Get Smart about Business Spending
The Lose/Lose game warns players before they launch the application that they are likely to have files deleted.
(Credit: Lose/Lose)As part of his Master of Fine Arts thesis project, Zach Gage wrote a game to run on Macintosh computers that resembles Space Invaders but with a digital roulette twist--for every alien space ship the player destroys a random file on the computer is deleted.
"Lose/Lose is a video-game with real life consequences. Each alien in the game is created based on a random file on the player's computer. If the player kills the alien, the file it is based on is deleted. If the player's ship is destroyed, the application itself is deleted," the computer technology design major wrote on his Web site.
"At what point does our virtual data become as important to us as physical possessions? If we have reached that point already, what real objects do we value less than our data?" he asks.
On September 14, Gage posted his "Lose/Lose" game on his Web site and at the Experimental Gameplay Project, which links back to his site where he has a big warning in red: "KILLING ALIENS IN LOSE/LOSE WILL DELETE FILES ON YOUR HARDDRIVE PERMANENTLY." The application also displays a warning when it is launched.
This week, Symantec announced that it has flagged the application as malware, a Trojan it has dubbed OSX.Loosemaque. Sophos is calling it a Trojan too, OSX/LoseGame-A and Intego has named it OSX/LoserGame.
"We are concerned that somebody could take this and modify it in some way where users aren't aware of the consequences," Kevin Haley, director of product management at Symantec Security Response, said in an interview on Wednesday. "We want to make people aware of what's on their machine and they can make the decision on whether to run it or not."
Asked to comment on the stir his project was creating, Gage seemed amused.
"I'm kind of OK with it being labeled malware," he said in a phone interview. "I would categorize it as dangerous software, but not malware because it is dangerous if you use it in a certain manner. Whereas malware implies it was designed to be malicious...Calling it a Trojan is really blowing it out of proportion."
Trojan horses are programs, typically masquerading as a benign program or hidden in legitimate software, which provide an attacker unauthorized access to the system. However, Gage's program explicitly says what it does and what the consequences are.
In addition to exploring the nature of risk and reward with regard to war and the notion of how small wins distract from the larger picture, the game provokes discussion about the risks people take with technology every day, Gage said.
"We need to pay attention to how we behave on computers," he said.
Apparently, some people don't mind playing with fire. The list of high scorers on the game site shows more than 40 players, with the highest score having destroyed nearly 5,000 files, or aliens.
"I'm surprised anyone has played it," Gage said. "I'm shocked."
Asked to comment on any possible beneficial merits of the project, Symantec's Haley said: "I don't see the positive aspect of it, but I suppose if it's art we're not supposed to completely understand it."
Symantec created a video that shows how the game works. When an alien ship is destroyed (on the left) a corresponding file is deleted (on the right).
(Credit: Symantec)If you've ever gotten a pop-up message warning that your PC is infected, it could very well be an advertisement for rogue software that can do a lot of harm and absolutely no good.
Symantec has just issued a report saying that the company has "detected over 250 distinct rogue security software programs." These scams try to convince users that their machine is infected and offer software for purchase that will take care of the problem. But instead of removing security threats, it can create them by installing malicious code that can allow criminals to take over the victim's computer. In addition, a user who provides a credit card number to buy the software is not only out the cost of the software but has just provided credit card information to thieves who can misuse it or sell it to other thieves.
The "security software" often has a legitimate sounding name and may even quotes what appears to be a review from a legitimate source.
In a podcast interview, Symantec Security vice president Vince Weafer warns users not to respond to security messages that they view as pop-ups or on websites, especially if they look like a hard-sell. Instead, rely on legitimate security software. If you have any doubts, Symnatec and other legitimate security companies offer free scanners that can tell you if you have any infections. Also, Microsoft now offers its free Security Essentials that can detect and fix many security threats.
Listen now: Download today's podcast
Tuesday was the biggest Patch Tuesday ever as Microsoft released 13 bulletins for 34 vulnerabilities. But just because Microsoft issues patches, does that mean that users should apply them? Yes, says Ben Greenbaum, senior research manager for Symantec Security.
Greenbaum said that these patches impacted many Microsoft products, including Windows 7 that isn't even out yet.
Listen now: Download today's podcastSubscribe now: iTunes (audio) | RSS (audio)
Phishing attacks have been around for a while and you might think that most people are savvy enough to avoid them. But, as CNET's Elinor Mills discovered, even FBI Director Robert Mueller finds it hard to distinguish a rogue phishing site from a legitimate bank website.
Symantec Internet safety adviser, Marian Merritt
(Credit: Symantec)This week there have been two major phishing stories. One involved e-mail account names and passwords of Hotmail and Gmail users being compromised through a phishing attack and posted on a website. The other (which Mills also wrote about in the story linked above) involved the indictment of 100 people in the U.S. and Egypt and the arrest of 33 more people in the U.S. as part of the largest cyber crime investigation in the U.S.
After writing my blog post on how to avoid becoming a phishing victim, I got a call from Symantec with an invitation to speak with its Internet safety adviser and blogger, Marian Merritt. Without overly pushing her company's products (which actually can help people avoid phishing scams), she talked about the recent arrests, the problem in general and gave some of her own tips on how to avoid being a victim.
Listen now:
Download today's podcast
Subscribe now: iTunes (audio) | RSS (audio)
Symantec is betting heavily that program behavior is the future battlefront of security and is making a big push in its 2010 security program lineup with a behavioral engine called Quorum.
Take a tour of Norton Internet Security 2010 in this slideshow, and keep in mind that the look is very similar to Norton AntiVirus 2010. The biggest differences between the two include ancillary features, price, and the number of computers supported by one license.
It's no secret that criminals are stealing credit card and bank account data and selling it underground. But most people would find it shocking to learn just how little their sensitive personal information costs.
Symantec on Thursday is launching its Norton Online Risk Calculator, a tool that people can use to see how much their online information is worth on the black market. The tool also offers a risk rating based on demographics, online activity, and estimated value of online information.
I tried the tool when I was initially briefed on it a few months ago and was surveyed about my gender and age range; online assets (including credit card and bank account data, brokerage accounts, e-mail accounts, and social network accounts) and an estimated value of all that information; whether I use security software; how cautious I am when online; and how much I think my information is worth.
I use security software (and do my financial transactions mostly on a Mac at home), am fairly cautious while Web surfing, and didn't put a high dollar figure on the value of my digital information. My security risk turned out to be 37 percent, or medium, and the black market worth of my online assets was calculated to be $11.29. Those figures didn't change when I modified the gender, age, and estimated value of the data.
A recent Microsoft Research report concludes that stolen data offered for sale in underground IRC channels is difficult to monetize because of all the--get this--con artists there.
Regardless of whether the underground revenue figures are overblown, the data is being harvested, sometimes in huge batches, during data breaches at large payment processors, and there is a market for it.
It's discomfiting to think a criminal could pay as little as $11 to get access to my sensitive personal data for identity fraud purposes, while I could end up spending lots of energy and time--years even--reporting the crime, trying to fix my credit rating, and getting my life back to normal.
Symantec isn't trying to scare consumers with the Norton Online Risk Calculator, but to raise awareness of the risks, said Marian Merritt, Internet safety advocate at Symantec.
"We still find consumers who think using just antivirus is sufficient," she said.
Merritt recommends that people use security suites that offer antivirus, firewall, and intrusion detection and prevention software, as well as keep their operating system and browsers updated.
Symantec is betting heavily that program behavior is the future battlefront of security and is making a big push in its 2010 security program lineup with a behavioral engine called Quorum.
Debuting Wednesday, both the basic Norton AntiVirus 2010 and the more robust Norton Internet Security 2010 will use Quorum, which Symantec is calling an advanced security network based both on traditional malware signatures and on reputation for both files and software.
This screenshot is from the Norton Internet Security 2010 beta, though it's not expected to change drastically in the final version. This shows the Norton Insight screen.
(Credit: Screenshot by Seth Rosenblatt/CNET)The Quorum system uses the uniqueness of mutating malware against the threat itself, said Dan Nadir, director of product management for Norton AntiVirus and Norton Internet Security. Multiple variations of a single threat have become a potential risk to the efficacy of definition-based antivirus, so a system like Quorum--in which the unfamiliarity of a new threat becomes the tool by which the threat is neutralized--could drastically improve security programs.
Symantec noted that it hasn't abandoned last year's pledge to improve Norton's performance, and it is keeping the quick scan to about one minute. An in-progress scan conducted with the beta version used about 70MB of RAM, while the program used about 15.5 MB when idle. Symantec also exposes how much memory the program is using in the main pane. Symantec says that in the final version, Norton users should expect to see working memory usage at less than 10 MB, and that the "quick scan" should be completed in 64 seconds.
The Quorum technology is designed to expose system and threat-detection data, so users who want more than just "set-it-and-forget-it" information can customize Norton's responses. The Insight Network incorporates Quorum and uses statistical analysis of file attributes to judge the trustworthiness of a file. Norton Threat Insight provides information on detected threats, such as the URL of a threat. Norton System Insight uncovers system information and can be used to detect system slowdowns. Norton Download Insight uses Symantec's cloud data to determine the safety of a downloaded file before it runs.
The more robust Norton Internet Security includes new enterprise-level antispam algorithms, which Symantec says shouldn't require any "training" from users. These have been incorporated from Brightmail, a company that Symantec bought more than five years ago. Norton Internet Security also includes OnlineFamily.Norton, Symantec's new parental control system, and Norton SafeWeb, which is a search results and e-commerce rating component.
Norton Internet Security 2010 costs $69.99 for a three-PC license, and Norton AntiVirus 2010 is $39.99 for one computer.
This is the error message on the Norton support Web site after users reported that the patch failed to install properly.
(Credit: Symantec)Symantec is providing a fix for customers who got error messages after a patch deployment went awry for some Norton users, the company said on Tuesday.
The problem started last Wednesday when Symantec deployed patches for Norton AntiVirus 2009, Norton Internet Security 2009, and Norton 360 v3 via LiveUpdate. Some customers received error messages saying that there was a problem with the Symantec Service Framework.
The patch, which is supposed to communicate with the hardware to ensure that it is correctly installed, did not handle the response from the hardware properly after it was installed, a company spokeswoman said.
The problem affected a small number of users, or fewer than 1 percent, and most of the customers reporting a problem are using PCs that have been specially configured or customized and are not "out-of-the-box" PCs and "only after reboot," the spokeswoman said.
There were more than 630 messages on the Norton user forum about the topic, a number of which expressed frustration with Symantec and accused the company of not doing enough to keep customers informed about the problem.
"This is insane. I'm looking for other antivirus options now and will soon remove Norton from all three of my machines. Next I'm going to post a review on Epinions advising others to stay far away," wrote one user. "This is garbage and I've had more than enough."
Another user wrote: "Well I just used the Norton Removal Tool for likely the last time. When the browser window with the Norton reinstallation instructions popped up, I chuckled as I closed it out and navigated to a competitor site were I promptly downloaded another AV product."
The company first learned of the problem from posts to the forum last Wednesday and posted messages the next day saying it was investigating the problem. It then provided an official response on Friday saying the problem had been identified, according to the spokeswoman. The fix was posted on Symantec's knowledge base and the forum on Saturday, she said.
Symantec customers can visit this Symantec page to download the fix.
Symantec also set up a link on Tuesday through Microsoft WinQual to help users locate a fix and will make the fix available to customers automatically via LiveUpdate this week, according to the spokeswoman.
The problem comes less than six months after Symantec released a diagnostic patch for some of its older Norton products that did not identify its origin and thus triggered alerts on firewalls. The company blamed human error for the release of the unsigned patch, a program dubbed "PFST.exe."
Symantec is out with its "Dirtiest Web Sites of Summer 2009," which it's calling "the worst of the worst" when it comes to malware threats.
The security vendor says that "48 percent of the Dirtiest Web Sites are, well, dirty--sites that feature adult content." That means that more than half the sites cover a wide range of other categories including legal services, catering, figure skating, and electronics shopping, according to the report.
On average, sites on the dirtiest list have 18,000 threats per site, but 40 of the sites have in excess of 20,000 threats. One site that appears to offer restaurant catering services has 23,414 computer threats
"The number of web attacks is off the charts because it's the easiest path into a consumer's machine" said Gerry Egan, Symantec's director of security response.
The Web, said Egan "has become the primary delivery vehicle for malware." One method for infection is "drive by downloads," which can exploit a vulnerability in your browser or operating system by "leveraging little security holes" and injecting code into your machine simply by virtue of your visiting the site. Another route to infections is social engineering where someone tricks a user into installing a malicious application that can masquerade as a plug-in to play media or even a fake security program that claims to help you find and remove malware. Instead it installs malware on your machine.
There are a number of dastardly payloads associated with the type of malware delivered through these sites including turning your machine into a "spambot" that sends junk e-mail to other people. Such programs can also hijack your computer to be part of a "botnet" to carry out attacks on other systems such as the recent denial-of-service attack that brought down Twitter earlier this month.
Symantec has identified these dirty sites as part of the ongoing analysis it does for its Norton Safe Web product. Safe Web includes a free Web site that anyone can use to see if a site is known to have malware. In addition, Symantec's security products now come with a plug-ins that works with a browser to look over your shoulder while you're surfing or searching to warn you before visiting a site known to contain malware.
TrendMicro Internet Security has a feature that warns you if you are about to visit a site that "may put your security at risk" and McAfee offers a service called McAfee Site Advisor that includes a free plug-in for Firefox and Internet Explorer that warns you about potentially dangerous sites that show up in search results.
Podcast: Larry speaks with Symantec's director of security response, Gerry Egan (8:43)
Listen now: Download today's podcast
Phishing attacks rose 52 percent in July while spam as a percentage of all e-mail stayed about the same compared with the previous month, according to the latest reports from Symantec that tracked spam and phishing activity for the month.
The State of Spam (PDF) and State of Phishing (PDF) reports were released Thursday.
With some fluctuations, spam averaged around 89 percent of all e-mail in July, noted Symantec. That compares with about 90 percent for the month of June. There are distinct trends in certain types of junk mail. Image spam, which sneaks past filters by embedding spam in an image, accounted for 17 percent of all spam at one point in July. Health-related spam declined 17 percent, while 419 spam (often better known as Nigerian hoax spam) rose 3 percent.
Spammers continued to tap into people and events in the news to spread their junk, noted Symantec. Popular subject lines for spam in July included references to Michael Jackson's death ("Who killed Michael Jackson" and "Jackson is still alive: Proof") and to President Obama and health care ("Obama isn't helping; Let us give you cheap pills.")
With the release of the latest Harry Potter flick, Potter-related subject lines were hot among spammers. Symantec pointed to one health-related spam that talked about a Harry Potter e-book but included a URL to an online pharmacy.
Desperate to get past junk mail filters, spammers are often using seemingly innocuous subject lines typically found in a legitimate message, such as "Hi," or "Aloha," or "You have a new message."
Nigerian hoax, or 419, spam is as popular as ever, found Symantec. Symantec found that these spammers are now using Voice over Internet Protocol (VoIP) to create phony accounts on sites that offer VoIP services. They then send "friend" invitations to their victims hoping to lure them in with the promise of vast riches.
Among countries where spam originates, the U.S. is still top dog, accounting for 25 percent of global spam. Brazil, South Korea, and Turkey were also popular regions for spam production.
A spam report from McAfee released on July 29 found similar results to the Symantec report.
For July, around 63 percent of phishing URLs were created using phishing toolkits, a jump of 150 percent over June, said Symantec. These software toolkits automate the process of setting up a fake Web site so that even a novice criminal can pull off effective phishing attacks.
More phishers are also abusing legitimate SSL (Secure Sockets Layer) certificates on their phony sites, noted Symantec. Since the site displays the familiar SSL padlock icon, it provides the user with a false sense of security.
Free Web hosts have been an easy base of operations for phishers since they cost nothing and require little in technical skills to build a site. A total of 130 different Web-hosting companies served 2,402 phishing sites in July, reported Symantec. However, that level is down 14 percent month to month, due to more preventive measures on the part of Web hosts and the rise in the popularity of toolkits.
Among countries hosting phishing sites, again the U.S. took the lead with 29 percent of all phishing sites worldwide. China came in No. 2 with 9 percent.
