Zero-day is often referred to as unknown, or recently discovered samples of malicious code or exploits that are not yet covered by antivirus or security companies, consequently, there is no antidote to it. Zero-day malware or attacks are most dangerous because they cannot be tackled with the use of signatures that identify such threats and help block them.

Any of the broad characteristics of a security system that centers on preempting a threat rather than removing it after the infection has ensued. Proactive Protection is the term often used interchangeably with technologies similar to HIPS when talking about blocking unauthorized activity or non-signature detection in antivirus programs that involves sample analysis for potential virus-like behavior.

1. Wal-Mart website hit by Flash hole
2. Firm fights virtual worms that steal
3. Bluetooth, IE to get critical Microsoft patches
4. Hackers hijack hacking tools website
5. Comcast Hijackers Say They Warned the Company First

You should never underestimate the value of using a password for your Windows user account. The absence of an active password not only makes it easier for unauthorized people to access your data but also renders your shared resources vulnerable to remote access. Unfortunately, according to some statistics, as many as 30% of PC users do not password-protect their accounts.

User account passwords can easily be set from the Control Panel. Go to the User Account menu, select the user account for which you wish to set up a password, and enter the password into the appropriate field. Two minutes of your time gives your data a lot of additional protection.

Exploits, also know as exploit code, are malicious commands that exploit software vulnerabilities. Developers are usually pretty quick to create patches for vulnerable code, and you should make sure that you apply all patches for applications and operating systems you use as soon as those patches become available. Once the patch is applied, the exploit can no longer be used against your system.

When a computer boots up, it goes through several steps. The first is hardware initialization through the BIOS (Basic Input/Output System), when the computer receives basic instructions about how its hardware should function and where the Operating System is located.

During this step, you can also set up a user password that can be used to prevent the computer from loading the OS until the correct password is supplied. The procedure for creating a user password varies from vendor to vendor, but generally one of the following keys will enable you to access the BIOS menu: Del, F2, or F12. Consult your computer’s user manual for how to access the BIOS and change the user password.

Protecting your computer at the BIOS level is a great idea for laptop users – it prevents unauthorized use of the machine when it is left unattended. BIOS passwords can be overridden with relative ease, but it will give a potential data thief pause for thought. Anything that makes theft more difficult may be a sufficient deterrent.

This month Alexey Belkin, Chief Software Architect for Agnitum, shares his brief view of Internet security and Windows Vista security-wise. Follow the interview to glean Alexey’s personal thoughts and predictions.

Q.: Alexey, the first question is: What type of malware or web-borne threats is the most dangerous, from your point of view? Our readers are curious as well.

A.: I think it’s ID theft. The most dangerous malware (viruses, spyware, etc.) a user’s PC can be infected with is the one that records users’ keyboard entries, including passwords, credit card numbers and personal messages, tracks the web-sites you visit and is capable of retrieving passwords or any personal data from other programs used for web surfing. Constant and consistently renewed modifications of malicious software, especially those targeting a small number of PCs, pose a serious threat to the traditional signature-based approach and create a risk of personal computers being infested for years!

The problem becomes even more severe as some antivirus vendors do not bother to supplement their bases of malware with the samples their removal methods can’t overcome. Sophisticated malware can be so well integrated within the system that traditional removal methods turn to be ineffective against it. As you might know, one of the key goals for Agnitum’s products is to ensure malware is blocked on the earliest stage possible (simultaneously with the system boot-up) and also to eradicate malware which has been integrated into the system in most sneaky ways.

Another alarming fact is the spreading of malware which inserts itself into autorun mechanisms of removable disks (carriers). Such nefarious programs infect memory cards for photo cameras, MP3-players and other portable devices defined by an operation system as “removable storage device”. The percentage of such virus samples is growing monthly, one of the reasons being a presumed harmlessness of, say, plugging a camera into a PC as well as the boom within manifold compact data storage devices.

As for mail worms, they expansion has been majorly diminished as a result of long-lived “beware of mail attachments” security propaganda. Most likely, the removable storages problem will share the same fare. The times of virus-infected floppies have passed and people have got used to the idea their flash drives are quite safe.

Q.: What do you think about the existing malware tests (such as AV Test, VirusBulletin, etc.), do they reveal the real picture of products’ quality? Up to what extent can we rely on these researchers?

A.: Such tests as those performed by VirusBulletin are, undoubtedly, of great interest. Even if we leave the VB100 brand behind, analyzing the number of detected malware samples is still a curious thing. For instance, the fact of slightly unequal malware propagation in different regions leads to certain “geographical” peculiarities. Besides, additional materials delivered to antivirus vendors such as comparative performance tests are important for us. It’s not unusual that security manufacturers make good use of this comparative data without loading their own testing resources, creating home-made (often very subjective) techniques or performing full-scale research.

Q.: Alexey, many of our readers ask whether they should use an antivirus or a firewall, or both. If we talk about signature-based and proactive protection approach, what are the advantages and disadvantages of these two?

A.: Reactive approach (antivirus technologies) remains one of the most important means of protection against malware, aiming to identify and remove nefarious programs. The improvement and development of antivirus technologies led to the quest for integrated security. But the need for proactive defense to prevent potential malware activity and zero-day threats has been equally or even more important.

With the supplement of proactive protection (which tracks potentially risky software and components interaction as well as suspicious attempts of changing key system settings) any PC becomes better safeguarded against malicious activity and capable of preventing infections at an early stage.

To sum up, proactive defense is a key element in any data protection strategy. By tracking unauthorized behavior, it can mitigate a PC’s sensibility to any threats – notwithstanding the existence of an updated signature base.

Q.: What role shall personal firewalls play within internet security in the epoch of integrated solutions?

A.: The position of a personal firewall is at the first line of defense within the integrated solution. It seems to be the only option nowadays.

Q.: Do you think separate antivirus and firewall solutions should still be in demand and well maintained, or security suites will force them out of the market completely.

A.: There’s no doubt that security suites will hold the leading position on the market. However, standalone solutions will still be in place, the same as you may see plenty of hardware components in retail while out-of-the box laptops and desktop are abundant.

Q.: I’ve got a question concerning Vista security. This issue had been discussed even before the OS’s release and experts revealed plenty of vulnerabilities that had to be consistently patched. Now it’s been more than a year that Vista is on the market. How would you rate Microsoft’s efforts to increase the system’s security? Does it make sense to deploy Vista without third-party security software running?

A.: When just released Vista contained significantly fewer vulnerabilities than its predecessors. Many security problems can be solved with the aid of UAC (User Account Control), but it looks complicated and few users are ready to work with it. Lots of work has been carried out on the Microsoft side but still Windows is the system that wants third-party security components.

Q.: There’s an opinion that Vista’s high vulnerability that at first caused negative reaction is a relative showing. As this OS is very popular and has dominative ambitions, it attracts more hackers’ attention. Whereas less popular OS’s seem to be more secure because cybercrooks are less interested in them. What do you think about it? What OS is the least vulnerable?

A.: I completely agree with this opinion. The more popular a program is the better target it is for cybercrooks. At the same time “marginal” systems provide less transparency and their vulnerabilities are not so well-known. An exotic OS is always more “secure”. Answering the question “What’s more secure – Vista or XP?” we have to admit: it’s Vista.

Q.: What was the influence of Windows Vista Service Pack 1 launch – on the OS and on overall security?

A.: Service Pack 1 for Vista can really influence Internet security. Not for the reason of its new protection capabilities, but because many users who have anticipated this launch will finally start migrating to Vista. If you take a look at the recent “When are you moving to Vista?” surveys, you’ll realize one of the most popular answers among tech-savvy users has been “After the release of Service Pack1”. Finally it’s unveiled and we can expect more and more advanced users to turn to the latest Microsoft’s OS. The changes in Vista will prove to be fruitful later, when software developers will realize the erstwhile privileges of their programs can be significantly limited and will start to design the software accordingly. And also: when users will work in restricted regimes more often. Unfortunately, software developers hardly ever consider “The Principle of Least Privilege”, whereas the prevalence of Vista will force them to do so and take privilege issues into account. Since it’s no secret that working under a restricted account with limited rights helps avoid a good deal of modern Internet threats.

Q.: Thank you, Alexey! Don’t hesitate to let us know when you have new thoughts and observations to share.

A.: Sure, with pleasure!

1. Facebook poked by XSS flaw
2. Vista’s UAC spots rootkits, tests find
3. How to protect your personal cyberspace
4. Take the ID Safety Quiz
5. Work for a Big Company? Odds Are Good Your Boss is Reading Your E-Mail: Study

After a security researcher has found a vulnerability in a company’s software, he/she may opt to corroborate his findings by creating a proof-of-concept code. This code proves that the underlying vulnerability could be exploited and used with malicious intent. In a preponderance of cases, the POC is not hostile and serves only to encourage the vendor to quickly mitigate the risk by releasing a patch.

As vulnerable or explicitly malicious scripts (for instance, JavaScript or ActiveX) represent the primary attack vector for distributing malware and stealing confidentia information, it makes sense to restrict the execution of scripts on untrusted sites to protect you from drive-by threats.

For Firefox users, there is a quick resolution – the NoScript add-on that is available as a free Firefox extension. By default, it will block scripts on any site that you visit, so you get automatic, preemptive protection. This blocking will render some sites barely usable (for example, YouTube videos will no longer start), so you will need to unblock trusted sites to allow the execution of scripts on them. This can easily be done on the fly right from the Firefox interface, which shows the NoScript toolbar with per-site blocking options.

To keep Internet Explorer users safe, Outpost Firewall Pro or Outpost Security Suite Pro offers similar functionality – to restrict the execution of scripts globally, and then to specify exclusions for trusted sites that are allowed to run scripts. The settings that you configure with Outpost will apply to any web browser; you can also extend this functionality to your email client, which may also be vulnerable.