beforeyoukillyourcomputer.com

It’s no secret that criminals are stealing credit card and bank account data and selling it underground. But most people would find it shocking to learn just how little their sensitive personal information costs.

Symantec on Thursday is launching its Norton Online Risk Calculator, a tool that people can use to see how much their online information is worth on the black market. The tool also offers a risk rating based on demographics, online activity, and estimated value of online information.

I tried the tool when I was initially briefed on it a few months ago and was surveyed about my gender and age range; online assets (including credit card and bank account data, brokerage accounts, e-mail accounts, and social network accounts) and an estimated value of all that information; whether I use security software; how cautious I am when online; and how much I think my information is worth.

Interesting but I was hoping it was actually going to do a computer scan to calculate what it could find instead of simply asking questions about browsing habits.

Full Story

One disturbing trend has been noted before: Organized criminal groups around the world are finding profit in phishing scams and “botnets” that surreptitiously take over PCs and steal credit card numbers or other personal information that can be used in various fraudulent schemes.

“We’ve seen the attackers evolve significantly, from amateurs and teenagers to dedicated groups that are much better directed and funded,” said Vincent Weafer, a Symantec vice president.

Those groups are adapting and exploiting new vulnerabilities as fast as the experts fix old ones, he added. While the security of operating systems and browsers is improving, Weafer said, hackers are turning their attention to weaknesses in applications or plug-ins, which are smaller programs that help deliver specific information or content on a Web site.

Hackers can exploit flaws in those programs to deliver malicious code or divert visitors to another server that is under the hackers’ control, he said.

“In the case of a popular, trusted site with high traffic, this can yield thousands of compromises from a single attack,” said the Symantec report. While the report did not cite any example of a major commercial site being compromised, it said Web sites operated by the United Nations and the British government were used last year to deliver malicious material to visitors without their knowledge.

Full Story/Source

Symantec and Microsoft announced Tuesday at the RSA Conference Europe 2007 that they will join the Software Assurance Forum for Excellence in Code (SafeCode), a not-for-profit organization aimed at increasing trust around IT. Other members include EMC, SAP and Juniper Networks.

Commenting on questions about the recent argument between his company and Microsoft over Vista application programming interfaces (APIs), Ilias Chantzos, Symantec’s government relations manager for EMEA, said that the two organizations would cooperate in SafeCode to benefit customers.

“We have a multifaced relationship with Microsoft, and we are keen to work with them. That will ultimately benefit our customers. I see this relationship as complementary rather than competitive,” Chantzos said.

Last year, security companies, including Symantec and McAfee, complained that Microsoft had locked them out of the Windows kernel. The security companies claimed that a kernel shield developed by Microsoft, called “PatchGuard” and intended to stop hackers attacking 64-bit versions of Vista, blocked their security products too.

Microsoft eventually agreed to provide security companies with access to the 64-bit APIs but didn’t actually provide access until two months after it had officially relented.

Microsoft had long maintained that a complete lock on the kernel would provide the best operating system security and stability, but it made concessions in response to antitrust concerns raised by officials in Europe and Korea.

Full Story

Every now and then I will come across an update that causes problems on a PC, from Outlook Express not being allowed to connect to losing Internet to losing the ability to use webmail but the problem the Chinese endured takes the cake so far.

“Symantec regrets any inconvenience caused to customers by the recent false positive incident affecting simplified Chinese versions of Windows XP and is pleased to offer affected customers a gesture of our goodwill,” Symantec said in a statement provided to Computerworld.

Symantec’s China syndrome started around 1 a.m. Beijing time on May 18, when it delivered a virus-signature update to customers running the Simplified Chinese edition of Windows XP Service Pack 2. The new signatures misidentified two critical Windows system files as a Trojan horse and quarantined them, stopping the machines cold if rebooted. Symantec learned of the problem around 9:30 a.m., reworked the update and re-released it at 2:30 p.m. Beijing time, but the fix was too late for many machines, which had been rebooted in the meantime.

The company blamed an automated threat-analysis system for creating the flawed update, which Chinese state-controlled media reported as having paralyzed thousands or even millions of PCs. Symantec, however, contested the higher-end figure. “Contrary to several news reports, we estimate that a maximum of 50,000 PCs were impacted,” the company said.

Users must run a validation process before qualifying for compensation, said Symantec, which urged users to register at a site specially set up to handle the requests. Registrations must be completed by July 15.

Source