Enable FileVault disk encryption on portable macs.

Windows Defender, Microsoft’s anti-spyware application/utility has come out of beta and gone final. Windows Defender has a very simple frontend, and from our tests here on novcon, it has had only a very small performance impact. It should be used in tandem with an antivirus solution, as it only covers the adware/spyware of malicious logic, not the virus/worm code that is more targeted. If you are using a beta of Windows Defender, it is recommended that you upgrade as soon as possible since the last beta will expire soon, and you won’t have spyware coverage from it. Windows Defender is a free download from the Microsoft website, linked above.

IE7 has been released (requires XP SP2). It contains a number of security fixes and new features. You can see Microsoft’s site on IE 7 here.

Softpedia has posted an article on recent metrics from GFI that state that basically since no single AV vendor is 100% accurate at finding and destroying malicious logic, several engines are the way to go. It is an interesting read and poses a good question. Is it time for the rise of AV Mashups, multi-vendor, multi-engine suites?

The article can be read here.

In a semi-annual report, Symantec stated that there are no secure web broswers. The Internet Security Threat Report states that malware attacks no longer single-out Internet Explorer. There is a good writeup on betanews here, which also talks about the average patch time for each browser.

Usually I go to av-comparatives.org for AV news and info, but in the last few days I’ve found out about virus.gr. They have done a fantastic job of comparing over 50 products in a recent report.



To sum it up:

1. Kaspersky version 6.0.0.303 - 99.62%
2. Active Virus Shield by AOL version 6.0.0.299 - 99.62%
3. F-Secure 2006 version 6.12.90 - 96.86%
4. BitDefender Professional version 9 - 96.63%
5. CyberScrub version 1.0 - 95.98%
6. eScan version 8.0.671.1 - 95.82%
7. BitDefender freeware version 8.0.202 - 95.57%
8. BullGuard version 6.1 - 95.57%
9. AntiVir Premium version 7.01.01.02 - 95.45%

Other AV Info:

In the course of reading this, I found out that there is a free version of Bitdefender 8. It unfortunately does not contain a resident scanner, so you have to schedule scans. Still not a bad product if you don’t need a live scanner, or maybe as a second opinion on your system. More information is here.



Also, a service that we’ve integrated here is virustotal.com. This service allows you to submit a file to be scanned by a number of engines, then report back to you with the results. By default it will submit the file to the vendors as well, which means if they don’t catch it now, they can make new defs that can.

Apparently there's a lot of controversy about Browzar. Some say it' adware (or worse) pretending to be a security product, other say it's just a poor beta of a product that has potential. The maker of browzar has weighed in here.

To be fair, let's qualify our earlier statement that Browzar does not contain any security enhancements. The browser is supposed toremove all traces (cookies, temp files, etc) if browsing activity when you exit. That is the only purpose of using this application, so if you need that and it works then perhaps even theads could be forgiven.

But that's not the case. Even if it worked, it would just be deleting files that should have never been written, not even overwriting those files to ensure they can't be re-read. But users are seeing that it's not even doing a simple delete and leaving cookies behind that expose browsing sessions anyway.

In light of that, there's no valid reason to use Browzar, unless you like the skin. This is of course, at the moment. Perhaps they will fix the search limitation and use google like firefox does, and still get a commission, just not as direct and misleading as the way that overture is implemented now, which is the biggest complaint of the community at the moment, as exemplified here.

One thing I aim to accomplish with this site is to point out frauds that would otherwise pass as helpful utilities. One such fraud is a “browser” called Browzar. They claim to be a safe browser that leaves no trace of browsing sessions. The truth of the matter is that it isn’t a browser at all, but rather just a shell of IE, with no security enhancements at all. What it does do though is redirect all your searches through a fake search engine with nothing but links that they make money from when you click on.

For the article on Web2.0log, click here.

We have been tearing our hair out trying to secure a few Joomla based sites lately. Yesterday, Joomla announced version 1.0.11 with 26 security fixes. You can view the list of fixes here. Download the patch or full version here. Visit Joomla’s homepage here.

Given the huge amount of joomla exploits going on in the wild right now, this is a must. As I said, we’ve been having a terrible time with security in joomla. Every module, component, bot and theme has it’s own vulnerabilities and these 26 fixes are just for the core code.