…And why it is so important to keep it patched.

Over at the Sunbelt blog they explore what can happen if Firefox is not patched up. By that I mean version 1.05 or below. They find out about keyloggers and even UnSpyPC.

Linkage Here. And remember patch up Firefox if you use it. By clicking on Help on the toolbar at the top, then Check for Updates. Or go to the Firefox web site and download a fresh copy of 1.5.0.2.

Update - 2nd of May - 1.5.0.3 is knocking on your door. UPDATE! UPDATE!

…SpyAxe, SpyFalcon varient. Blah Blah Blah. You know the score.

Symptons: (Thanks to Thunder)

O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hp****.tmp, and usually only this one (since it kills all other BHO’s)

And also check this out over at Temerc.

If you have this malware. Register at one of these forums. Read there rules and post a log. Or register and post at our own forum here.

One of IE’s new feature is this:

“Robust new Internet Explorer 7 architecture and improved security features help protect you against malicious software, and help to keep your personal data safe from fraudulent websites and online phishing scams.”

More info can be found here. And IE 7 support can be found here.

Here is it. My review of the new Ewido 4.0. Which is in beta mode. No official download release as of yet to the public. I want to point out that this review is entirely my opinion and influenced in no other way other than to test this product on my system. This article is best viewed in Internet Explorer. So here goes.

Obviously many users like and dislike Ewido. I like it. I think it is a great application and tool in detecting many malware.

The installation process is the same as Ewido 3.5. Smooth and quick. No problems at all. When you run it, the main difference you will notice is the interface change. Which is fresh and all new. But that won’t determine the way it performs. But still I like it.

New feature - “Tools”

This part includes the “Antispy” and “Shredder” tools. You can disable many things in AntiSpy:-

Each one above can be opened and disabled from within.

The “Analysis” feature

You also have “Analysis” were you can play about with your Processes, Connections, Autostarts, Browser Plugins and view your Layered Service Providor.

Most of the things you can do with version 4 are basically the same. Just this time some of the options are in more detail. Like for instance the updating. You can set up intervals ranging from 60 minutes to 24 hours. So to whatever time you set it. It will check for new updates. The “Status” feature is even more advanced. Not only can you disable and enable real-time protection and automatic updates. You can also reset counter for “detected malware so far”.

The “Shield” feature

Moving on to the “Shield”, which is more advanced. In the image below you can see what is available to you.

Ewido-Shield Image

As you can see there are four boxes you can check and uncheck. Whichever one you check will let you know with a warning, if anything gets detected.

The “Infections” feature

You can remove anything in the quarantine and also ignore any matching threats during a scan and in the real-time protection. By clicking on “Add Rule” to get a pop up asking you to “Ignore by name of threat” or “Ignore file/path”. Then typing in the name and clicking on ok.

There is also a report feature. Where any reports can be saved when you carried out any scans. Handy of you need to save the report and paste it to someone on a forum where you are seeking help.

The most important feature, the “Scanner”

For this feature I infected my own system to test it. See if it picked it up. Nothing major. Some tracking cookies and a trojan. Just so I can show you what happens. Before that I set the scanner. Now I suppose you can set it to whatever you prefer. Below you can see the options available.

Ewido-Scan-Setting Image

Now once set to the way I wanted, I went ahead and used a fast scan. Let it run whilst having a break. The difference from this version to “version 3.5″ is that you do not get a pop up window anymore asking you to remove anything found. It just scans away and once finished scanning you can then do what you want with the objects found. Now I like this. It is much better. Here is an image I took from it.

Ewido-ScanResult Image

So now you can see what it found. And to remove the objects or send them to the “Quarantine” you just simply have to move your cursor over the action of each on and right-click. Then just click on “Apply”. You can also save a scan report. Which is the same as the previous version.

My “Conclusion”

So after having a play about with this new version. What do I think about it? Well I think it is still a great tool. I like the fact no pop up window comes when it detects a malicious object or tracking cookie. The real time protection feature has more options which I like. And it has some new features. Is it a resourse hog? To soon to tell. I will have to see how it runs for a few days.

With more features than version 3.5, it certainly is an improvement. I do however hope that “Ewido” concentrate more on picking up trojans and other malicious infections. By that I mean, less tracking cookies and more trojans get detected. Certainly whoever uses this tool will find it picks up alot of tracking cookies. Mainly from “FireFox”. Which you can remove everytime you close the Firefox browser. But not everyone will know that.

Out of ten I rate it a nine. For the reasons that it has been improved and made more user friendly. But remember. Not every anti-malware application will detect everything.

As this is still a beta version. Expect new additions and alterations. Thanks to Grisoft for letting me test this new version.

Well with nothing really happening and the release of Ewido 4.0 beta. I am excited to get my hands on the beta version and tell you all what I think. I very much like Ewido 3.5.

The write up won’t be anything special as I don’t have a test box to run it on. But that does not stop me.

So it didn’t take long for me to blog again. For a very good reason I must say. Let me rewind the tape back to the beginning as to why my local Member of Parliment got in touch with me.

Back in february of this year anti-malware fighters from across the globe set up a new forum called Malware Complaints. This new forum was setup up to get people to complain about their malware troubles. And so far they have. Great!

Once we got going, the moderators for the United Kingdom room put together a covering letter. This letter could then be sent into their local MP. So with the article being fresh of the press I contacted my local MP via e-mail. Not expecting much from it. But to my surprise this is the reply I got:-

Dear Mr (me)

Thank you for your e-mail dated 18th of February regarding spyware and I apologise for taking so long to reply.

I agree that the issue of spyware needs to be addressed.
The UK has some of the best laws to prevent spyware, but these laws are not being properly enforced:

I will ask the Secretary of State for Trade and Industry,the Rt. Hon Alan Johnson MP, the following written questions:

What records the Goverment collect of cyber crime; including illegal “spyware” and spamming and if such records are kept, if he can provide me with the figures for each year between 2000 and 2005.

What discussions he has had with the Secretary of State for the Home Department on what action the Serious Organised Crime Agency will be taking to combat illegal “spyware”.

What discussions he has had with the Secretary of State for the Home Department on what action the Hi-Tech Crime Unit can take to prevent illegal “spyware”.

The last part was just to thank me for getting in touch and that he would contact me if anything develops. Whatever your opinion is on the questions. The fact he got in touch is already a big step.

We all want to defeat malware. One step at a time. But we are winning.

Incedently, if you have been effected with any malware. And wish to voice your opinion then please visit MalwareComplaints.

Edit - If you have a Digg account then Digg it here!! You know you want too.

No pun intended with the title there! But swifly moving on! Before moving to my own domain I had a free blog called Security-Cadets, to no surprise.

My main objective of setting up a blog was just to make people away of what is out there in the security world. I knew, if I was doing my job correctly (or even badly) I would get people reviewing my work. And that is excactly what BaneOfSatan did who is a member at StumbleUpon. Thanks Bane. Just hope you get the chance to see the new domain and review it futher. In more detail. As I thrive on reviews.

For my next random post I’m going to show you how to……I’ll let you wonder what my next post will be!

The latest rogue appication to come bombarding on the interweb that got blogged about at SunBelt came up with some interesting finds. It does not install malware but just junk.

In SunBelts latest post they discovered the Spyware Soft Stop detects these following files:-

Sunbelt describes these files as junk. So all in all it installs junk on your system and passes it of as malware. Thus making the average computer user thinking it was malware and paying the amount for the software.

What amaizes me is that companies are still making rogue apps. They get discovered with lightning speed. I guess that is what money does to you.