DOCSLIB.ORG

Netiq Securelogin 8.5 Service Pack 3 Release Notes September 2017

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Netiq Securelogin 8.5 Service Pack 3 Release Notes September 2017 NetIQ SecureLogin 8.5 Service Pack 3 Release Notes September 2017 NetIQ SecureLogin 8.5 Service Pack 3 (SP3) enhances the product capability and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the NetIQ SecureLogin forum on NetIQ Communities, our online community that also includes product information, blogs, and links to helpful resources. The documentation for this product and the latest Release Notes are available on the NetIQ website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the NetIQ SecureLogin documentation page. To download this product, see the NetIQ Downloads website. Section 1, “What’s New?,” on page 1 Section 2, “System Requirements,” on page 3 Section 3, “Installing or Upgrading,” on page 3 Section 4, “Known Issues,” on page 3 Section 5, “Legal Notices,” on page 5 1 What’s New? This release includes the following: Section 1.1, “Software Fixes,” on page 1 1.1 Software Fixes This release includes the following software fixes: Section 1.1.1, “Smart Card Pin Auto-fill Does Not Work For Second Application,” on page 2 Section 1.1.2, “Performance Issue During Smart Card Pin Auto-fill While Using .Net Applications,” on page 2 Section 1.1.3, “SLdotnetsso.exe Does Not Start Even When It Is Enabled In .Net Preference,” on page 2 Section 1.1.4, “Single Sign-on Fails Occasionally for the Applications that Use Oracle Forms with JRE 1.7,” on page 2 Section 1.1.5, “Windows Event Viewer Logs Display ElementNotAvailableException When Using .Net Application,” on page 2 Section 1.1.6, “SLbroker.exe Stops Abruptly When Users Log Off,” on page 3 Section 1.1.7, “Citrix Single Sign-On Module Fails to Start,” on page 3 NetIQ SecureLogin 8.5 Service Pack 3 Release Notes 1 Section 1.1.8, “Users Are Prompted For Passphrase,” on page 3 Section 1.1.9, “Some Script Functions Do Not Work For 32-bit Applications Running On 64-bit Systems,” on page 3 1.1.1 Smart Card Pin Auto-fill Does Not Work For Second Application Issue: Smart Card pin auto-fill does not for the second application. This issue occurs on Microsoft Office applications that require .Net Framework for single sign-on. (Bug 1054440) Fix: With this release, WinSSO and DotNetSSO are modified to fix this issue. 1.1.2 Performance Issue During Smart Card Pin Auto-fill While Using .Net Applications Issue: The single sign-on for .Net based thick applications takes longer time when smart card pin is required. (Bug 1041731) Fix: With this release, WinSSO and .Net worker are modified to reduce the single sign-on time. 1.1.3 SLdotnetsso.exe Does Not Start Even When It Is Enabled In .Net Preference Issue: SecureLogin does not detect any .Net application for single sign-on because SLdotnetsso.exe does not start. It happens because SecureLogin always considers the value that is set in the DisableDotNetSSO registry setting. If the DisableDotNetSSO registry is set to 1, SLdotnetsso.exe will not start even if Start WindowsAutomation(DotNet) monitor/automation worker is set to Yes. (Bug 1047664) Fix: From this release, SecureLogin considers the value set for Start WindowsAutomation(DotNet) monitor/automation worker irrespective of the DisableDotNetSSO registry setting. 1.1.4 Single Sign-on Fails Occasionally for the Applications that Use Oracle Forms with JRE 1.7 Issue: Single sign-on fails to the applications that use Oracle forms with JRE 1.7+ client environments, for example while using Retiro application. This issue happens when application startup session is slow. (Bug 1043453) Fix: With this release, JRE 1.7+ environment startup monitoring is improved to allow delay in case of security prompts and slow server responses. It facilitates reliable identification of Oracle forms desktop which notifies SecureLogin for window creation events to perform single sign-on. 1.1.5 Windows Event Viewer Logs Display ElementNotAvailableException When Using .Net Application Issue: When SLdotnetsso.exe is running, closing a .Net applications can generate the ElementNotAvailableException error in windows event viewer. It happens because SecureLogin keep processing the events of the application that was closed. (Bug 1041761) Fix: From this release, when an application is closed, SecureLogin stops processing the events of that application. 2 NetIQ SecureLogin 8.5 Service Pack 3 Release Notes 1.1.6 SLbroker.exe Stops Abruptly When Users Log Off Issue: When users log off, the slbroker main function clears data from BrokerAPI library. SLbroker.exe closes abruptly if the BrokerAPI library data is already cleared by other function. (Bug 1047667) Fix: From this release, BrokerAPI library data objects are aligned to their specific functions. It ensures that a single instance is not maintained for a process and functions delete only their specific data objects. 1.1.7 Citrix Single Sign-On Module Fails to Start Issue: SSONSVR.exe (Citrix single sign-on module) fails to start when SecureLogin is listed above Citrix Receiver in network provider order. SecureLogin is listed above Citrix Receiver in network provider when you install Citrix Receiver after SecureLogin. (Bug 1027767) Fix: With this release, SLCredMan.dll is modified to write registry credentials in HKLM. After login SLbroker.exe will move the registry credentials from HKLM to HKCU. It ensures that SLCredMan.dll keeps working and does not conflict with Citrix single sign-on module. 1.1.8 Users Are Prompted For Passphrase Issue: Some re-named users are prompted for passphrase during login. (Bug 1038552) Fix: With this release, the buffers that contains username and password are modified to fix this issue. 1.1.9 Some Script Functions Do Not Work For 32-bit Applications Running On 64-bit Systems Issue: The GetCommandLine and ReadText script functions fail when used on a secured password field. This issue occurs for 32-bit applications running on 64-bit systems. (Bug 1057696) Fix: From this release, WinSSO is modified to fix this issue. 2 System Requirements For information about hardware requirements, supported operating systems, and browsers, see Prerequisites, NetIQ SecureLogin Quick Start Guide. 3 Installing or Upgrading You can either upgrade from the previous versions of SecureLogin or perform a new installation. For information about how to install and how to upgrade, see NetIQ SecureLogin Installation Guide. 4 Known Issues NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently researched. For release specific issues, see previous releases’ release notes. If you need further assistance with any issue, please contact Technical Support. Section 4.1, “Performance Issues When Internet Explorer Is Working In Protected Mode,” on page 4 Section 4.2, “3DES to AES Migration Displays Multiple Warning Messages,” on page 4 NetIQ SecureLogin 8.5 Service Pack 3 Release Notes 3 Section 4.3, “Performance Issue While Opening Encrypted Emails Using Outlook,” on page 4 Section 4.4, “SecureLogin Standalone Mode Installation Fails To Load Cache of An Existing Installation of Different Mode,” on page 4 4.1 Performance Issues When Internet Explorer Is Working In Protected Mode Issue: The following issues occur when Internet Explorer is opened in protected mode: 1. SecureLogin does not work properly when you switch between web pages that are in different security zones and require different protected mode settings. (Bug 1041750) For example, when you open a web page in a new tab while a web page that belongs to a different security zone is already open, single sign-on to the new web page fails. 2. Internet Explorer stops working when you access web pages from different security zones. The Internet Explorer protected mode blocks Browser Helper Object when you open web pages from different security zones because zone based security is configured to allow only a few zones to operate in protected mode. (Bug 1041746) Workaround: Make sure that you list all the web pages that you access in the Trusted Sites list of Internet Explorer. You can also specify IESSOBHO=0 to ignore protected mode rules. 4.2 3DES to AES Migration Displays Multiple Warning Messages Issue: When the existing data is encrypted using AES and multiple instances of SecureLogin are running then a warning message is displayed for each application before data migration. AES encrypts the data using first instance and by the time second instance starts encryption, the data is already migrated. The second instance considers the existing data as invalid and prompts users to confirm if they want to re-encrypt the existing data using AES. (Bug 1041755) Workaround: Restart SecureLogin before you upgrade to make sure that only one instance of SecureLogin is running during upgrade. 4.3 Performance Issue While Opening Encrypted Emails Using Outlook Issue: Outlook takes longer time to open encrypted emails after initial start. It occurs because .Net takes longer time to respond to sldotnetsso.exe. (Bug 1042173) Workaround: There is no workaround for this issue because SecureLogin cannot resolve .Net Framework limitations. 4.4 SecureLogin Standalone Mode Installation Fails To Load Cache of An Existing Installation of Different Mode Issue: If SecureLogin is installed in standalone mode when local cache from a different mode exists, it fails to start. (Bug 1059191) Workaround: Perform the following steps to workaround this issue: 1 Use the sltray /forceshutdown command to close SecureLogin.
Load more

Recommended publications
  • Administrator's Guide
    Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release notes, and/or the latest version of the applicable documentation, which are available from the Trend Micro website at: http://docs.trendmicro.com/en-us/enterprise/scanmail-for-microsoft- exchange.aspx Trend Micro, the Trend Micro t-ball logo, Apex Central, eManager, and ScanMail are trademarks or registered trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Copyright © 2020. Trend Micro Incorporated. All rights reserved. Document Part No.: SMEM149028/200709 Release Date: November 2020 Protected by U.S. Patent No.: 5,951,698 This documentation introduces the main features of the product and/or provides installation instructions for a production environment. Read through the documentation before installing or using the product. Detailed information about how to use specific features within the product may be available at the Trend Micro Online Help Center and/or the Trend Micro Knowledge Base. Trend Micro always seeks to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro document, please contact us at [email protected]. Evaluate this documentation on the following site: https://www.trendmicro.com/download/documentation/rating.asp Privacy and Personal Data Collection Disclosure Certain features available in Trend Micro products collect and send feedback regarding product usage and detection information to Trend Micro. Some of this data is considered personal in certain jurisdictions and under certain regulations.
    [Show full text]
  • (12) United States Patent (10) Patent No.: US 7,921.461 B1 Golchikov Et Al
    USOO7921461B1 (12) United States Patent (10) Patent No.: US 7,921.461 B1 Golchikov et al. (45) Date of Patent: Apr. 5, 2011 (54) SYSTEMAND METHOD FOR ROOTKIT S.8. 53 A. : SS Eyrdseter . et. al.. ............... 7 1. DETECTION AND CURE 2004/O181561 A1 9, 2004 Knox et al. 2005, 0021994 A1 1/2005 Barton et al. (75) Inventors: Andrey V. Golchikov, Moscow (RU); 2005/0278788 A1 12/2005. Jindal et al. Andrey V. Sobko, Moscow (RU) 2006/0031673 A1 2/2006 Becket al. .................... T13, 164 2006.0053270 A1* 3, 2006 Dunn et al. 712/13 (73) Assignee: Kaspersky Lab, ZAO, Moscow (RU) 2.99. A. : 29: RSU ca.tal. ... 2. (*) Notice: Subject to any disclaimer, the term of this 2008.0034429 A1 ck 2/2008 Schneider ....................... T26/23 patent is extended or adjusted under 35 OTHER PUBLICATIONS U.S.C. 154(b) by 1115 days. Simon Baker et al. "Checking Microsoft Windows(R) Systems for (21) Appl. No.: 11/623,364 Signs of Compromise', Oct. 28, 2005, version 1.3.4, pp. 1-18.* y x- - - 9 * cited by examiner (22) Filed: Jan. 16, 2007 Primary Examiner — Farid Homayoumehr (51) Int. Cl. Assistant Examiner — Michael Guirguis ge. 5.b4. 3:08: (74) Attorney, Agent, or Firm — Bardmesser Law Group GSB 23/00 (2006.01) (57) ABSTRACT (52) U.S. Cl. ................... 726/23: 726/24; 726/25; 713/2 ASVstem. method and computer program product for SVStem (58) Field of Classification Search .................... 726/26, ystem, computer program pr ySt. 726/23 25: 713/2 for detecting a rootkit on a computer having an operating S lication file f let h his s system, including a native application in ring 0 which, when ee appl1cauon Ille Ior complete searcn n1Story.
    [Show full text]
  • Groove Gfs Browser Helper Grooveshellextensions.Dll
    Groove gfs browser helper grooveshellextensions.dll Continue Equipment Info maakt gebruik van biscuits Equipment Information onderdeel van DPG Media. Onze sites en applications gebruiken cookies, JavaScript en vergelijkbare technologie onder andere om je een optimale gebruikerservaring te bieden. Ook kunnen we hierdoor het gedrag van bezoekers vastleggen en analyseren, en deze informatie toevoegen aan bezoekersprofielen. Biscuits kunnen worden gebruikt om Op Equipment Advertising information those Tonen en artikelen aan te bevelen die aansluiten op je interesses. Ook derden kunnen je internetgedrag volgen, zoals bijvoorbeeld het geval - is a bij built-in video van YouTube. Biscuits kunnen gebruikt worden om op sites van derden relevantenties te tonen. Dankzij cookies van derde partijen kun je daarnaast informatie delen via social media, zoals Twitter en Facebook. Meer informatie hierover vind je op hardware.info/extra/cookies. Om pagina's op Hardware Info te kunnen bekijken, moet je de cookies accepteren door op 'Ja, ik accepteer cookies' te klikken. The original GrooveShellExtensions.dll file is a software component of Microsoft Office 2007 at Microsoft. GrooveShellExtensions.dll is an addition to Microsoft Browser Helper Object (BHO) for Microsoft Internet Explorer. Known as Groove Folder Sync, this allowed Office 2007 users to access Groove files in the IE web browser window and helped synchronize updated files. It included a contextual menu. His location was C: Files of the Microsoft Office-Office12-GrooveShellExtensions.dll. No reference to Office14 or above can be found, indicating that it has not been installed since Office 2010 or later. The Groove in Office 2007 product allows users to collaborate by sharing workspaces synchronized through relay servers with any other user they're invited to join the workspace.
    [Show full text]
  • ERNW Newsletter 31 / June 2010 Secure Configuration of Microsoft
    ERNW Newsletter 31 / June 2010 Dear Partners, dear Colleagues, Welcome to the 31th edition of the ERNW Newsletter with the title: Secure Configuration of Microsoft Internet Explorer, Version 8 Version 1.0, 11th of June 2010 By: Enno Rey ([email protected]) Christopher Werny ([email protected]) Oliver Röschke ([email protected]) Abstract This newsletter evaluates configuration options, reflecting security and possible usability impact, incorporating typical large scale enterprise usage of browser based content. The evaluation was done for a globally operating enterprise. Note We provide some supporting files, namely: some regfiles containing the settings we recommended for the given environment. Use at your own risk and only if you fully understand the impact! an XLS with the recommended settings, based on the Microsoft XLS doc on GPO settings. miscellaneous stuff, e.g. an XLS with some documentation on potentially needed CLSIDs. A ZIP file with these can be found at http://www.ernw.de/download/ernw_nl_31_ie8config_supporting_docs.zip Disclaimer: the recommended settings are deployed in a sufficiently large global network. So they "work in production". Still, your mileage might vary. Please use the stuff cautiously. Any use is at your own risk. Definition – Umsetzung – Kontrolle 1 1 INTRODUCTION ............................................................................................. 5 1.1 Project Goals ............................................................................................................ 5 1.2 Technical goals ........................................................................................................
    [Show full text]
  • Building Anti-Phishing Browser Plug-Ins: an Experience Report
    Building Anti-Phishing Browser Plug-Ins: An Experience Report Thomas Raffetseder, Engin Kirda, and Christopher Kruegel Secure Systems Lab, Technical University of Vienna {tr,ek,chris}@seclab.tuwien.ac.at Abstract stolen. These credentials are typically used to login into the online banking web site and to transfer money to the at- Phishing is an online identity theft that aims to steal tacker’s bank account. Although phishing is a simple social sensitive information such as user names, passwords, and engineeringattack, it has provento be surprisingly effective. credit card numbers. Although phishing is a simple social Hence, the number of phishing scams is continuing to grow, engineering attack, it has proven to be surprisingly effec- and the costs of the resulting damages is increasing. For tive. Hence, the number of phishing scams is continuing example, the Anti-Phishing Working Group received over to grow, and the costs of the resulting damages is increas- 35,000 unique phishing reports in November 2006, com- ing. Researchers as well as the IT industry have identified pared to around 7,000 in November of the year before [2]. the urgent need for anti-phishing solutions and recently, a Figure 1 shows a phishing email that targets the cus- number of solutions to mitigate phishing attacks have been tomers of a U.S. bank. The attackers have imitated the look proposed. Several of these approaches are browser plug- and feel of the Bank of America online banking web site ins. with the aim of fooling users into believing that the mail In 2005, we implemented a Firefox anti-phishing is authentic.
    [Show full text]
  • Security Analysis of Browser Extension Concepts
    Saarland University Faculty of Natural Sciences and Technology I Department of Computer Science Bachelor's thesis Security Analysis of Browser Extension Concepts A comparison of Internet Explorer 9, Safari 5, Firefox 8, and Chrome 14 submitted by Karsten Knuth submitted January 14, 2012 Supervisor Prof. Dr. Michael Backes Advisors Raphael Reischuk Sebastian Gerling Reviewers Prof. Dr. Michael Backes Dr. Matteo Maffei Statement in Lieu of an Oath I hereby confirm that I have written this thesis on my own and that I have not used any other media or materials than the ones referred to in this thesis. Saarbr¨ucken, January 14, 2012 Karsten Knuth Declaration of Consent I agree to make both versions of my thesis (with a passing grade) accessible to the public by having them added to the library of the Computer Science Department. Saarbr¨ucken, January 14, 2012 Karsten Knuth Acknowledgments First of all, I thank Professor Dr. Michael Backes for giving me the chance to write my bachelor's thesis at the Information Security & Cryptography chair. During the making of this thesis I have gotten a deeper look in a topic which I hope to be given the chance to follow up in my upcoming academic career. Furthermore, I thank my advisors Raphael Reischuk, Sebastian Gerling, and Philipp von Styp-Rekowsky for supporting me with words and deeds during the making of this thesis. In particular, I thank the first two for bearing with me since the release of my topic. My thanks also go to Lara Schneider and Michael Zeidler for offering me helpful advice.
    [Show full text]
  • Protecting Browsers from Extension Vulnerabilities
    Protecting Browsers from Extension Vulnerabilities Adam Barth Adrienne Porter Felt Prateek Saxena Aaron Boodman Electrical Engineering and Computer Sciences University of California at Berkeley Technical Report No. UCB/EECS-2009-185 http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-185.html December 18, 2009 Copyright © 2009, by the author(s). All rights reserved. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission. Acknowledgement We would like to thank Nick Baum, Erik Kay, Collin Jackson, Matt Perry, Dawn Song, David Wagner, and the Google Chrome Team. This work is partially supported by the Air Force Office of Scientific Research under MURI Grant No. 22178970-4170. Protecting Browsers from Extension Vulnerabilities Adam Barth, Adrienne Porter Felt, Prateek Saxena Aaron Boodman University of California, Berkeley Google, Inc. fabarth, afelt, [email protected] [email protected] Abstract browser’s full privileges. If an attacker can exploit an ex- tension vulnerability, the attacker can usurp the extension’s Browser extensions are remarkably popular, with one in broad privileges and install malware on the user’s machine. three Firefox users running at least one extension. Although At this year’s DEFCON, Liverani and Freeman presented well-intentioned, extension developers are often not security attacks against a number of popular Firefox extensions [23].
    [Show full text]
  • Atc Proceedings
    Behavior-based Spyware Detection Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna {ek,chris}@seclab.tuwien.ac.at Greg Banks, Giovanni Vigna, and Richard A. Kemmerer Department of Computer Science University of California, Santa Barbara {nomed,vigna,kemm}@cs.ucsb.edu Abstract damage or to spread to other systems. Instead, spyware Spyware is rapidly becoming a major security is- programs monitor the behavior of users and steal private sue. Spyware programs are surreptitiously installed on a information, such as keystrokes and browsing patterns. user’s workstation to monitor his/her actions and gather This information is then sent back to the spyware dis- private information about a user’s behavior. Current anti- tributors and used as a basis for targeted advertisement spyware tools operate in a way similar to traditional anti- (e.g., pop-up ads) or marketing analysis. Spyware pro- virus tools, where signatures associated with known spy- grams can also “hijack” a user’s browser and direct the ware programs are checked against newly-installed ap- unsuspecting user to web sites of the spyware’s choos- plications. Unfortunately, these techniques are very easy ing. Finally, in addition to the violation of users’ privacy, to evade by using simple obfuscation transformations. spyware programs are also responsible for the degrada- This paper presents a novel technique for spyware de- tion of system performance because they are often poorly tection that is based on the characterization of spyware- coded. like behavior. The technique is tailored to a popular A number of anti-spyware products, whose goal is the class of spyware applications that use Internet Explorer’s identification and removal of unwanted spyware, have Browser Helper Object (BHO) and toolbar interfaces to been developed.
    [Show full text]
  • X41 D-SEC Gmbh Dennewartstr
    Browser Security White PAPER Final PAPER 2017-09-19 Markus VERVIER, Michele Orrù, Berend-Jan WEVER, Eric Sesterhenn X41 D-SEC GmbH Dennewartstr. 25-27 D-52068 Aachen Amtsgericht Aachen: HRB19989 Browser Security White PAPER Revision History Revision Date Change Editor 1 2017-04-18 Initial Document E. Sesterhenn 2 2017-04-28 Phase 1 M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 3 2017-05-19 Phase 2 M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 4 2017-05-25 Phase 3 M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 5 2017-06-05 First DrAFT M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 6 2017-06-26 Second DrAFT M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 7 2017-07-24 Final DrAFT M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 8 2017-08-25 Final PAPER M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 9 2017-09-19 Public Release M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER X41 D-SEC GmbH PAGE 1 OF 196 Contents 1 ExECUTIVE Summary 7 2 Methodology 10 3 Introduction 12 3.1 Google Chrome . 13 3.2 Microsoft Edge . 14 3.3 Microsoft Internet Explorer (IE) . 16 4 Attack Surface 18 4.1 Supported Standards . 18 4.1.1 WEB TECHNOLOGIES . 18 5 Organizational Security Aspects 21 5.1 Bug Bounties . 21 5.1.1 Google Chrome . 21 5.1.2 Microsoft Edge . 22 5.1.3 Internet Explorer . 22 5.2 Exploit Pricing . 22 5.2.1 ZERODIUM . 23 5.2.2 Pwn2Own .
    [Show full text]
  • Behavior-Based Spyware Detection
    Behavior-based Spyware Detection Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna {ek,chris}@seclab.tuwien.ac.at Greg Banks, Giovanni Vigna, and Richard A. Kemmerer Department of Computer Science University of California, Santa Barbara {nomed,vigna,kemm}@cs.ucsb.edu TECHNICAL REPORT Abstract Spyware is rapidly becoming a major security issue. Spyware programs are surreptitiously installed on a user’s workstation to monitor his/her actions and gather private information about a user’s behavior. Current anti-spyware tools operate in a way similar to traditional anti-virus tools, where signatures associated with known spyware programs are checked against newly-installed applications. Unfortunately, these techniques are very easy to evade by using simple obfuscation transformations. This paper presents a novel technique for spyware detection that is based on the characterization of spyware-like behavior. The technique is tailored to a popular class of spyware applications that use Internet Ex- plorer’s Browser Helper Object (BHO) and toolbar interfaces to monitor a user’s browsing behavior. Our technique uses a composition of static and dynamic analysis to determine whether the behavior of BHOs and toolbars in response to simulated browser events is to be considered mali- cious. The evaluation of our technique on a representative set of spyware samples shows that it is possible to reliably identify malicious components using an abstract behavioral characterization. Keywords: spyware, malware detection, static analysis, dynamic analy- sis. 1 Introduction Spyware is rapidly becoming one of the major threats to the security of Inter- net users [16, 19]. A comprehensive analysis performed by Webroot (an anti- spyware software producer) and Earthlink (a major Internet Service Provider) 1 showed that a large portion of Internet-connected computers are infected with spyware [1], and that, on average, each scanned host has 25 different spyware programs installed [6].
    [Show full text]
  • Open Mobile for Windows Ipass Open Mobile™ Makes Secure, Simple and Effective Network Access a Reality
    2013/12/11 18:37 1/87 om_windows_admin_guide Open Mobile for Windows iPass Open Mobile™ makes secure, simple and effective network access a reality. No matter where work takes you, iPass Open Mobile provides on-demand global connectivity to the corporate network through Mobile Broadband (3G), Wi-Fi, Ethernet, and dial-up around the world. Open Mobile administrators can centrally manage policies for access and security, allowing IT staff to enforce different actions based on specific events occurring on a user’s system and control how users connect. iPass Open Mobile can be customized to automatically launch and monitor other programs such as VPNs, personal firewalls, anti-virus applications, and Web browsers. This functionality ensures a secure and controlled session to address the critical requirements of today’s IT departments. As an administrator, you will use the Open Mobile Portal to configure your Open Mobile profiles, test, and then deploy clients to your user base. For more information on the Open Mobile Portal, see the Open Mobile Portal Guide. You can also use Open Mobile Portal to run reports on your user base, usage patterns, and client deployment. Topics ● Architecture ● Installation ● Profiles ● User Interface ● Connectivity ● Account Definitions ● Branding ● VPN Integration ● Usage Policies ● Endpoint Security ● Event Actions ● Quick Launch ● News and Messaging ● Windows Logon Processing ● Connect Before Logon ● Login Assist ● Run Once Packaging ● Custom Profile Attachments ● Connection Quality Test ● ODF Wizard ● Updating ● Support Open Mobile Help - http://help-dev.ipass.com/ Last update: 2013/02/05 22:21 wiki:ebook http://help-dev.ipass.com/doku.php?id=wiki:ebook Latest Release Documents ● Open Mobile 2.4.x for Windows Quick Start Guide ● Open Mobile 2.4.2 for Windows Release Notes ● List of Supported Mobile Broadband Devices Previous Release Documents Open Mobile for Windows Printable Admin Guide The Open Mobile for Windows Printable Admin Guide is not an interactive PDF.
    [Show full text]
  • Protecting Browsers from Extension Vulnerabilities
    Protecting Browsers from Extension Vulnerabilities Adam Barth, Adrienne Porter Felt, Prateek Saxena Aaron Boodman University of California, Berkeley Google, Inc. fabarth, afelt, [email protected] [email protected] Abstract browser’s full privileges. If an attacker can exploit an ex- tension vulnerability, the attacker can usurp the extension’s Browser extensions are remarkably popular, with one in broad privileges and install malware on the user’s machine. three Firefox users running at least one extension. Although At this year’s DEFCON, Liverani and Freeman presented well-intentioned, extension developers are often not security attacks against a number of popular Firefox extensions [24]. experts and write buggy code that can be exploited by ma- In one example, if the user dragged an image from a mali- licious web site operators. In the Firefox extension system, cious web page into the extension, the web site operator these exploits are dangerous because extensions run with could install a remote desktop server on the user’s machine the user’s full privileges and can read and write arbitrary and take control of the user’s mouse and keyboard. files and launch new processes. In this paper, we analyze These attacks raise the question of whether browser ex- 25 popular Firefox extensions and find that 88% of these tensions require such a high level of privilege. To investi- extensions need less than the full set of available privileges. gate this question, we examine 25 popular Firefox exten- Additionally, we find that 76% of these extensions use un- sions to determine how much privilege each one requires.
    [Show full text]