January 2008

If you have a new Dell running Windows Vista Ultimate, you can help eliminate AIDS in Africa and also get some nifty stuff like (PRODUCT) Red sidebar gadgets, wallpaper and Dreamscene.

LEARN MORE ABOUT (RED) MONEY AT WORK IN AFRICA

Enabling the Windows Vista Ultimate (PRODUCT) RED bits

{ 0 comments }

TechNet Blogs, Jeff Jones Security Blog

This paper analyzes the vulnerability disclosures and security updates for the first year of Windows Vista and looks at it in the context of its predecessor, Windows XP, along with other modern workstation operating systems Red Hat, Ubuntu and Apple products.

Download: vista-one-year-vuln-report.pdf

Edit.
Jesper Johansson’s blog.

Predictably, the report has generated the expected amount of controversy. Thomas Claburn, of Information Week, promptly wrote an article about it, which, in my summary, essentially says “Microsoft makes up statistics to show that Vista is secure. Nobody else believes them.” Austin Wilson, another Director of Security at Microsoft, meanwhile, published a blog post about how good Vista is. Austin’s argument is largely centered around disproving the myth that Windows Vista made no real security advances over XP.

The one bright spot for Firefox users is that, while Firefox users had more vulnerabilities overall than IE 6 users on XP, IE 6 on XP had almost 33% more critical vulnerabilities than Firefox. However, Firefox had 66% more critical vulnerabilities than IE on Windows Vista.

Complete article:
Do Vista Users Need Fewer Security Patches Than XP Users?

{ 0 comments }

Update:

Comodo’s CEO Attacks Scot’s Newsletter Product Decision
January 22nd, 2008

Comodo’s president and CEO, Melih Abdulhayoglu, used his forum today as a podium to blast this Scot’s Newsletter Jan. 20th blog post. In that post, I notified readers here of my decision to stop considering one of the two modes that his company’s software firewall product, Comodo 3, offers during installation.

Abdulhayoglu, in his forum post, never directly comes out and admits that Comodo 3 Basic Firewall doesn’t have anti-leak protection. That’s part of the problem! My readers weren’t aware that this was the case because I wasn’t aware until SNB commenters drew my attention to it. I then asked Comodo for verification of that fact — and got it.

At this writing, I am unable to find a document on the Comodo Web site that provides a features/functionality comparison of Comodo 2.4, Comodo 3.0 Basic Firewall, and Comodo 3.0 Advanced. Without that information, Comodo’s users are left to guess.

My concern was that my readers might guess that they had protection with Comodo 3 Basic Firewall that they do not, in fact, have. So I moved to make that point clear. I just wish I had made the point sooner.

My only responsibilities are to the interests of my readers and to being as accurate as I can be. I believe I’ve met both goals.

– Scot

Complete Article: Scot’s Newsletter Blog

Edit: Please see Comodo’s topic for their side of it.

How would you rate Comodo Personal Firewall? and what to improve?

Now, I and Egemen had a chat (phone call) with Scott last week about our firewall. There we explained its capabilities. At no stage did we say CPF has no “outbound leak protection”!!! I am surprised that he just ran that story with that misunderstanding. Very sad indeed! Obviously Scott must have misunderstood some of what we said. Of course CFP v3 in simple firewall mode has “outbound protection” and a pretty good one too! The Leak resistance (eg: protection against malware killing the firewall etc) comes from Defense+ (which is built into v3!).

Also Online Armor forums:
An extraordinary post from the CEO of Comodo: Our Response

{ 4 comments }

There are people still using IE6 and passing on IE7 for various reasons. Some couldn’t adapt to the new look, others had compatibility problems. In the works, IE8.

In Dean’s recent Internet Explorer 8 and Acid2: A Milestone post, he highlighted our responsibility to deliver both interoperability (web pages working well across different browsers) and backwards compatibility (web pages working well across different versions of IE). We need to do both, so that IE8 continues to work with the billions of pages on the web today that already work in IE6 and IE7 but also makes the development of the next billion pages (in an interoperable way) much easier. Continuing Dean’s theme, I’d like to talk about some steps we are taking in IE8 to achieve these goals.

IE Blog: Compatibility and IE8

{ 0 comments }

Scot’s Newsletter Blog reports:

Do Not Rely on Comodo 3’s ‘Basic Firewall’

Because I have written in the recent past with an initially positive reaction to Comodo 3’s “Basic Firewall” installation option, I am honor-bound to post this quick message.

I have learned directly from Comodo executives that the Basic Firewall installation option of Comodo 3 does not offer any outbound leak protection whatsoever. They may add that protection in a future version of Comodo 3.x. The Basic Firewall option turns off Comodo 3’s Defense+ HIPS module, which provides the leak protection for Comodo 3.

The previous generation of the Comodo 2.4 provided anti-leak protection without the HIPS.

Not only does this mean that Comodo 3 Basic Firewall is no longer a contender in this blog’s firewall evaluation, but if you are relying on this version of Comodo for your firewall protection, Windows XP users should switch to Online Armor FREE version 2.1.0.31 (or newer) and Vista users should uninstall Comodo 3 and reinstall it, choosing the “Advanced” installation option.

Source: Corrine’s Security Garden and Windows Vista Compatible Firewalls

{ 5 comments }

Paperghost continues zapping phishing script kiddie sites, serious business but quite a funny saga when carried out batman style.

This time he enrolled a mom’s support with hilarious results.
How to give a wannabe hacker a very bad day

{ 0 comments }

The sales pitch to include a toolbar with WinPatrol was compelling. I’m told that the my reputation wouldn’t be affected and I would be providing my customers with a service by including the free toolbar. All the companies currently installing the toolbar are very happy. He even leaked the news that another well known Anti-Spyware vendor who would be moving to the dark side soon.

Labels: IAC, Lavasoft, Toolbar, WinPatrol, Zwinky

I’m going to have to pass and keep WinPatrol simple and pure.

I applaud you Bill, a true blue honest vendor with a great product.

Bits From Bill: Would you like Toolbar with your Software Order?

{ 0 comments }

This rogue will infect your computer if you install it.

After surfing to a google cached page in Opera and Firefox, the rogue scan started immediately.

How to remove AntiSpyBoss (Removal Instructions)

{ 0 comments }

This is disturbing.

Is that the sound of your flesh crawling off your bones? No? Well, how about when I tell you that this “dating site”for 13 year old kids is called “Mylol.net”?

Originally, the site invited you to download Zango videos once you were a member (videos that require you to be 18 or older to install the Adware. Remember this, because it”ll become real important in a few moments).

So it does, read the rest at Vitalsecurity.
Presenting a “Teen Dating Website”. No, Seriously.

{ 0 comments }