SecurityGarden

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, February 27, 2012

avast! Users Frustrated With Unwanted Chrome Browser

Posted on 4:30 PM by Unknown
Reports of the inclusion of Google Chrome with the latest avast! upgrade began trickling in several days ago when Version 7 was released. 

As  illustrated below, the issue is complicated by differing reports of the upgrade process.
  • Some avast! users report that they were not presented with the pre-checked option to install Google Chrome.
  • There are reports that the avast! window presented after reboot does not remain active long enough to uncheck the pre-checked options.  (Note:  it was also reported that the window was presented after the first hard restart rather than the initial restart installing the upgrade.)
  • People with Google Chrome installed have reported that even unchecking the installation option resulted in a second install of Chrome! In addition, that second install wrecked havoc with the existing Chrome installation, resetting the current users profile to default and extensions missing.
  • Others reported problems with Hostman Server and Sandboxie, necessitating an uninstall/reinstall of avast!.
Granted, the Google Chrome browser is not scareware, adware or spyware.  When a vendor includes an add-on such as a toolbar or, in this case, the Google Browser, the point is "pay per install", thus the reason for the pre-checked option. 

From the sampling below of comments from the avast! forum, in a situation where the option to uncheck the install is either not left long enough for the user to access or their choice is ignored, trust in the vendor product is lost:
"I used to recommend Avast.  I won't be doing that anymore.  I just don't trust it after this happened and I see all the issues others had."

"One more dissatisfied user here!  Avast notified me that it wanted to install Version 7.  NOTHING ABOUT CHROME!!  Then after it installed 7 a screen pops up asking if I wanted to install Chrome.  I responded NO and the then the 7 installation wanted me to click "Finish."  When the screen  cleared there was a Chrome icon on the desktop."

"The install welcome screen launched and before I had time to read the screen the install started never a chance to opt-out or configure the install."

"I didn't have Chrome on my pc before I updated avas6. On rebooting the pc I found to my absolute horror that the developers at avast thik they know better than me about what software I need and had installed chrome. At no time did ANY warning appear, or my consent was sought to install anything other than the update. I consider this action to be one of MALWARE."

    Recommendations

    1. When upgrading to avast! Version 7, select "Custom" install and select the options you want to use.
    2. After the installation is complete.  Watch for the following window to appear:

    3. According to your preferences, leave checked or uncheck the option to "Participate in the avast! community".
    4. If you already have Google Chrome installed or do not want Google Chrome installed, uncheck the boxes in the following order:

      a)  First, uncheck "Make Google Chrome my default browser". 
      b)  Next, uncheck "No, do not install the Google Chrome web browser".
      c)  Click Finish.

    References

    • DSLReports Forums: Avast 7 installs Chrome
    • Calendar Of Updates: Installers Hall of Shame (Unwanted add-on)
    • Calendar Of Updates: avast! v7.0.1407
    • Avast Forum: Avast 6 to Avast 7 installed Chrome, destroys existing Chrome install
    • Avast Forum: Avast 7 installs chrome without permission




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Read More
    Posted in Ethics, Security, Updates | No comments

    Thursday, February 16, 2012

    Critical Updates to Adobe Flash and Shockwave Players

    Posted on 10:07 AM by Unknown
    Adobe released updates to both Adobe Flash and Shockwave Players. The updates address critical vulnerabilities to both products.  Vulnerability and update information details for both products is included below.



    As described in the Security Bulletin for Adobe Flash Player, the critical vulnerabilities addressed in the update could cause a crash and potentially allow an attacker to take control of the affected system. 

    It is also noted that the update addresses a cross-site scripting vulnerability in Internet Explorer on Windows systems that is being exploited in the wild.

    Release date: February 15, 2012
    Vulnerability identifier: APSB12-03
    CVE number: CVE-2012-0751, CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756, CVE-2012-0767
    Platform: All Platforms

    Flash Player Update Instructions

    Adobe Flash Player for Android

    The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.

    Flash Player for Windows, Macintosh, Linux and Solaris

    Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, direct download links are available.

    Notes:
    • If you use the Adobe Flash Player Download Center, be careful to uncheck the optional McAfee Security Plus box.  It is not needed for the Flash Player update.
    • Uncheck any toolbar offered with Adobe products if not wanted.
    • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.

    Flash Player 11 (32-Bit)
    • IE 32-Bit:  http://fpdownload.macromedia.com/pub/flashplayer/current/licensing/win/install_flash_player_11_active_x_32bit.exe
    • Non-IE 32-Bit (Opera, Firefox etc):  http://fpdownload.macromedia.com/pub/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe
    Flash Player 11 (64-Bit)
    • IE 64-Bit:  http://fpdownload.macromedia.com/pub/flashplayer/current/licensing/win/install_flash_player_11_active_x_64bit.exe
    • Non-IE 64-Bit (Opera Firefox etc):  http://fpdownload.macromedia.com/pub/flashplayer/current/licensing/win/install_flash_player_11_plugin_64bit.exe

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu.

    Do this for each browser installed on your computer.



    The update to Adobe Shockwave Player for both Windows and Macintosh systems addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. The vulnerabilities include a heap overflow vulnerability and multiple memory corruption vulnerabilities.

    Release date: February 14, 2012
    Vulnerability identifier: APSB12-02
    CVE number: CVE-2012-0757, CVE-2012-0758, CVE-2012-0759, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766
    Platform: Windows and Macintosh

    Update Information

    The newest version of Shockwave Player 11.6.4.634 is available here:  http://get.adobe.com/shockwave/.

    Notes:
    • Please remember to uncheck any unwanted 3rd party toolbars or other programs during installation. 
    • For information on how to disable the auto-update setting in Shockwave Player, see http://kb2.adobe.com/cps/166/tn_16683.html.  (This must be set every time Shockwave Player is updated if you do not want auto-updating.)

    Verify Installation

    To test the Adobe Shockwave Player installation on your computer, go to the Test Authorware Web Player page.

    References

    • APSB12-03: Security update available for Adobe Flash Player
    • APSB12-02: Security update available for Adobe Shockwave Player
    • Adobe PSIRT Blog


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Read More
    Posted in Adobe, Security, Updates, Vulnerabilities | No comments

    Wednesday, February 15, 2012

    Oracle Java SE Critical Security Update

    Posted on 6:51 PM by Unknown
    java

    Oracle Java released a critical security update to Java.  This Critical Patch Update contains fourteen (14) new security fixes across Java SE products.

    For Java SE 6, the full internal version number for this update release is 1.6.0_31-b04 (b05 in Windows, where "b" means "build"). The external version number is 6u31.

    It appears that Java SE 7 is no longer in "developer preview".  In the event you update to that version, check installed programs because it does not appear that upgrading removes Java SE 6.  The full internal version number for the update to the Java SE 7 release is 1.7.0_03-b04 (b05 in Windows, where "b" means "build"). The external version number is 7u3.

    Although Java is not required (See Do You Need Java?), if you do have Java installed on your computer, it is advisable to install the latest update.  It is also advised that all prior (and vulnerable) versions of Java SE be uninstalled from your computer.

    Download Update

    • Java SE Runtime Environment 6u31
    • Java SE 7 Update 3


    Verify your version:  http://www.java.com/en/download/testjava.jsp

    Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

    The next scheduled Oracle Java SE Critical Patch Update is 12 June 2012.

      References

      • Java SE 6 Update Release Notes
      • Java SE 7 Update Release Notes
      • Oracle Java SE Critical Patch Update Advisory - February 2012





      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...
      Read More
      Posted in Java, Security, Updates, Vulnerabilities | No comments

      Tuesday, February 14, 2012

      Microsoft February 2012 Security Bulletin Release

      Posted on 10:47 AM by Unknown

      Microsoft released nine (9) bulletins, of which four bulletins are identified as Critical with the remaining five as Important.

      The bulletins address vulnerabilities in Microsoft Windows and Microsoft Developer Tools And Software.  Most updates will require a restart to complete the installation.

      A number of people have a problem with .NET Framework updates.  As MS12-016 updates .NET Framework, it is recommended that this update by installed separately, followed by a shutdown/restart.

      The Security Research and Defense blog published several articles, located at the links below, regarding the updates:

      • Assessing risk for the February 2012 security updates 
      • MS12-014: Indeo, a blast from the past
      • MS12-013: More information about the msvcrt.dll issue

      Security Bulletins

      Bulletin NumberBulletin TitleBulletin KB
      MS12-008Vulnerabilities in Microsoft Windows 2660465
      MS12-009Vulnerabilities in Microsoft Windows 2645640
      MS12-010Vulnerabilities in Internet Explorer 2647516
      MS12-011Vulnerabilities in Microsoft SharePoint 2663841
      MS12-012Vulnerability in Microsoft Windows 2643719
      MS12-013Vulnerability in Microsoft Windows 2654428
      MS12-014Vulnerability in Microsoft Windows 2661637
      MS12-015Vulnerabilities in Microsoft Office 2663510
      MS12-016Vulnerabilities in .NET Framework and Silverlight 2651026

      Support

      The following additional information is provided in the Security Bulletin:
      • The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
      • Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
      • International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

      References

      • MSRC: MSRC looks back at ten years, and the February 2012 bulletins
      • TechNet: Microsoft Security Bulletin Summary for February 2012
      • Security Research and Defense:  More information on MS12-004
      • Security and Safety Center:  Microsoft security updates for February 2012 




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Read More
      Posted in Microsoft, Security, Updates, Vulnerabilities | No comments

      Saturday, February 11, 2012

      Mozilla Firefox 10.0.1 Critical Security Update

      Posted on 7:52 AM by Unknown

      Mozilla quickly released Firefox 10.0.1, which includes a critical security update as well as a bug fix to a java-related issue which results in text input to become unresponsive (Bug 718939).

      Security Update

      MFSA 2012-10 use after free in nsXBLDocumentInfo::ReadPrototypeBindings
      Impact: Critical
      Announced: February 10, 2012
      Reporter: Andrew McCreight, Olli Pettay
      Products: Firefox, Thunderbird, SeaMonkey

      Fixed in: Firefox 10.0.1
        Firefox ESR 10.0.1
        Thunderbird 10.0.1
        Thunderbird ESR 10.0.1
        SeaMonkey 2.7.1

          Known Issues

          The following items remain as known issues with this version release:
          • Two-digit browser version numbers may cause a small number of website incompatibilities (see 690287)
          • If you try to start Firefox using a locked profile, it will crash (see 573369)
          • For some users, scrolling in the main GMail window will be slower than usual (see 579260)
          • Some synaptic touch pads are unable to vertical scroll (see 622410)
          • Firefox notifications may not work properly with Growl 1.3 or later (see 691662)
            Unresolved on v10 Resolved in v11
          • Under certain conditions, scrolling and text input may be jerky (see 711900)

          Update

          The update to Firefox 10.0.1 will be offered through the browser update mechanism.  However, as the upgrade includes a critical security update, it is recommended that the update be applied as soon as possible.  To get the update now, select Help, About Firefox, Check for Updates.

          If you do not use the English language version, Fully Localized Versions are available for download.

          References

          • Common questions after updating Firefox
          • Mozilla Firefox Release Notes
          • Security Advisory MFSA 2012-10
          • Bug Fixes 



          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...

          Read More
          Posted in Firefox, Mozilla, Security, Updates, Vulnerabilities | No comments

          Thursday, February 9, 2012

          Security Bulletin Advance Notification for February, 2012

          Posted on 10:48 AM by Unknown

          On Tuesday, February 14, 2012, Microsoft is planning to release nine (9) bulletins, of which four bulletins ares identified as Critical with the remaining five as Important.

          The bulletins address twenty-one (21) vulnerabilities in Microsoft Windows, Office, Internet Explorer, and .NET/Silverlight.  Most updates will require a restart to complete the installation.

          As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

          References

          • MSRC Blog:  ANS for February 2012, and some notes on SDL
          • TechNet: Microsoft Security Bulletin Advance Notification for February 2012



          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...

          Read More
          Posted in Microsoft, Security, Updates, Vulnerabilities | No comments
          Newer Posts Older Posts Home
          Subscribe to: Comments (Atom)

          Popular Posts

          • Security Bulletin Advance Notice for August, 2013
            On Tuesday, August 13, 2013, Microsoft is planning to release eight (8) bulletins.  Three of the bulletins are identified as Critical with f...
          • Critical Out-of-Band Update Released for MS10-046
            Microsoft released Security Bulletin MS10-046 out-of-band to address a vulnerability in Windows. The security update is identified as crit...
          • Hotmail Security to Protect and Recover Your Account
            Time and time again I see reports from Hotmail users who have lost control of their e-mail account.  As explained by Walter Harp, Director o...
          • Long Awaited Outlook.com Calendar Refresh Rollout
            The long-awaited Outlook.com calendar refresh has been released and is in the process of being rolled out. Because the servers are grouped i...
          • Microsoft Security Advisory 2269637 Released
            Microsoft released Security Advisory 2269637 which relates to a remote attack vector to a class of vulnerabilities affecting applications t...
          • Oracle Java Update
            Oracle released the Java SE 7u40 today.  In addition to bug fixes and enhancements, the update includes the following: advanced monitoring ...
          • Adobe Reader Security Updates
            Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.03) and earlier versions for Windows and Macintosh. Adobe identif...
          • Advance Notice: Security Updates for Java SE
            The Sun Security Blog published the following update announcement: "On November 3, 2009, Sun will release the following security update...
          • Adobe Flash Player and Adobe Air Security Updates
            Adobe released updates to both Adobe Flash Player and Adobe AIR to correct a critical vulnerability in both products. From the Adobe Securi...
          • Waledac Botnet Takedown
            The Waledac botnet had the capability of sending 1.5 billion spam e-mails per day. During a three-week period in December, 2009, approximat...

          Categories

          • Adobe
          • Advisory
          • Amero
          • AntiVirus
          • Apple
          • Ask
          • AVG
          • Bing
          • Browser
          • Child Safety
          • email
          • ESET
          • Ethics
          • Facebook
          • Firefox
          • Firewall
          • FixIt
          • Fraud
          • General
          • Google
          • Hotmail
          • IE10
          • IE6
          • IE7
          • IE8
          • IE9
          • Java
          • Lavasoft
          • malware
          • Microsoft
          • Microsoft Apps
          • Mozilla
          • MVP
          • NCSAM
          • Office
          • Office 2007
          • Office 2010
          • Opera
          • Outlook.com
          • Phishing
          • Privacy
          • safety
          • Search
          • Security
          • Service Pack
          • SkyDrive
          • Skype
          • Software
          • SP1
          • sp2
          • SP3
          • Spotlight
          • Sumatra
          • tutorial
          • UAC
          • Updates
          • Vulnerabilities
          • Windows
          • Windows 7
          • Windows 8
          • Windows Live
          • Windows Live OneCare
          • Windows Vista
          • Windows XP
          • WinPatrol

          Blog Archive

          • ►  2013 (93)
            • ►  October (2)
            • ►  September (8)
            • ►  August (9)
            • ►  July (5)
            • ►  June (8)
            • ►  May (7)
            • ►  April (15)
            • ►  March (9)
            • ►  February (16)
            • ►  January (14)
          • ▼  2012 (98)
            • ►  December (7)
            • ►  November (6)
            • ►  October (11)
            • ►  September (5)
            • ►  August (10)
            • ►  July (8)
            • ►  June (12)
            • ►  May (7)
            • ►  April (12)
            • ►  March (6)
            • ▼  February (6)
              • avast! Users Frustrated With Unwanted Chrome Browser
              • Critical Updates to Adobe Flash and Shockwave Players
              • Oracle Java SE Critical Security Update
              • Microsoft February 2012 Security Bulletin Release
              • Mozilla Firefox 10.0.1 Critical Security Update
              • Security Bulletin Advance Notification for Februar...
            • ►  January (8)
          • ►  2011 (130)
            • ►  December (8)
            • ►  November (10)
            • ►  October (7)
            • ►  September (12)
            • ►  August (9)
            • ►  July (6)
            • ►  June (13)
            • ►  May (14)
            • ►  April (13)
            • ►  March (15)
            • ►  February (10)
            • ►  January (13)
          • ►  2010 (146)
            • ►  December (10)
            • ►  November (15)
            • ►  October (19)
            • ►  September (15)
            • ►  August (14)
            • ►  July (8)
            • ►  June (19)
            • ►  May (5)
            • ►  April (11)
            • ►  March (6)
            • ►  February (14)
            • ►  January (10)
          • ►  2009 (33)
            • ►  December (11)
            • ►  November (11)
            • ►  October (11)
          Powered by Blogger.

          About Me

          Unknown
          View my complete profile