Report: Softwares responsible for 76% of vulnerabilities – install Secunia PSI

Report: Softwares responsible for 76% of vulnerabilities – install Secunia PSI

Third-party programs responsible for 76% of vulnerabilities in popular software Posted on Feb 27, 2014 11:28 am Third-party programs are responsible for 76% of the vulnerabilities discovered in the 50 most popular programs in 2013, say the results of Secunia’s Vulnerability Review 2014, which is based on a samp… Read in browser » http://www.net-security.org/secworld.php?id=16448  

NOTE this was the great efforts and design and reasons for Microsoft creating Windows Vista, as it was shown and proven that Windows was NOT the reason for so much malware as an inadequately safe operating system. It was the third party – or simply all other softwares users installed on their computers that were the causes of malware infections via poor inadequate security coding and mainly always using Administrator Privileges were it was not necessary which gave malware administrator rights to run on the system. UAC – User Account Control was born in Vista which mitigated this. Bill Gates and Microsoft addressed ALL software creators worldwide to design safer hard coded softwares security-wise and not using administrator rights continually where not appropriate or necessary to run.

The security re-designed Windows Vista was on the heels of the Windows XP launch and years – where much of today’s malware was created and invented such as spyware itself, which did not exist before Windows XP. Here we are again with this reliable, credible, and well respected Secunia report. Malware is infecting systems thru weak softwares and NOT because of the Windows Operating System design. 

It is more than highly recommended for all users to install this free software for Home Users from Secunia (which I use too) which is a reliable durable software program that will scan the web for software updates that get issued for all softwares you may have installed. It can be set to automatically update them or manually. It can set to run with each computer start up in the background or to manually start and run a scan periodically as once a week or twice monthly. Now to do this manually can take hours and hours going to the software home website to check if updates are available, which many times are too hard to find at the site or not even posted there. Many softwares today finally added a Check For Updates button, which again can take all the time to continually open and close each software to check for Updates. The Secunia PSI automates these tasks ! HIGHLY RECOMMENDED AND IS FREE TO HOME USERS !

INSTALL THIS TO KEEP ALL YOUR INSTALLED SOFTWARES UP TO DATE !
(NOTE this will not install software Upgrades to next versions like on paid-for softwares were it will cost more for an upgrade. It scans for updates to your existing version.)

Secunia Personal Software Inspector (PSI)
(Download at website)
http://secunia.com/vulnerability_scanning/personal/  
The Secunia PSI explained
The Secunia Personal Software Inspector (PSI) is a free computer security solution that identifies vulnerabilities in non-Microsoft (third-party) programs which can leave your PC open to attacks. Simply put, it scans software on your system and identifies programs in need of security updates to safeguard your PC against cybercriminals. It then supplies your computer with the necessary software security updates to keep it safe. The Secunia PSI even automates the updates for your insecure programs, making it a lot easier for you to maintain a secure PC. Using a scanner like Secunia PSI 3.0 is complementary to antivirus software, and as a free computer security program, is essential for every home computer.  

YOUTUBEs:
(From Secunia) :

PSI 3.0 Walkthrough
http://www.youtube.com/watch?v=iUmaLmO0gx0&feature=youtu.be  

Tim and Dave
Short animated story about security and why Tim is happier than Dave. http://www.youtube.com/watch?v=h5rZkCnKMCM&feature=youtu.be  

WHO IS SECUNIA?
Secunia
http://en.wikipedia.org/wiki/Secunia  
From Wikipedia, the free encyclopedia

-- 

SENDER: gerald309 -- 
Have A Safe Computing Day!
Webmaster: Malware Removal/Amateur Forensics
HOME http://bluecollarpc.us/ 
Alternate https://sites.google.com/site/pcsecurityhelper/ 
HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/ 
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com 
Free Malware Removal Help / A Community Website Since 2005

 

Internet Explorer 10 Use-After-Free Vulnerability Being Actively Exploited In The Wild

US-CERT: Internet Explorer 10 Use-After-Free Vulnerability Being Actively Exploited In The Wild

Internet Explorer 10 Use-After-Free Vulnerability Being Actively Exploited In The Wild Original release date: February 14, 2014 https://www.us-cert.gov/ncas/current-activity/2014/02/14/Internet-Explorer-10-Use-After-Free-Vulnerability-Being-Actively An unpatched Internet Explorer 10 use-after-free vulnerability is being exploited in the wild. CERT/CC Vulnerability Note VU#732479 has been published with further details about the vulnerability.  US-CERT recommends users protect themselves against this exploit by using Microsoft’s EMET utility, upgrading to Internet Explorer 11, or using an unaffected alternative web browser until a patch is released.

PRESS/HISTORY:

“Use After Free” Flaws: A New Theme for IE Vulnerability … Apr 9, 2013 –
Similar to the flaws in last month’s update, both of these vulnerabilities are what developers call “use after free” vulnerabilities – a type of …
http://watchguardsecuritycenter.com/2013/04/09/use-after-free-flaws-a-new-theme-for-ie-vulnerability/

Also in Firefox…..
VUPEN Vulnerability Research Team (VRT) Blog  Advanced Exploitation of Mozilla Firefox Use-after-free Vulnerability (MFSA 2012-22)  Published on 2012-06-25 17:45:24 UTC by Jordan Gruskovnjak
Hi everyone, In this new blog, we will share our technical analysis of a use-after-free vulnerability affecting Mozilla Firefox, and how we managed to achieve a reliable code execution and bypass DEP/ASLR using the same unique and non-trivial-to-exploit flaw. This specific vulnerability (CVE-2012-0469) has been patched by Mozilla as part of the MFSA 2012-22 security advisory.
http://www.vupen.com/blog/20120625.Advanced_Exploitation_of_Mozilla_Firefox_UaF_CVE-2012-0469.php

SYMANTEC:
Microsoft Internet Explorer Use-After-Free Remote Code Execution Vulnerability ……….
Recommendations: Run all software as a nonprivileged user with minimal access rights. To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights………..
http://www.symantec.com/security_response/vulnerability.jsp?bid=51933

Risk: High
Date Discovered: February 14, 2012
Description: Microsoft Internet Explorer is prone to a remote code-execution vulnerability because of a use-after-free error in the ‘Mshtml.dll’ library. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.
IN FULL:
http://www.symantec.com/security_response/vulnerability.jsp?bid=51933

Finally added Facebook and other media share links to BlueCollarPC

Finally added Facebook and other media share links to BlueCollarPC….

From the beginning, Facebook was kind of frowned on for security/privacy issues. They have come a long way. We did not want our site pulling down information and so have also tested things and the best is up to each Facebook user to control all content via the privacy/security settings.

With PC Security the major issue aside of learning how to efficiently use a Windows PC, it is important to have trusted sites and their content available as widespread as possible considering there are hundreds of millions computers in use. With convenient simple enough plug ins now added at BlueCollarPC.US – this should help that Community effort. Share what is important to you and of course you know needed for others to see.

Webmaster, BlueCollarPC.US

Have a Safe Computing Day!

Linksys router Firmware Fix announced for Moon Worm malware

Linksys router Firmware Fix announced for Moon Worm malware

How to prevent your Linksys router from getting The Moon malware [FAQs]
What should I do to prevent my Linksys router from getting The Moon malware? http://kb.linksys.com/Linksys/ukp.aspx?pid=80&app=vw&vw=1&login=1&json=1&docid=56b6de2449fd497bb8d1354860f50b76_How_to_prevent_getting_The_Moon_malware.xml

Linksys announces firmware fix to neutralize “The Moon” worm
Posted on Feb 18, 2014 01:13 pm As Linksys (i.e. parent company Belkin) announced they were aware of “TheMoon” malware targeting its older routers and that they are working on a firmware fix, more details about the worm in question … Read in browser » http://www.net-security.org/malware_news.php?id=2711

Linksys Is Preparing Firmware Fix to Protect Users Against TheMoon Worm
The SANS Institute’s Internet Storm Center has issued a warning about a worm that targets certain Linksys routers. Dubbed “TheMoon” because it contains images from the movie with the same name, the threat is designed to exploit a vulnerability in the devices in order to spread.  Once it infects a device, the worm gathers information on the targeted router, including hardware and firmware versions. Then, it sends an exploit to a vulnerable CGI script that runs on affected routers. “The request does not require authentication. The worm sends random ‘admin’ credentials but they are not checked by the script. Linksys (Belkin) is aware of this vulnerability,” Johannes Ullrich, the expert who identified the worm, explained. “This second request will launch a simple shell script, that will  …….
ARTICLE IN FULL:
http://news.softpedia.com/news/Linksys-Is-Preparing-Firmware-Fix-to-Protect-Users-Against-The-Moon-Worm-427373.shtml

Comodo Internet Security (Free) Earns 100% Protection Rating by AV-Test.org

Comodo Internet Security (Free) Earns 100% Protection Rating by AV-Test.org openPR (press release) Comodo earned a perfect score with 100% protection against zero-day malware attacks during November and December and a near-perfect score for … http://www.openpr.com/news/281297/Comodo-Internet-Security-Earns-100-Protection-Rating-by-AV-Test-org.html?SID=5c1baaa02711b0ebc68227122cd0b1c6
[GREAT NEWS FOR THE THRIFTY, COMODO IS FREE ! ] 
HISTORY:
By bluecollarpc – Last updated: Saturday, August 3, 2013 – Save & Share – Leave a Comment

http://bluecollarpc.us/2013/08/03/great-test-news-for-comodo-free-antivirus/
Great Test News for Comodo Free Antivirus Comodo Shows Biggest Improvement in Antivirus Tests PC Magazine Malware writers keep working to make their nasty products evade detection by … To evaluate an antivirus product’s protection against malware attack, AV-Test … http://securitywatch.pcmag.com/security-software/314185-comodo-shows-biggest-improvement-in-antivirus-tests
MORE INFORMATION: Comodo Free Anti Virus Software Internet Security 5* (FULL) http://antivirus.comodo.com/ (Genuine Freeware) Free Antivirus Software from Comodo eliminates viruses, spyware, and other malware from desktops and networks fighting against Internet security threats. Full Real Time Protection !
PRESS: Great News ! Comodo Internet Security Earns the Prestigious VB100 Virus Certification HostReview.com (press release) April 14, 2011 http://www.hostreview.com/news/110414-comodo-internet-security-earns-prestigious-vb100-virus-certification
MORE:
By bluecollarpc – Last updated: Sunday, April 17, 2011 – Save & Share – Leave a Comment

http://bluecollarpc.us/2011/04/17/surprise-comodo-internet-security-earns-the-prestigious-vb100-virus-certification/
Comodo Internet Security Earns the Prestigious VB100 Virus Certification HostReview.com (press release) Jersey City, NJ, April 14, 2011 To earn the VB100 award a product must have been tested by Virus Bulletin and in those tests it must have demonstrated, in its default mode, 100 percent detection of In the Wild test samples and no false positives in a selection of clean files. … http://www.hostreview.com/news/110414-comodo-internet-security-earns-prestigious-vb100-virus-certification   [This is great news. They have been a free community product service for a couple years (free Comodo Antivirus, Firewall) and already had a high detection rate, though could have been higher. We applaud their obvious intensive work and in winning the VB 100 Award ! ]

-- 
SENDER: gerald309 -- 
Have A Safe Computing Day!
Webmaster: Malware Removal/Amateur Forensics
HOME http://bluecollarpc.us/
Alternate https://sites.google.com/site/pcsecurityhelper/
HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com
Free Malware Removal Help / A Community Website Since 2005

Emsisoft Anti-Malware continues support for Windows XP until April 2016

Emsisoft will continue to provide support for Emsisoft Anti-Malware on Windows XP until April 2016  PRESS/QUOTED: http://blog.emsisoft.com/2014/01/23/emsisoft-extends-protection-for-windows-xp/?ref=news140127&utm_source=newsletter&utm_medium=newsletter&utm_content=onlineversion&utm_campaign=news140127
In the last week or so, tech media channels have been all a-buzz about Microsofts’ announcement to end updates and support for the XP operating system as of April 8th, 2014.
This is huge news for anyone involved in PC security, because an estimated 25-40% of the world’s computers still run the operating system.  This means that when Microsoft cuts service, millions of PCs will simultaneously become vulnerable to an attack.
Emsisoft will continue to provide support for Emsisoft Anti-Malware on Windows XP until April 2016, a full two years beyond Microsoft’s cutoff date.  We have chosen to extend protection as long as it makes sense in terms of security, and when the time comes we may extend protection even further.  Millions of unprotected PCs are nothing to ignore, and as a company dedicated to anti-malware protection it our view that as long as a significant portion of people are using an OS, it should be secure.
With that in mind, it is important to realize that even with our extended protection your Windows XP computer will still be vulnerable to an attack.  Starting in April 2014, Microsoft will no longer be providing updates for the operating system.  As time moves on, this will make the system easier and easier to exploit for hackers.  This is because securing a PC is much like securing a home.  Even with the best Anti-Malware, it can only be as safe as its structure is intact.  In time, running XP will become like living in a home without a front door.  You could purchase an expensive alarm system, but it wouldn’t stop an intruder from walking right in.
It is also important to know that extending protection on XP takes time away from our development efforts for newer operating systems, and prevents us from using a lot of APIs we would like to be using today. We therefore recommend that anyone still running Windows XP migrate to a newer OS as soon as possible to ensure the most comprehensive protection.
What About Windows Security Essentials? You may have heard that Windows has recently chosen to extend XP malware protection by offering updates to its Security Essentials malware scanner until July 14, 2015.  While this is a friendly gesture, it is important to know that Security Essentials offers only the very most basic anti-malware protection.  In a recent test conducted by independent agency AV-TEST, Security Essentials only protected the testing PC from 4/5 signatures within the malware sample, letting one in five get through.  This earned it a 0 in AV-TEST’s Protection category. This means that if you are relying on Security Essentials, you will no longer be protected.  If this is the case, Emsisoft again recommends updating your operating system as soon as possible, and then choosing a comprehensive anti-malware to ensure  prevention.
There are a lot of options to choose from, but if you’re looking for something unobtrusive that can provide protection where Windows won’t, we recommend none finer than Emsisoft Anti-Malware 8.

-- 
Have A Safe Computing Day!
Webmaster: Malware Removal/Amateur Forensics
HOME http://bluecollarpc.us/
Alternate https://sites.google.com/site/pcsecurityhelper/
HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com
Free Malware Removal Help / A Community Website Since 2005
Posted in BlueCollarPC WordPress Blog. Tags: , , , , , , , , . Comments Off on Emsisoft Anti-Malware continues support for Windows XP until April 2016
%d bloggers like this: