Archive for 'Windows security' Category
The most effective malware prevention
Three years ago I wrote The most important Windows security tool, detailing why changing user accounts on Windows from being Local Administrator to a “standard user” (no local admin rights) is the single most effective thing you can do to prevent malicious software. Over at InfoWorld, Roger Grimes has written The one essential truth of [...]
Read the rest of this entry...Windows .NET rootkits are easy
A researcher has published details and tools helpful for installing rootkits into the Windows .NET framework. Like the various Windows OSs themselves, the .NET framework uses cryptographic signatures for libraries and other components to identify unauthorized alteration. However, Microsoft chose to ignore them. From the paper: …the SN [strong name] mechanism does not check the [...]
Read the rest of this entry...Exploiting Vista voice recognition
Windows Vista includes voice recognition as an alternative to the mouse and keyboard for controlling the computer. Yesterday on the Daily Dave mailing list someone asked if a web page could exploit this by playing an audio file with voice commands. Well, ZDNet blogger George Ou has tried it and yes, Vista will obey speech [...]
Read the rest of this entry...Death to antivirus
It’s fun to read other people’s account of something you have gone through yourself. Security legend Marcus Ramun has posted some new articles on his rarely-updated blog, one of which is "Execution control: death to antivirus" where he describes his search for decent execution control software for Windows. I’ve mentioned application whitelisting before. A couple [...]
Read the rest of this entry...Avoiding the Adobe PDF reader plug-in vulnerability
The bugtraq mailing list has been a-buzz the past few days with the latest vulnerability in the Adobe PDF viewer. A malicious web site can make the Adobe PDF view execute Javascript by simply adding the javascript commands to a URL (Adobe Viewer has it’s own internal Javascript engine, separate from the one in the [...]
Read the rest of this entry...