Many agree Adobe has never responded to security vulnerabilities in their popular products quickly. Known vulnerabilities would take weeks and in some cases months before being addressed. Most recently in February Adobe confirmed a known vulnerability in their Acrobat PDF software and admitted the vulnerability is actively being used by hackers. Brad Arkin, Adobe’s director for product security and privacy mentions this event is what prompted a new security practice.

Adobe has started reviewing the code in Adobe Reader and Adobe Acrobat products and is identifying “at-risk areas” that will be addressed and ultimately re-written. “We’re going to broadly look at the whole application, but focus on at-risk areas, where we’ll do threat modeling, static code analysis and look for potential vulnerabilities,” said Arkin. “We’re going to do a lot more pro-active work,” he promised. “We want to shake loose vulnerabilities.”

Arkin promises a regular patching cycle and in fact will deliver patches the same day as Microsoft. Although their patch cycle is quarterly, not monthly, the patches will be delivered the second Tuesday of the month. This schedule has not officially started.  Arkin also mentioned JavaScript will not be disabled by default in future builds of Adobe Acrobat products.

More information on Adobe Acrobat’s new security initiative can be found on Adobe’s Asset blog.

Tags: acrobat, Adobe, microsoft, Patch, PDF, Security, Vulnerability, zero day

Author: Christopher

Fake Antivirus programs – also known as Rogue Security software – continue to plague PC users.  Last week, when Microsoft pushed out it’s weekly security patches, the Malicious Software Removal Tool targeted one particular file responsible for most of these extortionist programs, known as FakeSecSen.  Data released by Microsoft indicates that this malware was removed from over 990,000 computers.  Approximately 5 out of every 1000 PCs showed signs of infection.

FakeSecSen has gone by many names, including Vista Antivirus 2008, Windows Antivirus, XPert Antivirus, Power Antivirus, Antivirus 2009, and several variations of these terms.  These programs pretend to be anti-malware solutions, but in fact they do not really scan PCs, they report finding dozens or hundreds of infections which actually don’t exist, and prove extremely annoying until the users either pay the “upgrade” or “registration” fees or find a way to remove them.  Removal generally requires a genuine anti-malware utility or entails long, complicated manual steps involving registry entries, hidden files, and invisible processes.

Infection often occurs when users visit a compromised web site and click in pop-up windows offering a free security scan or free security software downloads.  Spam emails and even “drive-by” infections are also possible.

It’s nice that Microsoft has addressed this in their most recent patch release, but this is small consolation to those who become infected with this type of malware after last Tuesday, or those who have suffered for months before that.  A good computer / internet security suite such as those offered by Kaspersky Internet Security offer full protection against FakeSecSen and related malware.

Tags: malicious software, Malware, Patch, rogue security software

Author: Christopher

If you heard of maliciously rigged PDF files, then you probably have been waiting for Microsoft to patch this vulnerability that they originally blamed FireFox for back in July. Known attack vectors exist in these applications while used with Internet Explorer 7:

• Mozilla Firefox (2.0.0.5 and lower)
• Skype (3.5.0.238 and lower)
• Adobe Acrobat 8.1
• Miranda 0.7
• Netscape 7.1
• MIRC chat for windows

Back early in October, Microsoft released Security Advisory 943521 about the vulnerability and reports of remote code execution with the promise of a new patch. As of today, the patch is released as security bulletin MS07-061.

Windows XP & Windows 2003 Servers using Internet Explorer 7 should update as soon as possible to this patch.

Tags: microsoft, Patch

Author: Christopher