Archive for November, 2012

As Windows 8 in conjunction with an antivirus solution can block rootkit-based malware via ELAM technology and the SafeBoot option stops bootkit interference, Trojans and worms are the most likely to work out of the box if not detected when they get copied on the computer.

With every new operating system release since Windows Vista, Microsoft has sought to preserve backwards compatibility with previous operating systems. This compatibility extends to malicious software that, ever since the introduction of User Account Control, has been designed to run in user-accessible locations such as the temporary folder, the Application Data directory or even the Desktop and the Downloads folders.

The test on Windows 8 confirmed that most Trojans, once they reach the PC, can run without any compatibility issues. Among the most dangerous applications that ran smoothly on Windows 8 were backdoors and password-stealing applications.

Source : http://www.hotforsecurity.com

Google’s Chrome browser is cutting edge in just about every sense.

But when it comes to the “Do Not Track” feature, Chrome was a laggard: the last major browsing platform to support the feature.

That dubious distinction ended Tuesday, when Google released Chrome 23, which finally allows Chrome users to request that websites disable user tracking.

In a post on Google’s Chrome blog, the company made a passing reference to the new feature, after talking up clearly more interesting new features like GPU-accelerated video decoding on Windows systems (a real battery-saver) and easy-to-access per-site permissions.

Google’s support for the feature comes almost two years since Microsoft implemented tracking protection in its IE9 browser, and eight months after the Mozilla Foundation announced support for the Do Not Track feature in its Firefox web browser.

Google’s wet blanket response is understandable.

The “Do Not Track” feature, currently a proposed W3C standard, has met with resistance from online advertisers and technology firms alike.

Advertisers, acting through the Direct Marketing Association, have proposed modifying the W3C’s DNT standard to allow online advertisers to continue pushing marketing material to users, even after the DNT feature is enabled – leading to objections from other working group members.

Then, after Microsoft decided to enable the DNT feature by default with the release of its IE 10 browser, it was charged by competitors such as the Mozilla Foundation and Yahoo as well as the Direct Marketing Association of violating the spirit and letter of the draft W3C Do Not Track standard.

Some advertisers suggested they would not honor DNT requests by individual web browsers.

Then, in September, The Apache Project patched its ubiquitous web server to ignore Do Not Track flags in browsers where the option is enabled by default. Apache subsequently backed down and provides the code to ignore DNT as a commented option in its config files.

Late last month, Yahoo announced it would ignore Do Not Track signals from users of Microsoft’s Internet Explorer 10 browser, causing more privacy headlines.

Acknowledging the complexity of the current system, Google warned users that “the effectiveness” of Do Not Track requests “is dependent on how websites and services respond.”

Source : http://nakedsecurity.sophos.com

Microsoft recently issued its “Security Bulletin Advance Notification” for this month, detailing which operating systems and software will be updated on November 13th. While many products are being addressed, including Office for Mac, newly released Windows 8 and RT are the most notable entries on the list. The first patches since they hit the market will fix “critical” issues which open them up to “remote code execution.” Microsoft hasn’t gone into specifics (wink), but you can register for a webcast being held on the 14th (see source link) should you want enlightening. If you thought your fresh machine or slate was flawless, damn baby you’re wrong!