Silicon Shecky

Infosec Practitioner

Connect

Security Conference news…

By Leave a Comment

This week the big RSA Security Conference is going on in San Francisco. For those that don’t know what it is I suggest taking a look a the conference website to get more info overall.

There have been some interesting Keynote addresses that I plan on checking out online when I have time, but in the spirit of time I came across an interesting announcement from Symantec.

Symantec has acquired Security Vendor MI5, and this could be both good and bad. MI5 makes appliances that do some of the things that say a Barracuda appliance does, Web Security and the like. Symantec on the other hand, was once one of the best AV companies out there. I say once, because I know a lot of people had gotten turned off by their more recent offerings.

Now I am not going to bash Symantec’s AV stuff, especially considering that with their new CEO, they seem to be working on making their product better. I’m hearing reports that the new versions of their AV and Endpoint products are less resource intense, and work much better. Plus they are bringing back the Norton Utility line to where it should have always been.

What has me worried about them acquiring MI5 and assimilating it, is what has happened with BackupExec. When Symantec bought Veritas and got its hands on BE, it seemed like it could be a good thing. Unfortunately, BE has basically stagnated under Symantec’s rule, the online support for the latest versions is almost non-existent, and they have yet to make it to handle removable SSD (solid state drives) in an easy fashion. I hope to god that they don’t do the same sort of thing with MI5.

Innocence Lost: Welcome to the real world Mac Users

By Leave a Comment

Mac Vs. Windows. The age long battle, has been fought in advertising, on store shelves, and amongst computer users for a long time now. The arguments we can all say from memorys. Windows has more software, more hardware offerings, are less expensive, are more prevalant. Mac’s are more stable, produce better graphics, are more secure. Not anymore. Mac users have officially lost the right to say more secure. They no longer can claim that they can’t be hacked, and they definitely need to start looking into anti-virus solutions.

There are tons of articles floating around the net right now about the iBotnet, the unfortuante result of installing pirated copies of  iWork09. Yes I know, not everyone installs pirated software. Not everyone even knows how to get pirated software. That is not the point.

The point being that Mac’s have been so “secure” because noone felt they were worth writing malware for. With the growing popularity and large visibility Apple has been getting lately, its no surprise that something like this has happened. Yes this one might only affect a very small ammount of people, but now that proof of concept has been delivered, and now that one piece of malware has been made and put into the wild, the real question is how long until the copy cats start?

Look at the world of Windows malware, and you will find so much of it is variants. People download the original code, and modify it, making it meaner, nastier, more eveasive, easier to distribute. Do you really think that won’t happen with Mac malware? Are you that naive?

I’m a PC user. I have my Windows machines, and my Linux boxes. I’d love to have a Mac so I can learn it inside out. I don’t see any problem with Mac except that it is too expensive for my tastes. Well, now that you really should get AV for it, and like any other real software for Mac it costs because access to the APIs are all controlled by Apple and they charge a lot for that sort of access, it will cost more, plus that OSX is built on a *nix (Unix/Linux) system, well I guess I’ll wait longer.

Welcome to the real world my Mac friends.

First Advice

By Leave a Comment

So, as I was at work today, I got a call to go out on my 7th virus removal in the last 6 weeks. Yeah 1 a week at different clients does seem a bit much, but considering how skittish people are at running Windows Updates, things like this happens.

To those who want to know what I tend to use to clean machines of malware, let me tell you.

First off turn off the System Restore. Malware loves to hide there and it is nigh impossible to clean out of the restore points. Kill them, get rid of them.

Now then the software I use includes Ad-Aware, Malwarebytes, Spybot, and HiJack This. If possible keep these programs with their latests versions on your USB thumb drive. They are invaluable.

Make sure that they are as up to date as possible (yes sometimes you need to run them without checking for updates cause the malware will prevent updates from being downloaded) in safe mode.

Just remember google is your friend in these instances, and removal of the malware can take a long time. If you can just wipe and reload the machine, that of course is the preffered method, but use your own judgement.