Legacy Applications a Threat to Windows 8 Security
Oct 29, 2012 5:00 AM PT
Windows 8 finally made it to prime time last week. This version of Microsoft's operating system makes significant improvements in its security stance, said Alex Balan, senior product manager at Bitdefender, but some of them are likely to be undermined by users wedded to old programs.
The way the Windows 8 user interface handles applications is a significant security improvement. "It runs applications in a sandbox, in their own environment," he told TechNewsWorld. "That's a decent step forward."
The problem with that setup, he continued, is that it only works with Windows 8 apps. Programs that are made for older versions of Windows, which run in the desktop mode and don't use the Windows 8 interface, are still vulnerable to attack.
"As good as the Windows 8 interface is from a security standpoint, I don't think more than 1 percent of Windows users will remain exclusively in it," he said.
"The really bad part about using desktop mode is that if you get infected there, then you're screwed because getting infected in desktop mode will infect your whole system," he added.
One security feature that can't be undermined by Windows users is its anti-rootkit technology, Balan noted. It prevents any program that isn't certified by Microsoft from launching during bootup. "That's a huge leap forward," he observed. "That will effectively shut down all rootkits that currently exist in the wild."
Uptime Down, Phishing Up
Phishing attacks increased in the first half of 2012, but the time phishing sites were able to remain online declined, according to a report released last week by the Anti-Phishing Work Group.
Global phishing attacks increased by 12 percent during the first half of this year compared with the second half of 2011, to 93,462 from 83,083. Attacks decreased, however, compared with the first half of 2011, when the group reported 115,472 phishing forays.
During the period, though, the uptime for a phishing attack plummeted precipitously, to 23 hours and 10 minutes from 46 hours and three minutes in the second half of 2011. The decline was probably due to a combination of factors, according to Rod Rasmussen, CTO and president of Internet Identity and a coauthor of the APWG report.
Many of the hacked sites used by phishers are in major data centers that are staffed around the clock, making them easy to get shuttered, he explained.
"For the rest, I'd argue that providers -- hosting companies, registrars, subdomain providers -- have been getting better as a group, adding support staff, procedures, and contact points," he told TechNewsWorld.
The report also noted that phishers registered more subdomains during the period than regular domains.
"Domain name registrars and particularly domain name registries have been implementing more and more anti-fraud procedures to pre-screen applications and providing better responses to requests to shutter malicious domains," Rasmussen explained.
"In contrast," he continued, "most subdomain services are mom and pop or hobbyist-type operations that are poorly resourced and don't often provide easily used abuse channels."
Beware Fake Download Buttons
Recently, there's been a rash of malicious advertising containing download buttons that lead to infected websites, according to Adam Kujawa a malware intelligence analyst with Malwarebytes.
"The technique is been used before, but it seems to be getting out of control lately," he told TechNewsWorld. "You're seeing these ads with download buttons everywhere."
When you click on the button, he explained, you're taken to an exploit page that will attack a vulnerability in your browser and install malware on your computer.
Organized cybercriminals appear to be behind the campaign. "They're the only ones who have the resources to pull off something like this," he maintained. They need money to buy advertising space and to be nimble enough to stay ahead of authorities.
To counter this kind of malicious advertising, he recommends installing either ad-blocking software or an ad-blocking extension to your browser.
Data Breach Diary
- Oct. 22: Blount Memorial Hospital in Maryville, Tenn. begins notifying 27,000 patients who may be affected by data breach that occurred when an employee's laptop was stolen. The computer was password-protected, but the data on it was not encrypted. Data on the unit included addresses, Social Security numbers and birth dates.
- Oct. 23: Barnes & Noble discloses that credit card information for customers at 63 of its stores across the country was stolen by hackers who "bugged" credit card readers at point-of-purchase locations within the stores.
- Oct. 23: Federal district court judge dismisses one of several class-action lawsuits brought against the Sony PlayStation Network following a data breach in April 2011 that exposed personal information on about 75 million customers.
- Oct. 24: Verizon releases industry-by-industry snapshots of cybercrime based on data published in its 2011 and 2012 data breach reports.
- Oct. 24: DataSolutions releases survey sponsored by Citrix that reveals 68 percent of Irish companies know their employees have private corporate information on personal devices, such as mobile phones. The study also found that more than a quarter of the companies offered no IT support or security for their employees' devices.
- Oct. 24: Aultman Hospital, in Canton, Ohio reveals that credit card and debit card information maintained by its gift shop was compromised by a cyberintruder between February and September 2012. The hospital says it is unaware of anyone affected by the breach and has replaced the compromised hardware. It also has retained a forensic auditor to assist in an ongoing investigation of the incident.
- Oct. 25: Duquesne Light in Pennsylvania notifies customers that an employee mishandled personal and financial information for some 20,000 utility customers. Although there is no indication that the employee did anything damaging with the information, the utility said, it is offering anyone affected with two years of free credit monitoring.
- Oct. 25: UK Information Commissioner's Office fines Stoke-On-Trent city council $193,000 for sending 11 emails containing sensitive information about several children and two adults in the council's care to a wrong address.
- Oct. 25: Hawaii Department of Health reveals that Waipahu community center, which provides support services to mental-health patients, may have had its systems breached by a hacker on Sept. 25. The center is advising its members to place a fraud alert on their credit files and to notify police if they see any suspicious credit activity.
Upcoming Security Events
- Oct. 25-31: Hacker Halted Conference 2012. Miami, Fla. Sponsored by EC-Council. Registration: $2,799-$3,599.
- Oct. 30: Cyber Attacks: Are You Really Safe? Webcast. 2 p.m. ET. Sponsored by Stonesoft.
- Oct. 30-31: 2012 Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) Industry Workshop. iHotel and Conference Center, 1900 S. 1st St., Champaign, IL. Attendance by invitation only.
- Nov. 4-6: Information Security Forum Annual World Congress. Chicago.
- Nov. 14: How to choose the right authenticator to meet the CJIS requirement for advanced authentication. 1-2 p.m. ET. Free webinar. Sponsored by Entrust.
- Nov. 28-29: Smart Strategies for Secure Identity. Washington convention Center, Washington, DC. Registration by Nov. 6: $1080. By Nov. 27: $1,200.
- Nov. 28-29: Strategic Security Response Summit: The Detecting and Preventing Emerging Threats. Washington Convention Center, Washington, DC. Regular registration: $470. Government registration: $230.
- Dec. 3-7: Annual Computer Security Applications Conference. Orlando, Fla. Registration is now open.
- Dec. 3-6 Black Hat Abu Dhabi 2012. Emirates Palace, United Arab Emirates. Registration by Dec. 2: $1,895. On-site Registration: $2,595.
- Jan. 7-9: Redmond Identity, Access & Directory Knowledge Summit 2013. Microsoft Conference Center, Redmond, Wash. sponsored by Oxford Computer Group. Early registration: $450. Registration after Nov. 21: $650.