OUCH!
SANS Institute Security Newsletter for Computer Users
Volume 6, Number 10 October 2009
************************************************************************
In This Issue
1. You and Your Browser - 2. Software Patches and Updates - 3. On the
Weird Side of Browsers
************************************************************************
A formatted version of the OUCH! newsletter can be found at
https://www.sans.org/newsletters/ouch. You can subscribe to OUCH! on the
same site. Send your comments to OUCH@sans.org.
************************************************************************
1. You and Your Browser
- - What exactly is a browser anyway?
Let's start with what it's not. A browser is not Google, not a search
engine, not AOL, and not broadband. A browser is software that you use
to see and hear what's available on the World Wide Web. (You can use a
browser for other things, too, but let's stay with their more common
uses for now.) Browsers take you to websites and webpages where you can
read and send email, see images and movies, and listen to music. You can
also download and upload files using your browser. Your browser allows
you to navigate to information resources that are organized as URL's
(Uniform Resource Locators) or web addresses. The major web browsers are
Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, Google
Chrome, and Opera.
- - Why do I need a browser to connect to the Internet? Why can't my
computer just do it?
You need a browser to connect to the Internet because browsing is only
one of many things that a computer can do. A browser is software that
directs your computer to the Internet, interprets your requests, and
translates them into the language used by all of the computers on World
Wide Web. Your computer is simply hardware -- a machine that will follow
instructions. Software supplies the instructions.
- - OK, so just HOW does my browser connect to the Internet?
Strictly speaking, it's your computer and its operating system that
connect to the Internet, either by a wired or a wireless connection,
such as Ethernet, Cable Internet or DSL (Digital Subscriber Line), or
by Wi-Fi or wireless broadband. Your browser communicates with the
operating system, and the operating system communicates with the
Internet.
- - Why is there such a choice of browsers? What's the difference?
A browser, like all software, is a product, produced and marketed by
people who want you to use it. Objective: To gain market share. It is
estimated that 1.7 billion people are using the Internet worldwide in
2009. If you make a better browser, the world will beat a path to your
website and download it, and your customer base could number in the
hundreds of millions quickly. Anatomically speaking, all web browsers
are about the same. They differ from one another in their "look and
feel"-when, where, and how you click to make something happen. It's
largely a matter of taste. All of the major browsers can use plug-in's
and add-on's, like Flash Player for movies and Acrobat Reader for
opening PDF files.
- - My computer came with a browser on it. Why would I want another one?
Microsoft includes Internet Explorer with Windows for the same reason
that Apple includes Safari in OS X--so you will use it and they can
command a greater share of the market. Web browsing is what most people
do on a computer most of the time, and competition among browser makers
is stiff. Back in 1990's the Mozilla Foundation produced the earliest
browser, called "Mosaic," and later "Netscape." Today, Firefox is
considered by some to be faster and more secure than Internet Explorer
and Safari, while Google's Chrome and the Opera browser are attempts to
provide a new look and feel for the browsing experience.
- - What exactly do people mean when they talk about web-based malware?
Malware is a catch-all term for thousands of varieties of computer
viruses and worms. While viruses and worms are not new-we have all heard
about computers getting infected by email and email attachments-websites
emerged in 2009 as the primary vehicle for spreading of malware.
Browsers create a two-way communications channel between your computer
and a website. If the site is infected or "dirty," malware may enter
your computer without warning in a matter of seconds. That's web-based
malware.
- - Why isn't my anti-virus or anti-spyware program enough to protect my
computer from web-based malware?
There are two reasons. Anti-virus and anti-spyware work pretty much like
vaccines. Just as no single vaccine can protect you against every strain
of flu, no security program can protect your computer against every kind
of malware. And just as new strains of flu emerge season after season,
so too new kinds of computer viruses-as well as variants of old
ones--crop up on a daily basis. Even if you have effective security
software, the Bad Guys are always cooking up ways to beat it, like
tricking you into downloading malware voluntarily by browsing to a dirty
website or clicking on a rigged link that promises you something you
want and delivers something else you don't want.
- - What DOES protect my computer from malware and other threats on the Web?
You are your first line of defense-you need to be aware of threats posed
by browsing. But don't make the mistake of thinking that you can tell
which websites are clean and dirty by how they look, who appears to own
or run them, how often you have visited them without incident, or based
on a recommendation from a friend or co-worker. What was a safe website
or webpage yesterday may have been hacked overnight and now contain
malware. Remember: You browse at your own risk. Your second line of
defense is good-quality security software-including anti-virus,
anti-spyware, and a two-way software firewall-and a hardware firewall.
Third, use key scrambling or anti-keylogging software that encrypts your
keystrokes and helps prevent Bad Guys from getting a hold of sensitive
information you enter on your computer. Fourth, keep your software
updated and patched. (See Updates and Patches below.) If you suspect
that your computer may be infected, call the support line of the
manufacturer of your security software or of your computer, your ISP
(Internet Service Provider) or contact your local computer support
personnel or a computer consultant.
- - What should I look for when I am shopping for the right protection
against malware?
Read reviews that compare the effectiveness, reliability, and
ease-of-use of security software products. Get recommendations by
calling the support line of the manufacturer of your computer or your
Internet Service Provider, or by talking with your local computer
support personnel or a computer consultant knowledgeable about security.
Many good-quality security software suites cost less than $100, so this
is not a big budget item. Concentrate on quality, not on a $10 or $20
price difference. When considering freeware, keep in mind that if you
have a problem, support may be hard to come by or simply non-existent.
More information: http://www.internetworldstats.com/stats.htm
http://www.learnthenet.com/english/html/12browser.htm
http://safeweb.norton.com/dirtysites
http://www.pcmag.com/products/0,,tqs=1226769170B6C28F5A627C1DBAEA45495542EA9E,00.asp?action=defaultadvancedquery&cid=25442&sid=25442&gridtitle=Recent%20Product%20Reviews&googlequery=q%3D%26mt823%3D21142%26sort%3Decho%26dir%3Ddesc&stpdinglp=1
http://www.qfxsoftware.com/
************************************************************************
2. Patches and Updates
Microsoft and Apple:
Windows: http://www.microsoft.com/security/updates/bulletins/200909.aspx
OS X: http://support.apple.com/kb/HT1338 and
http://www.appleinsider.com/articles/09/09/10/apple_releases_mac_os_x_10_6_1_security_updates_more.html
iPhone/iPod: http://docs.info.apple.com/article.html?artnum=305744
iPod: http://support.apple.com/kb/HT1483
Other software products:
Windows Acrobat Reader
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
OS X Acrobat Reader:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh
Adobe Flash Player:
http://get.adobe.com/flashplayer/
Firefox: http://www.mozilla.com/en-US/firefox/update/
Safari:
http://www.apple.com/downloads/macosx/apple/application_updates/safari.html
Opera: http://www.opera.com/
Google Chrome: http://googlechromeupdate.com/updates.html
Java: http://www.java.com/en/download/manual.jsp
iTunes:
http://www.tuaw.com/2009/09/22/itunes-9-0-1-now-in-software-update/
http://www.apple.com/itunes/download/
iWork & iWork.com:
http://theappleblog.com/2009/09/29/iwork-09-iwork-com-updated/
Symantec:
http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/2002021908382713
Norton:
http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=n95
McAfee: http://www.mcafee.com/apps/downloads/security_updates/dat.asp
Kaspersky: http://www.kaspersky.com/avupdates
Sophos: https://secure.sophos.com/support/updates/
Panda: http://www.pandasecurity.com/homeusers/downloads/clients/
BitDefender:
http://www.bitdefender.com/site/view/Desktop-Products-Updates.html
************************************************************************
3. On the Weird Side of Browsers . . .
http://www.youtube.com/watch?v=sGyoA92ubzs
http://www.youtube.com/watch?v=o4MwTvtyrUQ
http://www.youtube.com/watch?v=5535Ts-iOP0
************************************************************************
Copyright 2009, SANS Institute (http://www.sans.org)
Editorial Board: Bill Wyman, Alan Reichert, Walt Scrivens, Barbara
Rietveld, Alan Paller.
Permission is hereby granted for any person to redistribute this in
whole or in part to any other persons as long as the distribution is not
being made as part of any commercial service or as part of a promotion
or marketing effort for any commercial service or product. We request
that redistributions include attribution for the source of the material.
Readers are invited to subscribe for free at
https://www.sans.org/newsletters/ouch
Outils 
Aide
