I’m not sure how much customer data has been compromised or even how it was compromised (could have been an employee who manually stole some of the data) but it has been somehow compromised.

I have a relatively fail-proof and completely trackable email spam system. When I create an account online or give out my email address in some other manner, pretty much everybody I give the address to receives a unique email address. Prior to giving it out, I will create a brand new alias at my domain and have that email forwarded to my real account. So for example, if I create an account at Yahoo.com then I might create the address yahoo _at_ jaxidian.org and have it forwarded to my account.

One such account that I have created is with Donato’s to order pizza online. When I created this account, I gave them donatos _at_ jaxidian.org as my email address. Just today I began receiving spam at this email address. This means that somehow an email address that I have confidentially given to Donato’s has made its way into some spammer’s hands. This could have been an extremely isolated case where an employee stole just my address and gave it/sold it to a spammer. This could have been an attack on Donato’s systems where not just email addresses but perhaps also credit card information has been lost. I really have no clue. But alas, because Donato’s is the only company/person I have given this email address to EVER, this most likely means that Donato’s customer data has been compromised.

Perhaps I should stop paying with credit cards when I buy pizza?

-Shane

As you may or may not have noticed from my earlier posts, I’m not a huge fan of the Kaspersky Internet Security suite. I love their anti-virus but I will never install their firewall again until they completely rehaul that system (for reasons like this and this – specifically deleting rules to keep KIS from spamming me).

So here is what I’ve decided to go with for the time being…

Anti-Virus:
avast! Professional Family Pack
This package contains a WHS version of avast! and 10 Pro client licenses and updates for all 11 licenses for 3 years, all at a nice price of $150. My WHS is home-based and falls within the WHS version’s license and the other 10 Pro client licneses can be used on all of my computers, even my for-profit computers. Avast isn’t the #1 in detection rates (Kaspersky still beats Avast here) but it isn’t that far behind either. Also, if for some reason I need more licenses than this, I can begin to use the Free Home version of Avast on my personal copmuters at home and move my Pro licenses to any add’l for-profit boxes I might have. And lastly, having my WHS box be a single point to monitor and manage all AV installations would be quite nice!

Anti-Spyware:
The verdict is still out on this one but I THINK I’ll be using SuperAntiSpyware (SAS) for a majority of this. SAS has a free license but also has a better pay-for version that is very cheap and you can even get a lifetime license with it (a couple ways to do it but on average of $40 per 2 licenses for lifetime upgrades). I don’t have a whole lot of personal experience with it but have been doing some researching of various posts around the interweb and everybody seems to keep coming back to SAS for a lot of stuff. The name is definitely kind of a turn-off but I’m trying to get over that. The main points for me that I like are that it has a relatively small footprint, it has very high detection rates (unofficially determined by many different forums posts by people), it integrates into Windows Security Center (makes WHS happy), and it claims to play nicely with other anit-spyware applications (meaning I can have it run beside another application for better protection). I wish it was a bit cheaper but I’m not gonna complain much there – I’ll be able to get the 10 licenses I need for $200 for lifetime updates. Unfortunately, I cannot have WHS maintain all of these installations. Additionally, I do not believe there is a WHS version of this and I’m not going to test this on my WHS box to find out. I have yet to find anything for my WHS box for anti-spyware software.

Firewall:
Unfortunately, I have not yet determined what I want to use here. I guarantee you that Kaspersky is right out the window though! I THINK for now, all of my Vista boxes are going to happily continue using Windows Firewall. For my XP and 2003 boxes, I’d like to have something better than Windows Firewall, but I don’t know what I can use that are easily monitorable without requiring me to babysit them. Firewalls like Kaspersky’s with the constant nagging of allow/block is not an option because I am not going to babysit all of my boxes. And I think the main thing with Kaspersky’s firewall is that it’s more than just a firewall – it monitors executables that have changed and all other kinds of things which, don’t get me wrong, have value in some scenarios, but not when I have to personally administer 10 boxes that want to continually ask me about things every time there’s a windows update or even sometimes when an anti-virus app updates itself – NO WAY!

I’ll hit this topic again once I’ve decided on my final setup but in the mean time I’d appreciate any input on these things! Keep in mind that there are three important criteria for me:
#1. The product is one of the better quality products in detection rates or whatever
#2. The product integrates with WHS one way or another
#3. The product is very low-maintanance or is something that I can maintain universally from WHS

and a somewhat distant #4 is the cost – I’m happy to pay for the software but cheap/free is good too.

-Shane

This is a follow-up to this post.

I believe I have finally found a fix to the issue with KB944533 that breaks IE for some people running Kaspersky Internet Security (KIS).

The Problem:
So what I believe to be the scenario that triggers the problem is if you have KIS (perhaps limited to version 7 but this I do not know) installed but disable the firewall, you will run into the problems reported in this post. It is important to note the part about the firewall as that appears to be the problem.

An MS MVP said here:

Given other related threads here, I would not recommend attempting to disable the firewall in Kaspersky Internet Security in favor of using the Windows Firewall unless you can figure out how to completely disable the former. If you manage to do it, please let us know how.

I can now vouch for this – disabling KIS’s firewall causes problems!

The Fix:
The fix is simply to re-enable the firewall while you install the patch AND keep it enabled until at least the next time you run IE. When you do, KIS Firewall will open a prompt mentioning that the IE executable has been modified. Once you allow this, then voila – you’re done and you have this patch installed correctly and working. At this point you MIGHT be free to disable the KIS firewall again. Since installing the patch, I have yet to turn it off because I have been prompted 2-3 times with the dialog stating that the executable has been changed and I keep clicking on the allow option. I don’t plan to turn the firewall off again until after a few reboots of no prompts.

My Rant:
Bad Kaspersky! Obviously when I disable the firewall, it only disables parts of it. Bad! Bad! Bad! And I think it gets worse too, but I’ll wait a bit for that part.

What appears to me is going on here is that some portion of KIS is realizing that the executable has been modified. Because of this modification, I assume Kaspersky is intercepting DNS requests for whatever reason. Obviously the prompt to allow these sorts of DNS requests is isolated in the firewall, but also obvious is that the engine’s check for these DNS requests is NOT isolated to just the firewall. So this means that in order to allow these sorts of exceptions (i.e. make your system less secure in a sense), you must ENABLE the firewall! That makes absolutely no sense at all!

Now all of this has been a headache for me and many other people, but I think it gets worse. Reconsider everything that has gone on here and ignore the annoyance. Let me recap:

1. IE’s executable gets modified.
2. IE attempts to connect to the internet via domains and is blocked but when attempting by IP is not blocked
3. KIS Firewall does the blocking because it realizes the executable has been changed

Now reconsider #2 and #3 together – the firewall blocks internet access to protect you, right? Nope! It only kinda partly blocks internet access. If the program is connecting via IP address, then the firewally lets it do anything it wants! So if somebody finds an exploit in IE to modify the executable so it sends all of your personal data to the internet, Kaspersky firewall does NOTHING to block that data transmission if it is sending it to an IP address, it only blocks it if it needs to resolve a domain name.

My Conclusion:
Bad Kaspersky! Go to your room and fix it!