 20 with Google comment
A computer worm has been spreading on Google's big-in-Brazil Orkut social network, according to a report on the Sounds from the Dungeon blog.
It may have infected as many as 400,000 users, according to a post on a blog called "c0d3w12."
It's download time again for Mac OS X users, as 31 new security-related fixes for both Tiger and Leopard were made available by Apple Monday afternoon.
The security patches are mostly geared for users of Mac OS X 10.4, known as Tiger, but there's a bunch as well for version 10.5, known as Leopard. They should be automatically pushed to Mac users through the Software Update function, but you can also go to Apple's Web site and download the patches.
A number of serious vulnerabilities, such as ones that could lead to a malicious attack … Read more
A friend took me to task for recommending that people use Gmail as a central repository for all their e-mail. (The fact that he works for Yahoo is purely coincidental.)
"Sure, let Google read all your mail and serve up ads based on the content," he said. "Nothing wrong with that." The fact is, I consider everything I do online--searching, browsing, shopping, e-mail, video-viewing, you name it--as public as anything I do on Main Street in midday. That doesn't mean I don't take precautions to protect my credit card numbers and other private information … Read more
Here's a collection of links from the "Stuff I'm reading" section. To see these as they post, come back to the Beyond Binary blog and check out the right-hand column. I recommend doing it ten times a day, but, the digest below is here for those that have other things to do:Are Microsoft-served ads slowing down Web sites?--Blogger Long Zheng noticed that his recent visits to Digg had been slowed by ad requests to MSN. He did some more, well digging, and found that some other sites with MSN-served ads are also sluggish. (istartedsomething) … Read more
On Tuesday, a security researcher disclosed to Bugtraq, a public newsgroup, details of remote execution attacks on some models of Hewlett-Packard laptops. According to the researcher, who is using the name "porkythepig," flaws in HPInfoDLL.dll, one of the ActiveX controls used within the HP Info Center, could allow remote attackers to target the laptop and also execute registry changes on the compromised machine.
As of Wednesday, HP has not offered a response.
The scenario within the disclosure suggests that an attacker could lure a victim to a specially created Web site. When viewing the Web site in … Read more
Microsoft on Tuesday released its December 2007 security bulletin, which includes seven updates: three are designated as critical by the software giant and four are deemed important.
On the Windows side is a cumulative update for Internet Explorer, plus patches for the Windows Kernel, DirectX, Macrovision Driver, and the Windows Media File format--the latter three suggest concern that criminal hackers are targeting media files for exploitation. There are no Microsoft Office updates this month. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.
I stumbled across this fascinating Microsoft tutorial today entitled "How to Justify a Desktop Upgrade." It's an attempt to coach IT professionals on how to sell desktop upgrades internally. Apparently the value of Vista is not readily apparent, requiring detailed instructions on how to connive and cajole into an upgrade from XP.
The most intriguing thing about the tutorial is its implicit rejection of Microsoft's older technology. Just a few years ago Microsoft was pitching the world on how secure and cool XP was. Now it's telling us largely the opposite:
[M]anagement may not be aware that the most compelling reason to migrate to a newer operating system, such as Windows Vista, is to take advantage of the latest security features.… Read more
In reading through a larger article on open-source adoption in the US Department of Defense, I came across this interesting perspective on why shared-source software (which Microsoft and an increasing number of software vendors use to mimic open source without fully embracing its benefits and obligations) is bad for security:Several large companies whose software is in heavy use in DOD advocate a shared source code model in which people can view the source code but not change it. This shared source code approach has some problems, though. By sharing source code with organizations, the users have the ability to … Read more