Antivirus, Internet Security & Total Security Products Performance Benchmarking (2009)

Do you know that the Antivirus, Internet Security and/or Total Security product(s) installed in your computer could be consuming a lot of memory and CPU resources? They could also cause a lot of additional harddisk read/write activities. This could be the main reason why your PC become lagged.

Therefore, you should seriously consider the effect of the security solution to your computer performance, and select one that will have minimal impact, especially on memory and CPU consumption.

On 16 March 2009, PassMark Software has released the 4th edition of their 73-pages Antivirus, Internet Security and Total Security Performance Benchmarking Report.

The report was based on the performance benchmark testing results done on 47 Antivirus, Internet Security and Total Security products (free and non-free) from various vendors between July 2008 and October 2008.

Testing was performed on all products using seventeen performance metrics. These performance metrics are as follows:

• Boot time
• Total Scan speed
• UI launch speed (initial and subsequent)
• Memory utilization
• HTTP download test
• IE launch speed (initial and subsequent)
• Installation Size
• Installation Time
• Registry Key Count
• Copying, moving and deleting different types of common files
• Installing third party applications
• Downloading binary files from websites
• File format conversion
• File compression and decompression
• File write, open and close
  

Note that no attempt was made to measure the effectiveness of threat detection.

Here are the overall results and ranking from the benchmarking tests.





Click here to download the 4th edition of Antivirus, Internet Security & Total Security Products Performance Benchmarking Report (2009) by PassMark Software.

International Multilateral Partnership Against Cyber-Threats launched HQ in Cyberjaya

The International Multilateral Partnership Against Cyber Threats (IMPACT), backed by the United Nations (UN) International Telecommunication Union (ITU) and International Criminal Police Organization (Interpol), which is known as the world’s first global public-private partnership against cyber-threats has launched its global headquarters in Cyberjaya on 20 March 2009.

Key partners of IMPACT from the private sector includes Cisco, F-Secure, Kaspersky Lab, Microsoft, Symantec Corp, Trend Micro, etc.

The IMPACT nerve-center in Cyberjaya has a built-up of 58,000 square feet on a 7.8-acre land. Malaysia government has provided a grant of $13 million (about RM43 million) as initial funding to build the facilities. This IMPACT HQ will host the ITU's Global Cybersecurity Agenda (GCA), which promotes international cooperation to make cyberspace more secure in an increasingly networked information society.

IMPACT has 4 key divisions:

• Global response centre
• Training and skills development centre
• Centre for security assurance and research
• Centre for policy and international cooperation

It will act as a centralized anti-cyber-terrorism intelligence centre which allows its 191 member countries to be alerted on cyber-terrorism threats such as attacks against the global financial system, power grids, nuclear plants, air traffic control systems, etc.

The establishment of IMPACT HQ in the heart of MSC Malaysia is expected to attract the attentions of worldwide cyber-security people, both from the bright side as well as the dark side. How well will this IMPACT facility in Malaysia operationalize, perform and contribute to the global cyber-security? Time will tell.

Meanwhile, if you are an expert in the related field, you might probably be interested to work for this interesting global non-profit organization.

Fortinet outlined top 9 security trend predictions in 2009

Unified Threat Management provider and security appliance vendor Fortinet has outlined the Top 9 Security Trend Predictions in 2009 with the aim to help companies safeguard their networks by mounting a multi-layered, multi-vectored and comprehensive defense strategy.

They are:

• More bang for the buck (security consolidation and integration)
• Information security lockdown (database security)
• Web 2.0 vulnerabilities multiply (corporate information leakage prevention)
• Bigger pipes, faster speed: Letting in the good, bad and ugly (integrity of high-speed networks)
• The next biggest threat to mobile security: 3G (virus infections and attacks to mobile devices)
• More cash to flow in the digital underground (hacking for living)
• Let the games begin (Trojans residing in online games)
• Premeditated, targeted attacks on the rise (custom malware and scareware)
• Law enforcement unite online

Click here to read the full story in original article.

Serious security flaw found in Internet Explorer

You might be awared that recently, there is a serious security flaw found in Internet Explorer versions 5.01, 6 and 7. The security bug is related to the way Internet Explorer handles XML (Extensible Markup Language), which allows hackers to put and run trojan horse program in your computer without your knowledge, when you visit infected website with unpatched Internet Explorer.

In fact, this exploits have already been rigged into many hacked Chinese language websites. Later, launching of massive SQL injection attacks to thousands of legitimate websites to serve this exploit were also found and over 100,000 websites were affected.

In simple words, if you are using Internet Explorer to browse websites, and you haven't patch up this security flaw via Windows' Automatic Updates service or manually download and install the patch, your computer is vulnerable to the attack, and your password and other information could be exposed and stolen by the hackers. Your computer can also be made use by hackers to launch further attacks to other computers.

This security issue is discussed in Microsoft Security Bulletin MS08-078 (KB-960714) published on 17 December 2008, and rated as Critical by Microsoft. Microsoft has responded quickly and come out with an out-of-band patch. Links to download the security patch for various version of Internet Explorer is available in that article.

Therefore, you should immediately patch up your Internet Explorer, or use other browsers such as Firefox to surf the Internet. However, Firefox has also just released a new version 3.0.5 which fixed up several security issues (which were not as critical as the Internet Explorer's security flaw). Even though you use Firefox (or SeaMonkey suite), it is also advisable for you to update the browser to the latest version.

You may click here to go to the download page of Firefox.

How do you know the security patch has been applied to your computer?

For Windows XP, run the "Add or Remove Programs" in the Control Panel, and ensure the "Show updates" option is selected. You should be able to find the installed patch in the listing under Internet Explorer 7 as "Security Update for Windows Internet Explorer 7 (KB960714)" as shown in the diagram below. You should also ensure that other earlier security patches also installed for your browser.

WPA Wi-Fi encryption cracked!

If you are using a wireless network, especially in office environment, you should be well awared that running Wi-Fi without any encryption is a big no-no, and that the depreciated Wired Equivalent Privacy (WEP) encryption is extremely weak and can be cracked within seconds. As such, you probably are using Wi-Fi Protected Access (WPA) encryption to protect your Wi-Fi from unauthorized access and/or information stealing/leaking.

But now, bad news is that 2 German researchers - Martin Beck and Erik Tews - have found a way to crack the Temporal Key Integrity Protocol (TKIP, which was supposed to fix all problems with WEP) of WPA encryption within minutes, and they are going to share their cracking tools to the public during the PacSec Conference in Tokyo this 12-13 November 2008. In fact, some of the code used in the attack was already quietly added into the Aircrack-ng Wi-Fi encryption hacking tool about two weeks ago.

In short: WPA is no longer secured!

So what can you do to safeguard the security of your wireless network? Ensure that your wireless access points and equipments support WPA2, and switch over to it. WPA2 implements the mandatory elements of IEEE 802.11i standard, and is still uncracked by now, if it doesn't make use of the TKIP, and is instead set to use Advanced Encryption System (AES) with its Cipher Block Chaining Message Authentication Code Protocol (CCMP).

Click here to read more about this new crack on WPA Wi-Fi encryption.

Hardening PHP security with Suhosin

Suhosin (수호신) is a Korean word that means “guardian-angel”, originally developed by Stefan Esser, a German developer who loves Korean language.

Originated from the Hardened-PHP project, Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.

There are 2 parts in Suhosin:

• Patch to PHP that hardens the Zend engine to protect from possible buffer overflows and related vulnerabilities.

• Standalone Suhosin extension module for PHP to provide many security features that are not present in PHP itself.

Both of them can work together, or the extension module alone can be used.

Some of the features of Suhosin are:

• Logging of errors to syslog or arbitrary logfiles
• Create blacklists and whitelists per virtual host
• Filter on GET and POST requests, file uploads, and cookies
• Transparent encryption of sessions and cookies
• Set memory limits
• ... and many more
  

If your web applications are developed in PHP, you should seriously consider installing Suhosin to harden its security. It is already included in most major Linux distributions. Search for "php5-suhosin" or "php-suhosin" in your Linux distribution to install it.

For more information about downloading and installing Suhosin, click here.

Securing Apache web with ModSecurity

If you are hosting your websites with Apache web server, which is mostly the case if your web server is running on Linux platform, you should seriously consider installing ModSecurity to provide intrusion detection and prevention for your web applications.

ModSecurity is an open source, free web application firewall (WAF) Apache module. According to Forrester Research, it is the most widely deployed web application firewall nowadays.

WAFs are deployed to establish an external security layer that increases security, detects and prevents attacks before they reach web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection, cross-site scripting, path traversal, etc.

Features of ModSecurity includes:

• HTTP Traffic Logging - ModSecurity makes full HTTP transaction logging possible, allowing complete requests and responses to be logged.
• Real-Time Monitoring and Attack Detection - ModSecurity can monitor the HTTP traffic in real time in order to detect attacks. In this case, ModSecurity operates as a web intrusion detection tool, allowing you to react to suspicious events that take place at your web systems.
• Attack Prevention and Just-in-time Patching - ModSecurity can also act immediately to prevent attacks from reaching your web applications.

ModSecurity supports the following security models:

• Negative Security Model - Looks for known bad, malicious requests. This method is effective at blocking a large number of automated attacks, however it is not the best approach for identifying new attack vectors.

• Positive Security Model - When positive security model is deployed, only requests that are known to be valid are accepted, with everything else rejected. This approach works best with applications that are heavily used but rarely updated.

• Virtual Patching - With ModSecurity, applications can be patched from the outside, without touching the application source code (and even without any access to it), making your systems secure until a proper patch is produced.

• Extrusion Detection Model - ModSecurity can also monitor outbound data and identify and block information disclosure issues such as leaking detailed error messages or Credit Card Numbers, etc.

ModSecurity is included in all the major Linux distributions. Look for "libapache2-mod-security" or just "mod_security" in your Linux distribution to install it.

Click here for detailed documentations about ModSecurity.

Hacker Halted Malaysia 2008

The Hacker Halted event, being one of the most prestigious worldwide IT Security event organized by EC-Council is going to be held for the 11th time in Malaysia. This is the third time it will be held in Malaysia, after the pioneer event in 2004 which was officiated by the Deputy Prime Minister.

There will be 2 days pre-conference workshops session by USA master trainers and another 2 days conference session by renowned speakers. This event also has a special bundling with IT security program.

Among some of the top speakers in Hacker Halted Malaysia 2008 are James Aquilina (Executive Managing Director, Stroz Friedberg LLC), Tom Bowers (Independent Security Evangelist), Mike Murray (Director, Neohapsis), Professor Lech Janczewski (Associate Professor, University of Auckland), Paul Wright (Head of Cyber Crime, City of London Police), Jay Bavisi (President, EC-Council), Larry Detar (Vice President, EC-Council), Haja Mohideen (Co-Founder, EC-Council).

Date: 3-6 November 2008
Venue: Sunway Convention Centre, Petaling Jaya, Malaysia

Click here for more information about Hacker Halted Malaysia 2008 and download of registration form.

Windows XP patch screwed up Internet connectivity with ZoneAlarm

Just now, the Automatic Updates in my PC downloaded several patches for the Windows XP operating system, which require my confirmation to install them, and need to restart the PC after installation.

After the restart, I was unable to connect to the Internet anymore. I couldn't contact with the mail server and also couldn't browse the web. However, I found that I could still resolve domain names and perform the "ping" action. This mean the Internet line is still up and running, but somehow the outgoing TCP connections are blocked somewhere.

I disabled the ZoneAlarm firewall, and the Internet connection was back to normal. So, the problem is dealing with ZoneAlarm.

I enabled back the ZoneAlarm function, and looked into the log of ZoneAlarm firewall. Whenever I made an outgoing TCP connection, it is blocked by ZoneAlarm.

This problem is solved after I set the Internet zone security level in ZoneAlarm from High to Medium.

Then, I found out from ZoneAlarm User Forum that this problem is actually caused by the KB951748 Microsoft Update, which suppose to fix up the security flaws in Windows Domain Name System (DNS). This fix has changed some kernel file that ZoneAlarm is working with, therefore causing the problem.

If you are also having the same problem, you can try my workaround method as mentioned above, or you can try to uninstall the KB951748 security fix from the Windows Add/Remove Programs control panel.

Free IT security workshops from EC-Council Academy

The International Council of Electronic Commerce Consultants (EC-Council) is offering 2 complementary workshops as follow:

World of Hacker - Understanding the Threats & Countermeasures

This workshop introduces you to the world of the hacker; you will understand the tools hackers use and ways to prevent attacks. You will also be exposed to Computer Hacking Forensic Investigation, which covers the process of detecting hacking attacks, investigation and analysis of techniques to determine potential legal evidence. There will also be real life case studies and demonstration.

Date: 28 June 2008
Time: 9:00am - 1:00pm
Venue: EC-Council Academy Sdn Bhd, Phileo Damansara 1, Petaling Jaya.
Related certification: CEH (Ethical Hacking and Countermeasures)

Network Security & Disaster Recovery

This workshop will discuss about the fundamental skill needed to analyze the internal and external security threats against a network and to develop security policies that will protect an organization's information. Additionally, it covers the foundation for disaster recovery principles, preparation of a disaster recovery plan, assessment of risks in the enterprise, development of policies and procedures, implementation of plan a recovering from a disaster.

Date: 28 June 2008
Time: 1:00pm - 4:00m
Venue: EC-Council Academy Sdn Bhd, Phileo Damansara 1, Petaling Jaya.
Related certifications:
1. ENSA (EC-Council Network Security Administrator)
2. EDRP (EC-Council Disaster Recovery Professional)

EC-Council currently offers the following certification courses:

• CEH (Ethical Hacking and Countermeasures)
• CHFI (Computer Hacking Forensic Investigator)
• ENSA (EC-Council Network Security Administrator)
• EDRP (EC-Council Disaster Recovery Professional)
• ECSA/LPT (EC-Council Certified Security Analyst)
• ECSP (EC-Council Certified Secure Programmer)
• Project Management
• Cyber Marketing
• E-business Security
• Cyber Law
  

For more information and online registration, click here.

Web of Trust (WOT) the people-driven website reputation scorecard system

Web of Trust (WOT) is an innovative community driven website reputation scorecard system whose members exchange security info of websites: Can they be trusted? Are they safe to use? Do they deliver what they promise? Do they contain age-inappropriate item?



After installing a freely downloadable plugin into your web browser, you can easily see the reliability of companies and websites indicated by WOT colour rating icons. WOT will also dropdown a warning screen to you upon visiting a possibly dangerous site. In this way, WOT helps to keep yourself safe from spyware, adware, spam, viruses, browser exploits, unreliable online shops, phishing, and other Internet scams.



The 4 available WOT ratings are:

• Trustworthiness: Do you trust this website? Is it safe to use? Does it deliver what it promises?
• Vendor reliability: Is the site safe for buying and selling, or for business transactions in general?
• Privacy: Can you trust the site owner, safely supply your e-mail address, and download files?
• Child safety: Does the site contain age-inappropriate material (content that is sexually oriented, hateful, or violent in nature) or encourage activities that are dangerous or illegal?

To date, WOT has rated over 18 million websites, and marked more than 857 thousand websites among them as dangerous.



You don't need to register to use WOT. If you registered an account and join the WOT community, you can also participate to contribute your ratings and comments on websites you have visited. Beside collecting the website reputation data from the WOT community, the WOT system also gets the data from hundreds of trusted sources such as listings of phishing sites. The reputation info is efficiently recalculated every 30 minutes, updated and make available for all WOT users.

WOT also shows its rating icon beside the links listed in webpage of famous web services, such as Google, Yahoo!, Live Search, AOL Search, Ask.com, Digg, Gmail, Wikipedia, del.icio.us, dmoz, etc.



WOT is available as plugin (in some 10 languages) for:

• Mozilla Firefox 1.5 or later (Windows 98 / ME / NT 4.0 / 2000 / XP / Vista, Mac OS X, or Linux)
• Internet Explorer 6.0 or later (Windows 2000 / XP / Vista )
  

It is lightweight, works seamlessly, ads free, and doesn't slow down or disturb your web browsing experience at all.

Click here to download WOT for Mozilla Firefox
Click here to download WOT for Internet Explorer

Hack In The Box (HITB) Security Conference 2008

The next Hack In The Box Security Conference 2008 (HITBSecConf2008) will be held on the coming 27-30 October 2008 in the 5-star Westin Hotel of Kuala Lumpur, Malaysia.

The main aim of this conference is to enable the dissemination, discussion and sharing of deep knowledge network security information. Presented by respected members of both the mainstream network security arena as well as the underground or black hat community, the HITB events routinely highlight new and ground-breaking attack and defense methods that have not been seen or discussed in public before.

The first 2 days will be hands-on technical training sessions on:

• Structured Network Threat Analysis and Forensics
• Bluetooth, RFID & Wireless Hacking
• Web Application Security – Advanced Attacks and Defense
• The Exploit Laboratory

Another 2 days will be event sessions on:

• Triple track security conference featuring new HITB Labs
  
• Capture The Flag (CTF) team hacking and defending competition
• Lock Picking Village (LPV) showcase on physical security bypass methods
• Wireless Village showcase on wireless hacking gadgets
• Open Hack to uncover new and previously unknown software vulnerabilities in operating systems and software (USD5000 prize money awaiting the first hacker to compromise a Macbook Air...)
  

Registration to the event already open on 6 May 2008. Special offer is given to students to attend the 2-Day Triple Track security conference. Click here to go to the registration page.