Years ago I use to think McAfee was a good Anti-Virus program. Then they got bloated. Now McAfee is becoming chicken little.

You can see the reports regularly. New exploit in this, new trojan here, new zero-day exploit, and on. The world of securing your information and your identity, either individual or corporate, is a complex and never ending battle. Nothing is going to be 100% secure. you know it, I know it and the bad guys know it. Its a matter of mitigation. The smaller area of attack we give the bad guys, the more chance that they will pass us up for an easier target.

It becomes more complex every year. New devices come out, connectivity becomes better, people become more greedy. In fact the more complex things get, the easier it is to break into them with simplicity. You may ask how is that the case. Simply put you just showed how. We tend to gloss over the simple items for the more complex ones, including bugs and holes. That is a discussion to have another time though.

Right now, in the security field, McAfee has been making a lot of headlines lately. From a RAT Report that other companies are calling “shady” to the latest report from them about cars becoming the next hacking target, McAfee keeps getting their name out there. The problems with these reports is their are either obvious or disputed. That McAfee look more like an attention hound than anything else.

This grab for attention comes on the heels of a decade of McAfee putting out worse and worse products. Suites that are so bloated that you machine drags to a crawl during start up. Anti-Malware products that let too much Malware through. Software that is difficult to remove from a system should you prefer to go with one of their competitors. How the mighty have fallen.

Most companies in the consumer security field, especially those that make Anti-Malware software, can run into these same pitfalls as the become more popular. Norton has, although they are slowly turning things around, they still have a long way to go. Kaspersky is doing its best not to fall down that path, but it does seem to be getting more resource intensive. AVG, well they put out a decent product but we are about due for another bad patch that messes machines up. None of them are perfect, but some are better than others, and McAfee has been considered part of the bottom of the heap for a while now.

So McAfee throws up a smokescreen. Instead of improving their product, they try to show that they know more. Sorry but knowledge of what is happening, and the ability to translate that into a decent working product do not have to be equal. In fact, McAfee has shown me that you can have the knowledge without the product. Then again, McAfee lately has been more like Chicken Little. Just remember, the sky isn’t falling, things are just progressing. We as the ones in the field need to keep our wits about us and it will all be fine.

We all know that Mac fanatics claim how secure Mac OSX is. Is it really that secure though?

The last couple of months have not bee kind to OSX. The Mac operating system has seen its first round of widespread malware. Apple has been busy playing whack-a-mole trying to stop it. The Mac fanbois have been denying it. Apple is still more secure they claim. If this is true, then how did Apple top the Stack of Shame this week?

The reality of the situation is that Apple is entering uncharted territory for OSX. Not only does it have enough percentage of the market to make it a more viable target for the underground Internet, but it doesn’t have a true plan in dealing with such issues. This was shown by Apple’s response to the MacDefender malware. The denials, the bad press, and finally a solution that keeps getting circumvented. Yes, overall the amount of people infected might be small beans, but it is a larger outbreak than ever before, plus it shows that it can be done.

The next question comes in with these 26 vulnerabilities, how quickly will they be patched? That is the key to preventing exploitation of said holes. Is Apple ready to do monthly patches, weekly patches, out of band patches? How will they respond to all of this?

No Operation system is 100% secure. There is too much code, too many different vectors to attack from, and there is always the end user who is the biggest threat to security. Apple response to the OSX security issues should enlighten us to the iOS plans for security issues. No, there aren’t many now, but there will be.

With all the hacks going on out on the net today, patching your machines is more critical than ever.

Microsoft is releasing 16 Patches, 9 of which Microsoft deems critical. Patches include Windows, Office, and .Net, and all attempt to address RCE attacks.

Oracle has also released a major patch for Java in the past few days which addresses a number of security vulnerabilities. Adobe has patches out recently for Flash, Apple is playing whack-a-mole with malware, and basically there is a lot of patching to do.

Don’t forget though, with all these patches, to test them before deploying them. It doesn’t happen very often, but some patches can break your software.

We all know Social Engineering is the most commonly used way to spread malware. There seems to be a device that can help with that, as far as e-mails go. Its not a cheap form of protection though.

We all know that Social Engineering is the easiest way to spread malware. As P.T. Barnum said, “There’s a sucker born every minute,” and in the age of the Internet, it is even easier to get to those suckers. Pyramid Schemes, Malware, Phishing Attacks, all heavily rely on the mark being trusting. Anti-Malware, Firewalls, and security devices have always had a problem with this angle of attack.

Now a company called Cyveillance is touting a new appliance to help mitigate the Social Engineering front. Two problems though. First, like all first generation, innovative ideas, the cost is more than most people make in a year. Over $100,000 for the device alone, not including all the scan types, and extra protection licenses added on.

Second, it only scans e-mail. This is nice for those instances where it is e-mail that has a bad link, but a lot of the malware is coming through hijacked ads on websites. This device doesn’t take any of that into account.

More information is available here and here. Overall the idea of a device like this, or algorithms and heuristics that can defend on this front, and be reliable, is where we need to focus our defenses on. Hopefully, someone can go the next step on this. After all, we are only as secure as the weakest link in the chain.

Apple finally admits to the MacDefender scareware and puts out instructions on how to prevent it. Too bad that within a couple of days there was a new variant that makes the instructions obsolete.

Ed Bott continues to report on this on his Microsoft Blog over on ZDNet, and to much hatred from the Mac Fanbois. They still deny the whole thing. It does not matter that Apple has confirmed the malware. It does not matter that Intego, a Mac Security blog is the one finding these items. No, the Mac is uber-secure and there is no malware for it. Malware for the Mac is impossible to create. Well, the new version reported by Intego doesn’t require any administrator password. This to me seems to be no longer any proof of concept, but a real threat. But I digress. The biggest problem in this situation are the Mac Fanbois who are denying this sort of malware exists. The whole argument they give though reminds me of something else in history, that happened almost 100 years ago.

There was a ship built in the early 20th century in England, which was highly lauded. This ship was huge, luxurious and was unsinkable. That is correct, the claimed nothing could sink this ship, no way, no how, don’t even ponder the notion, it can’t happen. Well, there is nothing wrong with calling something unsinkable, of course until it met a friendly iceberg in the North Atlantic on April 15, 1912. The iceberg decided to give the ship a nice bump, tore open a huge gash, and caused a lot of people to perish as the ship sank. We all know the name of the ship, it lives on. Titanic.

I look at claims of the Titanic, and the blindness that the builders of it had, and see similarities to the reaction of Mac Fanbois to Ed Bott and the MacDefender malware. Denial, short sightedness, and unwilling to admit the problem. Actually, this also reminds me of Microsoft when it first started getting hit big time with malware.

There are many arguments in this whole scenario that can be taken in. Yes, its a socially engineered piece of malware, but so are the majority of ones written fro Microsoft. Yes one piece of malware like this does not an epidemic make. Yet, the Mac community has a chance to learn from the past, realized that they are starting to be targeted, and get ahead of the rolling stone that could be coming at them. Denial only hurts them.

Oh, and just one more piece of history on the whole, you need administrative privilege for the malware to become installed. Last time I checked, OSX was written on top of a BSD Unix variant. There have been viruses for Unix for a lot longer than Mac or Windows.

We all know about the Fake AV, Fake Security Center, and similar malware. I’ve started running into a new variant, one that is a bit more of a pain.

I would say that 75% of my job winds up being removing malware from clients machines. I find it annoying, and really would love to find a way to rid the world of the scourge of malware, but that is a rant for another time.

I’ve watched the malware come in waves over the years. The spyware craze of the early 2000′s, the Melissa and I Love You viruses, the start of the Fake (Insert software here) malware. The Fake software ones have been merely annoying, and pretty easy to remove with standard tools, at least until now.

Over the last couple weeks, I’ve run into a new version of the Fake software malware. This one not only claims you have problems, but then turns around and at minimum hides folders on the machine so it seems that you’ve lost most everything. One variant even removes most of the system restore points, and hides essential folders. This second one, is the biggest pain to remove.

Combofix, Malwarebytes, and Superantispyware, will find and remove the malware, but the damage done to the machine between having to reset permissions, to unhiding folders ( and sometimes having to dig down to find what folder is still hidden), to repairing the system restore feature (got do %windir%\inf\sr.inf , right click and install to repair it) of XP is time consuming.

I know that the underworld of the internet makes a lot of money off malware, but this is just getting ridiculous. One would think that machines with up to date antivirus software should be able to stop this stuff, but obviously it doesn’t. It does make me wonder how different the variants are.

Ed Bott (@edbott Twitter) at ZDNet has been feeling the wrath for the MacFanatics after he reported, “According to a report from a Danish IT security company, an underground group has completed work on a fully operational kit specifically designed to build malware aimed at the Mac OS platform. ”

Lets get some things straight. I’m not a Mac person. I think its a nice Operating System, and has its place out there, but I think the Cult of Mac, just like the Cult of <insert favorite OS here> needs a reality check. There are good and bad point to every OS, and each one shines in its own way. Microsoft is still the most popular, Linux is great for older or less powerful desktops, and Mac is fantastic for Graphics. It is what it is. Security wise, all of them have their plus and minuses. Any sane person knows that no OS is completely secure, and all can have viruses. So why when a report about one for Mac, let alone a kit to make more, comes out that many Mac Fanatics have to start attacking the report as a FUD (Fear, Uncertainty, Doubt) campaign?

The story I am referring to is written by Ed Bott, in his Microsoft Report Blog on ZDNet. “Crying Wolf? Apple Support Confirms Malware Explosion,” is a well put together article. It references multiple sources, and does a good job of defensing his original post from May 2 about the possibility of more Mac Malware coming. The Mac Fanatics tend to disagree, and do so in a lot of unprofessional ways in the talkback section of the article. Heck a lot of the deny the current malware even exists.

Let us pose a simple question. If 1 million people get a disease one year, and 100 million get it the next year, would that be considered an outbreak? Most people would say so. 100 time more infections. Yet according to a supposed number (which I cannot verify), there were 2 mac infections last year, and the new malware has 200 infections. That is the same 100 times increase. That is still a significant rise in the number of infections. Is it the end of the world? No. Does it mean that Mac users are as gullible to social engineering as Windows users? Yes.

In fact, being a SMB Consultant, 95% of the virus infections I deal with on a daily basis are socially engineered. Through Facebook, ads, e-mails, doesn’t matter, the end user has to do something to get infected.

Mac has been known for its security. I remember a long time ago when Mac Servers were basically unhackable. Times have changed though. the last 3 PWN TO OWN conventions, Apple’s vaunted OS has fallen, and fallen fast (even when they have patched right before the competition). In 2009, it was reported about the first Mac Zombie Botnet was active. Let see, to become a zombie on a botnet they have to hack your machine, and/or usually slip a rootkit and a trojan on it. That would be considered malware.

The evidence has shown that Mac isn’t as secure as it used to be. Its the way things are. Get over it and act like adults when debating things. I’ve had debates with Ed over his Microsoft slant in the past, but he does slam Microsoft a lot also. His blog is like this blog on more well known. Its news mixed with opinion. Take it or leave it, but as one talkback comment reminded people, the end of The Boy Who Cried Wolf finished with the wolf actually showing up and causing damage.

So as the malware war continues, I have found that the fake AV virus learned a new trick or two. The latest version I dealt with had a new rootkit in it that prevented combofix, malwarebytes and superantispyware from running. Of course it is not smart enough to stop those pieces of software from running if you change the name of their executables.

I suggest using combofix from bleepingcomputers.com first. Download it, rename the executable to comboxif.exe, and do not have it update. The autoupdate will have problems because of the infection. Just download the latest one available and run it.

Once combofix has run, all the other anti-malware programs should run without any issues or needing to rename them.

Back in March, Microsoft announced that Live One Care, a suite of security products, was going the way of the dinosaurs. Vendors such as Symantec and McAffe rejoiced that they didn’t have to go up against the 900 pound gorilla, and everything seemed to be fine with the world. Everything was back in its proper place.

That’s what you thought at least. In reality it has been leaked that Microsoft has been working on an AntiVirus program that will be free, and will be officially announced soon. Morro, as it is being called, is supposed to offer protection from viruses, spyware, trojans, and rootkits. It is also going to be free. Now it will supposedly only compete with software such as the low end offerings from the Major AV vendors, plus items such as the AVG free software out there. The real question is, how will this affect the AV companies, and is this going to be bundled with Windows 7.

Why bundle it with Windows 7? Well, the rumor is that it will be out of beta and on the market near the end of 2009. This puts it in the same time frame as the release of Windows 7 (Oct. 22, 2009). I figure it will come out as a High Priority Update a month after Windows 7 is launched, to try and circumvent the antitrust issues bundling Morro with Windows 7 would cause.

Try as the might though, if Microsoft ties Morro in anyway into Windows there will be antitrust allegations. Honestly, we have seen this sort of behaviour from Microsoft in the past, when it went head to head with Netscape back in the 90′s. Just look at all the lawsuits from that. The difference is that the AV/Security companies do have a lot more resources available to fight Microsoft in the courts.

My big question is this, why must a company such as Microsoft try to be everything? Can’t they learn to focus on the OS and other current offerings without getting into another software area? Add on that you can bet Morro will be heavily targeted by the underworld on the Internet, just because it is Microsoft.

This is something to keep your eyes on.

Just when you thought you could put Cornficker on the list of false alarms, like a bad penny it turns up. That is right, get ready for another media blitz about it.

As of right now, Cornficker is just communicating and transferring payloads between each other. Its also trying to contact sites such as AOL, MSN and the like. The reason on this is to double check time and date. It seems there is a May 3 kill date to stop communications this time, so to prevent you from being able to trick it, it checks on the net for date and time.

Other things now known about this nasty is that the new update is tied into the Waledac family of malware. This family is known for turning machines into bots and has a huge botnet that shoots spam all over the place. What other nasty stuff does Cornficker have in store for us, well we just shall have to wait and see.

As of now most Antivirus software should be able to remove the virus. My recommendation is to start of with the latest version of Malwarebytes to clean it off, since it is easy to download and install the latest version, plus it works real well.  Once you’ve cleaned your machine, make sure to patch Windows.