MS Out of Sequence Patch

Today, March 30th, a vulnerability effecting IE 6, IE 6 SP1, and IE 7, that could allow hackers to remotely execute arbitrary code, will be fixed via an out-of-sequence Windows Update. Microsoft says that the new patch will be released around 10 AM PDT. This vulnerability has been seen, in the wild, during the month of March 2010 and Microsoft deems this a “High Priority” update.

Even if you have upgraded from IE 6, and 7 to Internet Explorer 8, you should still get this update. The update will also address several other privately reported issues, some of which do effect IE 8.

So make sure that you have Automatic Updates turned on, or get the update manually by going to www.update.microsoft.com ,using Internet Explorer, and manually get the new patches.

For More Information:

Common Vulnerabilities and Exposures CVE-2010-0806

Microsoft Security Advisory 981374

We All Love Facebook…..but?

The big three…..Facebook, Twitter, and Friend Feed, places where we all go to network socially. But lately it seems that all of these venues for communicating with our friends and family, have come under scrutiny relating to security problems. All of the social networking sites have come under fire regarding privacy issues. Remember when Facebook changed it’s policy overnight and all of your photos and information were changed to a ‘Public’ status, which had to be reset. Bad move, hell, even Mark Zuckerberg had his photos become public, which were quickly changed, but what was going through their minds to change their terms, and not even have the CEO of the company aware of these changes. All this aside, as disturbing as it is, it is not the biggest threat that is being aimed at us through these social networking venues.

Account hacking is fast becoming a serious problem on the sites. Once only limited to email accounts, Spear Phishing is fast growing in popularity among the bad guys and is something that everyone should be aware of. Weak sign on credentials, from users, are making it even easier for these crooks to hack accounts and eventually gain access to places in which no one, in their right mind, would allow them. Check out my post HERE on setting up a more secure password.

Bad Guys are targeting individual accounts by hacking into their friend’s accounts. What happens, is that a bad guy gains control of someone’s Facebook account, and now has access to all of that person’s friends. They will then send a targeted message which states something to the effect of, “You Should See The Photo I Got Of You Last Night”. Of course, you think you know this person so you click on the link which will take you to a fake website, one that looks exactly like one that is very familiar to you, such as Fickr.com. Now keep in mind that this web page will look very much like a real Flickr page, and will ask you to click on a link to view this photo. When you click on this link, a message will display telling you that a new version of Adobe’s Flash Player, or a different Codec is needed in order to view this photo. Conveniently, a link is supplied so that you can get these new versions in order to make it easier for you to view this much anticipated photo. But what we don’t do, is look at the URL, to see where we really are. You are not at Fickr.com but are at a bad guy’s page. When you click on that link to get that new version of Flash or that new Codec, your computer is immediately infected with what will most likely be, a Trojan Horse. This Trojan will now open up your computer to all sorts of new infections, like Keyloggers, and Worms. This could open you up to identity theft, stolen personal data, such as credit card info, banking credentials, and possibly even Social Security Numbers, which could allow the bad guys to open up new credit card accounts in your name.

The point is that as long as you are aware of these issues, you can safely post and communicate with friends via these venues. However, it is critical, that whenever you click on a link, that you keep an eye on the URL (Uniform Resource Locator). For more information on URL’s you can check out my two part posts by clicking on Part 1 HERE, and Part 2 HERE.

Now I use Facebook, Twitter, and Friend Feed, however I like to keep my accounts buttoned down, and only communicate with friends, family, and some friends-of-friends, but that is it. I have seen accounts that are completely public, meaning anything that is posted is visible to everyone. More and more employers are turning to these venues to check on your back round. Imagine a potential employer seeing the photo of you at that party 2 years ago, lying on the floor drunk. That would definitely make me think twice about hiring you. Keep your most personal information PRIVATE.

Now even more devious than the above mentioned hacking of an account starts in exactly the same way. You get your account hacked. Well now you take your computer to work and connect to the network there. Well now the bad guys can see the same things that you can see on your work’s network. Keep in mind, that there is no way that you will know that this is happening.  So you say, well I don’t have any high clearance access to any critical information. No, you may or may not, but someone that you network with at work may, and your computer being infected may allow this worm to spread higher and higher up the chain. This has just happened recently. An occurrence, such as this, could cost you your job.

This is all the more reason to make sure that you keep information on all of your Social Networking accounts private. At the very least, you want to make sure that any that could cause embarrassment (or worse) is, without a doubt, kept private.

Enjoy this new technology, but keep yourself safe. Social Networking is enjoyable and is very useful, however always remember, that what you do and post today, may come back and haunt you years from now. Once it is public, it just never goes away.

It’s That Time……Again!!!

Tomorrow is the 2nd Tuesday of the month again, the day in which Microsoft releases it’s monthly updates to Windows and other Microsoft products. However, according to the Microsoft Security Advanced Notification Bulletin, in comparison to last month’s update, this month’s release will be quite small. In all, a total of two bulletins with patches for 8 vulnerabilities afflicting Windows and the Office Suite of products is what will be patched. The updates are regarded, by Microsoft, to be ‘Important” and everyone is urged to employ the updates as soon as possible.

However, the vulnerability that effects Microsofts VBScript will not be fixed with this update. The vulnerability is explained in Microsoft’s Security Advisory (981169). The vulnerability effects the way that Microsoft’s VBScript (Microsoft’s version of JavaScript), in Internet Explorer,  interacts with Help. This vulnerability can cause the execution of arbitrary code on a logged in users computer, simply by coaxing the user to press the F1 key. Microsoft says that when they fully investigate this vulnerability, they can then determine the proper course of action, which may include a monthly update or a possible out-of-sequence update. Currently there are no known exploits in the wild. This vulnerability does not effect computers running Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008.

So make sure that your Automatic Updates are turned on or plan on running your manual updates tomorrow. Sometime after 11:00 AM EST tomorrow, you should be seeing the updates on your computer.

Some Interesting & Informative Data from Microsoft

Microsoft bi-annually posts on it’s website what they refer to as the Microsoft Security Intelligence Report. The current report encompasses a time frame spanning from January to June 2009, and it offers a slew of interesting and very valuable information. It is very interesting to see what types of vulnerabilities and malware are thriving and in what areas of the world. It also shows what Microsoft and outside software companies are contributing to these threats. All of this is done utilizing color coded and easy to read charts and graphs with dialog explaining the meanings of all this data.

A couple of things that stood out to me is the problems that have arisen due to the Adobe suite of software, actually maybe it is not that surprising being that we are being inundated with security updates, from Adobe, on what seems a weekly basis. The disparaging differences between the exploits and infestations occurring in XP and Vista also made me wince. It will be interesting to see what the differences are once Windows 7 is part of the report.

You can download this report by going to Microsoft’s site, by clicking HERE. There are two different versions of the report in two different formats. I would recommend downloading the 19 page summary version (1.7 mb) as a PDF. It also comes in XPS format. The full comprehensive report is 232 pages (10.3 mb) and contains the exact same charts and graphs.

After reviewing this, kindly leave a comment and let me know what you see as surprising and interesting. I would like to see different views.

Here is the link to Microsoft…..

http://www.microsoft.com/downloads/details.aspx?FamilyID=037f3771-330e-4457-a52c-5b085dc0a4cd&displaylang=en

It’s That Time Again!!!

Patch Tuesday.

My, the month went fast. It seems like it was just yesterday when Microsoft issued the itty-bitty patch in January. It’s funny how a month can change things. Tomorrow, Tuesday February 9th is the day when Microsoft will push out it’s updates to the Microsoft family of software. Although Microsoft does not officially post what patches are coming until they are released, it has been said that this update is going to be quite large. 13 bulletins, fixing a total of 26 vulnerabilities, of which 5 have been labeled as critical. Microsoft has acknowledged that one of the fixes will be an exploit which could allow remote code execution. Most of the updates will be for Windows, but the Office Suite will also have updates. And of course there will be an update for the Microsoft Malicious Software Removal Tool (MSRT).

It is always prudent to create a System Restore Point before getting these updates. Although, it is imperative that you get these updates, it is always possible for something to go wrong. Creating a System Restore Point may just save you should something happen. I know, Microsoft does that automatically when installing updates, but I still like to create one manually. Call me paranoid, but I just do not trust Microsoft that much.

As always, from Internet Explorer, go to http://www.update,microsoft.com, download and install all of the critical updates. If you have Automatic Updates turned on (which is highly recommended), all of the critical updates will come to your system automatically. Look for the yellow shield in your tray (next to the clock).

Once the update is complete, it is recommended that you scan with your anti-virus, and anti-malware software. Don’t have one, check out my posts HERE and HERE. Even though the MSRT does a “quick” scan after updating, it is recommended that you manually run it doing a “Full Scan”. To do this, click on “Start” and in the search dialog, type in MRT.exe and click Enter. In XP, click on Start, then select Run, and in the dialog box, type MRT.exe and hit Enter. Once the scanner opens, click on Next, Select “Full Scan”, and start the scan.

Make sure you are looking for these updates, and if they do not come through automatically tomorrow, or by Wednesday at the latest, make sure you manually update. Not updating is the number one way that Windows computers become infected, or exploited. The bad guys know that some Windows users do not update, and once Microsoft publishes these updates, they essentially let the bad guys know exactly what exploits are available and will attempt to take advantage of the one’s who do not update.

Keeping that Windows machine healthy makes for a Happy Computing Experience.

Firefox Browser Add-ons Contain Malicious Software

Mozilla’s popular web browser, Firefox, has recently been found to contain two experimental add-ons that contain Trojan Horses. Once installed on a computer, these trojans will run, thus infecting the computer. The two add-ons that were installing the malicious code were known as the Sothink Web Video Downloader, version 4.0, and all versions of the MasterFiler add-on. Mozilla has said that these two add-ons have been removed, however removing the add-on will not get rid of the trojan horses that are already running on infected computers. Mozilla recommends that any users who have installed either of these two add-ons should immediately remove them and scan their computer with anti-virus software.

The Sothink Web Video Downloader contained the trojan horse known as:

Win.32.LdPinch.gen.

The Master Filer contained the trojan horse known as:

Win32.Bifrose.32.Bifrose.

More information from the Mozilla Firefox BLOG.

This is a Windows only infection. Mac OSX and Linux operating systems were not affected.

Uniform Resource Locator – Part Deux

Now that we know the basic format in which all Uniform Resource Locators (URL) utilize, let’s now look into ways in which you can be fooled into going somewhere that you never intended. If you did not read Part 1, you can check it out HERE. Crooks use techniques, such as URL Spoofing, MitM (Man in the Middle) Attacks, and Browser Hijacking in order to steal your valuable personal information. The URL can, in most instances, let you know exactly where you are going when you do a search, however it is not always as intuitive as you would think. Criminals are very good at tricking you into entering sites that you never intended.

We all now know, from my last post, the basic format for URL’s.

http://www.domain.com/folder/sub-folder/page_name/

Before we get started, I would like to take the opportunity to state that the e-commerce sites used in the following examples are not being attacked in the portrayed manner. These types of attacks are not occurring on their sites and are only being used for the purpose of showing an example. Amazon.com and Paypal.com are perfectly safe venues for using e-commerce.

Here is why this information is important. Crooks will attempt to trick you into clicking on a malicious site deceiving you by manipulating the URL. In this example, I am going to use Amazon.com, but they are only being used to prove a point, this is not an actual event. Let’s say you do a search for Amazon.com. Well the true URL for their home page is http://www.amazon.com.  The search result you return is for Amazon, and may even have the Amazon logo next to it. But, by looking at the URL, you notice that it is actually taking you to” http://www.amazon.badguy.com/GetVirusHere/”.  As you now know, even though it says Amazon in the URL, you are not going to Amazon.com, but are actually going to the domain “badguy.com”. Amazon is a high profile search term and is easy to identify, as it is always the top return in a search query, however when you do a search in which the results may not be as intuitive, it is important to look at the URL to ensure you are going where you want. Other tricks that may be used:

“http://www.badguy.com/amazon.com/”……In this case, even though the last .com is from Amazon, it is after the first slash (/), which tells you that it is a folder on the badguy.com domain. (Remember the file cabinet.)

“http://www.badguy.amzon.com/getvirushere/”….Simple spelling errors are ways that the bad guys will attempt to lure you to malicious sites.

OK, these are the easier to recognize tricks that hackers will use to fool you. The next trick uses a more sophisticated method of luring you. Let’s say that you receive an email stating that you have a gift certificate for Amazon.com. Naturally, it looks official so you click on it, and within the very official looking Amazon email, you see a link that looks like this: “http://www.amazon.com/GetGiftCertificateHere/“. Well this looks good right? Yeah, you are right, it does look legitimate, however click on the link and see what happens (don’t worry, nothing bad will occur),  Just because the text in a link looks correct, it does not mean that the link is taking you where you think. You may be asking, so how can I be sure? The easiest method of making sure you are going to where you want is to hover over the link (do not click it), and right click the link and select properties. Your browser will then show you where that link is pointing.

So the browser will tell you that you are not going to “http://www.amazon.com/GetGiftCertificatHere/” but are actually going to another The Edible Earth page. Crooks will obviously not be so kind and will take you to malicious sites.

Now let’s say that you arrive at a web site and everything looks OK, including the URL, but something just does not look right. The way to be sure that you are actually where you think you are is to run a little JavaScript. By copying and pasting the script into the URL bar of the site that you are on and clicking Enter, a description of the site’s actual URL and Address URL will be displayed. If this shows that the .coms do not match you may have been spoofed and may be at a malicious site.

Copy and paste the following JavaScript in the URL bar (NOTE – When you copy and paste this, clear the URL information that is already there. This script should be the only thing in the URL bar):

javascript:alert("The actual URL is:\t\t" + location.protocol + "//" +
location.hostname + "/" + "\nThe address URL is:\t\t" + location.href +
 "\n" + "\nIf the server names do not match, this may be a spoof.");

These types of spoofs are common on nefarious websites, so make sure that you are aware of where you are going before clicking on links.

However, crooks are getting more and more clever with their tricks, and even though, the aforementioned tactics can be effective, there are some types of tricks that are even more difficult to detect. The first is browser hijacking in which you are directed to a fake website after clicking on, what appears, to be good link. These fake sites are very well built, and will look very much like a legitimate site. Let’s say you click on a link that you think will take you to Amazon.com, however you wind up at a site that looks exactly like Amazon.com, but is not. From here, the cyber criminals will attempt to get your personal information. Simply by glancing up at the URL will tell you that you are not at the correct site. The criminals are relying on, the fact, that hopefully because the site looks so genuine that you will not even question what the URL says. Always, check the URL. Again, by running that little JavaScript will tell you exactly where you are.

These hijackings may even take you to a site, that may, look nothing like Amazon.com, but will contain malware or links to malware. Should you ever think that you are going to a particular site, and wind up somewhere unexpected, do not click on anything on that site, no matter how appealing it may seem. Chances are you are going to wind up with a virus, worm, trojan horse, or spyware.

Even more dangerous are what are known as Man in the Middle (MitM) attacks. These are hacks in which the criminal will get in between your transmission and the expected website, kind of like an intercepted pass in football, and steal your personal information. This was a very simple thing for an experienced hacker to do, however e-commerce sites have become more aware of this type of attack, and have made changes to their site so as to make MitM attacks more difficult. One way that this could be accomplished is by going to a page that is asking for your personal information that is not protected by an SSL/TLS (Secure Socket Layer/Transport Layer Security) connection. Any connection that is protected be SSL/TLS is encrypted so that all that a MitM will see is gobble-d-gook. All websites that are encrypted by SSL/TLS will always begin with “https://” instead of just “http://”. The way that a MitM Attack could occur is for you to go to an e-commerce site. You would then add items in which you want to purchase. You are looking at the page with the item(s) that you are intending to buy. This page has a button that says “Purchase Now”, however this page is not protected with SSL/TLS (starts with https://). Before we go any further, I will give you the nickel explanation of how these sites expect to receive packets over the internet.

When packets of information are sent over the internet, that contain personal identifying information, most sites like Amazon.com, Paypal.com, etc. expect them to arrive at their server sent over an encrypted transmission. If they are received un-encrypted, these packets will be dropped by the site, which is a good policy as it protects you. When encrypted purchase information is received, confirmation information is then sent back to you, also through an encrypted transmission.

OK, now let’s return to that page in which you are going to purchase your items. The page was designed to be un-encrypted (http:// only), however once you enter your credit card information, and push the ‘Purchase Now’ button, the information will then be sent over SSL/TLS. What happens is that the criminals hack the site, and overlay the ‘Purchase Now’ button with an address that goes to their malicious site, over a non-encrypted transmission, where they now have all of your personal information. Now remember, the e-commerce site will not receive any information that is not encrypted, so the hacker will then cover their tracks and pass the information on to the e-commerce site over an SSL/TLS connection so that the e-commerce site receives the packets of data exactly the way that they are expecting it. Likewise, you will receive your purchase confirmation just as you expected, thus will never know that your data was intercepted. Most e-commerce sites have fixed this flaw as anytime that you enter your personal information, it will be entered on a page that is over an SSL/TLS connection as well as sent over one. This way no hacker can manipulate a page in which any personal information is entered as the page is encrypted. This is only one way that a MitM attack can occur. Most of the time you will never even know that it has occurred.

I would like to take the opportunity to thank all of the e-commerce sites used in the examples above. These types of attacks are not occurring on their sites and are only being used for the purpose of showing an example. Amazon.com and Paypal.com are perfectly safe venues for using e-commerce.

In order to safely use e-commerce and browse the web, it is essential to understand the concept behind a URL, their structure, and how they work. When browsing the web, make sure that you pay special attention to the URL address that you are actually going to so as not to get spoofed and potentially endanger your personal information.

And as always, make sure that you keep your Operating System, anti-virus, browser, and anti-spyware software updated. Never click on solicited links in an email and always use common sense. If a deal seems to be too good to be true, it probably is.

Let me know if you have experienced these types of attacks……

Leave a Comment!!!!

Uniform Resource Locator

The Uniform Resource Locator or URL is an address that identifies an available source and where that source can be located. URL’s indicate the server location, subfiles, and file names where specified web pages can be found on the internet. However, with the onset of malware on the web it is important to understand the format of URL’s in order to keep from being tricked into going to a malicious website. You need to be sure that you are going exactly where you want to be going and the only way to know that is by understanding how to interpret what the URL means.

Before we get started, you will need to click on the “Title” of this post so that the URL will make sense to you. My “Home Page” will show you the URL labeled “https://macarooni.wordpress.com/” but by clicking on the title which is named “Uniform Resource Locator”, it will lead you to a page named “https://macarooni.wordpress.com/2010/01/13/uniform-resource-locator/”. You will need to see this entire address in order to comprehend what is coming up next.

The first item in a URL is the “http://” (http://macarooni.wordpress.com/2010/01/13/uniform-resource-locator/) which stands for Hypertext Transfer Protocol. The actual understanding of the technology behind this is not important, however, this technology was what led the the creation of the World Wide Web. All URL’s, except those using Secure Socket Layer (SSL) all begin with “http://”.

The next item in a URL, will be the “www.”, (http://www.macarooni.wordpress.com/2010/01/13/uniform-resource-locator/) which stands for World Wide Web. This is saying that your query will be on the web. What? You may be saying, I do not see a “www.” in this post’s URL. This can be a little deceiving. Most DNS Server’s do not require that the www. be a part of the web address. It can, in most instances, be left out, as the DNS  and your browser will recognize that you obviously want to go to the web. If you type “http://google.com”, your DNS Server and browser will know that you are looking for Google and will direct you to “http://www.google.com”. Likewise, should you just type “Google.com” in the URL, your DNS Server should be smart enough to direct you to Google’s home page. The more popular the site is, the more likely that typing in vague URL’s will direct you to the correct page, without going to a search result page.

I know what you are saying…..Why is this so confusing?

It is confusing and it will only get more so, but this is something that needs to be understood in order to surf the web safely.

In most cases, the next item will be the server in which you are looking to connect to. In the case of Google, the server name is “Google.com”. In the case of this page in which you see “macarooni.wordpress.com”, the “macarooni” is stating a specific area on the server in which to connect.  WordPress’s servers are shared by many other blogs besides this one, so each blog will have it’s own section on the server in which the data will be stored. So “macarooni.wordpress.com” is sending you to my section of the wordpress.com server. Here is what it should look like….http://macarooni.wordpress.com/2010/01/13/uniform-resource-locator/

Folders and Subfolders. These will follow the naming of the server and location on the server and is always separated with a slash (/). So if you look at the URL for this post, you have the http:// and then the www. and then the server that you are going to, which is named “macarooni” and the domain or server  is “wordpress.com, meaning that you are connecting to servers at WordPress.

I did not mention this and it is an important point. All domains consist of a name followed by a dot and then a Generic Top Level Domain (gTLD) name. These are web site categories maintained by a certified authority, namely the IANA (Internet Assigned Number Authority) which are used by the DNS (Domain Name System) for use on the internet. Some of these categories are unrestricted, like .com (commercial sites), and .info (information sites). These unrestricted categories can be used (registered) by anyone. Others are restricted, such as .gov (government), .mil (military), and .edu (education), which can only be used by sites that fall into their particular category. There are also categories based on location, such as .ru (Russia), .fm (Federated States of Micronesia), and .tv (Tuvalu). Now there are many other categories that you may encounter, but these are a few of the main ones. To get more information on the categories, you should visit the Wikipedia site HERE.

Ok, back to Folders and Sub-Folders. Like I said, these are always separated with a Slash (/) mark. The easiest way to explain these is to think of a file cabinet and I am going to use the URL for this site as an example. Think of the domain (http://macarooni.wordpress.com/2010/01/13/uniform-resource-locator/) as being the File Cabinet itself. Now this file cabinet has drawers in it. After the first slash is a folder named “2010” (https://macarooni.wordpress.com/2010/01/13/uniform-resource-locator/). So that represents the drawer in your file cabinet that is labeled “2010”.

Now you open up that drawer and find that you are looking at a bunch of hanging folders in that cabinet drawer. One of those folders will be labeled “01” (https://macarooni.wordpress.com/2010/01/13/uniform-resource-locator/). This is known as a sub-folder. There can be a lot of different sub-folders in a URL, but most sites try to keep these as minimal as possible to make it as easy as it can be.

Next in this sites URL is the “/13/”. Think of this as being a manila folder, that is labeled “13”, stored within the hanging folder that is labeled “01”. https://macarooni.wordpress.com/2010/01/13/uniform-resource-locator/

The last item in the URL is the actual file that you are going to display. In the case of this site, it is a file named “uniform-resource-locator”. In our file cabinet example, this would be the actual document that you pull out of the manila folder.

The actual file that displays on your computer….

(https://macarooni.wordpress.com/2010/01/13/uniform-resource-locator/).

in the manila folder….

(https://macarooni.wordpress.com/2010/01/13/uniform-resource-locator/),

in the Hanging Folder…..

(https://macarooni.wordpress.com/2010/01/13/uniform-resource-locator/),

in the drawer

(https://macarooni.wordpress.com/2010/01/13/uniform-resource-locator/)

that is in the file cabinet

(http://macarooni.wordpress.com/2010/01/13/uniform-resource-locator/).

The first most important thing to understand is to how the gTLD is displayed. It will always be followed by the last dot and, secondly, that all folders and sub-folders are separated by a slash (/).

Why is this so important?

Check for my next post which will explain how these URL’s can be manipulated to redirect you to sites that contain malicious software. I will also explain a little about Secure Socket Layers (SSL) encryption.

Let me know what you think…..Does this make sense?

Feel free to leave a comment….

Browser Wars Heating Up

The long standing browser war continues on with some new gainers and some losers. Internet Explorer (IE), Microsoft’s browser has long been the preferred choice for browsing the internet, but has been plagued with exploits which have caused a decline in it’s usage. Apple announced it’s version of a browser for Windows… Safari… and fast gained popularity propelling itself to the number 3 most used browser quickly after it’s release for Windows users. Then came Google, when Chrome first was released, it quickly became popular mainly due to Google’s vast popularity. Opera, which has always been the “long shot” in browser popularity continues to maintain a steady usage percentage.

Internet Explorer, as stated above, is still the most popular browser being used currently, but Mozilla’s Firefox browser has been steadily gaining on the browser empire that Microsoft has created. Recently, Google Chrome overtook Safari as the third most utilized browser, mainly I think, due to Google’s release of versions for the Mac and Linux operating systems. Opera is simply holding it’s own.

Now, in my opinion, which browser is the best? I am going to rate each of the most popular browsers based on three important criteria….the 1st… Speed, the 2nd… Security, and lastly…..Reliability. Now these recommendations are not based on any scientific research, but on my own personal usage experiences. All of these are ranked from Best (#1) to worst (#5).

Speed

Using Windows

1) Google Chrome

2) Opera

3) Mozilla Firefox

4) Apple Safari

5) Internet Explorer 8

Mac (OSX)

1) Safari / WebKit

2) Google Chrome

3) Opera

4) Mozilla Firefox

Note that IE is not available for OSX

Now keep in mind that the speeds are very close, but I have seen a noticeable difference, especially in the top three listed above. The speeds of all four of the browsers, on the Mac, were not very noticeable.

Security

Windows

1) Mozilla Firefox

2) Internet Explorer 8

3) Google Chrome

4) Opera

5) Apple Safari

Mac

1) Mozilla Firefox

2) Safari / WebKit

3) Opera

4) Google Chrome

I do not like the way that Apple’s Safari works on Windows machines. I think the lack of security features is due to Apple’s general lax of the need for security. Although all the browsers have comparable security features, I think that Firefox’s security and the ease of setting it up is, far and above, all the other browsers.  I tend to use Firefox on all my machines due to this fact. The minor speed disadvantage is outweighed by the security that is offered.

Reliability

Windows

1) Google Chrome

2) Opera

3) Mozilla Firefox

4) Internet Explorer 8

5) Apple Safari

Mac OSX

1) Safari

2) Mozilla Firefox

3) Opera

4) Google Chrome

Again, Safari for Windows did not fare well in my tests, but was the best on the Mac OS. This may be due to Apple’s venture to just get the browser out there, but crashes and stalls were frequent on a Windows machine and are non-existent on OSX. Google Chrome did so well on Windows mainly that it has a feature in which all the open tabs run in different “processes”, which means that should a particular tab running a web page crash, it will not crash the entire browser but only that particular tab. This is something that Firefox is supposedly going to add when version 3.6 is released. Firefox 3.6 was supposed to be released in early 2010, but has now been delayed. When this functionality is available in Firefox, the reliability may need to be updated.

OK, now for my overall favorites…..based mostly on “usability” and “speed”, but I never forget “security” either. The “usability” criteria also takes into account it’s ease of use, meaning that the UI (User Interface) is well designed.

Windows

1) Mozilla Firefox

2) Google Chrome

3) Internet Explorer 8

4) Apple Safari

5) Opera

Mac

1) Mozilla Firefox

2) Safari / WebKit

3) Google Chrome

4) Opera

Although I rated Firefox as my top choice on the Mac, Safari is just as capable and could easily be put at the top spot, especially because it is faster. My personal preference is Firefox though, based mostly that it is, far and above, my favorite when using Windows. Google Chrome, although a competent and very fast browser on Windows, is lacking in the new version for the Mac, which is currently in Beta. I am quite sure that Google will update this browser in the future and may very well move up on the list, especially regarding the Mac. As far as Opera goes, it is not a bad browser, my biggest issue is the UI, I just cannot get used to it. Safari, for Windows, has a lot to be desired, it just is not a fully functioning browser for Windows that I have any trust in. On a Mac though, like I said, could very well be rated #1.

Here are the most recent browser popularity results…..

http://marketshare.hitslink.com/browser-market-share.aspx?qprid=0

What are you preferences?  Do you Agree? Disagree?

Let me know your thoughts, leave a comment or take these short Polls.

Thanks for asking, I Am Fine!!!

Wow, It’s Been Awhile…..

Yes, it has been a while. But guess who has reared it’s ugly head once more? None other than Conficker!!

New Zealand’s Waikato District Health Board has announced that the Conficker (aka Downadup) Worm has infected it’s entire hospital network. On Thursday, 12/17 was when the problems were first discovered and Microsoft was called in to diagnose the problem. Two hours later, Conficker was found to be the culprit. This forced 3,000 of the Districts networked computers to be shut down. This caused the 7 hospitals, in their network, to urge patients not to seek care at their facilities, unless it was an absolute emergency.

The Conficker worm, which has become the most prolific computer infestation in history, is estimated to infect up to 15 million different computers, although due to the difficulty in tracking this worm, range from a low of 5 million infected computers. Each serving as a ‘zombie’ in it’s vast botnet. For a reminder regarding Conficker, you can check out my past post from 1/23/09 HERE and from 3/25/09 HERE, once again on 4/12/09 HERE.

But here is the part that gets me. How? and Why? did this worm get into that hospital’s network. First off, where was there IT staff? Conficker, although prolific, is not something that any computer should ever become infected with as long as proper security measures are in place. When the worm was first detected in 2008, and found it’s way into computer systems due to an exploit in the Windows Operating System (OS), Microsoft reacted quicky and on October 23, 2008, issued a patch (MS08-067) which closed the hole in the OS. They then pushed out a tool know as the Malicious Software Removal Tool or MRT, which effectively could remove the malware from an infected computer. It is true that the initial spread of this malware was through external USB storage devices, such as thumb drives, which were inserted into “Auto Run” enabled computers, but the fact remains, that a simple update and scan using the MRT should have removed the worm. The fact that Conficker, like I said earlier, may still infect up to 15 million computers is appalling, since a patch and fix for it has been available for 14 months now.

So let’s all make sure that we are updated. Using Internet Explorer, go to http://www.update.microsoft.com and check to make sure that you have all the critical updates that are available. Keep checking until there are no more updates available. Then make sure that Automatic Updates is turned on. Next make sure that your anti-virus software is up to date. Don’t have an anti-virus software, then check out my recommendations HERE. And lastly scan using the Malicious Software Removal Tool. Don’t know how??  Click HERE.

Although this is news, in my opinion, an organization such as this should be embarrassed that this incident has occurred. No major organization, with a competent IT department, should ever run into a situation like this. Of course, sabotage is always something to investigate, but under normal circumstances, Conficker should technically be dead and buried by now.

What are your thoughts regarding the Conficker worm…..

Leave a Comment!!