Eric's Blog

ComputerWorld covers the latest report from ScanSafe, which claims PDF files were used in 80% of all exploits in Q4 2009.

Peter has a good write-up--with pictures--on us fixing the degausser.

So, a new breed of Malware is making rounds on-campus. It is very similar to other Fake A/V malware. "Security Tool" claims the machine is infected with nonexistent malware and is rather pushy in getting the user to part with their credit card number to remove the fake malware. Unfortunately, it installs just fine as a limited user, as it only installs to the Application Data directory. There are literally thousands of variants of this same malware out there, so A/V detection is going to be hit-or-miss. Malwarebytes seemed able to remove the infection just fine. Symantec Endpoint Protection has seemed to remove the malware after a few definition updates, so they're not keeping up with the polymorphic nature of the malware.

Besides trying to scam the user into buying worthless software (and possibly open the user to fraudulent credit card charges), I haven't identified any other malicious payload in the short time I've looked at it. However, that can change at any time and the malware could be waiting for a certain amount of time before conducting further malicious activities.

Below, you can see the additional tray icon and message displayed by "Security Tool." The red shield shown below is not the official Windows Security Center Service icon. My test machine had the Security Center Service disabled (it was not disabled by the malware, but by me). If the users actually had a red shield in their tray, they would then have two icons.

The following warning pops up constantly in the center of the screen.

Additional links to screenshots are provided below.

• Security Tool's main interface - Looks like a legitimate program
• Security Tool's fake list of results - None of the fake results were on the system
• Security Tool's order page - Notice it is full-screen to coerce users to buy impulsively.

Hooray! Adobe released an easy-to-use update for Adobe Reader. No integrating MSP files this time. As usual, this is an important update to get out as fast as possible. A write-up on the security issues can be found at US-CERT. It also looks like the Windows EXE and MSI downloads below do not have any additional stuff bundled with them (like Adobe Air). It appears that the Adobe Download manager used by the typical internet user is now in charge of installing extras. Additionally, mst transform files created for previous 9.x Adobe Reader installs appear to work perfectly on 9.2, so long as they were created by the Adobe Customization Wizard.

Adobe Reader Download Links:

Windows:

• Windows MSI Installer
• Windows EXE Installer

Keep in mind, the EXE installer is the installer that Adobe links to from their download page.

Mac:

• Intel Mac
• PowerPC Mac

Linux and Solaris:

• Directory listing of available downloads

Adobe Acrobat 9.2 Upgrade Download Links:

Windows:

• Windows MSP Updater

Mac:

• Mac Updater

Sometimes besides just having a large quarantine as far as MB is concerned, sometimes you also end up with a large quarantine as far as the number of files is concerned. I found this on a computer where the user was complaining of slow speeds. In this case, they were repeatedly visiting a website that was infected with malware and the quarantine grew huge as a result. 57,996 objects in the Quarantine folder! I simply deleted everything in this folder and all was well again. I'm not sure if the slow speeds were a result of the Symantec's handling of the large quarantine or because it kept finding this stuff on the system.

As a side tip, on machines that have been running for a while and may be filled with junk, CCleaner is a free utility that works quite well to clean up such machines. I ran CCleaner against the machine and also against the primary user's profile and then defragged the hard drive. The machine was much more responsive after this work.

Now that I've used it a bit longer I have found a few things that don't work anymore. Virtually all of my third-party screensavers no longer work. A quick google search finds that "Snow Leopard has broken all third-party screensavers." While I'm not upset by this at all, and it wouldn't have kept me from upgrading, I suspect a lot of screensavers will not be updated by their developers in a timely manner.

It also appears that 3rd party menu extras no longer work. I used OnMyCommand to add a few extra menu entries to files I commonly manipulate. I'm fully capable of going back to doing these tasks manually, it was just a handy timesaver.

Dropbox seemed to work fine, however, I read online that it had menu integration problems. Their experimental release fixes most issues and will become a mainstream update shortly.

I use Fluid for some sites. Gmail does not work under it if you're using GoogleGears, but everything else seems to work fine.

Truecrypt, my favorite encryption program, virtually does not work at all. I'll have to use the Windows version via Fusion for now.

I forgot to mention previously that rosetta is not installed by default, but it prompts to install on the first application that needs it if you forget.

To see if your favorite applications are Snow Leopard compatible, visit http://snowleopard.wikidot.com/.

So I decided I'd risk it and upgrade my iMac to Snow Leopard this morning. Overall things went very well, in fact, I'm struggling to find something that went wrong....even with all the crap I've done to this machine!

The only customizations it overwrote were a couple of things I expected it to. It overwrote my customized dock files and my custom logon wallpaper. This makes sense, since I overwrote official files to do so.

I was sure MacFuse and NTFS-3G would stop working, but no, they're going fine. I was sure I was going to have to rejoin my computer to our Active Directory server, but no, I logged in just fine with my AD account. I checked my Home Sync and Time Machine preferences; they were intact. All my applications seem to be fine. Although, I'll make sure to check for updates on some of the system-level utilities I've installed before I consider using them.

As for the new features in Mail, QuickTime, etc., I really don't care. I don't use those programs. I prefer Thunderbird and VLC.

There is one thing I dislike about 10.6. It now calculates free space in base 10. So you get a lot of "new" free space installing Snow Leopard. This is being touted as a "good thing." Evidently we've all given up on having the disk manufacturers use base 2 so we're just supposed to start switching to base 10. I do like consistency, but I think were headed in the wrong direction here. Oh well, on our next pop quiz, were going to test your knowledge of Gigabyte (GB), Gibibyte (GiB), and Gigabit (Gb).

The xkcd comic had a nice parody about this very conundrum.