The Latest Trumors, Beverly Rosenbaum

Never Let Your Guard Down

More patches have been issued to address many flaws this month.
The continual discovery by security analysts of software vulnerabilities has resulted in the launch of at least 5 competing Internet security suites. All will be sold with a recurring subscription and offer free trial versions.
Microsoft released its Windows Live OneCare protection and maintenance package at onecare.live.com/. It supports all versions of Windows XP with service pack 2 and covers virus scanning, firewall, tune-ups, and file backup. Products known to conflict with OneCare include Symantec Norton Internet Security, Antivirus, and SystemWorks; McAfee Internet Security Suite and Viruscan; and Trend Micro PC-cillin.
image1
America Online plans to enter the security software market with its own all-in-one PC health care suite, called Total Care. Components of this suite include virus, spyware, and phishing protection; a firewall; PC backup and remote PC backup capabilities; system tune-up utilities; on-line, on-site, and telephone tech support; PC rollback functionality; and identity theft protection. McAfee (www.mcafee.com) will provide the suite’s antivirus and firewall technology; MarkMonitor (markmonitor.com), the antiphishing component; and Iolo Technologies (www.iolo.com), the PC tune-up tools.
AOL currently offers free antivirus, computer check-up, and firewall tools to its members via the AOL Safety and Security Center section of its proprietary service. But Total Care, a more robust product, will be made available to the general public and will also include reduced-rate on-site PC tech support through a partnership with Gurus2go (gurus2go.com). Chat-based and phone-based PC tech support options will be free of charge. Go to beta.aol.com/projects.php?project=totalcare to sign up for the beta version.
image2
A 30-day trial of Norton Internet Security provided by Yahoo is available at downloads.yahoo.com/security/, and includes antivirus, firewall, antispam, and privacy and parental controls. This product supports Windows 2000 (service pack 3) or later.
image3
Both Symantec and McAfee plan to release new subscription suites of their own soon, code-named “Genesis” and “Falcon,” respectively. Pre-registration for the beta version of the Symantec suite, which will be called “Norton 360,” is at www.symantec.com/home_homeoffice/products/norton360/index.jsp. The subscription-based downloadable web service is designed to provide a “full circle of protection.” It will tie together features including anti-virus, anti-spam, anti-spyware, intrusion prevention, firewall, PC optimization and maintenance elements, WholeSecurity transaction security tools, plus on-line/off-line backup capabilities based on technology from Veritas (which merged with Symantec last year).
image4
McAfee is taking a different approach and has tailored 4 different packages, ranging from one with basic features at the low end to a top-of-the-line suite that includes wireless Internet security protection. Continued threats of unpatched vulnerabilities in e-mail packages, browsers, instant message applications, Office components and other programs have created a market for better protection tools. These products include new technology, called McAfee X-Ray for Windows, to combat threats such as rootkits. They’ve also added McAfee Shredder, a feature to securely delete files.
image5           image6
Microsoft had to release another 12 security bulletins for August to fix more holes in their software. Ten of the August patches affect the Windows operating system, while the other two security updates affect their Office productivity suite. Each had one flaw classified as “critical,” which means that it could be exploited by attackers to run unauthorized code on a PC without any user action. Such patches are released monthly as part of Microsoft's regularly scheduled security update, called “Patch Tuesday” by security researchers.
Other recent Microsoft releases included seven sets of patches for July 2006, some of which addressed the much-publicized Excel bugs that Microsoft had confirmed previously. All of the July Office and Excel fixes, as well as two of the Windows updates, were also rated as “critical” by Microsoft, following the release of 12 security updates for the month of June 2006.
McAfee has just patched flaws reported in all of its consumer products from VirusScan to Total Protection to its Internet Security Suite. The update released in August 2006 addressed vulnerabilities that could allow intruders to gain remote control of PCs Systems if the user clicks on a link to a malicious Web site.
A stack overflow was recently reported in Symantec products that could potentially allow a remote or local attacker to execute code on the affected machine. Updates have been released and are available for download at www.symantec.com/avcenter/security/Content/2006.05.25.html.
Mozilla posted stability updates for its Firefox browser (www.mozilla.com/firefox/), Thunderbird e-mail (www.mozilla.com/thunderbird/), and Seamonkey Internet suite (www.mozilla.org/projects/seamonkey/) to counter multiple vulnerabilities in those applications.
Windows is not the only platform affected. Apple released its own security update that patched 26 vulnerabilities in the Mac OS X operating system and its bundled applications. As many as 17 of those flaws would have allowed remote execution of code by attackers. A previous security update issued in May 2006 fixed 43 flaws. Updates for OS X v 10.3.9 as well as for v 10.4.7 on both PowerPC- and the new Intel-based machines can be downloaded from www.apple.com/support/downloads/ or by using the operating system’s built-in software update tool.
In the meantime, PC users can download a free SiteAdvisor from McAfee for either Internet Explorer (www.siteadvisor.com/download/iemedia.html) or Firefox for Windows (www.siteadvisor.com/download/ffmedia.html) to be more informed about the sites you’re searching on the Internet.
image7
There’s also a free desktop Symantec Internet Threat Meter available for either Windows or Mac.  Download the Widget Engine first from widgets.yahoo.com/win/ or widgets.yahoo.com/mac/ and then get the widget from widgets.yahoo.com/gallery to see up-to-date information on the risk level associated with specific online activities.
image7
In another article, I’ll tell you all about more new Yahoo widgets, formerly from Konfabulator.
Beverly Rosenbaum, a HAL-PC member, is a 1999 and 2000 Houston Press Club “Excellence in Journalism” award winner. She can be reached at trumors@hal-pc.org.