One of the most annoying things in both Windows Vista and Windows 7 is the inclusion of obsessive security policies. The one that has been bothering me quite a bit lately is a little prompt that is attached to programs that have been downloaded from the Internet.

To fix this on a per file basis, the process is fairly simple. Right click on the executable or package that displays the warning and at the bottom of the properties dialog you will see the following message: “This file came from another computer and might be blocked to help protect this computer”

Select “Unblock” and then click either OK or Apply. The message will no longer appear when you run this program. But what if you have multiple programs you need to unblock? Or in my case, dozens? Thankfully the solution is even more simple than clicking Unblock on multiple files.

Download Streams from Sysinternals then extract it and open a command prompt to wherever you extracted it. You can do this easily by holding down the shift key and then right clicking on the directory Streams is in, then select “Open Command Window Here”. Enter in the following command but alter it to meet your needs:

Streams  -s -d E:\Utilities

Streams will then go through the files and remove the security streams from these files and banish these annoying warnings. You can also use the group policy editor to disable this from happening altogether but if you are using a home version of Windows it does not come with it.

Charlie Miller, aka Safari Charlie, recently revealed the exploit code which allows an attacker to take complete control of any iPhone using a series of text messages which are not displayed on the receiving handset.

A two time winner of the MacBook in the annual Pwn2Own contest, Mr Miller informed Apple almost 2 months ago that he would be revealing his attack method at last week’s Black Hat security conference in Las Vegas. The attack, which uses several sequential SMS messages to invoke a memory overflow and execute the remote code contained in the messages, gives complete remote control of the phone including the ability to place phone calls, access the web, locate the owner via GPS, and possibly most disturbingly, the ability to control the camera and microphone remotely.

Apple was exceeding slow to respond, announcing just this past Friday that it has released a patch to protect it’s millions of users. The availability of the patch however, does not fully mitigate the threat as Apple does not push updates to its mobile handsets. By default iTunes only checks for updates once a week and once identified and downloaded, iTunes will automatically offer the optional update to users upon their next sync. Unfortunately this delayed deployment method coupled with allowing the update to be postponed  and the fact that many users delay installing updates due to time constraints or simply because they use the phone predominately untethered may mean that a large segment of iPhone users will remain unpatched for much longer than needed.

As we become ever more dependant upon mobile platforms, I firmly believe that we have already reached the point that updates should be pushed to subscribers instead of relying on users to seek out protection.  Failure to do so harkens back to the early days of Microsoft updates and disabled firewalls.

I fear that until mass quantities of mobile subscribers become compromised by similar types of attack, users will remain largely reliant upon security through obscurity (and the bliss of ignorance).  Unfortunately, the rapid growth of these platforms and the potential monetary gains such attacks offer seems destine to very quickly turn our mobile lifelines into just one more very large and pervasive attack surface for evildoers.

Head on over to Lavasoft and cast your vote today! If you neglect to vote, don’t complain when it looks like a third grader drew it in crayon.

Check It Out> Ad-Aware Skin Design Contest

Somehow I missed that BackTrack 4 is now in the “Pre-Release” stage as of June 19. Once I did realize that it was released I waited to post about it because their servers have been getting hammered so hard that it was almost impossible to download it. Now that their servers appear to be up and running (download speeds are at a lovely 60 KB a second) make sure you head on over and get your copy.

For those that don’t know BackTrack is a Linux distribution geared towards security auditing and exploitation.  As far as Linux distributions go it is at the top of my Must Have list. It is designed to be a supplemental operating system and as such is typically used in the “Live” format. Version 4 is now capable of being installed and used more heavily which can be very handy in a dual-boot situation.

As with any security tools there is a learning curve. The information and programs tend to be overwhelming with very little to help you sort out exactly what you need. The BackTrack team realizes this and is working on many resources to help you learn how to use the toolset. The first of these resources is a video that shows you how to setup BackTrack 4 and get started with it. The videos will soon be expanded to include using some of the applications and other advanced features.

The previous beta versions have been password protected and if you run into that, the default credentials are:

Username: root
Password: toor

Check It Out> Download BackTrack 4, Videos

What Microsoft actually did was help the Air Force secure their normal Windows XP by contributing to the Federal Desktop Core Configuration (FDCC).  The Federal Desktop Core Configuration (FDCC) is an OMB-mandated security configuration. The FDCC currently exists for Microsoft Windows Vista and XP operating system software.

Basically it is a government effort to define the best security settings.  As a result of the original Wired report many people expressed interest in obtaining a copy of the secure version of XP.  Thankfully as a result of this government effort, you can.  The security settings as well as Virtual Hard Drive files that you can modify according to your specific needs.

The original article could have cleared up a lot of this confusion if Microsoft had been more willing to communicate about it.  Thankfully a Microsoft employee took the initiative and got the truth out about this story.

Thanks for covering this topic, but unfortunately the reporter for the original article got a lot of the major facts, which you relied upon, wrong. For instance, there isn’t a special version of Windows for the Air Force. They use the same SKUs as everyone else. We didn’t deliver a special settings that only the Air Force can access. The Air Force asked us to help them to create a hardened gpos and images, which the AF could use as the standard image. We agreed to assist, as we do with any company that hires us to assist in setting their own security policy as implemented in Windows.

The work from the AF ended up morphing into the Federal Desktop Core Configuration (FDCC) recommendations maintained by NIST. There are differences, but they are essentially the same thing. NIST initially used even more secure settings in the hardening process (many of which have since been relaxed because of operational issues, and is now even closer to what the AF created).

Anyone can download the FDCC settings, documentation, and even complete images. I worked on the FDCC project for little over a year, and Aaron Margosis has been involved for many years, and continues to be involved. He offers all sorts of public knowledge and useful tools. Here, Aaron has written a couple of tools that anyone can use to apply FDCC settings to local group policy. It includes the source code, if anyone wants to customize them.

In the initial article, a lot of the other improvements, such as patching, came from the use of better tools (SCCM, etc.), and were not necessarily solely due to the changes in the base image (although that certainly didn’t hurt). So, it seems the author mixed up some of the different technology pushes and wrapped them up into a single story. He also seem to imply that this is something special and secret, but the truth is there is more openness with the FDCC program and the surrounding security outcomes than anything we’ve ever done before. Even better, there are huge agencies that have already gone first in trying to use these harden settings, and essentially been beta testers for the rest of the world. The FDCC settings may not be the best fit for every company, but it is a good model to compare against.

Let me know if you have any questions.

Roger A. Grimes, Security Architect, ACE Team, Microsoft

Check It Out> FDDC, Downloads, Bruce Schneier’s Blog via The Tech Herald

Malware is just an accepted part of today’s computing but it is getting more aggressive and is even targeting non-traditional areas such as routers and DSL modems.  Thankfully router manufactures are starting to catch up and update their security.

D-Link has announced that they are adding CAPTCHA‘s to their routers to try and help reduce the automated probing done by botnets in an attempt to find a router with the default Username and Passwords.  Thankfully this is being added to all firmware so even if you have an older D-Link you can get the new firmware and help protect your router.   The router models that will include this feature by default are DIR-615, DIR-625, DIR-628, DIR-655, DIR-825, DIR-855, DIR-685 and DGL-4500.

Check It Out> D-Link via Slashgear

Is XP Antivirus 2009 compatible with Vista?

I got a new computer running windows Vista but I already paid for XP antivirus 2009 on my old computer.Will I be able to transfer it to my new one or is only compatible with windows XP?

Additional Details
I have paid $50 for that program and I’m going to use it if I can.

Can you also give me the link to re download it because they didn’t send me a CD

please help me I google it but all I can find is remove instructions not the likn to download it. help I’m losing my $50

Best Answer – Chosen by Asker
Well,since you insist to use it,yes all trojan and viruses are compatible with all windows platforms.

Check It Out> Yahoo Answers

Apple yet again shows us why they are the current leader in the phone industry with a recent patent filing.  The patent is concerning a design feature that would allow a iPhone owner to set certain security thresholds which when met locks down the phone.  The phone could then phone home with it’s GPS location, notify the police or call center.

Whether or not the patent will ever become a reality it’s a good thing to see Apple is working on this.

Check It Out> Apple Insider

Apparently Internet Explorer 8 is exceptional at blocking malware sites. Out of 492 malware sites IE8 blocked 69% of them. You might be thinking that they still missed 40% of them but the next closest rival (Firefox) only blocked 30% of the sites.

The findings were released by NSS Labs an independent security company, but Microsoft sponsored the tests. IE8 RC1, Firefox 3.0.7, Safari 3, Chrome 1.0.154, Opera 9.64 and IE7 were all tested against the same 492 websites with IE8 coming out on top. The interesting thing to note is that they were still using a pre-release version of IE8 for their testing and the results could be better or worse depending on final changes made to the application.

This is good news for Microsoft and Internet Explorer but better security only works if you can actually convince people to use the browser. Since IE8′s release their market share has not exactly been what Microsoft had hoped for. After the initial release it has only grown to 2.64% (at it’s highest) usage including the beta install that is unable to be upgraded in the Windows 7 beta (about 1.3%).

It is hard to trust the results because it was sponsored by Microsoft but 39% better than the competition is hard to fake. Do you put faith in the results when it is paid for by the winner of the tests?

Check It Out> Computer World via ThreatPost

More and more companies are now using Twitter, some of which are good at it and others need some work.  One of the best groups of companies on Twitter to follow are Security and Anti-Malware companies.  When there is an outbreak they can help you to stay informed and get you the information to either stay uninfected or for how to clean the newest malware out there.

I have compiled this list after quite a bit of research and while I am sure I have found the bulk of AV/AS companies on Twitter I would appreciate others adding to it as well.  If you know of any that are missing from this list please leave their usernames in the coments section or send me a message @pfoty.

@AdAware – New account with only a Hello World post but expected to be very active soon.
@Atribune –  Has not been used  in 6+ months
@AviraAntivir –  Mostly software update information
@avgsecurity
@officialAVGnews – Almost all marketing information
@bitdefender – Very active and has excellent information
@CASecurity – Lightly used and mostly just CA related updates
@CiscoSecurity – Not just information about Cisco , includes a lot of security information.
@clamav – Only sends out updated deffinition information. Does not follow back.
@comodogroup
@DriveSentry – New account but off to a very good and active start
@Fortinet
@kaspersky – Relatively active account with lots of good information
@lavasoft – Marketing information and rarely used
@Malwarebytes – Protected and un-used but might be used in the future
@McAfeeAvertLabs – Active account deffinetly worth following
@McAfeeNews – McAfee related news updates
@Panda_Security – Very active account and has been around longer than most of the others
@PandaSecurityZA – South Africa branch of Panda but different content and less active
@PandaTechSup
@PCToolsDoctor – Not currently very active
@PCToolsSupport
@ScanSafe
@SophosLabs
@SPAMfighter – Extremely active account and is not exclusively about Spam
@SpybotSD
@Sunbelt_Support
@sunbeltsoftware
@symantecnews
@threatpost – Kaspersky site  feed
@TrendMicro – Relatively active account with good information
@webroot
@websenselabs
@WinPatrol

Many companies such as Symantec and Sunbelt have a lot of employees on Twitter that are very active but as of yet do not have the most active of corporate Twitter accounts.  I spoke with some employees of the companies on this list and most of them indicated that their companies Twitter accounts were going to be very active in the next couple of months but were waiting for resources to be dedicated to it.  This is good news especially when it comes to accounts like Lavasoft where the accounts are brand new with little to no content yet.

I have tried to limit this list just to actual security AV/AS companies but I will be adding another list this week of excellent people to follow in the malware industry.  Many of these people such as  @MalwareCity are websites dedicated to malware information and really offer a wealth of information for those seeking it.

As always if you would like to follow me on Twitter you can do so by going to @pfoty.  Following a lot of people on Twitter can be difficult but as someone who follows 700+ people I think the best way is with a program like Twirl.  It installs to your computer and makes it more like an instant messenger client rather than just a website.

UPDATE:: I have added Drive Sentry, ThreatExpert and PCToolsSupport to the list.  As people send me others I will continue to add them to the list so make sure you check back and get the updates.