Avira - TechBlog » Updates

Avira switches to new update system

Dirk Knop — Thu, 19 Nov 2009 06:30:09 +0000

Due to the fast growing amount of malware out there in the wild our virus definition files grow fast as well. We monitored the situation with our Updates very closely. We realise that users of the free Avira AntiVir Personal had issues fetching the Updates in time recently and did come up with a few ideas how we could solve the problem and to better satisfy the needs of our users.

Two of the results are getting realized today: First, we switch from our current virus definition files (called iVDF) to a new format called nVDF. iVDF consists of 4 VDF files, while nVDF uses at least 32 files – we need to transfer less data for updating our virus definitions effectively in the future.

This means that we need to deliver about 25 MByte to every Avira installation starting today for switching to the new update system. This might lead to some delays for some users, especially for the users of our free version Avira AntiVir Personal. Just to get an idea about what we’re talking here: More than 100.000.000 Users are trying to get the update more or less on the same day. That is more than 2.5 Petabytes (or 2,500 Terabytes) of traffic.

To ease the bandwidth bottleneck, we decided to additionally use a Content Delivery Network (CDN). We were first testing a CDN built up by our current Internet service provider. Shortly after activating the CDN, the redirectors – which redirect the update requests to servers close to the users location – were overloaded and couldn’t answer the requests anymore. The situation was solved a little later on, but the CDN isn’t big enough yet to spread this huge update in time. So we decided to switch to a global player in the CDN market to deliver the update.

We hope that the data is transfered much faster this way so also the users of free Avira AntiVir Personal can enjoy their security solution without any problems: After this Update the situation will get much better for the users of Avira AntiVir Personal.

N.B.: Users of commercial Avira products like Avira AntiVir Premium, Avira Premium Security Suite or Avira AntiVir Professional don’t face any of these problems as they access our servers with reserved bandwidth.

Dirk Knop
Technical Editor

Safari fixes and SMB vulnerability (Update)

Dirk Knop — Fri, 13 Nov 2009 06:54:26 +0000

Apple just released their web browser Safari in version 4.0.4 – both for Mac OS X and for Windows. Previous versions have some serious security vulnerabilities which can lead to remote code execution, crashes or to information disclosure, for example. More details can be found in Apples security advisory.

Just after the November patchday this week new reports about an issue with Microsofts SMB implementation in Windows 7 and Windows Server 2008 popped up. Rob VandenBrink of the Internet Storm Center took the publicly available exploit code, fixed a line of code – et voilà, a machine with Windows 7 or Server 2008 connecting to this faked server instantly freezes. There are no reports yet about Microsoft investigating this issue.

Update: Microsoft has released a security advisory this weekend where the company explains that it investigates the reports and is preparing a patch.

Dirk Knop
Technical Editor

Microsoft fixes several critical flaws

Dirk Knop — Wed, 11 Nov 2009 06:20:25 +0000

The Redmond company released 6 security bulletins with according patch-sets for this November Black Tuesday. These patches close security holes mainly in Microsoft Office and in the Windows Kernel which allow for example for drive-by-downloads, privilege escalation and remote code injection and execution.

Affected are all Microsoft operating systems (including Server 2008 core installations) and nearly all Office versions – as well as the office viewers. Installing the updates fast is recommended as according to Microsofts threat matrix it is very likely that exploits for these vulnerabilities will appear very soon on the Internet.

Dirk Knop
Technical Editor

November Patchday: Apple starts first

Dirk Knop — Tue, 10 Nov 2009 06:54:02 +0000

Just a few hours before Microsoft will release Updates for its software, Apple released version 10.6.2 of Mac OS X and Security Update 2009-006, respectively. This Update fixes numerous of security issues within the Mac operating system.

You can download the Update from Apples web site or just use the updater of Mac OS X. As some of the vulnerabilities allow for remote code injection and execution, the Update is recommended.

The Apple platforms will soon be targeted with more energy by cyber criminals: Just recently hackers attacked for example Apples iPhones which are jailbreak’ed – they broke into the phone through the standard password for the SSH installation. So at least change the default passwords if you used jailbreak.

Dirk Knop
Technical Editor

Further critical Updates

Dirk Knop — Fri, 06 Nov 2009 06:48:32 +0000

Already last week Opera released version 10.01 of its Web Browser. It closes some security holes. At least one of them can lead to code injection (for example to infect the computer with a Trojan). Users are advised to install the new version fast.

Meanwhile, the Mozilla Foundation has updated Firefox to version 3.5.5. The developers only mention stability fixes, this release doesn’t seem to fix security issues. Anyhow it is a good idea to install the update.

There was another security Update for Sun Java. Version 6 Update 17 fixes a lot of security vulnerabilities. Those flaws may lead to remote code execution, thus updating immediately is recommended.

What else? Adobe has released Shockwave Player 11.5.1.602 which also closes security holes in the software which allow for remote malware injection. Users of the Shockwave Player (which is different from Adobe Flash Player) should also update their software immediately.

Today also Google released an update for its Chrome browser. It fixes 2 security problems which put users at risk.

Dirk Knop
Technical Editor

Microsoft plans 6 security bulletins

Dirk Knop — Fri, 06 Nov 2009 06:22:06 +0000

For the upcoming Patch Tuesday next week, Microsoft plans to release 6 security bulletins. 3 of them handle critical rated security issues, the other 3 are rated important.

Affected are Windows Operating Systems starting from Windows 2000 up to Windows Server 2008. The “important” fixes are for Microsoft Office (also for Mac) and the Office Viewers.

Prepare to install the patches as soon as possible as usually exploits for these security vulnerabilities are released very soon after Microsoft ships the patches.

Dirk Knop
Technical Editor

IE Update fixes flaws of MS09-054

Dirk Knop — Tue, 03 Nov 2009 06:25:16 +0000

Microsoft released another update for the Internet Explorer. It is supposed to fix some flaws that may occur after installing the cumulative update from the last Patchday, MS09-054. In a knowledgebase article Microsoft explains the issues that may arise:

- The offsetTop calculation for elements that are contained as children of scrolled elements may be reported incorrectly in Windows Internet Explorer 8

- You receive a VBScript “Type Mismatch” script error message in Internet Explorer after you install cumulative security update 974455

Fig. 1: The automatic windows update offers a new update for the Internet Explorer.

Though the Update is not critical, some users may experience the described problems with the last security update. Thus users should install the offered patch – which requires a reboot of the computer.

Dirk Knop
Technical Editor

Firefox 3.5.4 closes 11 security holes

Dirk Knop — Wed, 28 Oct 2009 06:43:18 +0000

The Mozilla Foundation just released Firefox 3.5.4 – the new version closes 11 security holes of which 6 are considered critical from the Mozilla developers. Those vulnerabilities can be abused by cybercriminals to inject malicious code like a Trojan into the computer. The release also fixes a few non-security related issues.

Some of the bugs also affect earlier versions of the Mozilla browsers and get fixed within Firefox 3.0.15 (though it is recommended to update to Firefox 3.5) and in SeaMonkey 2.0. Thunderbird doesn’t get mentioned in the security advisories.

As some of the vulnerabilities are quite serious security issues, users should update the software as soon as possible. The easiest way is to go to the “Help” menu and choose “Check for Updates”.

Dirk Knop
Technical Editor

Adobe fixes Reader and Acrobat

Dirk Knop — Wed, 14 Oct 2009 06:21:45 +0000

Not only Microsoft released a bunch of patches to close security holes in their products, but also Adobe now ships updated software to fix several vulnerabilities in Adobe Reader and Acrobat which already get attacked with specially prepared PDF documents to take over control of vulnerable computers – Avira AntiVir protects its users and detects the currently circulating exploit PDF as Exp/Pidief.xam.

Users of Adobe Reader and Acrobat with earlier versions than the new 9.2 are advised to install the updated software immediately to protect themselves from the attacks; Adobe rates the vulnerabilities as critical. New versions of Reader are available for Windows, Mac and Unix. Further links for updates for different Acrobat versions are listed in Adobes security advisory.

Dirk Knop
Technical Editor

Microsoft closes 34 Security Holes

Dirk Knop — Wed, 14 Oct 2009 05:26:18 +0000

Just as announced last Friday, Microsoft ships updates for plenty of products and closes 34 security holes. Many of them are rated critical which means that attackers can infiltrate vulnerable systems remotely.

The patches affect the Windows operating systems starting from Windows 2000 up to the brand new Windows 7. The vulnerable software is a lengthy list too: Internet Explorer, Media Player, Office from XP up to 2007, .Net runtimes, SQL server, Visual Studio 2003 up to 2008, Visual FoxPro, Report Viewer, the antivirus solution Forefront and Silverlight 2.

As the patches deal with critical security vulnerabilities which in some cases are already abused (like the FTP hole in IIS) it is advised to install them ASAP.

Dirk Knop
Technical Editor