Never10 – New utility to prevent Windows 10 upgrades

March 29, 2016 – 5:03 PM

Steve at GRC put together a utility that configures older versions of Windows to never upgrade to Windows 10.  Description from his site:

The name “Never 10” is a bit of an overstatement, since this utility may also be used to easily re-enable Windows operating system automatic upgrading. But the primary reason for using this is to disable Windows’ pestering insistence upon upgrading Windows 7 or 8.1 to Windows 10.

Many users of Windows 7 and 8.1 are happy with their current version of Windows, and have no wish to upgrade to Windows 10. There are many reasons for this, but among them is the fact that Windows 10 has become controversial due to Microsoft’s evolution of their Windows operating system platform into a service which, among other things, aggressively monitors and reports on its users activities. This alone makes many users uncomfortable enough to cause them to choose to wait. In line with this, a few months into 2016, Windows 10 started displaying unsolicited advertisements on its users’ desktops. Others dislike the changes Microsoft made by merging their failed “tiled” smartphone user-interface into the Windows UI. And, finally, some object to being force-fed whatever Microsoft wants and simply wish to choose for themselves.

In July of 2015, responding to the significant user backlash, Microsoft added features to its Windows Update facility which allow it to be configured, on a machine-by-machine basis, to not forcibly upgrade qualifying Windows 7 and 8.1 operating systems to Windows 10. However, Microsoft did not make this configuration simple. It requires the use of the group policy editor (which is not present in some qualifying systems) and/or the system registry. In other words, they created some deep internal configuration options but chose not to provide a simple user-interface to give their users the choice. “Never10” provides that choice.


PETYA Crypto-ransomware Overwrites MBR to Lock Users Out of Their Computers

March 25, 2016 – 7:14 AM

As if encrypting files and holding them hostage is not enough, cybercriminals who create and spread crypto-ransomware are now resorting to causing blue screen of death (BSoD) and putting their ransom notes at system startup—as in, even before the operating system loads. Imagine turning on your computer and instead of the usual Windows icon loading, you get a flashing red and white screen with a skull-and-crossbones instead.

This is the routine of a new crypto-ransomware variant dubbed “Petya” (detected by Trend Micro as RANSOM_PETYA.A). Not only does this malware have the ability to overwrite the affected system’s master boot record (MBR) in order to lock users out, it is also interesting to note that it is delivered to victims via a legitimate cloud storage service (in this case, via Dropbox).

We do note that this isn’t the first time that malware has abused a legitimate service for its own gain; however, this is the first time (in a long time) that leads to crypto-ransomware infection. It is also a departure from the typical infection chain, wherein the malicious files are attached to emails or hosted in malicious sites and delivered by exploit kits.


Qubes OS 3.1 Overview/Demo

March 20, 2016 – 10:26 AM

Here is an excellent overview of Qubes OS, which I am mostly converting over to for my everyday operating system.

What is Qubes OS?  From it’s own website:

Qubes is a security-oriented operating system (OS). The OS is the software which runs all the other programs on a computer. Some examples of popular OSes are Microsoft Windows, Mac OS X, Android, and iOS. Qubes is free and open-source software (FOSS). This means that everyone is free to use, copy, and change the software in any way. It also means that the source code is openly available so others can contribute to and audit it.

More information:

Pwn2Own 2016: Chrome, Edge, and Safari hacked, $460,000 awarded in total

March 19, 2016 – 11:14 AM

Once again, major browsers fell at the two-day security contest Pwn2Own. Security flaws in Google Chrome, Microsoft Edge, and Apple Safari were all successfully exploited. A total of $460,000 was awarded for 21 vulnerabilities across the three browsers as well as Windows, OS X, and Flash. Last year’s total was $557,500.

Pwn2Own has been held annually since 2007 at the CanSecWest security conference. The goal is to exploit widely used software and mobile devices with vulnerabilities that have not yet been publicly disclosed, in exchange for the device in question and cash prizes. The name is derived from the fact that contestants must “pwn” (another way to say “hack”) the device in order to “own” it (win it).

Of the trio, Chrome fared the best. Two attempts were made to hack Google’s browser: One failed and one was deemed a partial success. The successfully exploited vulnerability in Chrome had already been independently reported to Google, so it wasn’t given full points.


Google Security Expert Criticizes Meaningless Antivirus Excellence Awards

March 15, 2016 – 7:50 PM

Over the weekend, one of Google’s top security researchers, Tavis Ormandy, published a blog post in which he criticized antivirus certification programs that award meaningless prizes to flawed security products.

His problem came from the fact that at this year’s RSA security conference held at the start of March, Verizon’s ICSA Labs awarded Comodo the 2016 Excellence in Information Security Testing Award.

The irony of this award wasn’t lost on him, nor us, if we take into account that since last December, Mr. Ormandy has been unearthing security flaws in Comodo’s Antivirus products on a regular basis.