Technknowledge

Red means danger. And orange offers plenty of risk, too. (Click for a larger view of the map.)
(Credit: McAfee)

You may want to think twice if you hit a site with a .cm extension. That belongs to Cameroon, pegged by McAfee as the world's riskiest domain.

McAfee's third annual "Mapping the Mal Web" report, released Wednesday, looks at riskiest and safest domains across the globe. The small nation on the west coast of Africa reached the top spot this year with 36.7 percent of its sites posing a security risk. Because .cm is often a typo for .com, McAfee said, cybercrooks like to use that domain to set up typo-squatted sites to hit you with malware.

The generic and widely used .com domain itself isn't much safer, according to McAfee, jumping from ninth last year to second this year in riskiness, with 32.2 percent of its sites potentially hazardous to your PC's health.
(Credit: McAfee)

Romania (.ro) is tagged as the riskiest domain for malicious downloads, with 21 percent of its sites delivering payloads of viruses, spyware, and adware. The information (.info) domain is seen by McAfee as the most "spammy," with 17.2 percent of its sites generating junk mail.

On the positive side, the government (.gov) is the safest generic domain with essentially 0 percent risk, while Japan (.jp) proved the safest country domain with a rating of only 0.1 percent. Last year's riskiest domain, Hong Kong (.hk) dropped to 34th place with a risk rating of only 1.1 percent, which McAfee attributed to the country's aggressive steps to stop scam-related domain registrations.
(Credit: McAfee)

"This report underscores how quickly cybercriminals change tactics to lure in the most victims and avoid being caught. Last year, Hong Kong was the riskiest domain and this year it is dramatically safer," Mike Gallagher, chief technology officer for McAfee Labs, said in a statement. "Cybercriminals target regions where registering sites is cheap and convenient, and pose the least risk of being caught."

Overall, looking at 27 million Web sites and 104 top-level domains, McAfee found that 1.5 million sites, or 5.8 percent, were risky. That's up from 4.1 percent from the past two years, although the comparison is not direct since McAfee said it changed its rating methodology since then.

McAfee noted that cybercriminals who create domains to scam people prefer registrars with cheap prices, volume discounts, and hefty refund policies. Crooks also like registrars with a "no questions asked" policy and that act slowly or not at all when informed of malicious domains.

Antivirus software maker McAfee Inc. said Tuesday that it named eBay Inc.'s president of marketplaces, Lorrie Norrington, to its board.

Norrington, 49, has held her current post since July 2008. At eBay, she oversees the company's massive e-commerce platform, which has over 25 million sellers and 89 million active users.

Before that, she worked as head of eBay marketplaces operations.

Microsoft said Tuesday that its investigation has turned up no evidence that anything in its November security updates should be causing users to encounter a so-called "black screen of death."

"Microsoft has investigated reports that its November security updates made changes to permissions in the registry that that are resulting in system issues for some customers," Microsoft security response communications lead Christopher Budd said in a statement. "The company has found those reports to be inaccurate and our comprehensive investigation has shown that none of the recently released updates are related to the behavior described in the reports."

Microsoft said it was not contacted by British security firm Prevx before that company went public with its claims. Microsoft said it has reached out to them to let them know the results of its investigation.

The company said on Monday that it would look into the matter, but issued an update later in the day saying it could not verify any issues.

"Our support organization is also not seeing this as an issue," Budd said on Tuesday. "The claims also do not match any known issues that have been documented in the security bulletins or (knowledge base) articles.

Update, 3:15 p.m. PT: Prevx posted an updated blog saying that it has done additional testing.

"Having narrowed down a specific trigger for this condition we've done quite a bit of testing and re-testing on the recent Windows patches," the comapny said. "Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor."

The company also offered up a mea culpa to Redmond and said it also recommends users keep patching their systems promptly. "We apologize to Microsoft for any inconvenience our blog may have caused."

Microsoft Relevant Products/Services released its latest security Relevant Products/Services intelligence Relevant Products/Services report on Monday -- and the picture looks grim for enterprises. Enterprise worm infections rose nearly 100 percent in the first half of 2009 from the previous six months. In the same period, consumers continued to struggle with rogue software.

According to the Microsoft Security Intelligence Report (SIRv7), rogue security software remained the single largest threat category for the first half of 2009. Despite progress combating rogues, this is still a major issue for computer users. Also known as "scareware," rogue security software takes advantage of customers' desire to protect their computer from threats.

But there is good news for enterprises and consumers. The report highlights a significant decrease in Zlob Trojan infections, from 21.1 million at its peak in 2007 to 2.3 million in the first half of 2009. Microsoft is offering some security best practices to help PC users ward off threats.

"It's been said that knowledge is power -- and when it comes to security intelligence, a lack of accurate information can be detrimental to separating real threats from hype," said Vinny Gullotto, general manager of the Microsoft Malware Protection Center. "Microsoft is committed to providing not only security intelligence for our customers and the community, but also the most accurate and comprehensive view of the realities of the threat landscape."

Conficker Revisited

Ten years after the Melissa worm appeared and defined mass-mailing worms as a class of malicious threats, Microsoft reports Conficker is the top worm threat detected for the enterprise Relevant Products/Services. Conficker is not in the top 10 for consumers because home computers are more likely to have automatic updating enabled. Microsoft said these findings stress the need for enterprises to have a robust security-update management program in place.

With detections up 156 percent since the second half of 2008, the Taterf worm is an emerging threat. Taterf targets massively multiplayer online role-playing games. These attacks rely less on social engineering to spread, and more on access to unsecured file shares and removable storage Relevant Products/Services volumes. Microsoft said Taterf's growth underscores the need for organizations to develop guidelines for removable drives and evaluate how connections are made to outside machines.

Microsoft outlined four key security best practices: Understand the Microsoft security-update process and terminology, make sure all third-party applications are being updated regularly by the vendor, make sure a customer Relevant Products/Services's development team is using a software security assurance process, and, finally, put policies in place to help secure Relevant Products/Services all file shares and regulate the use of removable media.

The News of the World's royal editor, Clive Goodman, was jailed in January 2007 for hacking into the phones of palace officials, and his accomplice, private investigator Glenn Mulcaire, was also jailed for hacking into the messages, including some from Princes William and Harry. The Guardian claimed the practice was widespread.

Apple iPhone owners Down Under are reporting their jailbroken iPhones have been hit with a worm that hijacks their wallpaper, changing it to an image of 1980s pop star Rick Astley, and eats up their bandwidth Relevant Products/Services. Although the worm may have spread beyond Australia, there are no confirmed reports yet.

The hacker, who calls himself ikex, claims to have infected 100 iPhones with the malware. The true identity of ikex is 21-year-old Ashley Towns, who shows no public remorse about the hack.

SophosLabs is analyzing the worm's code, which suggests that at least four variants have been written. One of the attributes of the latest variant is that it tries to hide its presence by using a file path suggestive of the Cydia jailbreaking tool.

How the Hack Worked

Sophos said Towns was able to hack jailbroken iPhones if the users did not change the default password after installing SSH (Secure Shell). Installing the SSH server Relevant Products/Services turns the iPhone into a cell-phone modem using the data Relevant Products/Services connection. In order to avoid the hack, users would have needed to change their root password to something different than the default.

What makes this outbreak interesting is that it's the first virus to ever spread between iPhones in the wild, said Graham Cluley, a senior security Relevant Products/Services consultant at Sophos.

"In itself it's not the most dangerous piece of malware we've ever seen," Cluley said. "It breaks into jailbroken iPhones that have not been properly secured and changes the wallpaper to a picture of Rick Astley before finding other iPhones to infect."

The result, as Cluley explained it, is that affected users would need to take action to repair their iPhones from the unauthorized modifications, a nuisance that takes time.

The Cost of Jailbreaking

What's more, he explained, the worm's author will have cost each infected iPhone user all the bandwidth used by his malware -- remembering that even just trying to initiate TCP connections to computers which won't accept them wastes some data -- and his worm has some huge IP address ranges through which it tries to open connections.

"The bandwidth used by the worm will come out of users' monthly data quotes or -- depending on their payment plan -- out of excess data charges. Just imagine what a hit that would be if you were unknowingly roaming overseas whilst infected!" Cluley said.

But what he thinks makes this attack particularly dangerous is that the code for the worm is available for download from the Internet.

"Malicious hackers could take it and adapt it for more malevolent ends -- a new incarnation of the worm might not be constricted to infecting iPhones in Australia and might not announce its presence with a Rick Astley photograph," Cluley said. "Furthermore, it could silently steal information from compromised smartphones, opening the potential for real financial gain by the cybercriminals."

AVG 9.0 free antivirus protection has been announced on the heels of Microsoft's free Security Essentials, released last week. According to AVG, its new AVG 9.0 release, which will be available Oct. 15, is faster, safer, and easier to use than 8.5. While both AVG and Microsoft Security offer sophisticated protection, early reviews are mixed.

There are two sayings that conflict: "The best things in life are free" and "You get what you pay for." It remains to be seen which best describes newly released free security Relevant Products/Services offerings from Microsoft Relevant Products/Services and AVG, including the free version of AVG 9.0 release that was announced Monday, and Microsoft Security Essentials, which launched Sept. 29.

While it has long been possible to use virus protection Relevant Products/Services without spending a cent, the new releases suggest that the sophistication of free software is growing. The issue is whether the quality is there, as well.

Early Impressions

First, it's important to clarify that AVG and Microsoft offer paid versions of their anti-virus programs, as well as the free versions. The question is whether the free offerings are sufficient and for whom.

In terms of the new releases, industry contacts haven't had a chance to form too much of a reaction yet, but there are some early indications. Ben Howard, an IT Relevant Products/Services consultant for NSK, has used Microsoft Essentials since its release last week and has significant experience with AVG 8.5. He offers a mixed review of the Microsoft product.

"I haven't detected anything wrong," he says. "It seems to be running seamlessly and hasn't shut down or crashed. I did notice that the auto-update feature got five or six days out of date before I clicked on it to manually update."

It's clear that Howard wants to see a significant improvement between AVG 8.5 and 9.0 before advocating the upgrade. "I have used AVG 8.5 extensively," he said. "It is relatively painless for users. But from the administrator's point of view, it misses quite a few viruses. Just last week I uninstalled 8.5 for one of my clients and installed another product. I instantly found dozes of viruses that AVG missed."

G.F. Bryant, president and CEO of The Bryant Group, a consultancy in Wilmington, N.C., said his clients that are using AVG are doing well with it, and he doesn't advocate changing packages unless there is a specific problem or issue. Bryant says it's a bad idea to use free software, though that problem is ameliorated to a great extent because the companies involved are well known and respected.

Significant Enhancements

AVG 9.0 features significant enhancements to the company's family of free and paid security applications. AVG says the software features identity-theft protection created in partnership with Intersections Inc.

The software, according to the company, includes new scanning technology Relevant Products/Services, less-intrusive firewall Relevant Products/Services protection, and improvements in boot time and memory usage. The company says AVG 9.0 has tight integration between its Resident Shield, firewall and identity-protection elements.

Microsoft Security Essentials offers real-time protection. The idea is to query a dynamic signature service to identify threats even before they are included in daily signature downloads. The system also offers rootkit protection and reputation services, which is a means of separating legitimate from potentially dangerous software based on the track record of the source.

The company says Security Essentials offers lightweight design, CPU throttling to free up as much machine capacity as possible without compromising protection, idle-time scanning, smart caching, and active memory swapping. The software needs Windows Relevant Products/Services XP or later.

AVG Free provides the bare necessities when it comes to security, but that should be enough for savvy Windows users. You'll get a combined antivirus and antimalware engine, LinkScanner, and e-mail scanning. AVG Free 9 introduces a few new features, with improvements focused on performance, including claims of faster scan and boot times. One new feature is the Identity Theft Recovery Unit. Only for users in the United States, ITRU is a business partnership with Identity Guard which provides "consumer identity theft solutions," accessible only from the AVG toolbar in Firefox and Internet Explorer.

The interface is nearly unchanged from the last version, and generally it's easy to use. From the main window, though, you must double-click to get further information on any feature, whether virus scanning, LinkScanner settings, or updating. Streamlining this to one click would be helpful. A scheduling utility automates both scans and updates, while the upgrade ad at the screen's bottom can be easily hidden using the Hide Notification button. When starting a scan, a slider makes it easy to jump between Slow, Automatic, and Fast scans: the faster the scan, the less comprehensive it is, so users should take advantage of the scan optimization that is recommended during installation to speed up that first scan. A progress meter for regular scans would've been useful, though. Should a virus create serious problems, AVG creates a rescue disk to scan your computer in MS-DOS mode.

The LinkScanner feature protects you from third-party code exploits before they load in your browser and for ranking search results. Annoyingly, when you install its optional toolbar, it commandeers your new-tab page, decidedly inappropriate behavior. The program doesn't obviously tax your system when scanning or when running in the background, although CNET Labs determined that it will significantly slow down your system's boot time, and slightly delay shutting down. AVG also detected some image files as threats, when two other scans decided they weren't--we decided these were false positives. AVG might not be the fastest or the most effective free security option, but it still gets the job done and you're better off with it.

Free Wi-Fi while you're waiting for your flight? Sounds like a great way to save money, and kudos to Google for offering it at many U.S. airports during the holidays. Unfortunately, Google's generosity may also lure identity thieves and nefarious hackers to the nation's terminals to prey on clueless travelers.

Public hotspots, which by nature are open and unencrypted, are notoriously insecure. Information you transmit via laptop, smartphone, or gaming device may very well fall into the wrong hands. There are ways to stay safe, however. We asked Edgar Figueroa, executive director of industry trade group the Wi-Fi Alliance, for some hotspot safety tips. They are:

1) Configure your Wi-Fi device to not automatically connect to an open network without your approval. By doing so, you'll be aware when you're connecting to an open Wi-Fi hotspot. "Many devices either come out of the box or are later configured to automatically accept any available Wi-Fi connection," Figueroa says. Auto-configuration is most popular on handsets and some consumer electronics products like gaming devices.

2) If there's a storage device or another PC on your home network, you may have sharing enabled on the laptop you've brought to the airport. "When you're connecting to a public hotspot, make sure that you disable sharing," says Figueroa.

3) If you're conducting business or sharing sensitive information, it's best to use a virtual private network (VPN), which creates an encrypted, private link across a public network.

4) Use a personal firewall, either the one that came with your Mac or Windows PC, or a third-party app from a reputable security vendor like Symantec. Firewalls come with a range of configurations. "You can configure a firewall that is somewhat impermeable, and then there are times you can have it pretty open," Figueroa says. "At a minimum, you'll want to know when an incoming connection is attempting to gain access to your system."

5) Should you pay bills and shop online at a hotspot? Well, it's probably not the smartest idea. If you must, however, "it would be best to do these types of transactions over a VPN connection," Figueroa says. At the very least, use a hotspot that has WPA2 security. Not every public hotspot offers WPA2, though.

For more safety tips, check out the Wi-Fi Alliance's security page.

Contact Jeff Bertolucci via Twitter (@jbertolucci ) or at jbertolucci.blogspot.com

First introduced in beta in April, Panda Cloud Antivirus graduates to a stable, public release and signifies a major security vendor taking aim at the freeware competition--instead of the other way around. Cloud Antivirus was notable on its beta release for being one of the few security options available to users that contained most of its protections in the cloud. This allowed it to protect users while consuming significantly fewer resources than many competing programs.

Panda Cloud Antivirus 1.0 is notable as a free security solution for two reasons: Panda is a reputable security vendor, and the program achieves its goal of freeing up system resources. In a press release, Panda Security CEO Juan Santana described Cloud Antivirus as a game-changer. It's not clear quite yet that that's the case, but at the very least the program looks to fill a niche created by resource-conscious netbooks.

As light on resources as advertised, Cloud Antivirus offers strong reputation-based protection for those who want their security program out of sight and out of mind. A third-party efficacy evaluation wasn't available at the time of writing, but in empirical testing the program only used 9 MB of RAM while idle, and only 56 MB of RAM when scanning. Many other security programs will run scans at 150 MB of RAM or more.

Despite keeping most of its database in the cloud, Panda Security's Senior Research Advisor, Pedro Bustamante, noted during an interview in October that Cloud Antivirus isn't disabled just because the host computer is disconnected from the Internet. "Panda has an offline mode that uses a small cached copy of Collective Intelligence on your local drive, it's only the most recent threats on a real time wild list." Collective Intelligence is the name that Panda gave its cloud system when it was introduced in 2007.

When you open Cloud Antivirus, the main window lets you know whether you're safe or not with a big red or green icon. Cloud Antivirus works as other antivirus solutions do, offering a Quick Scan and a Custom scan for specific folder, files, and drives, but its ancillary features are exceptionally light. The Quick Scan took 13 minutes on my Windows 7 Lenovo T400 laptop.

Dragging an active Cloud Antivirus window, in Windows 7 at least, will turn it translucent.
(Credit: Screenshot by Seth Rosenblatt/CNET)

You can opt out of contributing anonymous data to the cloud, but that also opts you out of automatic threat management. There's a network connection proxy option should you need it, and a reporting feature that will show you what kind of threats have been detected and removed from your computer. You can filter the report by All, Last 24 hours, Last Week, or Last Month, and there's a Recycle Bin pane from which you can recover a false positive, should you need it. Unfortunately, the Recycle Bin is hidden behind an obnoxious "flipping" screen that cheesily rotates when you need to access it.

If you're familiar with the minimalist Microsoft Security Essentials, Cloud Antivirus is even simpler. I did notice some odd interface rendering around the minimize and close buttons in Windows XP, but not in Windows 7. There are other more serious concerns about the program. Most notably, it lacks a scheduler, and it removes user input from update functions. Scans are also limited: you can tell the program what to scan, but not what to look for, so forget about toggling heuristics or rootkits. Then again, the point of this kind of security is that it's all wrapped into one.

Keeping in mind its limited feature set, and that we don't have efficacy numbers at the time of reviewing, Panda Cloud Antivirus makes good security choice for those willing to take the plunge.

If your iPhone was recently "Rickrolled" by a worm that targets jailbroken iPhones, the following six steps will show you how to change the root password--used to connect to your device via a Unix software secure shell--to protect yourself in the future.

Before starting, you will need to have MobileTerminal installed from the Cydia store. Then:

1. Tap the MobileTerminal icon to open a terminal window.

2. Enter su and press return.

3. Enter the current default root user password alpine and press return.

4. Type passwd and press return.

5. Enter a new password and press return.

6. Enter the new password again and press return.

The root password is now changed, and your jailbroken iPhone or iPod Touch is now a bit more secure than it was before and less vulnerable to the first worm detected that targets the iPhone.