Comodo Malware Prevention

Ah Shane, you brought Comodo to my attention a few years ago.  Good on ya, mate!  I like it, and not just because it’s free for the home-user, although that helps to sweeten the deal.  Comodo is now a leading brand in Internet security, providing businesses and consumers worldwide with security and trust services, including digital certificates, PCI scanning, desktop security, and remote PC support.

Small businesses, local governments, educational institutions and not-for-profit organizations have begun reporting staggering financial losses due to malware attacks.  These mounting losses are due in part to weaknesses in conventional PC security solutions.  Because most threats are unknown at the initial point of contact, they are unlikely to be blocked by conventional signature or blacklist based security software. 

Comodo Security Solutions recently announced the release of Comodo Endpoint Security Manager 1.5, combining the malware prevention capabilities of Comodo Internet Security software together with scalable central administration features for businesses with dozens to thousands of PCs.  Comodo claims “breakthrough features” in this version, including Auto Sandbox Technology and a limited warranty to repair PCs damaged by malware.

Core security is provided by Comodo Internet Security 4.0 and using “Default Deny Technology”, only those files that are on the safe “whitelist” of over 15 million files are allowed to run and access critical system resources or information.    All other files are either blocked, because they are known to be unsafe, or automatically “sandboxed” if their safety is unknown.  While sandboxed, an application is closely monitored and given limited privileges; it can only write to a virtual file system and registry.  Comodo’s unique, patent-pending Auto Sandbox Technology relieves users and administrators from having to make difficult decisions about which applications to block and which to allow, making the product both easier to use and more secure than most alternatives. 

Comodo Endpoint Security Manager 1.5 is priced per endpoint. Prices range from $22.95/year for 100 or fewer, to below $10/year for over 5000 endpoints.  For more information, please visit Comodo’s Website.

FREE PT360 Network Monitoring Tools

PacketTrap Networks is giving away FREE tools, (anyone that knows me knows how fond I am of FREE tools!) actually their whole their PT360 Tool Suite for application and server monitoring.

Offered as a free solution, the PacketTrap pt360 Tool Suite PRO consolidates dozens of network management and monitoring tools into a single, integrated interface.  The tool suite includes Cisco configuration management, server and application monitoring, open source and third party integration, a robust encrypted credential store, the ability to save and flow results between tools, deep network discovery (with network mapping) and syslog server capabilities. All of these tools compliment the extensive real-time monitoring provided by the pt360 Dashboard.

• Cisco Configurator
• DNS Audit
• Enhanced & Graphical Ping
• MAC Scan
• Network Inventory
• Ping Scan
• Port Scan
• SNMP Scan
• Switch Port Mapper
• Syslog Server
• TFTP Server
• Trace Route
• Traffic Jam
• Wake on LAN
• WHOIS
• WMI Scan

 The pt360 Tool Suite’s Application Monitoring provides in-depth visibility of running processes and performance counters for mission-critical applications.  It comes with out of the box support for MS Exchange, SQL, and Active Directory.  Application failures are usually the most common problems that occur in IT infrastructure.  These powerful monitors help IT Admins and network engineers prevent application failures and identify degradations early.

• Deep support for MS Exchange, SQL, Active Directory specific counters
• View performance of applications in your Perspective dashboard
• Set warning and critical threshold alerts to be notified when performance degrades

PacketTrap

Adobe To Patch Monthly?

It looks like Adobe may have finally seen the light, and is preparing to jump off the tracks before that on-coming train takes them right out of the picture.  Adobe has become a big red target for vulnerability exploitation and payload delivery and has been taking some serious fire lately for the security shortcomings of their flagship products, Flash, Acrobat and Reader.  They may now be on the verge of changing their patch release process to deliver patches on a monthly schedule, coinciding with Microsoft’s monthly Patch Tuesday releases.  What a novel approach!

This  change would mark the second major change to Adobe’s release process in the last 12 months.   In 2009 the company moved to a scheduled quarterly patch release.  That change from ad-hoc, random releases was generally well-received, providing advance notification, the ability to plan and schedule deployments and maybe even do a little testing.  This latest change is intended to get patches out to their customers quicker. 

H-Security

SANS – APT Forensics Challenge

The 2010 Digital Forensics and Incident Response Summit’s focus this year is examining and advancing the digital forensic professional to deal with advanced threats such as the APT and organized crime.  Understanding how many of these crimes take place is crucial to creating lethal forensicators armed with the knowledge and skills to analyze complex cases.  I asked Jonathan Ham and Sherri Davidoff (who co-authored the sell-out Forensics 558: Network Forensics course and created many successful contests at – forensicscontest.com) to create a contest based partially on how the APT might try and trigger a compromise to steal intellectual property via a targeted attack via spear phishing.

Jonathan and Sherri have created a contest that will challenge your skillset and help you see the types of attacks that could be infecting your networks today. Using published information based on the Aurora attacks they set out to recreate a sequence of events that demonstrate the challenge investigators will face when examining compromises of clicking on links via a targeted spear phishing attack.  This contest is a step in the right direction to help educate and challenge forensic professionals around the country. 

It also provides a good example of some of the discussions we will cover at the 2010 Forensic Summit: Malware analysis, Network Forensics, and the Advanced Persistent Threat.  Jonathan and Sherri will announce the winners at the Forensic Summit on July 8.  We hope you win the challenge and will attend the 2010 Forensic Summit, July 8, 9 in Washington D.C. ”

The contest itself is available over a the SANS Computer Forensics Blog.

Reminder: Win2k End-Of-Life in July

Just a reminder that Windows 2000 in all of its forms is slated for E-O-L in July of 2010. It will no longer be available with systems, as a product, and patches and service packs will stop being made avaialble for it.  If you happen to have w2k kicking around in your business or home-office, you had better get to planning an upgrade, post-haste.  http://support.microsoft.com/lifecycle/search/?alpha=windows+2000

On the topic of Microsoft LifeCycles, Windows XP users will be happy to hear that support for the O/S has been extended into 2014.  Watch this data closely, as dates in the future are closer than they appear.  http://support.microsoft.com/lifecycle/search/default.aspx?sort=PN&alpha=windows+XP&Filter=FilterNO

Keep Online Crooks At Bay

If you have family and friends who might benefit from some security guidance, you might share this New York Times article with them.  It steers clear of jargon while offering concrete advice about how to manage each of the 5 issues presented.

NY-Times

NASA Shifts Focus From C&A To Security Monitroing

NASA deputy CIO Jerry Davis has issued a memo instructing NASA CIOs and CISOs to shift focus and contracts “away from cumbersome and expensive C&A [certification and accreditation] paperwork processes, in favor of a value-driven, risk-based approach to system security.”

 The Federal Information Security Management Act (FISMA) was a good idea with good intentions, but it should have been considered a stepping stone to a semi or fully-automated process.  The mechanisms and processes for assessment and output delivery have been badly flawed since inception.  FISMA has been facing increasing criticism for being a paperwork black-hole, requiring agencies to commit time and money to create reports that assess compliance, but not requiring any actions to secure systems.  C&As are still required before new systems are authorized for operations, but the 3-year C&A updates that consume 85% of the C&A budgets are no longer allowed.  Davis took his lead from a list of security requirements released by the Office of Management and Budget (OMB).  Last year NIST took the lead in updating 800-53 and 800-37 to require more continuous monitoring.  OMB is requiring that the output from the continuous monitoring be submitted through a tool called “Cyberscope” which simplifies the top level compilation of agency submissions.  

• http://www.nextgov.com/nextgov/ng_20100519_6677.php?oref=topstory
• http://cybersecurityreport.nextgov.com/2010/05/ca_now_weightless_at_nasa.php?oref=latest_posts
• http://www.govexec.com/pdfs/051910j1.pdf

Beware Fraudulent Anti-ID Theft Organizations

Todd Davis’s identity has been stolen at least 13 times.  Davis is CEO of LifeLock, a company that sells anti-identity-theft services, and their ads prominantly feature Davis’s real Social Security Number (the service works so well he can publicize it without compromise). Collection agencies across the US are trying to squeeze him for debts other people have racked up using the SSN they gleaned from the ad.

LifeLock’s co-founders, Richard Todd Davis and Robert J. Maynard Jr., claim that Maynard had once spent a week in the Maricopa County jail, falsely accused of crimes because his identity had been stolen.  The 2003 incident was the inspiration for the company.  Official records and interviews with authorities in Nevada proved the details of the story to be false.  Maynard had been arrested and jailed in Nevada, all right — he’d failed to pay back a $16,000 gambling marker at the Mirage casino in Las Vegas.  That’s a crime, just like bouncing a check.  Authorities dropped the charges after Maynard managed to scrape together the cash from inside of his cell.

LifeLock has already been fined $12,000,000 by the FTC for deceptive advertising.  The Phoenix New Times has a long story on LifeLock’s questionable business practices and services.  It’s a pretty comprehensive look at how to build something that doesn’t work very well, and then compound that with really bad business practices.  Maynard, the Valley businessman principally behind LifeLock during its inception, was banned for life in the 1990s from the credit-repair industry.  Maynard’s father, optometrist Robert Maynard Sr., has accused him of identity theft.  Oy!

PhoenixNewTimes

Canadian Computers Vulnerable

A top secret memo written by Canada’s spy agency warns that Canadian government, college and industry computers are increasingly vulnerable to attack according to  federal authorities.  Attacks via social networking sites have grown “substantially” in Canada.  The Canadian government needs to act now or risk being targeted by computer hackers who use social networking services to steal government, academic and corporate information, said a censored report from Canada’s Security Intelligence Service obtained by CBC.

The threat of cyberattacks is “one of the fastest growing and most complicated issues,” the report said. “In addition to being virtually unattributable, these remotely operated attacks offer a productive, secure and low-risk means to conduct espionage.”

CBC

BUSTED HK Policeman Gets 4 Years For Fraud

A former Hong Kong policeman began a 4-year jail sentence Tuesday for his part in a global 10 million US dollar scam using cloned credit cards.  Cheung Hoi-wing, 40, was recruited as one of five Hong Kong ‘cashers’ in the international plot masterminded by a gang of Russian and Eastern European computer hackers in November 2008.  The cashers stole 4.2 million Hong Kong dollars (538,000 US dollars) from Hong Kong branches of RBS WorldPay, a division of the Royal Bank of Scotland Group Plc, using cloned debit cards provided by the hackers.  Cheung appeared in court Monday for sentencing after pleading guilty to possessing false documents and conspiracy to steal, the South China Morning Post reported.

Court heard Cheung had withdrawn 1.25 million Hong Kong dollars that he gave to an accomplice in return for 20,000 Hong Kong dollars.  A total of 44 cloned cards were used worldwide in the scam to withdraw cash worth about 10 million US dollars in 280 cities around the world in countries including the US, Japan and Russia.  All took place over a 12-hour period on November 8 and 9, 2008.

RBS WorldPay noticed the large withdrawals and lauched an investigation.  Cheung was arrested after police identified him from surveillance camera footage. His accomplices in Hong Kong are still being sought.  The gang who masterminded the plot hacked into the RBS WorldPay computer system, stealing details of cards and accounts and then increasing the allowed withdrawal amount on those accounts.  A number of the hackers have been arrested in the scam, which has been described by US prosecutors as ‘perhaps the most sophisticated and organized computer fraud attack ever conducted.’

Monsters&Critics