Avira made an announcement a few days ago where they addressed that problem somewhat. They mention that they have realized that “users of the free Avira AntiVir Personal had issues fetching the Updates in time recently”. This is not exactly the same issue but it could very well be related.

Avira therefor decided to implement the following two changes: Change the virus definition file format and use a content distribution network.

First, we switch from our current virus definition files (called iVDF) to a new format called nVDF. iVDF consists of 4 VDF files, while nVDF uses at least 32 files – we need to transfer less data for updating our virus definitions effectively in the future.

This means that we need to deliver about 25 MByte to every Avira installation starting today for switching to the new update system. This might lead to some delays for some users, especially for the users of our free version Avira AntiVir Personal. Just to get an idea about what we’re talking here: More than 100.000.000 Users are trying to get the update more or less on the same day. That is more than 2.5 Petabytes (or 2,500 Terabytes) of traffic.

The previous format used four files that contained all the virus definitions of the program. The new format splits those virus definitions in at least eight times that number so that it will take less data transfers to update the virus definition files (it theoretically could slow down as well if a majority of the files need to be updated as this would mean that more files need to be transferred than in the old update system, but that’s just speculation as there are no technical information available about the process at this point).

To ease the bandwidth bottleneck, we decided to additionally use a Content Delivery Network (CDN). We were first testing a CDN built up by our current Internet service provider. Shortly after activating the CDN, the redirectors – which redirect the update requests to servers close to the users location – were overloaded and couldn’t answer the requests anymore. The situation was solved a little later on, but the CDN isn’t big enough yet to spread this huge update in time. So we decided to switch to a global player in the CDN market to deliver the update.

The second change is the use of a content delivery network. Avira is building up their own CDN but had to contract a global CDN company to spread the massive update to all Avira users. It is likely that they intend to switch to their own CDN at a later time.

It does sound like a good plan though although the massive data transfer to bring the update to all Avira users could prove to be quite a challenge. Did anyone already receive the update?

Related posts

• Test Avira AntiVir PersonalEdition Premium for 6 months (10)
• Avira Antivir Update Hangs [Fix] (14)
• Another Antivir free premium promotion (2)
• Windows Registry Watcher (5)
• Windows Defender (11)

When someone puts a file up on a server for download, how does the host or the end-user know, for sure, the file they are about to download (or are serving up) is the valid file? What if someone hacked into the server and replaced the file with a bogus file that contained malicious code? It’s happened before and it will happen again. Fortunately there is a way to avoid downloading invalid files – checking the md5 hash. The only problem is that this method only works if the host and user knows how to use md5 tools. In this tutorial you will learn how to add an md5 checksum to a file and how to run a check on a file you have downloaded.

What is md5 and checksum?

Before we continue with the actual steps, you might benefit from knowing exactly how the process of checksumming works. MD5 stands for Message Digest algorithm 5, which is a cryptographic 128 bit hash function and serves as a “fingerprint” for a digital file. A checksum is a fixed-size datum that is computed from a block of data. When it is crucial for a piece of data (such as a download) to be valid, the datum is compared to the original block the datum was computed from to check for a match. When an md5 checksum matches, the user/host can be certain the file is valid. When the md5 checksum does not match, a red flag should immediately go up and the original block of data should be discarded. If a file changes by so much as a byte, the checksum will fail.

For most users these tasks are handled from the command line. There are GUI tools available (such as GtkHASH) that can tackle the same tasks. But for the purposes of this tutorial we will stick with the command line tool.

Creating an md5 sum

For those who plan on hosting files for download, you will want to know how to create an md5 sum. This is very simple. Open up a terminal and change to the directory holding the file you want to work with. Say, for example, you want to create an md5 on the file /var/www/files/download.tgz. To do this you would change to the /var/www/files directory and issue the following command:

md5 download.tgz

The above command will output something like:

Related posts

• Verify the integrity and authenticity of files (5)
• Verify File Integrity Of Backups (4)
• Theoretical Cryptography Part I – MD5 (8)
• How To Download Files From The Internet The Secure Way (9)
• ClickCrypt 2.6 (0)

Pandalabs did release in depth details about a Facebook hacking scam as well. They discovered a website which claimed to hack any Facebook account for $100 payable through Western Union. A user who wants a Facebook account hacked has to register at the website. The Facebook Id of the account that the user wants hacked needs to be entered into the form on the website. A script will then pull the username from that account and mimic a hacking attempt.

It will then ask the user to pay the $100 before the password to the account will be revealed. A user paying the $100 will not get the password to the account. The money is gone as well as it is not possible to get it back once it was send. Veteran Internet users therefor avoid making payments through these money transfer systems.

It is also likely that the login data is recorded and tried on various websites to see if the user did use the same login data on other websites which in the end could mean that the Facebook account of the user who wanted a Facebook account hacked got hacked. Oh, the irony.

Check out our Facebook Login article for pointers on how to avoid falling pray to criminals attacking Facebook.

Related posts

• Facebook Phishing Scam In The Wild (3)
• Facebook Login Page (33)
• facebook login (50)
• Worio Combines Bookmarking And Web Search (2)
• Windows Live Photo Gallery Facebook Plugin (4)

So what do you do when you’re brain reaches critical mass for passwords? Simple, you let a single application store and encrypt them for you so all you need is a single password to access all of those crucial passwords. And what Linux distribution is without a tool (or twelve) to enable such a feature? One of those many tools is Password Gorilla. Password Gorilla manages your logins as well as all of your passwords for web sites, encrypted files, etc. But PG does more than just store those passwords. Password Gorilla makes logging in to various websites easy by copying and pasting your username/password to the clipboard. Those passwords are never revealed on the screen so you’re even safe from prying eyes. But how does it work? Let’s find out.

Installation

Installing Password Gorilla is quite simple as you will most likely find it in your distributions’ default repositories. In Ubuntu just fire up the Software Center enter the string “gorilla” (no quotes) in the search field, and install the resulting entry. That’s it.

To launch Password Gorilla click on KDE’s “K” menu and enter “password” (no quotes) in the search string, select the entry for Password Gorilla, and hit enter.

When you first start the application up you will be asked to select a password database. Well you can’t because you’ve not created one. So just click Cancel and the main window will open. The first step here is to create a new password database. To do this click the File menu and select New which will open up a new window asking for a password and a password confirmation. Make sure you use a strong password here because it will be the database containing your passwords. After you confirm your password click the OK button.

Adding Logins

The first thing you will want to do is to add a login. Now don’t confuse this login with your user account login. A login for PG is, for example, your login to your Slashdot account.

Figure 1

To add a new login click on the Login menu and select Add Login. This will open up a new window (see Figure 1) where you will enter the details for your login.

You will notice, by default, when you enter a password it is visible. If you are a paranoid person, right before you enter the password, click the Hide Password button so your password will be obscured.

Once you have entered all of the details of the login click OK to save the new login details.

Figure 2

Now if you look in the Login menu you will see the entry Add Group. Adding groups allows you to keep your various logins better organized. You can see, in Figure 2, I have created a group called “Work”.

Using Password Gorilla

Now let’s take a look at the real benefits of Password Gorilla. Go back to the main window and right click on one of your login entries. You will see a menu (see Figure 3) that allows you to copy username, password, and even URL to the clipboard.

Figure 3

In order to login to a website you have a login for follow these steps:

1. Right click the login entry and select “Copy URL to clipboard”.
2. Go to your browser and click the middle mouse button (or click <Ctrl>v) to copy the URL to the browser address bar.
3. Go back to the Password Gorilla and right click the entry again and select “Copy username to clipboard”.
4. Go to your browser and click the spot where you would enter your username and either click the middle mouse button or click <Ctrl>v to paste the username.
5. Go back to Password Gorilla, right click the entry, and select “Copy password to clipboard”.
6. Go to your web browser and click the the spot where you would enter the password and either click the middle mouse button or click <Ctrl>v to paste the password.

It sounds like a lot of steps, but it beats trying to remember numerous login credentials.

Final thoughts

When the amount of credentials you have exceeds your brains ability to remember, a handy tool like Password Gorilla comes in handy. But it’s not just about trying to remember, it’s also about keeping those password secure.

Related posts

• Ultra High Security Password Generator (4)
• Remove Stored .Net User Names and Passwords (2)
• Password Recovery Speeds (0)
• Password Recovery Questions Make Online Accounts Vulnerable (10)
• Log in to websites with your site’s URL as your OpenID (4)

Nakodari over at Addictive Tips has created a small software program called MSE Update Utility which can be used to update Microsoft Security Essentials even if Windows Update is disabled.

The update intervals of the software can be selected in the main interface after startup. The choices are daily, weekly, monthly or on startup with the additional option to add the program to Windows startup. The program could be an interesting option for users who cannot use Windows Update to update Microsoft Security Essentials. It seems though that the update tool needs to be running in the background to update the virus definitions. A better solution would be to either run and quit after updating the definition files or use the Windows Task Scheduler to schedule the updates.

Related posts

• Repair Microsoft Security Essentials (2)
• Offline Update 6 Adds Linux Support (3)
• Microsoft Security Essentials Rated Highly In AV-Comparatives Test (6)
• Microsoft Security Essentials Leaks (8)
• Microsoft Security Essentials Final Available (7)

Microsoft Windows and Microsoft Office users are encouraged to update their computer systems as soon as possible to protect the PCs from possible exploits that could attack the systems successfully. The usual options to download the patches are provided including automatic updates, Windows updates, Microsoft update or manually by following the links posted in the different security bulletins.

• MS09-063 Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565) – This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. Only attackers on the local subnet would be able to exploit this vulnerability.
• MS09-064 – Vulnerability in License Logging Server Could Allow Remote Code Execution (974783) – This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.
• MS09-065 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947) – This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince the user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the attacker’s site.
• MS09-066 – Vulnerability in Active Directory Could Allow Denial of Service (973309) – This security update resolves a privately reported vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests. This vulnerability only affects domain controllers and systems configured to run ADAM or AD LDS.
• MS09-067 – Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652) – This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-068 – Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307) – This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Detailed information are available in the security bulletins linked above or at the security bulletin summary page here.

Related posts

• Microsoft Security Updates April 2009 (2)
• Microsoft Patch Tuesday December 08 (3)
• Windows Security Updates September 2008 (0)
• Microsoft Security Patches for June 2009 (12)
• Microsoft Security Patches April 2008 (0)

Bandwidth could be an issue but it is in fact not. Why? Because files do not necessarily have to be uploaded to the cloud if they are already known. And new files usually are known pretty quickly thanks to the millions of users that use Panda Cloud Antivirus. Privacy is ensured by scanning some file types locally including Word and Excel documents.

And version 1.0 introduces additional improvements over the beta versions and conventional antivirus software.

Panda Cloud Antivirus 1.0 introduces further improvement to its 100% cloud-based architecture protection model, which processes and blocks malware more efficiently than locally installed signature-based products, while minimizing the impact on PC performance. The 1.0 version boasts both improved bandwidth and performance impact over its already lightweight beta version. Traditional antivirus solutions consume approximately 15% of a PC’s resources (memory, disk space, etc.) while Cloud Antivirus 1.0 consumes a mere 3%.

Users who are interested in trying out Panda Cloud Antivirus can download it for free at the Cloud Antivirus website where it is available for most Microsoft Windows operating systems. Panda Cloud Antivirus was recently rated best free antivirus software at blocking known malware over at PC World.

Related posts

• Cloud Antivirus (8)
• Panda Internet Security 2010 [free] (7)
• Norton Security Scan (17)
• Norton 360 Review (19)
• Microsoft Security Essentials Rated Highly In AV-Comparatives Test (6)

The Windows 7 firewall will block the connection if the application has not been configured previously in the Windows Control Panel. The configuration can be strenuous especially in the beginning right after the first start of the operating system.

That’s where the Windows 7 Firewall Control steps in. The free version of the software program adds those application prompts to Windows 7. It displays a prompt whenever an unknown application tries to connect to the Internet.

This gives the user in front of the computer the option to enable or disable all traffic or enable only incoming or outgoing traffic. The selected setting will be stored in the program’s main interface only. This is one weakness of the program as it does not sync the settings with the Windows 7 Firewall. This is problematic as it means that the configured settings will be gone if the Windows 7 Firewall Control gets uninstalled. The reason for not syncing is that Windows 7 Firewall Control works independently from the Windows 7 Firewall. It does grab the configuration at startup but does not communicate with the firewall after that.

A pro version of Windows 7 Firewall Control is available offering additional features. Both versions can be downloaded at the developer’s website. (via Windows 7 News: Windows 7 Firewall Control)

Related posts

• Windows Registry Watcher (5)
• Windows Defender (11)
• Use USB Flash Drives To Lock Windows (13)
• USB Lost and Found (9)
• Trend Micro RootkitBuster (6)

PayPal recently began to sell a so called PayPal Security Key to protect PayPal users from phishing attacks. The system works by protecting the login to the account not only with a username and password but also a security key that is generated on the fly on an external device. Attackers who are able to steal PayPal login information would need physical access to the security key to be able to log into the account at a later time.

It is not a 100% perfect solution as attackers are still able to circumvent the security key if they have additional information related to the PayPal user’s account. It still is a viable protection in most cases. PayPal is hosting a security center on their website that is informing and educating users about security risks and how to reduce them and prevent attacks.

Probably the best way of fighting most attacks and all phishing attacks is to always open the PayPal website directly instead of clicking on links that are supposed to lead there. Another security method is to use a password manager to store the PayPal login information. Many password managers, such as Last Pass, can fill out the login form and log in the user automatically in configured accounts. This can be a very effective method of detecting fake websites as the password manager will not fill out the login information automatically on these websites.

Related posts

• PayPal Now Offering Mobile Security Key (2)
• Update on my PayPal Story (8)
• Protect PayPal Accounts With VeriSign Identity Protection Devices (19)
• Unauthorized Payment Done With My PayPal Account (50)
• Send a Fax to unsubscribe from paypals newsletter (4)

Having only worked with Winamp under Windows XP I was unaware that Winamp was installing the files elevator.exe and elveatorps.dll for elevation in Windows Vista and apparently Windows 7 as well as this thread at the Winamp forum suggests.

The easiest way to get rid of the files in the same session is by using the following Windows commands in the command line after switching to the directory Winamp was installed in:


elevator.exe /unregserver
regsrv32 /U elevatorps.dll
regsrv32 /U nscrt.dll


It is likely that these files can also be deleted in Windows Explorer after a restart of the computer system. Users who have UAC disabled in Windows can also get rid of these files according to the forum post quoted above.

Related posts

• Windows Media Player Import for Winamp (1)
• Winamp Tweak Guide (0)
• Winamp Minitube Adds Youtube Videos To Music (7)
• Winamp iPod Plugin (0)
• Winamp iPod Plugin (5)

Trend Micro are reporting about yet another Facebook phishing attack that is currently in the wild. The attack begins – like most phishing attacks – by mass mailing potential Facebook users informing them that they need to update their Facebook login credentials. A link is offered in that email and if they follow that link they land on a website that looks like Facebook. What’s interesting here is that the email address field of the Facebook login form is already filled out so that the Facebook user only needs to enter the Facebook password to complete the process.

A click on the login button will open a new page that contains a link to an update tool which installs a trojan on the user’s system.

It attempts to access a Web site to download a file which contains information where the Trojan can download an updated copy of itself, and where to send its stolen data. This configuration file also contains a list of targeted bank-related Web sites from which it steals information. Note that the contents of the file, hence the list of Web sites to monitor, may change any time.

It attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user’s account information, which may then lead to the unauthorized use of the stolen data.

The blog post contains security tips on how to distinguish legit from phishing emails. Users who are interested in those can visit the blog post but the most important lesson once again is to avoid clicking on links that are send via email.

Related posts

• Facebook Login Phishing And Account Hacking Warnings (4)
• Facebook Login Page (33)
• facebook login (50)
• Worio Combines Bookmarking And Web Search (2)
• Windows Live Photo Gallery Facebook Plugin (4)

The focus of Double Anti-Spy Professional is a complete spyware protection of computer systems running the Microsoft Windows operating system which includes protection against spyware and adware but also against other forms of malware including backdoors, computer bots and trojans.

The installation of the anti-spyware software and the interface of the program have been designed with ease of use in mind. The program will always start up with the status report window which will display relevant information like the date and time of the last scan, the freshness of the definition files or the results of the last scan. The four buttons on the left side are used to switch between sections of the software.

Double Anti-Spy Professional can perform three types of scans: A quick scan that will only scan important locations, a full scan to scan all files and locations and a custom scan that the user can define individually. A full system scan is recommended after installation and updating the definitions to find all traces of spyware that might be located on the computer system.

The anti-spyware software protects the computer system from spyware that tries to attack the PC. It does so by actively monitoring the system for suspicious files. The depth and level of protection can be configured in the Active Defense section of the program.

Here it is possible to configure the active defense and email defense settings to block and quarantine files and software before it can become a threat. Email defense works with several popular desktop email clients including Microsoft Outlook, Windows Mail and Mozilla Thunderbird.

The very same menu can also be used to schedule scans and add programs and files to a whitelist or blacklist.

The fourth and final tab Settings can be used to configure the different scans that Double Anti-Spy Professional can perform, set the update check interval, configure a proxy server and scan optimizer or disable Windows Explorer automatically if it is running on the system to avoid compatibility problems.

Now, how good is the anti-spyware software? Avanquest show test results conducted by AV-Test on their homepage which tested Double Anti-Spyware Pro against PC Tools Spyware Doctor and Webroot Spy Sweeper. Other tests have not been published yet and it is not even possible to find the AV-Test results anywhere on the Internet. But what about the two engines that the security software is using? According to users on some web forums the program is using the engines of Outpost AntiSpyware + VIPRE (CounterSpy) which both did receive good reviews and recommendations.

Update: The software is using the following engines: Double Anti-Spy includes Sunbelt’s VIPRE (Engine A) + Outpost AntiSpyware combined with Virus Buster SDK (Engine B)

Verdict:

Double Anti-Spy Professional utilizes two scanning engines from respected companies to protect the computer against spyware which makes it more effective. Resource usage was a bit high on a Windows 7 test system if the window of the program was active (about 80 Megabytes). The program itself is compatible with Windows XP and 32-bit or 64-bit editions of Windows Vista and Windows 7. More information are available at the Double Anti-Spy Professional homepage.

Giveaway:

We have ten download copies and licenses for Double Anti-Spy Professional. Just leave a comment below for a chance to win a copy. Every comment in the next 24 hours will take part in the draw and the winners will be emailed. The email will contain the download link, license key and instructions.

Related posts

• Windows Defender (11)
• WinX DVD Author Giveaway (53)
• Windows Registry Watcher (5)
• Windows 7 Firewall Control (4)
• Use USB Flash Drives To Lock Windows (13)

SafeOnline is a security program developed by Prevx that is available as a standalone software or as part of Prevx 3.0. This program, according to its developers, is able to protect PCs against many forms of phishing and pharming even if they are infected.

How is it done?

The core protection lies in the ability to block keyloggers, screen scrapers, man-in-the-browser attacks, session hijackers, clipboard grabbers, and a number of other threats commonly installed by trojans like SilentBanker, Bancos, Zeus, Torpig, and Curtwail onto thousands of PCs daily. Rather than focusing on being able to identify the threats themselves, SafeOnline works to isolate the browser from the rest of the system even if unknown threats exist that try to steal data from the user. System level malware generally attempts to read data from the browser but Prevx introduces a layer in-between the browser and the rest of the operating system, tricking the threats into thinking that they have successfully read and transmitted the user’s credentials outside of the system when they have not. Unlike other solutions, Prevx SafeOnline works with the user’s existing browser, without requiring the use of a specialized browser so there is no need for the user to change their browsing habits – protection is applied seamlessly and silently in the background.

This sounds like a reverse sandbox where the contents in the sandbox are protected from the rest of the computer system. According to Prevx it offers protection against

* Man-In-The-Browser
* Phishing attacks
* Keyloggers
* Screen Grabbers
* Cookie Stealers
* Info Stealing Trojans such as ZEUS, MBR, Goldun, and Silent Banker

Prevx has contacted several banks in the UK offering their product for free to the bank’s customers. Six banks so far have shown interest in the product. These banks had special requirements according to PC World that included that the product would work with other security software and would not force the banks to change their websites. The security product was able to meet all of these requirements.

Verdict: The main question here is if it is really safe. Will it really defeat all keyloggers and phishing attacks? What if the security software fails do to so? What if users feel overconfident using the software? It might work as an extra layer of defense on a PC system but it might take a while before the company can build enough trust in their product. Thanks Dante for the tip.

Related posts

• Windows Registry Watcher (5)
• Windows Defender (11)
• Windows 7 Firewall Control (4)
• Which Programs Should I Run To Scan A Computer For Malicious Software? (13)
• Web of Trust: collaborative online security (7)

Microsoft has therefor created a solution for this problem by introducing the Bitlocker To Go Reader so that the data on the portable device can be read in operating systems that are not supporting Bitlocker. Microsoft’s solution is the Bitlocker To Go Reader, a software program compatible with Windows XP, Windows Vista and Windows 7 that can be used to decrypt the data on a Bitlocker encrypted removable storage device.

Bitlocker To Go Reader is added to the removable storage device when it is encrypted. The program will automatically be displayed if autoplay is enabled on the computer system when the user connects the removable storage device that has been encrypted with Bitlocker To Go. A right-click on the device and the selection of autoplay or a double-click on the drive icon in Windows are the other options to display the Bitlocker To Go Reader window.

The user only needs to enter the password the data was encrypted with to decrypt and access it on the other operating system. An alternative to encrypt file systems, removable storage devices and other data is the open source software True Crypt which we have reviewed in the past. True Crypt offers the advantage of encrypting and decrypting data not only in Windows but also Linux and Mac OS.wp-image-19416″ />

Related posts

• My Encrypted Tunnel (1)
• How To Password Protect Data On CDs or DVDs (6)
• Disk Encryption Software TrueCrypt 6.3 Released (4)
• Zoogmo Secure Peer To Peer Backups (3)
• ZoneScreen Finally Gets 64-bit Update (7)

Luckily though Ghacks reader Dante found a solution for the problem which he send in as a tip to share here at the website. The Avira update problem seems to only affect the automatic update of the antivirus software. What is not affected at all is the manual update process.

To fix Avira Antivir Update problems a user would therefor need to aquire a new virus definition file and update the software manually with it. This fixes the broken automatic update in Avira Antivir:

• Download the latest antivirus definition file for Avira Antivir at Softpedia.
• Bring up the Avira Antivir interface.
• Select Update and there Manual Update
• Use the file browser to select the downloaded updated definition file
• Wait until the update has finished.

The manual update of the antivirus software will fix the broken automatic update in Avira so that it can be used again afterwards. Thanks go to Dante for sending in the tip.

Related posts

• Antivir Maker Avira Changes Update System (3)
• What You Should Do After Buying A New Computer System (18)
• Test Avira AntiVir PersonalEdition Premium for 6 months (10)
• Shardana Antivirus Rescue Disk Utility (3)
• Panda Internet Security 2010 [free] (7)

The latest test by independent security researchers AV-Comparatives is another confirmation that Microsoft has developed a solid security software for the Windows operating system. The latest test concentrated on virus and malware removal capabilities of selected free and commercial antivirus products.

The test itself pitted sixteen different security products against ten malware samples. Six of the sixteen security software programs received an advanced plus rating. Among them Microsoft’s Security Essential product which was also the only free product to score the highest rating and one of three that scored a good rating in the two tested fields removal of malware and removal of leftovers.

While the test certainly does not make Microsoft Security Essentials the best free antivirus software that is currently available as Lee described it over at the Download Squad it certainly can be seen as an indicator that Microsoft has delivered a quality software program for the Windows operating system.

The test results are available in a pdf report on the AV Comparatives website.

Related posts

• Microsoft Security Essentials Beta Now Available (11)
• Panda Cloud Antivirus Released Still Free (2)
• Norton Security Scan (17)
• Norton 360 Review (19)
• Microsoft Security Essentials Final Available (7)

Some users have reported Microsoft Security Essentials crashes and other errors that prevent the tool from protecting the computer system. The Fix MSE Utility has been designed for those users. It can repair a Microsoft Security Essentials installation by resetting all Registry and other settings to their default values. The same could be achieved by uninstalling and installing the software program but the benefit of using the Fix MSE Utility is speed.

The portable software program is compatible with the same operating systems that Microsoft Security Essentials is compatible with. It will display a small program window upon startup that looks like the following:

The window contains a small description of the program’s functionality as well as a Fix MSE button which will start the repair of the Microsoft Security Essentials installation. The Microsoft Security Essentials program itself has to be closed during that process to avoid further complications.

The Fix MSE Utility is available at the Windows Club forum.

Related posts

• Youtube Video Search Is A Barebone Youtube Downloader (2)
• Xkcd Comic Wallpaper Changer (2)
• Wireless Networking Software Homedale (13)
• Windows XP: Default Internet Browser Per User Profile (0)
• Windows XP System File Checker (7)

Fortunately there is a tool for that. The tool? Spamassassin. Spamassassin is a very versatile SPAM tool that is part of the Apache Foundation. Spamassassin uses numerous means to detect SPAM including: DNS and Checksum based SPAM detection as well as Bayesian filtering, external programs, black lists, and online databases. These tools together make for a fairly powerful detection system.

In this article you are going to see how to install and configure Spamassassin to work in conjunction with Postfix to further enhance your email server.

Installing Spamassassin

Obviously the first thing you need to do is install Spamassassin. You will find Spamassassin in the Ubuntu repositories. And since this entire series has been laid on top of a Ubuntu Server installation, that is quite convenient. So, to install Spamassassin, open up your terminal window and issue the following command:

sudo apt-get install spamassassin

There may or may not be some dependencies to install in order for the Spamassassin  installation to complete. Go ahead and OK those. Once this installation is complete you are ready to start configuring.

Configuration

Before we actually get to the configuration it is important to understand the SPAM scoring system. With Spamassassin, messages are tagged as SPAM only when they have enough SPAM-matching characteristics (according to a scoring level). The scoring level is 0-5, however it’s not as simple as saying a 0 means it is 0% SPAM. The system is set up so that every characteristic can add to the overall score. For example a message tested to find a base64 attachment does not have a file name filtered with both bayes+net will add 0.224 to the over all score of the message. When all of the characteristic scores are added up, if they exceed the default score you have set in the configuration file, that message is considered SPAM.

Now that you have a basic understand of how the scoring system works. Let’s start configuring Spamassassin.

The main configuration file is /etc/spamassassin/local.cf. The first option you want to configure is the default score. Look for the line:

# required_score 5.0

The first thing you want to do is uncomment that line (by removing the “#” character) and then changing the score. A score of 5 is pretty high and sure to be SPAM. Understand the more you lower that score the likely you are of missing message messages that are tagged false-positives. A score of 3.5 is a fairly reliable score that will catch a lot of SPAM but not a lot of false positives.

Above this line are a couple of other options that are important. The first is the option to set the option:

report_safe

To 0. This option can be set to either 0 or 1. A zero means that if a message is found to be SPAM the message will not be deleted, but instead the subject line will be rewritten to include a message marking it as SPAM.  This is handy to prevent users from losing important messages to false positives. This also allows you to set a lower score threshold.

To do this first look for the line:

# report_safe 1

Uncomment this line by removing the “#” character and then change the “1″ to “0″ (no quotes).

The next step is to uncomment the line:

# rewrite_header Subject *****SPAM*****

Now you can alter the “*****SPAM*****” section of this line to reflect what you’d prefer it to say. Just make sure it is clear to your users that a message with this rewritten subject line is most likely SPAM.

Now restart the Spamassassin daemon with the command:

sudo /etc/init.d/spamassassin restart

Configure Postfix

The last step is to set up Postfix to use Spamassassin. To do this open up the file /etc/postfix/master.cf and look for the line:

smtp     inet    n   –   –   –   –   smtpd

You need to alter this line to look like:

smtp      inet   n   -   -   -   -   smtpd -o content_filter=spamassassin

Finally, at the end of this file add the following:

spamassassin
unix - n n - - pipe
flags=R
user=spamd
argv=/usr/bin/spamc
-e /usr/sbin/sendmail
-oi -f ${sender} ${recipient}

Now all you need to do is restart Postfix with the command:

sudo /etc/init.d/postfix restart

Your mail server should now be scoring incoming message as SPAM or HAM.

Final thoughts

The mail server is a tricky beast. You have to ensure that users are getting their mail, but you have to make sure they aren’t receive SPAM or viruses. After completing this series of articles, you should have a pretty solid server running that will send out mail that is safe for users eyes.

Related posts

• Trap Spammers with Project Honey Pot (4)
• Tinymail Email Protection (18)
• Reduce Spam by using alternative Google Mail Address ? (8)
• Phishing Explained (4)
• Introduction Series Part 1: Spam (0)

Indo Cleaner is a privacy software that can deal with most recently used file listings. It basically is a cleaner that checks various lists for entries giving the user the option to delete some or all of them so that they cannot reveal any information about which files have been opened in the past.

All available mru lists are selected by default after installation and start of Indo Cleaner. This includes Windows Explorer, Internet Explorer, Microsoft Office and Windows Media Player but also Firefox and Opera. It is possible to uncheck any of the programs listed to prevent the lists from being cleaned up.

The remaining most recently used lists will then be checked and the number of entries that are stored in the Windows operating system are shown. Here it is again possible to uncheck some programs or proceed with the cleanup to delete the selected recently used files.

Indo Cleaner is not the only privacy software that can clean the most recently used files. Ccleaner is for example another program that can delete those files. Indo Cleaner (via Into Windows) is compatible with Windows XP and Windows Vista (and likely Windows 7).

Related posts

• Privacy Software CCleaner 2.25 Released (13)
• MRU Blaster (10)
• ZoneScreen Finally Gets 64-bit Update (7)
• ZC DVD Creator Platinum [Free Full Version] (19)
• Youtube Videos Downloader TubeQueue (17)

One of the best anti-virus systems for a Postfix server is ClamAV. This anti-virus tool kit is open sourced and can be used on all UNIX-like operating systems. It’s easy to install and effective. In this article we will be following our series started way back in the Installing Ubuntu Server 9.04 article. Of course we will be installing ClamAV on a Ubuntu server running LAMP and Postfix. With that in mind, let’s get busy!

Installation

The first thing to take care of is the installation of ClamAV. There are a number of tools you will need to install. Open up a terminal window and issue the command:

sudo apt-get install clamav clamav-freshclam clamsmtp

The above command should also pick up all of the necessary dependencies. The installation will also start the clamav daemon. You will restart that momentarily

Configuration

Once installed you have some configurations to take care of. There are three files you are going to have to edit:

• /etc/clamsmtpd.conf
• /etc/postfix/main.cf
• /etc/postfix/master.cf

The first file to configure is the clamsmtpd.conf file. The configuration in this file is simple. Look for the lines:

OutAddress: 10025

127.0.0.1:10026

Change them to:

OutAddress: 10026

127.0.0.1:10025

That’s it for the clamsmtpd.conf file. Now let’s move on to the heavier configurations.

Open up the /etc/postfix/main.cf file. Scroll down to the bottom of this file and add the following:

content_filter = scan:127.0.0.1:10025

receive_override_options = no_address_mappings

Save that file and now move on over to the /etc/postfix/master.cf file. Again, scroll down to the bottom of this file and add the following:

# AV scan filter (used by content_filter)
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8

Save that file.

Restarting

The first thing you need to do is restart Postfix with the command:

sudo /etc/init.d/postfix restart

Once that has restarted you need to restart clamsmtpd with the command:

sudo /etc/init.d/clamsmtpd restart

Now, if nothing has gone horribly wrong, you should have a virus protected Postfix mail server.

Updating signatures

You should never go without updating your virus signatures. This is critical for keeping your mail server virus-free as new viruses are created or old viruses mutate. Fortunately ClamAV has its own tool for this. You will need to go back to that terminal window and issue the command:

sudo freshclam

Which will update the signatures.

You might even add the freshclam command into the root users crontab for regular signature updates.

Final thoughts

Your Postfix mail server is getting better and stronger each day. Adding anti-virus is a critical step in the grand scheme of Postfix things. In our next addition to the Postfix series, we will add Spamassassin for anti-spam measures.

Related posts

• What is your Security Concept ? (9)
• Test your Anti-virus program (10)
• Stop SPAM in Postfix with Spamassassin (1)
• Secure Windows XP (0)
• Mail relaying made simple with Postfix (2)