Sometimes spam, viruses, and other malware filtering at your email gateway isn’t enough. It’s important to keep your host anti-virus signatures up to date, and if you don’t have anti-virus protection at your firewall or on your network at the Internet gateway you should seriously consider it.

Here’s why these items are critical. Some recent malware attacks have used malware embedded in video and audio streams as a transfer. They can gain an initial foothold, so to speak, by managing to get a link to your users in a spam email. If your spam filter doesn’t block the message, a link in the email appears to be a video or audio link, but in fact the destination contains a trojan that is embedded in the content stream.

This method of attack isn’t exactly new. For example, the ZLOB Trojan began making rounds in 2005, and began gaining traction in 2006. Some attacks with it simply involved downloading other viruses or malware. Using a video link, however, for users that have their ActiveX controls set to download codecs automatically means that those users with poor virus protection would automatically download the virus and become infected.

Continue reading Malware Threats from Unexpected Sources: Trojans Embedded in Streaming Video Links

A recent article on eWeek triggered a lively discussion on an old topic that’s always sure to get the blood pumping. The article’s headline proclaims, “Apple’s Mac isn’t as secure as some want us to believe,” and there’s no doubt that it’s true.

The old argument, often eliciting strong response, really highlights the difference between the hype and reality. Now every computer company is guilty of a little hype. That’s the job of the marketing department, and they wouldn’t be doing their jobs if there wasn’t at least a little hype surrounding a product at any given time. Apple does it, Microsoft does it, and so does everybody else. That’s how products get sold. But in the case of Apple, far too many people have bought into the party line, and there could be a long-term danger as a result. Here’s the conflict: Mac fans believe that the Mac is absolutely secure and requires no anti-virus or email security software of any kind. Security experts generally have always disagreed, and even Apple itself has reiterated its own suggestion that users deploy anti-virus software. But still the faithful cling to their illogical contention that “it can’t happen to me because I have a Mac.”

Now here’s the reality. Yes, OS X is a good operating system, and the Mac is a pretty good machine. For the most part, it has fewer vulnerabilities and less attacks. But there’s a big difference between that reality, and the claim that “it can’t happen to me because I have a Mac.” That claim is just hype.

In fact, it can happen to you, and it will probably continue happening to you with increasing frequency. Just this month, an updated piece of malware targeting the Mac OS X was found; a new variant of Jahlav, as well as a new variant of Tored, which is being used in an attempt to create a Mac-based botnet. The lure of money will continue to attract bad guys to the OS X platform.