Group items tagged

Malware writers seem to be targeting the Task Manager with increasing frequency. McAfee's Avert Labs wrote in its blog yesterday of the discovery of a new Trojan it dubbed QTaskMgr-1, which crawls into the registry and disables the Task Manager, Windows Update and Internet Explorer tool bars. Hitting Ctrl+Alt+Del will activate the Windows Security menu, but all functions including Change Password and Lock Computer are disabled.

In reviewing several security articles and blogs about malware characteristics and workarounds, I see a recurring piece of advice: Don't click on any popup or dialog window; instead use the Windows Task Manager to end offending processes. It's good advice, since malware writers-particularly those spreading scareware or bogus applications designed to trick computer users into buying useless security software-are gaming the dialog windows. Users are often presented with the typical option, such as "do you wish to proceed? Yes/No." Hitting either button or even the "X" window closing button will initiate a background process as if the user agreed. Using the Task Manager is the safe way of disabling these processes to allow the anti-virus software to scan and remove the offending code. Or so we think. Malware writers seem to be targeting the Task Manager with increasing frequency. McAfee's Avert Labs wrote in its blog yesterday of the discovery of a new Trojan it dubbed QTaskMgr-1, which crawls into the registry and disables the Task Manager, Windows Update and Internet Explorer tool bars. Hitting Ctrl+Alt+Del will activate the Windows Security menu, but all functions including Change Password and Lock Computer are disabled.

I'm also an advocate of third-party software that helps companies manage elevated accounts. I often run into Cyber-Ark's privilege identity manager solutions. It's pretty cool stuff and perfect for managing elevated accounts. Admin accounts can be locked into a digital vault, then protected by granular policies that enforce rules and checkout procedures in order for an elevated account to be used. One of my favorite features is the one-time-use passwords, where the password is changed for each user and occasion. You can also easily enable auditing of who used what accounts when.

I don't mean to pick on Nissan by any means but I am quite curious to know exactly what it takes to make an IT organization (or more explicitly, IT management) choose a blatantly inferior product over far more capable competing products for use in such a critical environment no matter how sweet the deal may seem.

Microsoft is finally getting serious about USB flash drive security. It recently disabled the AutoRun and AutoPlay features in Windows (all older versions plus Windows 7), meaning users will no longer have directory trees and execution options presented when they pop a flash drive into a PC. More significant, though, is Microsoft adding flash drive encryption to Windows 7. Through a few, albeit not so simple steps (see below), users can encrypt and manage the files on these small, portable storage devices.

Rapid7 has acquired Metasploit to bring the open-source project's database of reliable exploits to bear in Rapid7's vulnerability management and penetration testing offerings.

Upcoming 802.11n draft standards promise improvements like more consistent access, better signal quality, improved security, and smarter management