Kaspersky Lab Developing Its Own Operating System

Kaspersky Lab, of AntiVirus fame is apparently developing its own operating system:

We’re developing a secure operating system for protecting key information systems (industrial control systems (ICS)) used in industry/infrastructure. Quite a few rumors about this project have appeared already on the Internet, so I guess it’s time to lift the curtain (a little) on our secret project and let you know (a bit) about what’s really going on.

Sounds like a competitor for VxWorks and other embedded systems. More competition is good since this will cause other OS’s to strengthen to compete. There’s really nobody on the market other than OpenBSD that markets itself primarily as being secure.

How To Be More Secure With Your Data & Identity

It’s amazing how on a daily basis there’s a story about someone’s identity or data being stolen, personal info being misused, or just getting screwed via the Internet. Most of the time it’s due to a complete lack of standards regarding how people treat their digital property and identity. It’s the electronic equivalent of leaving your home and not locking the door. Anyone can come in and take what they want.
Continue reading

AVG Wastes Bandwidth

AVG really needs to fix their “LinkScanner” product. It essentially scans pages for links and pre-downloads them to check for malware. If that doesn’t sound so bad, then your obviously not paying for bandwidth or trying to keep your server load manageable. Essentially it means more traffic pegging servers and downloading pages, but most of it being a total waste.

This isn’t just bad for webmasters. This excess traffic hogs ISP’s (who now plan to charge by-the-byte) and WiFi. In a country where we are tight on bandwidth, this is really a pretty lousy implementation.

AVG even went so far as to use multiple user agents, all of which seem to spoof IE, making it more difficult to block.

The best way to block the bogus AVG traffic seem to be by looking for the Accept-Encoding HTTP header, which could be done using an Apache rewrite rule if you can’t do so on the firewall or load balancer level.

AVG really needs to reaccess this poorly designed product. It’s unnecessarily taxing the web.

Using Norton AntiVirus With POP3 Over SSL

I didn’t find this anywhere online, so I thought I’d post it. Norton AntiVirus up to and including 2007 doesn’t support POP3 over SSL. That’s a problem since sending mail without SSL is insecure, and sending mail over SSL with no virus scanning is also insecure. There is a fix.

Please note these directions, and intended to be a casual guide for experienced individuals. I’m not providing assistance or support.

Continue reading

Norton “Internet Worm Protection”

Norton AntiVirus has this strange omission I just can’t figure out. For some reason “Internet Worm Protection” won’t allow for creating a connection to a PPTP VPN. Not very helpful if you have to connect to one of the many VPN’s out there that use this protocol.

First a little primer on making a PPTP connection . You essentially need two ports open, 1723/TCP, and IP Protocol 47 (GRE). Ok, this is pretty basic stuff. We can do that ;). Well in the little wizard Norton provides, to create a rule you have the following choices for protocol: TCP, UDP, TCP/UDP, ICMP, ICMPv6, All (pointless). No way to select GRE.

So the only way I’ve found to connect to a PPTP VPN thus far is simply to disable either just Internet Worm Protection, or disable Norton AV.

It’s rather odd that something like this is not supported. A search on Google didn’t turn up an answer. Symantec’s tech support database didn’t turn up anything helpful either.

I would have expected something like this to function without a hitch. I’m very surprised to see this requires any intervention, and even more surprised to see that even with intervention there’s still no way to get it working.

Norton AV 2006 Update

I got Norton AntiVirus 2006 a few weeks ago, and decided today to update 3 systems from 2005 to 2006. It was free (after rebate) so a worthwhile update to keep those virus definitions fresh.

One computer had trouble uninstalling, the old version (2005) then installed fine. The next system had uninstall problems (but seemed to be a bit different), and failed to install on the first attempt. The third system is literally brand new so no problems (thankfully).

They used to have a “removal tool” online you could download. In the real world we call it uninstall and include it with software, but they don’t. Now instead of a download it’s ActiveX… just to make the situation suck slightly more.

I’ve pretty much had it with Symantec. This took 20X longer than it should have. You know your product has problems when a customer is unsatisfied with free.

The Apple Worm?

According to Norton AntiVirus, Apple’s own QuickTime.com website may be a threat to the safety of my (and your) computer. I was trying to view the M:i:III Trailer (link below in plain text, so you can think twice before clicking).

I’m not sure who is at fault. It’s either Apple with a contaminated server, or Norton who incorrectly pushed a bad Virus definition file out. Either way it’s a bad thing.

Apple Integer Overflow

Details: Attempted Intrusion “Apple Quicktime MOV Integer Overflow” against your machine was detected and blocked.
Intruder: movies.apple.com(62.153.251.222)(http(80)).
Risk Level: Medium.
Protocol: TCP.
Attacked IP: XXX(192.168.xxx.xxx).
Attacked Port: 2499.

The URL in question is (proceed with caution):

http://www.apple.com/trailers/paramount/missionimpossibleiii/large.html

Anyone want to take a guess who is at fault? This is with Norton 2005 with 3/15/2006 Definitions.

Edit [3/16/2006 10:36PM EST]: Changed title to accurately represent dialog trojan worm. Added Norton Version.
Edit [3/17/2006 10:58AM EST]: Symantec acknowleges a problem with AOL in it’s latest update.
Edit [3/19/2006 5:30PM EST]: An document about the vulnerability (no mention on this bug), and update documentation.

Symantec Live Update Fun

Had Norton SystemWorks 2002 for a while, then upgraded AntiVirus to 2004. Worked fine for quite some time. Recently I reformatted my hard drive and reinstalled this duo. Now I’m getting an error that I Subscription Client Update failed LU1812. I’ve got no clue why this is happening. Following Symantec’s instructions to completely uninstall and reinstall didn’t work, nor did updating Live Update or any other step they gave.

Live Update Error

Curious if anyone else out there ran across this, and if anyone resolved this problem.