Pegasus spyware

Pegasus is spyware that can be installed on Apple and Android mobile systems. It’s difficult to detect, and difficult to remove. Pegasus is developed by NSO Group, who deny that the software is being used for anything nefarious, or that if it is, that use has nothing to do with NSO Group.

The methods used to install Pegasus on mobile devices have changed over the years. It can be installed directly, with physical access to the target device, which is presumably how it ends up on devices legitimately. Pegasus can also be installed more surreptitiously. Previously, that involved inviting the user to click a link in an email or SMS message. More recently, it’s being installed using app and O/S exploits that require no interaction from the user, including a very nasty exploit for WhatsApp.

Pegasus is not a virus. It does not spread on its own. Further, it’s important to distinguish between Pegasus and the methods used to install it. Pegasus does not typically arrive on a device at random. Devices are specifically targeted, and those targets are often used by journalists, suspected terrorists, and other people whose activities are tracked by government agencies and criminal organizations.

The main problem here is not Pegasus, but the way security vulnerabilities are discovered and — more importantly — how information about vulnerabilities is disseminated. Unfortunately, some organizations perform this research not for the public good, but for themselves and their partners, legitimate and otherwise. In an ideal world, when a vulnerability is discovered, the vendor is informed privately and then proceeds to develop and release a fix. In reality, vulnerabilities and exploits are often hoarded.

Advice to anyone who operates a mobile device and wants to reduce the likelihood of Pegasus or other unwanted software being installed without their knowledge: stay informed regarding security vulnerabilities in your device’s O/S and any apps you run. When you learn about a zero-click exploit, immediately install a fix if one is available, or uninstall the affected app. If it’s an unpatched O/S vulnerability, all you can do is hope that you’re not being targeted.

Related

What is a web browser, anyway?

For the uninitiated, computer jargon often seems unintelligible. The resulting confusion even allows technical support people to determine a customer’s level of understanding by observing the way they use (and mis-use) common terms.

The confusion is understandable. If someone uses their computer only for web browsing and email, and especially if their email client is web-based, the dividing lines between hardware and software, software and service, and local and remote data… tend to blur.

Mozilla, the folks who develop and maintain the web browser Firefox, recently published a useful guide that disentangles some important, common terminology: “What is the difference between the internet, browsers, search engines and websites?

Anyone who’s ever wondered how a web browser is different from “the Internet” should read the article. There’s a good chance it will clarify things for you.

Patch Tuesday for July 2021

It could be argued that Microsoft has done us all a favour in making Windows 10’s updates unavoidable. Certainly, as long as nothing goes wrong, it’s less work than futzing around with Windows Update on every computer. And forced updates mean that Windows computers used by less tech-savvy folks stay up to date with security fixes, which makes everyone safer.

It’s also true that increasingly, software and firmware updates for all our devices happen whether we want them or not. By default, mobile devices update themselves. Other electronic equipment, like smart televisions, digital video recorders, amplifiers, and even some network equipment are now doing the same.

But I just can’t shake the feeling of discomfort I get when I think about my computer being messed with at the whim of some Microsoft flunky. Perhaps some day I’ll be more comfortable with it. In the meantime, as long as Microsoft continues to screw up updates, sometimes breaking thousands of computers worldwide, I’ll continue to feel this way.

This month’s Microsoft updates

According to my analysis of the data available from Microsoft’s Security Update Guide, we’ve got updates for Edge, Office, Exchange Server, SharePoint, Visual Studio Code, Windows (7, 8.1, and 10), and Windows Server, addressing a whopping one hundred and thirty-three vulnerabilities in all.

As usual, Windows 10 updates will be installed automatically over the next few days, although you may — depending on your version of Windows 10 — be able to delay them for about a month. You can check for available updates and install them right away by heading to Start > Settings > Update & Security > Windows Update.

Windows 8.1 users also have the option of using automatic updates, but if that’s disabled, you’ll need to go to Start > PC Settings > Update & Recovery > Windows Update.

There seem to be one or two updates that are freely available for all Windows 7 computers, so it’s worth checking Windows Update. When Microsoft releases free updates for Windows 7, you know they’re important. Go to Start > Control Panel > Windows Update to check.

Adobe Updates

Adobe joins the fun again this month, with an updated version of the free and still ubiquitous Adobe Acrobat Reader. Version 2021.005.20058 of Reader includes fixes for thirteen security bugs.

Reader normally updates itself, but you can make sure, by navigating its menu to Help > Check for updates...

Firefox 90

Perhaps coincidentally, there’s also a new version of Firefox today. Firefox 90 addresses nine security vulnerabilities in earlier versions.

By default, Firefox will update itself, but you can encourage it by clicking its ‘hamburger’ menu at the top right, and navigating to Help > About Firefox.

Microsoft issues special fix for Windows print spooler vulnerability

On Tuesday, Microsoft once again broke with its normal update cycle, publishing a series of updates to address a bad security flaw in the Windows print spooler service.

The print spooler exists in all versions of Windows, including Windows 7, and the vulnerability is serious enough that Microsoft issued an update for that O/S, which is technically no longer supported.

The print spooler vulnerability, which is often referred to as PrintNightmare, is documented in CVE-2021-34527.

Although technically the vulnerability could be exploited on any Windows computer, an attacker would need direct or remote access to that computer, and be able to log in as a regular user. Although that scenario is somewhat unlikely for most home users, the risk increases for computers with Remote Desktop enabled, public or shared computers, and computers on business and educational networks that connect to domain controllers.

Because Microsoft now bundles updates together, it can be difficult to identify which downloads apply to any particular update. In almost all cases, the best approach is to check Windows Update.

On Windows 10, navigate to Settings > Update & Security > Windows Update. Check for updates. If you see the update KB5004945 pending, install it. If you don’t see that update, click the link to ‘View update history’ and make sure KB5004945 has been installed.

The process is the same for older versions of Windows, except that Windows Update is accessed via the Windows Control Panel. The update number will also vary, depending on the Windows version. On Windows 8.1, it’s KB5004954.

Update: Windows print spooler problems persist.

New version of Reader fixes two security bugs

Adobe logoAnother new version of Adobe Reader (aka Adobe Acrobat Reader DC) was released last week. Reader version 2021.005.20048 includes fixes for two security vulnerabilities, both of which were apparently discovered by independent security researchers.

Unless you’ve disabled the function, Reader will update itself shortly after a new version becomes available. I usually find that by the time I become aware of a new version, Reader has already updated itself on my main PC.

You can check Reader’s version by navigating its menu to Help > About Adobe Acrobat Reader DC. You can check for and install any pending updates by navigating its menu to Help > Check for Updates...

Patch Tuesday for June 2021

According to my count, which is based on the official Security Update Guide, Microsoft’s patch pile for June addresses forty-nine security vulnerabilities.

There are approximately thirty-two updates, affecting .NET, Office, Windows (7, 8.1, and 10), SharePoint, and Visual Studio.

Only people paying through the nose for them will get the Windows 7 updates; the rest of us are out of luck. Windows 8.1 updates can be installed via the Windows Update control panel. Windows 10 systems will receive the updates when Microsoft feels like rebooting your computer, usally at the most inopportune time.

Deceptive design patterns

There’s an informative post over on the Mozilla Explains blog, about deceptive design patterns. From the article:

Deceptive design patterns are tricks used by websites and apps to get you to do things you might not otherwise do, like buy things, sign up for services or switch your settings.

The post goes on to list some common examples. I’m sure you’ll recognize at least some of these.

Unfortunately, this kind of deception is not limited to the online world, and most of us don’t even raise an eyebrow when we encounter shady sales practices in the ‘real’ world. But the online world is already much more confusing for many people, so recognizing deception can be difficult.

It’s an interesting read, and it may help you to understand some of what you see online, and on your connected devices.

New versions of Acrobat and Reader

Adobe logoEarlier this week, timed to coincide with Microsoft Patch Tuesday, Adobe released new versions of its PDF authoring tool Acrobat, as well as its free PDF viewer, Reader.

The new versions address ten security vulnerabilities in earlier versions. The new version of Acrobat Reader (DC) is 2021.001.20155.

If you have Adobe Reader installed on any of your computers, you should check whether it’s up to date, and install the new version if it’s not. You can do that by running Reader, and navigating its menu to Help > About Adobe Acrobat Reader DC.

You can install the latest version of Reader by navigating its menu to Help > Check for Updates.

Patch Tuesday for May 2021

Still waiting for the vaccine? Trying to avoid going outside? Well, luckily for you, there are plenty of indoor tasks you can work on, like Netflix binge-watching, exercise, and installing software updates on your Windows computers.

For May 2021, Microsoft is handing us yet another pile of updates, addressing eighty-eight vulnerabilities (by my count) in .NET, Internet Explorer, Office, Edge, Exchange Server, SharePoint, Visual Studio, Skype, and Windows. My analysis is based on data exported from Microsoft’s Security Update Guide.

As usual, Windows 10 users can delay updates but not indefinitely. Windows 8.1 users who don’t have automatic updates enabled need to go to Windows Update to get the updates. Windows 7 users are mostly out of luck, but should check Windows Update anyway, because Microsoft sometimes makes critical update available for all users, not just business and educational users with deep pockets. If you’re still using Windows XP, there are no more updates, and I hope you know what you’re doing.

EdgeDeflector prevents Windows 10 from using Edge

The battle for web browser dominance on the Windows desktop continues, although Google is currently winning. “Google recommends using Chrome” messages seem to appear on every Google-managed web page even if you’re already using Chrome. But while annoying, those messages are arguably reasonable compared with some of Microsoft’s recent tactics.

Microsoft likes to reset certain settings back to their defaults when Windows updates are installed. They’ve been doing this for years, reverting user browser preference to Internet Explorer at every opportunity.

As a result, power users and software developers have been engaged in a tug of war with Microsoft over the default web browser in Windows. In recent years, Microsoft has made it impossible for the default browser to be changed by software, forcing browser makers to instead provide instructions to users on how to make that change. Microsoft can of course claim that this change was made to improve security, and given the prevalance of browser hijackers in past years, it’s difficult to disagree.

With Edge in Windows 10, Microsoft has taken this battle to new extremes. Even if you have another browser selected as the default, some sites and services will always be opened in Edge. To see this in action, click on the taskbar search box. A large panel will open, showing news and weather links. Anything you click here will open in Edge, not in your default browser.

That’s because internally, Windows is using a special protocol called URL:microsoft-edge, which forces the use of Edge for opening web pages that Microsoft has designated as special in some way, despite being ordinary web pages in every sense.

This is of course exactly the sort of behaviour that got Microsoft in trouble in the 1990s: using their dominance in the desktop O/S market to push their own web browser. But these days everyone’s attention seems to be on Google and Facebook, and Microsoft’s browser pushback is being largely ignored.

EdgeDeflector to the rescue

Daniel Aleksandersen’s EdgeDeflector is a small tool that overrides the URL:microsoft-edge protocol’s normal behaviour, forcing it to actually use the web browser you’ve chosen as the default. EdgeDeflector was recently updated to make it more palatable to anti-malware software, which previously flagged the tool as suspicious because of its behaviour.

You’ll have to change this Windows 10 setting manually to make EdgeDeflector work.

Once you install EdgeDeflector, you need to complete its setup with some manual steps. I can confirm that the end result is exactly as advertised: even when clicking news links from the Windows 10 search panel, those links will open in your default browser, not in Edge.

Of course, Microsoft will probably take steps to defeat this useful tool, with the most obvious step being to revert the changes EdgeDeflector has made when Windows 10 is next updated. And so there are no winners in this stupid, never-ending battle.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.