* Posts by John A Thomson

20 publicly visible posts • joined 1 May 2008

UK.gov convinces just 2,000 Mancunians to join ID card trial

John A Thomson
Stop

Dump it already

Come on.... it is time to dump this scheme already!

At least the Tories will get rid of this monstrosity when they get into government next year!

What do Scotland, Australia and Africa have in common?

John A Thomson
Stop

Country bumpkins do want fast Internet

@Jeremy 3

I suppose you also believe we don't want electricity! Typical urban numpty perspective.

As someone who lives and works out in the sticks, and deals with customers who use broadband on slow Internet connections, I'd say the vast majority of country bumpkins complain incessantly about their slow speeds and long for faster and faster connection speeds.

New trojan in mass DNS hijack

John A Thomson
Linux

Nothing new here

James Eaton-Lee wrote about this back in 2005 and has presented on this type of attack.

His DHCP security paper:

http://www.jeremiad.org/download.shtml#DHCPSecurityPaper

I'm sure it was my laptop that was the victim in the demo done for the BCS in Dundee. My laptop hasn't been the same since :-P.

Tux... just for James...

AVG scanner blasts internet with fake traffic

John A Thomson
Stop

Please, last time

Since I've been asked yet again, even although I did ask to be left after my position had been made quite clear.

The only AVG employee on this thread declared their interest ... Pat has asked for your help, feedback and assistance to come up with a workable solution to the concerns voiced here. How many Anonymous Cowards have actually done that? It is the people who don't declare their identity that seem to be voicing lyrical about other vendor solutions... draw your own conclusions from why they feel the need for anonymity.

The paid for version of Linkscanner will check ever link that you click upon in the paid version. Just like AVG and all the other freebie security products, the vendor doesn't include all parts of the technology unless you pay for it. Avast, Avira, etc do the same kind of feature cutting from their free offerings. Again, this is nothing new. It worked the same way when it was a standalone product available from Exploit Labs before AVG bought the company in a Victor Kiam moment. Once again a lack of research shows through.

Exploit code can be found to do all kinds of things on the web, including a long list of code to do all manner of bad things to security software i.e. disable protection of some very well know software. The challenge to all software vendors is to fix bugs and adapt their software so these exploits don't work. It is an arms race and most vendors will quickly develop their product to fix such issues. I've just checked for myself and AVG has already fixed one of the ways this exploit code was detecting Linkscanner (one of the easy, one keystroke fixes), but I do agree that it can still be detected too easily. The doubters are now challenging AVG to make the product totally undetectable... you won't get any arguments from me to making it use the exact same user agent as the locally installed browser, thereby rendering another whack of detection code useless.

Apple or oranges! You can't beat a slice of lemon to give your food or drink a little zing. Lemon and honey are always good to deal with a cold.

Because I respect Kapersky as another industry leader, but haven't taken the time to understand how their technology works or even run a demo, then I'm not able to comment on its ability to stop exploit code pushing down nasties onto website visitors computer. People who don't understand Linkscanner may wish to apply the same courtesy from this point forward.

Most AVs have to wait until the nasty has been downloaded before they can then detect and deal with it. In the modern threat landscape, that's like saying we wait until the burgulars are in the house before trying to throw them out and close the door behind them. Linkscanner, and the other technologies available from other vendors, are the security guard patrolling the garden looking to stop the bad guy before they get into the home.

Now please, let me get on with my own business as I'm obviously on the side of AVG and their technology. I can sympathise with the opposing views being voiced, but I empathise with the customers who are better protected today by using AVG 8 and other security products that use this next generation protection technologies.

Please accept that AVG will be looking at this issue seriously to come up with a solution that works and is acceptable to the vast majority of the company/people involved. If you've got sensible solutions then Pat from AVG is waiting to hear from you. You may also wish to keep an eye on Roger's blog over at http://blogs.avg.com/ to see his response in due course... he's probably busy working to address many of the concerns and issues that people have been voicing here (and elsewhere) on either side of the debate.

John A Thomson
Unhappy

Oops! Missed this point.

I'm going to make an assumption here as I've not done the research around the workings of SiteAdvisor, so be warned! There probably isn't much detail available from McAfee, rightly so, on the technical nature of its inner workings as that info could be used for evil.

I suspect SiteAdvisor isn't going to flag one of the websites that is flagged "HackerSafe by McAfee". But alas, a little while back HackerSafe was shown to be flawed. The conclusion, rightly or wrongly, is that SiteAdvisor doesn't offer 100% protection and you are vulnerable between the time a website first serves malware and the McAfee test system come roaming past and flag it as dangerous... then you've got to wait for the update to be pulled down from their servers and installed into your computer.

http://www.theregister.co.uk/2008/04/29/mcafee_hacker_safe_sites_vulnerable/

The point I'm making here is every security vendor has challenges and areas that can be exploited. Their challenge is to fix these issues when they occur and move onto the next fight with the bad guys. The task for us is to assist AVG to fix this challenge!

John A Thomson
Stop

No AV is perfect

Okay it has been asked multiple times by those who don't understand the principle and thinking of Linkscanner, so let me try to explain.

Let's take a website like Spy Sheriff by way of an example, AVG AV will detect it the malware being pushed down by the parasites. However, when you use Linkscanner it warns you not to go near it in the search engine results and if using the paid for version it will stop you going there either directly or by clicking on a search result.

However, take a zero day virus that can avoid detection by any AV initially. It can take AV vendors anywhere from hours to months to devise detection and protection into their products. Linkscanner is looking for the exploits, techniques and typical methods that the malware writers use to actually push the zero day virus out onto unsuspecting computers. Bottomline, AVG and most other AV products probably won't detect the virus, but Linkscanner will detect if the bad guys are using known exploits to push the malware packages down onto victim computers. Users running only AV may become infected depending on their OS and set-up.

So please can we stop comparing Linkscanner to the protection offered by typical antivirus products. Apples and oranges my friends.

@Chuck

I've suggested a similar scheme already to Pat to help with the website owners that don't want to be scanned. Either a robots.txt file (as you've suggested) or some additional meta information could make Linkscanner, and other such products, ignore the scanning and give it a classification of "Scanning refused by website... Use at your own risk! The link will be scanned if you decide to follow it". Having a nice warning, such as we see IE7 doing when there is a certificate problem, could make it nice and easy for people to click through or not. The weblink would be scanned at this point if the user selects to click through.

Webmasters may find it more palatable to only be scanned if the web visitor is actually going to visit the website. Cautious website visitors may not click through onto perfectly healthy websites and that is a cost to be considered when implementing the "NO LINKSCAN" tag.

Unfortunately, social engineering techniqies will ensure the bad guys manage to trick some users into visiting malware websites if this type of scheme is adopted. That is why it is important that the pre-scan is done at some point before the browser actually lands on the webpage.

Please don't ask me to comment again!!! I had enough explaining to people who don't even have the courteousy to understand how the technology works.

I'm sure Pat and AVG would rather hear your suggestions on possible ways to fix this than your whinging. How about some constructive criticism to help AVG to help you?

John A Thomson
Happy

NOD32

NOD32 is an excellent security product. I've trialed it a few times, the last of which turned into such a disaster that it was off the computer within one hour! The latest version had some very bad press when it was first released and most business customers stayed with the previous release. They also occasionally have a big issue:

http://www.sheffieldforum.co.uk/showthread.php?p=3566976

However, in general it is one of the better security products out there.

No security product is perfect... no security vendor is perfect... but some are far superior to some others... you know the ones that seem to be bundled in with new systems :-).

One thing is for sure... the bad guys only need to get something right once, whilst the security vendors need to do it right every time! An impossible mission if you ask me. Layered protection is the best means to preventing the bad guys from succeeding.

p.s. Have a look at the Linkscanner videos over on YouTube to see some real world incidents and why those using Linkscanner were better protected. They are short and show off some clever techniques used by the hackers.

John A Thomson
Paris Hilton

Response to the flamers!

@ Nexox Enigma

Good grammar and breeding clearly shows out. You may be shocked to find I have founded, run and participated in many community projects both online and offline. I also can't stand texting because of the lack of proper English... it just feels plain wrong, wrong I say!

@Phil the Geek

But Phil this type of technolog is coming to Opera and Mozilla products. The Register wrote of it only days ago.

@ Kanhef

Sorry to disappoint you, but AVG isn't paying me nor am I doing their dirty work as you are suggesting. Admittedly, I do resell their products, but that's not a new thing and I was a bigger fan of Avast Pro until AVG 8 appeared on the scene. Our old layered security solution was a far more lucrative solution in terms of revenue, but it has been found that AVG 8 is a good and cheap solution for end customers that don't have years of experience of using the web - those very customers that wish to have the additional protection it offers in a single solution and don't mind paying a small amount of money to achieve it.

I see mainstream web users being better protected through using this technology. We have a good sized customer base here in the UK and even have a customer in Nigeria (anyone tried 196kps down, 64kps up???) using this technology and none of them are complaining about it turning their system into treacle. I wouldn't be recommending it to my end customers if I thought it was a bad product for them. Sure there are situations where it may not be recommending - namely, when the ISP is one of the many big boys that sucks during peak hours... and we all know who they are!

My attitude is this...

It is alright for websites to add all kinds of additional marketing and advertising streams, to add multimedia content, to use all manner of high bandwidth items to increase their buzz and marketability, but most webmasters haven't thought too much about the people on slow connections and those end users that eat through their ISP allocated bandwidth to gain the unnecessary parts of the user experience. I realise that these technologies eat up the same ISP bandwidth, but that is the customer's choice when they install / enable Linkscanner. Now the worm has turned and web vendors are complaining. It is unfortunate that some very small business may well not be able to adapt to this changing landscape, but the bad guys have moved on and so must the security vendors to better protect the masses - there are always some casualties in war!

There are many US based suppliers offering these types of bandwidth allocations. Have a look through websites like http://www.webhostingstuff.com/.

@ tony trolle

Try Googling for things like warez, cracks, etc. You'll see a good many more red crossed results. Many web users still believe obtaining illegal software is a good way to save money and don't worry about the consequencies. Perhaps they will take more note of the warnings to stay away from these types of websites when they see security software reporting bad things.

In this day of legitimate websites being hacked to serve drive by downloads, and all manner of other malware, having Linkscanner and technologies of its ilk is going to be a good tool in protecting us all from end user being infected.

Q. Is AVG 8 perfect?

A. No. I can think of quite a few improvements I'd like to see. I've also seen some compatibility issues with a few other security products that disappear when those other products are removed.

Q. Could Linkscanner work better in other ways?

A. Certainly, but it cannot be changed overnight into a security product that is going to please the webmasters voicing their concerns.

Q. Will we see similar products / features from other security vendors?

A. Very likely.

Q. Why are you so passionate about this technology?

A. Because I've seen it working to protect web users that wouldn't know any better and would have their systems infected with all manner of malware. I even seen it detecting trustworthy websites that have been hacked to serve malware. The website vendors involved (3 different companies in one case) had let this website serve malware for weeks to visitors without having a clue that something was amiss. Thousands of website visitors could have been affected during those few weeks. Linkscanner detected the exploit code without even breaking a sweat.

Okay, I'm stopping now as my position is quite clear and the flamers must be queuing up to get into the comment box :-P.

Paris, cause she knows good breeding!!!

John A Thomson
Happy

Just William

I don't work for AVG. Until recently I favoured Avast AV and AVG Antispyware for customer installs. Now it makes sense to just use AVG 8 - the paid for version. Avast has also became a bit bloated of late and does eat up resources and system cycles, which is a real shame as it is a nice product! My dream product would combine the best parts of AVG and Avast!!

Web hosting bandwidth is cheap these days. You can get 6,000Gb for less than $8 per month and that is with a half decent provider. You can go cheaper and more expensive depending on your needs and wallet.

So every web user should sacrifice their security through not using this new technology simply because of cheapskate businesses that cannot or will not pay a little extra to do business online! How many websites are now designed to be optimised to load quickly on dial-up! Everyone is developing websites with fancy graphics, flash and other multimedia content. Why should the visitors be paying for bandwidth so these cheapskate businesses have a flashy website. There is always an alternative way to look at these things. The web evolves and both users, providers and online businesses need to re-evaluate their online strategies.

Like others have said on here... I do really care too much the advertising and marketing revenues. That is for others to work out a solutions that is secure and works for everyone. Once Google has developed the technology to stop serving up web results that have all manner of malware at the end of the search result then maybe there won't be the need to have Linkscanner searching through their results. I do feel for Google having to buy some more servers, after all they may not be able to afford it from all that Yahoo revenue coming their way! They wouldn't give two hoots if it was a revenue generator for them rather than an end user security measure.

There is nothing stopping people clicking on a result link in Google even while Linkscanner is still inspecting the underlying websites. My own experience, and many of my customers, is we don't notice any significant difference in speed, but then again high quality broadband providers are being used. Google results come up instantly on my Vista SP1 / IE7 / Linkscanner protected system and then you start to see Linkscanner going to work on the result websites.

I have seen issue when installing AVG 8 and they have so far been related to an unrelated system set-up or other application issue. Anyone who pays for AVG 8 has access to their support team to fix these problems - another advantage to pay a little money for your protection.

Linkscanner isn't AV technology or a simple blacklisting application - that's why it is far more effective at stopping web based nasties!!! Try to learn about the technology before passing comment.

http://www.explabs.com/products/lspro_methodology.asp

John A Thomson
Thumb Up

As featured on El Reg

Only a few days ago...

http://www.theregister.co.uk/2008/06/09/drive_by_download_defences/

The browser developers are getting into this type of technology, even Mozilla and Opera. Good on them I say.

John A Thomson
Thumb Up

Linkscanner works better than blacklists!

First off, I've recently switched over to using and recommending AVG 8 as the Linkscanner technology and low resource utilisation make it stand out from the crowd.

@Aditya

AVG's Linkscanner works a treat and is a better solution than blacklisting. It does realtime inspection, looking for known exploits and other nasties. Blacklisting relies on someone or some systems detecting a nasty and reporting it so the website can be added to the blacklist. There is usually a delay in blackilisting whereas Linkscanner protects in real time.

No other AV / security suite that I know about has the same level of protection as Linkscanner! Most AVs rely on blacklisting or watching out for the infection to be downloaded onto your system before reacting. Linkscanner uses many other techniques to ensure the malware stays on the server in most cases!

The realtime inspection feature of Linkscanner isn't included in the free version of AVG AV. You only get the search result inspection. Previous versions of AVG also restricted some features to be in the paid for version. AVG is, after all, a commercial company that needs to sell products to stay in business. The fact they provide a free edition with good and solid free protection is a great service to those who either can't afford or are too cheap to buy a license.

@foof

The new AVG 8 is VERY light on the host computer.

Users can do a custom install or switch off Linkscanner within AVG.

Agreed, it may not be for everyone, but anyone with even a half decent broadband connection shouldn't notice any difference when browsing the web. However, dial-up and big boy broadband users that provide poor service to their customers may well find it causes a lag in loading webpages.

Here's an example of where Linkscanner worked where other security solutions failed:

http://www.roundtripsolutions.com/blog/2008/02/06/317/forth-road-bridge-website-hacked/

It even made The Register at the time:

http://www.theregister.co.uk/2008/02/07/forth_bridge_hack/

It appears that nearly every day there is a story of another big website, that should be trustworthy, being hacked to serve malware. Technologies such as Linkscanner will provide the real time security that is needed to protect web users.

Bandwidth is cheap these days anyway. If smaller websites can't afford to pay for it then maybe they need to find alternate suppliers or reconsider their web presence.

As for webstats, most of the time they are a flaky indication for most businesses! Much better to measure the real business impact of your web presence i.e. visitors that convert to sales, number of user registrations, etc.

Keep up the good work Roger and AVG. Some of us appreciate your fabulous technology and what it can do to protect the end users from the ever increasing threats on the Internet.

UK civil servant leaves Top Secret Iraq war intelligence documents on a train

John A Thomson
Boffin

42 days not needed

There you go... we have a terrorism related incident and the police didn't require 42 days to find the culprit.

The security services (SS) should be using specially coated paper that can be detected by scanners located at exits. Alarms will sound if any dumpling from the SS tries to leave the building with papers they shouldn't take out of secure conditions... or is that too James Bond?

Browser makers throw up drive-by download barriers

John A Thomson
Thumb Up

AVG Linkscanner

@Mike.... perhaps time to get better broadband. I've got true a true 3Mbps service with a decent provider and use LinkScanner without any noticeable difference. Wouldn't use the Internet without using something like LinkScanner with all the drive by download infections out on the WWW! Scary to think the bad guys are infecting legitimate website to get their crapware out onto unsuspecting user's systems.

For example, here's one from earlier this year that saw LinkScanner Pro doing the needful:

http://www.theregister.co.uk/2008/02/07/forth_bridge_hack/

The bad guys have certainly got more proficient at hacking more and more websites since that incident.

Yet another hole found in BT Wi-Fi router

John A Thomson
IT Angle

Shame BT haven't told... em... BT

It is just a shame that BT Installation Engineers and their telephone support staff may still be using the default WEP out the box set-up!!! Well that was the case one month ago when their own website had advisories stating WEP bad, use WPA instead.

More info:

http://www.roundtripsolutions.com/blog/2008/04/22/352/bt-broadband-fail-to-follow-their-own-advice/

Activist coders aim to deafen Phorm with white noise

John A Thomson
Alert

Move ISP

The vast majority of users aren't going to run this application so the Phorm business model is going to still work well for them! Key to kill Phorm and others is to ensure ISPs see their customers vote with their feet whenever this technology is deployed.

The best way to deal with Phorm is to migrate away from any ISP that uses the technology. Let the ISP know the reason for moving and send their senior managers / MD an email or letter that informs on your views about Phorm and their involvement in such a techology.

I want a baby, coos broody Paris Hilton

John A Thomson
Joke

Video of the pregnancy

One Mite in Paris!

Dope-crazed Canadians sledgehammer iPhone

John A Thomson
Joke

iHammered

But was the phone more hammered or the guys doing the assassination?

Shouldn't you be offering some iCounselling for those fan boys affected by these terrrible attrocities!?!?

Air France pilot in white-knuckle near miss

John A Thomson
Joke

Sacre bleu

The little boy obviously used the Jedi mind trick to get the pilot to do this!

Watchdog bares teeth at mobile premium rate scams

John A Thomson
Thumb Down

Report the scams to PhonePayPlus

I know we feel that reporting these incidents is a waste of space and time, but if everyone reported it to PhonePayPlus, made complaints to OfCom and wrote emails and letters to their MPs then maybe slowly something would change. The regulators can't do much unless they see the true scale of the problem and start to feel overwhelmed by public complaints. It doesn't take long to raise a complaint if you have the details of the text, including the short code.

Another scandal is the scammers operate 0845 / 0870 customer service numbers and probably earn revenue when you report their scamming to them. Anyway you look at it, they win!

John A Thomson
Thumb Down

Just complained to Ofcom and PhonePayPlus

I just raised a complaint yesterday with Ofcom and PhonePayPlus about a charge for a text that was sent to my T-mobile Web'n'walk datacard account! WTF!

Ofcom tried to wriggle out of it at first, but I pointed out the issue wasn't the £1.50 premium text, it was in fact the issue that the phone system allows this kind of abuse. Their CS representative did take down my complaint and entered it into their system.

PhonePayPlus and T-Mobile were incredibly helpful and supplied enough information for me to chase the "Text Provider", who checked their systems and said it was a glitch that had somehow seen my number appearing in their "spamming" database, but they had no associated account in the customer database. A refund cheque was sent out for the spam text, but this doesn't make up for the 60 minutes of my time on the telephone and the call costs to get to that point!

I've had a mobile phone for 20+ years without anything like this happening, then in the last 3 months I've had two such incidents with these unsolicited premium rate spam texts being sent to me. The next time it happens I'm going to pursue the company for all my costs and time by invoice first off and then in the courts!

This scam must be fixed NOW. The mobile phone network shouldn't allow these messages to be sent unless you have initiated the subscription on your handset. They should even ask for a pin or password to complete the signup transaction.