Larry Seltzer

A Microsoft presentation at this weeks RSA Conference has some observers concerned about a recurring nightmare of computer security: Rootkits. A rootkit is a malicious program that uses system hooks to conceal its presence on the system. For instance, it monitors if the user opens the Windows Task Manager in order to keep itself out […]

Microsofts announcements today at the RSA conference are good news for Windows users, but one has to wonder if theyll really go through unchallenged. Much of what Bill Gates said is ambiguous, probably reflecting a certain amount of uncertainty about what they actually plan to deliver. But I definitely get the impression that they plan […]

The anti-spyware software business has a bottom-up background, having originated from small companies and freeware efforts even in the face of a large and well-equipped security software industry. What were the anti-virus vendors doing all that time? The term “spyware,” as addressed by anti-spyware software, has been applied to actual spyware such as keyloggers, various […]

Microsoft Corp. and Pfizer Inc. on Thursday announced parallel lawsuits against two international spam rings pushing a variety of drugs, especially those purporting to be generic versions of Pfizers Viagra product. The two companies filed a total of 17 lawsuits in courts in New York and Washington state. According to the companies, Pfizer filed civil […]

Im done patching my own systems. I threw caution somewhat to the winds this time. I did do some testing; I have a test desktop and a test server I install these things on and run a few tests involving common tasks of mine, but this time was different from most others. This time Microsoft […]

Every now and then I get a brand-spanking new virus before protection is out for it. This happened last week when a colleague sent me—intentionally, for study—a copy of Sober.J. I went straight to Andreas Marx of AV-Test, an independent test lab that tracks dozens of anti-virus products on numerous platforms. I wasnt surprised to […]

A vulnerability that allows the URL in the browser address bar to be spoofed appears to affect all Web browsers apart from Internet Explorer. The advisory announcing the vulnerability, which could facilitate phishing and other spoofing attacks, is related to IDN (International Domain Name) support in these browsers. IDN allows for non-English lettering in domain […]

Back in June of 2004 I argued that ISPs need to start rate-limiting use of their outbound SMTP servers. I was right, although for reasons that were a little off. But its a good example of a larger point worth making: ISPs need to be diligent in fighting spam, not just inbound but outbound as […]

The holy grail of malware detection is the generic threat detector, unburdened by the need for updates to account for every new variation of every virus that comes out every day. Such a product could just know a threat when it sees it based on the behavioral characteristics of the program. These are the claims […]

Several weeks ago I expressed skepticism at AOLs claims of substantial drops in spam coming into their network and delivered to their customers. I wanted to see some confirmation from other vendors. I still havent seen anyone claim drops, but Ive seen two important reports of stabilization. First, Symantecs Brightmail unit is reporting that spam […]