Suzi Turner asks, “should antispyware products detect cookies” in her latest blog entry at ZDNet.
Here is some test results from Ben Edelman on how various antispyware programs treat cookies.
I’m coming at this from the perspective of a corporate information security guy. Several years ago, I started an initiative to purchase enterprise ready antispyware. It was readily apparent that spyware was a problem. Users were installing unlicensed copies of software like adaware and spybot s&d. After reviewing the “free” license, it was apparent that the company could be liable to software piracy charges, particularly since the corporate helpdesk was often the party installing this software. We purchased Webroot Spysweeper Enterprise to resolve this issue.
When we rolled out Webroot, one of the common complaints I heard was that it wasn’t detecting as much. The “free” antispyware products were deleting all the cookies and including that in the detected spyware count. I find that disingenuous.
I debated turning on the cookie detection in Webroot, but it seemed like I was losing cookies that were remembering my login information on various sites. My Techtarget cookie was a regular target.
I continued the rollout without enabling cookie detection. There have been many versions of Webroot Spysweeper since then. I wonder if its time to take another look at detecting cookies.
Archive for September 2006
Should antispyware detect cookies?
Bluecoat Testing
On Friday, I ran into an issue with my Bluecoat evaluation. Bluecoat is an HTTP security and caching company.
One of our developers couldn’t connect into a Webex session with an external company. So my time, the developers time and the external companies support time was wasted. I would have solved the problem quickly, but I thought I had used WebEx through Bluecoat successfully. I found if I disabled antivirus scanning going to the WebEx website that I was able to connect to webex meetings.
It seems to me that if Bluecoat as widely used as they claim, this would be a well known problem. Its not listed in their KB, and my pre-sales support guy only came back with what I said to him, “if I disable antivirus it works.” Shouldn’t they provide a list of known issues so I can preconfigure my proxy appropriately and not have to stumble into these problems? Better yet, find out why the problem occurs so I dont have to bypass AV when going to webex.com.
Nobody Knows Like Dominos
I ordered pizza using Dominos online tonight. Strangely they are using a self-signed certificate for the SSL portion of the site.
I also got a kick out of the terms of service. It basically says its your responsibility to protect your username and password. So if anyone orders pizza under you’re i.d. its your responsibility. I suspect all the pizza places have those policies. But still it did give me pause.
The Next Wave of Web Attacks
An interesting blog entry at ZDNet Australia by Munir Kotadia.
The entry theorizes a new style of attacks. Rather than going to the trouble of setting up a phishing site, and sending out a million emails only to have spam filters stop most of your email, savvy users ignore what gets through, while your phishing site is shut down, attack the trusted e-commerce site.
The cybercriminal underworld is well funded and employs skilled software engineers to develop and test malicious code.
In a recent interview with Trend Micro’s CTO David Rand, he said: “In one case there was at least US$250,000 funding for one piece of malware. That is a lot. It means they can do QA, proper engineering development, testing and a complete product cycle… We think they are cutting edge technologies”.
“Our job, as always, is to anticipate what they are going to do next and create effective countermeasures. If we try to simply play catch up we will never win,” he added.
Are your security defenses up to the challenge?
Microsoft Warns of Flash Vulnerability
Microsoft put out a security alert today, regarding Adobe Flash. I posted on the new Flash release at the beginning of July shortly after Microsoft updated Flash in the June updates.
This may be a precursor to Microsoft releasing their own package of the Flash 9 update. I would recommend users update to Flash 9 now rather than waiting.
Second Life 0wned
Fantasy site Second Life was hacked according to Dark Reading. The second life website doesn’t provide any information other than that it was a zero day attack on unnamed web software. More info is available in their blog.
Still Remembering Rescorla
On September 11th, Rick Rescorla successfully got 2700 employees of Morgan Stanley out of the south tower of the World Trade Center. He was last seen on the 10th floor going back to look for stragglers.
I’m not sure if this photo is from 9/11 or not. Rick regularly ran escape drills for the employees of Morgan Stanley so this could have been from earlier. It is known that on that day, he did reassure people as this picture shows.
God bless Rick.
http://www.medaloffreedom.com/RickRescorla1.htm
http://www.rickrescorla.com/
Learning the lessons of the Morris Worm
An Eweek article reviews the 1988 attack of the Morris worm concludes the same problems remain today.
1. Buffer overflows
2. Poor configuration
3. Bad/default passwords
SANS CyberSecurity Technology Update
I received in the mail this week Edition 1, Volume 1 of the SANS Cyber Security Technology Update. It looks like they are using the same top 10 (20) format used by their successful FBI/SANS Top 10 vulnerability announcement. This time they are focusing on important technological trends tin the coming year. Response strategies will be made at the upcoming SANS conference in Las Vegas.
Top Ten Important Security Trends for the Coming Year
1. Laptop Encryption will be made mandatory at many government agencies and other organizations.
2. Theft of PDA smart phones will grow significantly.
3. More legislation governing the protection of consumer information.
4. Targeted attacks will be more prevalent particularly against government agencies, military contractors, and businesses with consumer data.
5. Cell pone worms will infest at least 100k phones.
6. VOIP systems will be the target of cyber attacks.
7. Spyware will continue to be a big problem.
8. Zero day vulnerabilities will result in major out breaks resulting in many thousands of PCs being infected
9. Bots will be bundled with rootkits making removal nearly impossible requiring a reinstall.
10. NAC will become more common.
Top New Attack Tools and Techniques
Metasploit 3.0
Blue Pill
Yersinia
Javascript Malware
Cross-Site Request Forgery
Wireless Device Driver Attacks
Importing Malicious Root Certificates.
