Category Archives: Security

All about Security, technologies, security issues, security implementations, hacks, etc…

AntiVirus Software Review Product Comparisons

\r\n

Antivirus Software review

\r\n

\r\n

Why Buy Antivirus Software?

\r\nToday, an unprotected computer isn’t just vulnerable, it’s probably already infected. New viruses, spyware, trojans, worms, and other malware are created every day. New threats are disguised to bypass other security measures, and specifically designed to catch you and your PC off guard.\r\n\r\nThe virus landscape has also changed; viruses that used to be annoying pranks have evolved into pernicious threats capable of not only destroying your computer, but stealing your information and identity.\r\n\r\nThe benefits of installing a basic security solution on your PC are obvious, but the cost in system slowdown used to make it tough to bear. Luckily, modern antivirus software haven’t just improved their level of protection, they’ve significantly improved resource efficiency and overall speed. You can have ultimate protection without giving up your resources. With advanced technologies and straightforward usability, antivirus software is more effective than ever, and doesn’t require constant maintenance from you. Say goodbye to annoying security warnings and noticeable slowdown; current antivirus programs deliver constant protection and can actually speed up your computer.\r\n\r\nThe last generation of antivirus software brought advanced heuristic detection into the mix. Continuing to improve, the 2011 lineup of antivirus products often incorporate further developed proactive protection with better behavior checking and even file reputation analysis. Several of the software incorporate ‘in the cloud’ security and other advanced technologies to increase safety and convenience. From gamer modes, to battery saving settings, to integrated web link scanners; antivirus applications are more versatile and have upped the ante for features and functionality.\r\n\r\nOn antivirus software review site you’ll find a side-by-side comparison of the best antivirus software, helpful articles on computer security, security tips and tricks, buying guides, videos, and comprehensive reviews to help you make an informed decision on which security software is right for you.\r\n

\r\n

What to Look For in Antivirus Software

\r\nAll security software is not created equal. Like all consumer products, antivirus software has the good, the bad, and the mediocre. The choices for antivirus protection are many and varied. Although we haven’t reviewed each and every product available, we feature the absolute best antivirus software available today from a number of providers (including big-hitters, lesser-knowns, and new-comers), and compare them so you can match your needs with the right software.\r\n\r\nRemember when it really comes down to it, effectiveness and usability can either make or break antivirus software. Security programs are only as good as their level of protection, and if you can’t figure out how to use it, you won’t. Our top-ranked antivirus software combine optimal security with user-friendly features and tools.\r\n\r\nBelow are the criteria TopTenREVIEWS uses to evaluate and compare antivirus software:\r\n\r\nScope of Protection\r\nWhile most security solutions tout “multi-layered” protection, “360 degree” defense and/or even “100%” security, some are certainly more thorough than others. The best antivirus solutions will include traditional protection from viruses, worms, Trojans and spyware, but should also include defense from keyloggers, phishing scams, email-borne threats and rootkits. While antivirus programs are by no means full-blown internet security suites, they should protect from as many threats on as many fronts as they can.\r\n\r\nEffectiveness\r\nAntivirus is specifically designed to protect your computer, so if it doesn’t do that well, what good is it? All the features, bells and whistles, or sleek interface can’t make up for poor performance. We look at results from the industry-standard security software testers and professional security organizations to find the most effective software available and evaluate overall effectiveness. In general, our highest ranked programs are also the most effective.\r\n\r\nEase of Installation and Setup\r\nSecurity software shouldn’t be a chore to install, and should have you protected as soon as possible. From download to install, to the first scan; implementing antivirus software should be quick and easy.\r\n\r\nEase of Use\r\nAntivirus software is complex stuff, but shouldn’t require a degree in computer security. The best security programs have all the features security experts want, but are just as easily used by a beginner. Everyday computer users want a security solution that they can install and forget about; software that doesn’t require constant maintenance or have annoying interruptions. The best antivirus software is flexible enough to do exactly what you want to (even if that means running by itself).\r\n\r\nFeatures\r\nA well-rounded feature set takes a security solution from good to great. More than bells and whistles, added features provide security, usability and performance benefits.\r\n\r\nUpdates\r\nSecurity software is only as good as its latest update. Viruses are being identified and added to signature databases all the time, so it’s important that your virus definition list updates accordingly. Modern antivirus software are equipped with automatic updates that perform regularly enough that you get faster updates that don’t slow down your system. The best security providers even “push” updates to you as soon as they’re available.\r\n\r\nHelp & Support\r\nThe best software doesn’t require reading an in-depth manual to use, but still has one available. For specific questions, troubleshooting, and additional help, the best antivirus manufacturers provide superior product support online and off. Additional support for software may come in the form of assistance over the phone, email, live chat, or through a number of additional resources (knowledgebase, FAQs, tutorials).\r\n\r\nA well-balanced antivirus solution is effective, efficient, and easy to use. Combining all the right features with a usable interface; our top antivirus software choices deliver the best security and usability without a serious investment in time, money, or system resources.

Worm or Virus – What is the Difference?

\r\n\r\nEveryone has been infected with a virus at one time or another either through the common cold or the flu. A virus attacks the human body by entering through one of the many openings and attaching itself to a host cell. It releases a piece of genetic information into the cell and recruits the cell’s enzymes to propagate the genetic information. Once the genetic code has been adequately replicated, it destroys the cell and attacks cells nearby.\r\n\r\nHow does a computer virus simulate a biological virus? Just as a biological virus injects its own genetic information into a cell and interferes with the body’s normal operations, a computer virus is a program written to interfere with the proper functioning of a computer. It may damage programs, delete files, reformat hard disks and perform other forms of destructive acts.\r\n\r\nTo be classified as a virus, a program must meet two criteria. It must be able to execute itself by placing its own code in the execution path of another program. The program must also be able to replicate itself by replacing existing computer files with copies of the virus-infected files. Similar to the way a biological virus requires a host cell, a computer virus requires an infected host file to propagate itself.\r\n\r\nViruses have become the villains of the computer world, propagating themselves and destroying everything in their path. However, another tool of destruction, known as the worm, has been creeping into the computer industry. Most of us have heard of the dreaded Blaster worm that attacks Microsoft websites, but what exactly is a worm and how does it differ from a virus? Actually, a worm is a type of virus that attacks the computer in a method differing from the way a typical virus attacks a computer. Unlike the typical virus, the worm does not require a host program to propagate. A worm enters a computer through a weakness in the computer system and propagates itself using network flaws.\r\n\r\nThe typical virus requires activation through user intervention, such as double clicking or sending outgoing email. However, a worm releases a document containing the “worm” macro and sends copies of itself to other computers through network flaws, therefore bypassing any need for user intervention.\r\n\r\nSo, what can you do to protect your computer from virus infection? There are a number of preventative measures that you can take. For example, you can purchase and continually update virus scan software. Make sure that this software contains the “real-time” scanning feature which monitors all incoming and outgoing mail. You may also install a firewall which prohibits unauthorized access to your computer. By installing these preventative devices, you can proactively defend against viruses.\r\n

References:

\r\nAOL.com: What’s the Difference Between Viruses, Worms, and Trojans? (2005).\r\n\r\n Phoenix. CastleCops.biz: What is the Difference Between Viruses, Worms, and Trojans? (2003.)\r\n\r\nSullivan, Rob. SearchEnginePosition.com: The Difference Between Viruses and Worms. SEP. (2004)\r\n\r\nSymantec.com: What is the Difference Between Viruses, Worms, and Trojans? Symantec Corporation. (2005).

Top Rogue Scanners to Avoid

Fake Antivirus scanners, or Rogue scanners come in many forms. Many alter the properties of your browser window to make it look like a legitimate program, when in reality, it’s just a browser window. Others, executed via active-x, script or injected via a Virus, will actually look like a running program. These programs have a single goal, and that is to trick the user into actually installing the program. Once installed, the effects range from annoying to devastating. These programs will produce false alerts telling the user that there is a virus, pornography, and other items on their computer. It then has a fix it button. Once pushed, they are directed to pay a certain amount of money for a solution that never happens.\r\n\r\nSome of these rogue programs are unusually deceiving. Programs like Antivirus 360, use the name 360 because the targeted user may believe that it is directly related to Norton 360. Others use names that lead people to believe that they are legitimate. They even go as far as using an exact replica of Microsoft’s Security center, producing an image like the one below.\r\n

\r\nNotice under “Virus Protection” there is a listing for one of the most common Rogue programs. Here, they want you to click on those buttons, ultimately obtaining your credit card and money from you, with no actual solution to your problem.\r\nHere is a list we have compiled of the Top Ten Rogue Antispyware programs to watch out for, and a description of each one and their tactics. There is actually a very long list, but here are the most commonly seen rogue programs in our experience.\r\n

    \r\n

  1. Antispyware XP 2009 – Uses a replica of the Microsoft Security Center, as pictured above. Antivirus 2009 comes in many names, including Antivirus 2008, Antivirus XP/Vista and Antivirus XP 2009, XP Antispyware 2009
  2. \r\n

  3. Antivirus 360
  4. \r\n

  5. WinCleaner 2009
  6. \r\n

  7. Malware Doctor
  8. \r\n

  9. Spyware XP Guard
  10. \r\n

  11. Spyware Remover 2009
  12. \r\n

  13. Total Protect 2009/Total Defender/Total Security
  14. \r\n

  15. Virus Shield 2009/Virus Shield Pro
  16. \r\n

  17. Windows Security Suite
  18. \r\n

  19. WinAntivirus XP/Vista
  20. \r\n

\r\nShould you come across one of these programs on your system, we highly recommend that you get it removed as quickly as possible. It has been our experience that the longer they stay on the computer, the worse the damage gets.\r\n\r\nBy: Josh Borglund, Toptenreviews

SQL Injection: How To Prevent Security Flaws In PHP / MySQL

\r\n

\r\n

\r\n

\r\n

\r\n

What is SQL Injection\r\nMost new web developers have heard of SQL injection attacks, but not very many know that it is fairly easy to prevent an attacker from gaining access to your data by filtering out the vulnerabilities using MySQL extensions found in PHP. An SQL injection attack occurs when a hacker or cracker (a malicious hacker) attempts to dump the data in a database table in a database-driven web site. In an unprotected and vulnerable site, this is pretty easy to do.\r\n\r\nSQL injection is a common vulnerability that is the result of lax input validation. Unlike cross-site scripting vulnerabilities that are ultimately directed at your site’s visitors, SQL injection is an attack on the site itself, in particular its database.\r\nThe goal of SQL injection is to insert arbitrary data, most often a database query, into a string that’s eventually executed by the database. The insidious query may attempt any number of actions, from retrieving alternate data, to modifying or removing information from the database.\r\n\r\nHow does SQL injection attack works\r\nIn order for an SQL injection attack to work, the site must use an unprotected SQL query that utilizes data submitted by a user to lookup something in a database table. The data could be from a search box, a login form or any type of query used to look up data using data input by user. It also means that querystring data used to query a database can create vulnerabilities.\r\nFor example:\r\n\r\nAn very simple unprotected query might look like this:\r\n\r\n

\r\n

\r\n

\r\n

SELECT * FROM items WHERE itemID = '$itemID'

\r\n

\r\n

Normally, you would expect a user to submit a username and password, which would be used to query the database table to see if the username and password exists. But what if someone used the following instead of a password?

\r\n

‘ OR ‘1′ = ‘1

\r\n

\r\n

\r\n

That would make the query used to look for the password look like this:

\r\n

\r\n

\r\n

SELECT * FROM items WHERE itemID = '' OR '1' = '1'

\r\n

\r\n

\r\n

\r\n

This would always return a True response and could literally display the entire table as the result for the query. This is a pretty scary thought if you are trying to keep your data secure. The problem with SQL injection is that a hacker does not have to know anything about your database or table structure.\r\n\r\nWhat if an error or some other issue caused your table structure to be exposed? Hackers are very good at forcing errors to occur that expose information that allows them to penetrate a site deeper. What if the following was entered in the password field?\r\n\r\n

\r\n

‘; drop table users;

\r\n

\r\n

How to prevent your database from SQL Injection attacks\r\nThere is a method for filtering the data that is used on the right side of the WHERE clause to look up a row in a database. The trick is to escape any characters that may be in the user input portion of the query that could lead to a successful attack.\r\n\r\nUse the following function to add backslashes to suspect characters and filter any data that is input by a user.\r\n\r\n

\r\n

function cleanQuery($string)\r\n{\r\n if(get_magic_quotes_gpc()) // prevents duplicate backslashes\r\n {\r\n  $string = stripslashes($string);\r\n }\r\n  if (phpversion() >= '4.3.0')\r\n  {\r\n   $string = mysql_real_escape_string($string);\r\n  }\r\nelse\r\n{\r\n $string = mysql_escape_string($string);\r\n}\r\nreturn $string;\r\n}\r\n\r\n// if you are using form data, use the function like this:\r\nif (isset($_POST['itemID'])) $itemID = cleanQuery($_POST['itemID']);\r\n\r\n// you can also filter the data as part of your query:\r\nSELECT * FROM items WHERE itemID = '". cleanQuery($itemID)."' "

\r\n

The first part looks to see if magic quotes is turned on. if so, it may have already added backslash escapes though a POST or GET method used to pass the data. If backslashes were added, they need to be removed prior to running it through the rest of the function.\r\n\r\nThe next part checks the PHP version. The built-in function that we want to use is called mysql_real_escape_string. This MySQL function only exists in PHP version 4.3.0 or newer. If you are using an older version of PHP, another MySQL function is used called mysql_escape_string.\r\n\r\nmysql_escape_string is not as effective as the newer mysql_real_escape_string. The newer version escapes the string according to the current character set. The character set is ignored by mysql_escape_string, which can leave some vulnerabilities ope for sophisticated hackers. If you find that you are using an older version of PHP and you are trying to protect sensitive data, you really should upgrade to a current version of either PHP 4 or PHP 5.\r\n\r\nSo what does mysql_real_escape_string do?\r\n\r\nThis PHP library function prepends backslashes to the following characters: \n, \r, \, \x00, \x1a, ‘ and “. The important part is that the single and double quotes are escaped, because these are the characters most likely to open up vulnerabilities.\r\n\r\nFor those who do not know what an escape is, it is a character that is pre-pended to another character. When a character is escaped, it is ignored by the database. In other words, it makes that character ineffective in a query. In the case of PHP, an escaped character is treated differently by the PHP parser. The standard escape character used by PHP and MySQL is the backslash.\r\n\r\nIn the case of the SQL query example used above, after running it through the routine, it now looks like this, which breaks the query :\r\n\r\n

\r\n

\r\n

SELECT * FROM items WHERE itemID = '\' OR \'1\' = \'1'

\r\n

\r\nThis method should stop the bulk of the SQL injection attacks, but crackers and hackers are very creative and are always finding new methods to break into systems. There are additional steps that can be taken to filter out certain words, such as drop, grant, union, etc., but using this method will strip these words from searches performed by you users. However, if you want to add another level of security and do not have an issue with certain words being deleted from queries, you can add the following just before if (phpversion() >= ‘4.3.0′).\r\n

$badWords = array("/delete/i", "/update/i","/union/i","/insert/i","/drop/i","/http/i","/--/i");\r\n$string = preg_replace($badWords, "", $string);

\r\nThis additional step should prevent a malicious attacker from damaging a database if they found a way to slip through. Just remember that is you take this additional step and you have a site where someone might search for a “plumbing union” or a “drop cloth”, those queries would not work as intended. If you are wondering what the trailing ‘i’ is following each word in the array, it is required to make the preg_replace replacements case insensitive. This wasn’t needed with eregi_replace, but that function has been deprecated in PHP 5.3.\r\n\r\nAnother important step that needs to be taken with any database is controlling user privileges. When setting up a MySQL user, you should never assign any more privileges than they actually need to accomplish the tasks that you allow on your site. Privileges are easily assigned and managed thought phpMyAdmin, which is found in the the control panel (cPanel, Plesk, etc.) for most hosting companies.\r\n\r\nUseful Links\r\n

http://en.wikipedia.org/wiki/SQL_injection\r\nhttp://www.learnphponline.com/securi…tion-mysql-php\r\nhttp://dev.mysql.com/tech-resources/…curity-ch3.pdf\r\nhttp://www.tizag.com/mysqlTutorial/m…-injection.php

Antivirus and anti-malware protection

\r\n

There are many different antivirus and anti-malware protection programs available, ranging in price from free, to several hundred dollars, depending upon their sophistication and scope of use. It is critically important that anyone that connects to the internet has adequate protection against possible infections by viruses, trojans, worms, and various malware that circulate so prolifically these days.\r\n\r\nThere is an adage that says, “If a little bit is good, then a lot is better”. However, in the case of virus protection, this is normally not true (in fact, in my experience, NEVER). Although it may be permissible to run more than one anti-malware protection program at a time, one should have only one antivirus program operating at any given time. There are reasons for this.\r\n\r\nTwo different AV programs will often conflict, seeing each other as a virus, because of the nature of their operation. Thus, when one program succeeds in stifling the activities of the other, a window of opportunity for an actual virus may be created. More often, each will manage to limit the effectiveness of the other, thus creating a weakness that can be exploited. “Loops” can be created, wherein two AV programs will endlessly fight each other for control of a given function, leaving that function effectively unprotected. More is NOT better!\r\n\r\nOne should select their protection carefully, giving thought to the particular sorts of risks they make themselves vulnerable to by their surfing style. As a member of many web professional forums, I prefer to make my selection, after hearing the recommendations of others. I also have found that for my purposes, there is no need to purchase such a program.\r\n\r\nThere are a number of very effective AV programs, written and maintained by reputable organizations, that can be downloaded and installed at no charge. I presently use Avast, which I feel to be on a par with Avira, in terms of effectiveness in the AV realm. Both also offer enhanced versions for purchase, and have products that specialize in other levels of protection. Kaspersky is another system that has an excellent track record for protection.\r\n\r\nMost such products offer a free evaluation period, up to a month, to see if their program does the job you want. I usually warn people away from such evaluation periods, however, simply because some such programs are difficult to remove completely (Symantec’s Norton is one that’s notoriously difficult to get rid of) from your system.\r\n\r\nThere are a few things that should be remembered, when searching for the best AV program for your system:\r\n

    \r\n

  • NO AV program is perfect! Some are better than others, but new exploits are released almost daily, and your protection is only as good as its relevancy. If it updates virus definitions weekly, then you may be vulnerable to new viruses for several days between updates.
  • \r\n

  • The sort of experts that are capable of developing protection against viruses have their doppelgangers on the other side of the coin… those that develop the viruses to begin with. Both are good at what they do, and at any given moment, one will be a step ahead of the other.
  • \r\n

  • Realtime scanning is an important feature to seek in your AV protection. Scanning emails and downloads is important, but viruses and malware can be activated by the simple act of clicking on a text link, an image or opening an attachment. Just entering a page can enable an infection, without sufficient protection.
  • \r\n

  • The best AV protection available cannot do the job alone. YOU have to take an active part in protecting your system. If you frequent poor reputation sites, hang out in “bad neighborhoods”, the infection of your computer is made much more probable, regardless of the AV protection you run.
  • \r\n

\r\nAV protection is only one aspect of protection. A reliable firewall and adequate anti-spyware protection are other important protections that should be considered. I suggest you investigate what security bloggers and forum members have to say about the AV protection they have used or are using. A satisfied customer is always a good reference. Seofast

\r\n

Ethical Hacking Tools – Live Hacking CD

LogoI’m glad to share the information about Live hacking CD that is a Linux distribution packaged with collection of amazing tools for ethical hacking and penetration testing, that includes some IPv6 tools. This CD contains the tools and utilities you need to test and hack your own network but using the tools and techniques that more malicious hackers would use.\r\n\r\nLive Hacking CD is based on Ubuntu. This Live CD runs directly from the CD and there is no need installation of these tools on your hard disk. You can use the bundled  tools to test, check, ethical hack and perform penetration tests on your network to make sure that it is secure from outside intruders.\r\n\r\nAs well the standard Linux networking tools like ping, wget, curl, telnet and ssh, the Live Hacking CD has tools for DNS enumeration and reconnaissance as well as utilities for foot-printing, password cracking and network sniffing. It also has programs for spoofing and a set of wireless networking utilities.\r\n\r\nThis CD is based on open source technology and based on Ubuntu Linux. All the tools included can be freely found in either the Ubuntu repositories on from the Internet. The CD is designed to be a platform to help IT security professionals (as well as those with a general interest in information security) to start, understand and conduct penetration tests and ethical hacking.\r\n\r\nThe Live Hacking Mini CD is a small Linux distribution designed for ethical hacking. This is compact version of Live Hacking CD contains all necessary tools and utilities but GUI interface is not included in this CD and it’s command based only.\r\n\r\nDownload Live Hacking CD\r\n

    \r\n

  • Live Hacking CD, Version 1.2 Beta August 25, 2010, ISO-MD5 Hash: ded9ce8ee66c7d7e23f535d38a10e91f Download (SourceForge.net)
  • \r\n

  • Live Hacking CD, Version 1.1 Full April 27, 2010, ISO-MD5 Hash: dd1d96aec7821e6b623c93a1c9569658 Download (SourceForge.net)
  • \r\n

  • Live Hacking Mini CD, Version 1.0 Beta, April 27, ISO-MD5 Hash: dd19a497421f37c508d681586e132c99 Download (SourceForge.net)
  • \r\n

\r\nMore information about Live Hacking CD\r\n

\r\nSource: Livehacking, alijahangiri\r\n\r\nI’m thankful Livehacking and Ali Jahangiri to post the information of amazing tools.

ASP.Net Vulnerability Patch released: Microsoft Security Bulletin MS10-070

Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)

\r\n

\r\n\r\nMicrosoft released ASP.net Vulnerability path through Download centre, for details please click here.\r\n

\r\n\r\nThis security update resolves a publicly disclosed vulnerability in ASP.NET. The vulnerability could allow information disclosure. An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server. This vulnerability can also be used for data tampering, which, if successfully exploited, could be used to decrypt and tamper with the data encrypted by the server. Microsoft .NET Framework versions prior to Microsoft .NET Framework 3.5 Service Pack 1 are not affected by the file content disclosure portion of this vulnerability.\r\n\r\nThis security update is rated Important for all supported editions of ASP.NET except Microsoft .NET Framework 1.0 Service Pack 3. For more information, see the subsection,Affected and Non-Affected Software, in this section.\r\n\r\nThe security update addresses the vulnerability by additionally signing all data that is encrypted by ASP.NET. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.\r\n\r\nThis security update also addresses the vulnerability first described in Microsoft Security Advisory 2416728.\r\n\r\nRecommendation. Microsoft recommends that customers apply the update at the earliest opportunity.\r\n\r\nSee also the section, Detection and Deployment Tools and Guidance, later in this bulletin.\r\n\r\nKnown Issues. Microsoft Knowledge Base Article 2418042 documents the currently known issues that customers may experience when installing this security update. The article also documents recommended solutions for these issues.\r\n\r\nThe patch is available through Microsoft download centre\r\n\r\n

\r\n