GoodGuy
Posts: 1506
Joined: 5/17/2006 From: Cologne, Germany Status: offline
|
quote:
ORIGINAL: berndn The problem is not which AV solution you prefer. It's about the security stuff itself. The adobe security hole was known for some time. You had to rename a dll until weeks later Adobe had fixed it for the major versions. Still I see lot of people with Reader 5/6/7 which are not updated The problem is, that the Acrobat Reader is being launched in the background (every user should check the task manager once in a while, to check for suspicious processes, the TM won't show each and every task though, so an external task monitor/scanner is quite useful) and then used to either execute code (e.g. change registry entries) or pull/inject malware from the net. Software firewalls may not detect the transfer as the reader needs an open http connection to read online documents, so it's easy to hide within its http traffic or a browser's http traffic, and - in addition - virus tunneling may fool anti-virus software. In general, a good way to avoid risks is to replace standard/well-known tools with alternative software. Examples: - Replace Acrobat/Adobe Reader with Foxit Reader.
Foxit has a Java Script Console, so just make sure you disable java script in the preferences. Remove Adobe Reader from your system. - Replace tools like Quicktime or RealPlayer with alternative plugins or tools. The neat side effect here is that QT's/RP's update/monitor processes won't load with windows anymore. (You might want to make sure to rename or delete files like QT.exe and other remaining files manually though, as registry entries may try to reinstall update routines on next boot).
Just an example: quote:
ORIGINAL: Microsoft Bulletin from May 2009 ("Null Byte overwrite vulnerability") "Microsoft is warning against a critical security hole in DirectShow which allows attackers to control the affected system in case the user opened a specially made Quicktime media file." It's relatively easy to prepare quicktime and .ASX video (afaik) files to exploit security holes. Don't be fearful, but be suspicious/careful regarding the source of a given media file. Use tools like VideoLAN or similar stuff to play video files. If Windows' media player asks you to download/install a new codec in order to view the video, be suspicious as there are malware codecs floating around. Other ways to reduce potential risks: My 2 cents.
< Message edited by GoodGuy -- 9/12/2009 6:43:14 PM >
_____________________________
"Aw Nuts" General Anthony McAuliffe December 22nd, 1944 Bastogne --- "I've always felt that the AA (Alied Assault engine) had the potential to be [....] big." Tim Stone 8th of August, 2006
|