-
The first rule of computer security is
You don’t talk about computer security. No, that’s not it, but it sure seems like many people adopt that attitude. Getting back to the subject, I want to talk about the first of the 10 Immutable Laws of Security: If a bad guy can run (persuade you to run) his program on your computer, it’s…
-
Google Reader, Javascript and Flash
I had the idea some time ago to highlight the source code I post via Javascript. I gravitated towards this solution because I don’t have source level control of Blogger (or do I? ;-)). My thought process was the following: include one .js in each post, which will check if the customization was already done…
-
Is Vista really safer?
I keep reading articles like this: Security – One of The Key Reasons to Migrate to Windows Vista (other articles from this category are for example one which breaks down the MS Malicious Software Removal Tool statistics by versions of Windows to conclude the same thing). The problem with these? They fail to account for…
-
Opinions about whitelisting
I was reading the piece entitled White Listing – The End of Antivirus??? by the “Director of Technical Education”. Now it would be fairly easy to do ad-hominem attack against him, I will stick to the technical details of the post: First, it gives the argument that one of the approaches whitelisting companies use is…
-
Firefox 2 end-of-life
Via Slashdot came the news that version 1.8 of the Gecko engine used to render HTML in Firefox 2, Thunderbird 2, etc. was being end of lifed. Now I have still a few computers which I’m responsible for that have FF2 on them, just because that’s what the users were accustomed to. So I searched…
-
Vendor included backdoors
An other reason to make sure that you use your available software to the maximum extent before going out and deciding to remediate your software problem with more software 🙂 Vendor included backdoor can appear for multiple reasons, but there are two big categories: “Easter-egg” like feature (some programmer decided to put in a piece…
-
Limitations of Software Restriction Policies
Update: ok, SRP is even more broken than I thought. As one of the readers pointed out (thank you Anonymous!), there is a built-in (albeit only partially documented) option on runas which circumvents SRP. For some time now there has been a friendly back-and-forth between Didier Stevens and myself with regards to the topic of…
-
Popular ideas about AV
There was a recent posting on Slashdot asking what reliable, free AV software is out there? It is very interesting to read the comments, since this is a geeky audience. If they get things wrong, what chance does the large population have of getting things right? Also, these are the people most likely to act…
-
Stop the “Anti-Spyware” nonsense!
Some time ago the term “spyware” was invented, and promptly “anti-spyware” products appeared. Their “myth” still persists, many people (who should know better!) recommending that you have an “anti-virus and a anti-spyware product” (I’ve even seen “anti-malware” added to this list which is an even bigger nonsense, since the term malware includes both viruses and…
-
Stepping beyond the vendor-centric security solution
Even these days too many organisations have a “one silver bullet solution” mentality when it comes to IT security. Most often the software presented as solution is an AV package. However, I argue, this is far from sufficient and the better solution would be to have experienced and knowledgeable people implement and maintain a multi-layered…