Your Daily Computer Security Tips

Mozilla, publisher of Firefox, has issued five security fixes for the browser, two of which are critical. The update brings us to version 3.0.2. If you are still using the earlier version, you will upgrade to version 2.0.0.17.

There is no sign that these vulnerabilities are being exploited yet by the hackers. But you should nevertheless update your Firefox now.

You may recall that last June 18 was Download Day, when Mozilla tried to set a new mark for most downloads (of Firefox 3) in a single day. The Guinness World Records people have now confirmed it as 8,002,530 downloads in the first 24 hours, so that’s the new record.

Still on the subject of browsers, Consumer Reports is advising users to ditch Apple’s Safari browser for PCs and Macs, until it gets better anti-phishing protection.

The consumer watchdog goes on to say that “thinking your Mac shields you from all risks” is one of the seven biggest online blunders you can make. It suggests you switch to Firefox or Opera.

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Here’s something I mention from time to time. You know you have to keep all your security programs up to date including Windows, right? But what about all your other stuff? It can be a real chore keeping your programs and applications up to date.

Why is it important to keep your software updated? Because flaws and vulnerabilities are regularly found in our popular programs, and these must be patched. Otherwise, they could provide a pathway for attack by the hackers and scammers.

It is easy to accomplish this seemingly boring task. Just go to the new, improved, very tasty and very free Secunia Software Inspector, and let it do all the hard work for you.

It will scan your system, and give you a report of which programs need updating. It will even provide a link to that program’s update service.

Click here http://secunia.com/vulnerability_scanning/online/ Click Start Scanner. Check the box marked “Enable thorough system inspection” and click Start.

If you lose the Secunia page somewhere in the update process, just go back and run the scan again.

Last week I told you about that iTunes/Quicktime update from Apple. It upgrades you to version 8.0 of iTunes. However, it turns out that it is causing problems for you Vista owners.

A faulty driver seems to be the problem. If you connect your iPod or even a iPhone for that matter, Vista crashes and you get the dreaded Blue Screen of Death (BSOD). So Apple removed the driver and put back an older one.

Here’s how to fix the problem: Go to Vista’s “Uninstall a Program”. Delete the “Apple Mobile Device Support” driver and iTunes itself. Restart your computer. Download and install the whole package again (I know, it’s a pain!)

If you need the link, here it is: http://www.apple.com/itunes/download

The new version is also called 8.0 unfortunately. Make sure you get the latest release from the download site.

Apple has released a new version of iTunes. To get it, launch the program. You may see a box advising you of the update to version 8.0. Click Download iTunes to begin the update.

If you do not see that box, click Help, Check for Updates. The iTunes and QuickTime update should be about 75MB. If it is less, shut everything down and begin again. If you are not interested in Apple’s Safari browser, uncheck the appropriate box.

The download and install will take up to 20 minutes, or longer over a dialup connection. You will have to restart your computer afterwards. The new version is supposed to improve iTunes security and stability, according to Apple. Seems to me they say that every time (sigh).

Yesterday Microsoft released four critical patches, or fixes, that affect a wide variety of operating systems and office software, as well as Windows Media Player and Internet Explorer. There is pretty much something for everyone!

The flaws could allow the dreaded remote code execution, meaning a hacker could easily seize control of your computer.

Five of the bugs affect the very core, or heart of Windows. Go to the Windows or Microsoft Update site and see if there is anything there for you. Or check that your computer updated itself automatically.

Remember that the hackers and crooks immediately examine these fixes. They try to reverse engineer them to discover the underlying flaw that they repair. Then they craft malicious code to attack unpatched PCs. Don’t let yours be one of them. Update now.

By the way, if you have a Mac, don’t be sad because you have been left out of all the “fun”. You haven’t. Apple recently issued a whole bunch of security updates for you. So start patching!

Last week I told you about that new Google browser called Chrome, and then about several flaws that were quickly found in it. One bug was a buffer overflow that occurs if you save a Web page with a long title. The hacker could then seize control of your PC and run his own code on your machine.

Another vulnerability stemmed from Google’s use of an older version of Webkit to build the browser. Google has now released fixes for these flaws.

To get them, click the wrench icon in the upper right of the browser. Click “About Google Chrome”. Chrome will look for the updates, and download and install them.

Google worked on Chrome for two years, and has been using it as its in-house browser for a while. Still, it is considered a Beta or test version.

Next week, Sept. 9 is Patch Tuesday, when Microsoft releases fixes and updates to its software. Four critical fixes for several software packages are going to be released.

All four updates repair flaws that could allow remote code execution. That’s a polite way of saying a hacker could take over your machine and run his own programs on it, with you none the wiser. Programs such as sending out a flood of spam to other computers.

The software affected includes Windows Media Player 11, Vista, XP, Office and Works, among others.

Starting next month, Microsoft will begin giving security companies advance notice and access to these updates. This is because hackers jump on these patches as soon as they come out, to try and reverse engineer them and see what the underlying flaw is, that was fixed. Then they prepare exploits to attack unpatched computers.

This is one more reason to make sure your PC is updated next Tuesday, either automatically or manually.

If you are using the AVG 8.0 antivirus program, you may be having problems downloading that big program update that became available a day or two ago. This update alone is up to 4.5MB in size.

There appears to be a problem with AVG’s servers or the update itself. Many of you will not be able to download and install it. Keep trying. In the meantime, make sure you are getting the Detection Rules updates. These continue to work fine.

You will eventually succeed in getting the program update. As it installs, you may see contradictory messages, telling you that the connection failed and the update was finished successfully. All will work itself out in the end.

If you use the Firefox browser, you can update to Version 3.0.1 now. Some of your plugins and extensions may not work after the upgrade. Firefox will tell you which these are, and you can decide if you want to go ahead with the update.

Launch Firefox and click Help, Check for Updates. If you don’t have the Firefox browser and would like to try it, go to http://www.mozilla.com/ You will get the latest version, 3.0.1 at that site.

Firefox is reputed to be safer than Internet Explorer (IE). There are two main reasons for this. First, Firefox is not part of Windows, as is IE. So if the Firefox browser is compromised, the attacker will not necessarily get access to your Windows. Second, Firefox does not accept ActiveX controls, which have caused a lot of security headaches for IE and Windows.

Firefox is also faster. Speaking of which, Mozilla, publisher of Firefox, is working on the next version, labeled 3.1, for a release late this year or early next. This upcoming version will have a new JavaScript engine called TraceMonkey.

JavaScript is a scripting language that controls other software applications. It is often used in Web sites to enable access to “mini-programs” or objects embedded in other applications.

In tests, TraceMonkey showed a speed increase of almost 40 times over Firefox 3.0. It is supposedly twice as fast as Apple’s upcoming new release of its Safari browser.

While we’re on the subject of Firefox, Carnegie-Mellon University researchers have produced a free add-on to boost the browser’s security. It is designed to protect you against that recently-discovered DNS flaw, and against problems with digital certificates.

It also defends against man-in-the-middle attacks at wireless hot spots. This occurs when you try to access a public Wi-Fi connection, but get tricked into connecting to a hacker’s computer instead.

The security extension is called Perspectives, and you can get it here:
http://www.cs.cmu.edu/~perspectives/firefox.html

In the last six months, Microsoft has released service packs for the Vista and XP operating systems. So how are they doing? Are people installing them? Both updates had a somewhat rocky start.

But eventually, Vista users were fairly diligent in downloading and installing their Service Pack 1. According to one survey of a community network, 86% of its Vista computers now have SP1.

Meanwhile, only 47% of XP users had updated their PCs with SP3 by the end of last month. There may be several reasons for this gaping difference, not the least of which is the many troubles XP SP3 caused. For example, it caused endless reboots on computers equipped with AMD processors, or on HP machines.

Also, Microsoft promoted and publicized Vista’s update, but not the XP service pack. Vista was fairly new at the time, with many unhappy users who hoped the update would improve their computing experience. This imbalance may soon change, however. Microsoft plans to push out the XP update automatically from its Windows Update service.

Whichever operating system you have, you should now have the appropriate service pack. If not, go to the Windows or Microsoft Update page and get it. You may not notice much difference afterwards, but your computer will be a bit more stable and secure.

Syd Tash is a longtime computer security consultant and author, and founder of The SaferSurfing Project. Keep yourself safe online. Become a SaferSurfer now, and do your part for a better, more secure Internet. Find out how you do it right here:
=> http://SaferSurfingProject.com

You may include these Tips in your Web sites and publications provided they remain unchanged and include the above paragraph, with the author’s name and Web site. You can also get a direct URL to this post. Click the title, then copy the URL in the browser address bar.