Computer security is hard and is getting harder. Costs are high and rising. It is not enough to have up-to-date antivirus software on the PC. Traditional anti-virus software is based on the fact that they are looking for well-known software “fingerprints”. Virus fingerprint database is maintained, and software is updated with new fingerprints constantly. This aim is to create a protective barrier that keeps the bad guys out. In recent years, a well-developed malicious software have been able to circumvent the protection effort. Maybe we need to change the protection philosophy. Anti-virus programs are all needed, but they are not enough. The computer security industry has made a mistake in focusing on the attacker used instruments that are easy to change. Some experts and companies now say it’s time to demote antivirus-style protection. “It’s still an integral part [of malware defense], but it’s not going to be the only thing,”
The Antivirus Era Is Over article points out that conventional security software is powerless against sophisticated attacks like Flame, but alternative approaches are only just getting started. “There’s nothing you can do” to keep determined and well-financed hackers out, said Rodney Joffe, senior technologist at Internet infrastructure company Neustar Inc and an advisor to the White House on cyber security. Consumer-grade antivirus you buy from the store does not work too well trying to detect stuff created by the nation-states with nation-state budgets. Pentagon Contractors Post Openings For Black-Hat Hackers article tells that “The arms race has started, and this proves it. It’s a clear sign of the demand to stockpile cyber weapons and expand the operations underway.”
Flame is just the latest in a series of incidents that suggest that conventional antivirus software is an outmoded way of protecting computers against malware. “Flame was a failure for the antivirus industry,” Mikko Hypponen, the founder and chief research officer of antivirus firm F-Secure, some weeks ago. “We really should have been able to do better. But we didn’t. We were out of our league, in our own game.”
Study: If your antivirus doesn’t sniff ‘new’ malware in 6 days, it never will article tells that mainstream antivirus software only has small window for detecting and blocking attacks. Carbon Black research suggests that antivirus firms are struggling to develop signatures for the hundreds of thousands of malware sample they receive every day. If signatures for a malware sample were not added within a few days after the sample first appeared, is probably never added. To overcome this problem, the experiment also showed that multiple antivirus products provided better security protection than just one. But in many cases it is not practical to run or economical to run many antivirus packages, at least on the same computer (usually different antivirus software do not play nicely together in one PC). I think in corporate environments it could maybe make sense to run one antivirus software on workstations and completely different one to scan the files on the main server.
Microsoft’s Windows RT signals shift to mobile computing, says Qualcomm article tells that Microsoft’s upcoming Windows RT operaing system signals a shift to mobile computing and marks the beginning of the end for the PC era. Qualcomm’s COO Steve Mollenkopf claims that in the future, all devices will run using mobile operating systems. In this vision our phone will be a remote for life, controlling everything we do. To adapt to this type of post-PC vision anti-virus companies try to push anti-virus software to smartphones. Symantec sees that bring-your-own-device (BYOD) revolution at the work place has driven up demand for mobile and tablet security.
Android represents a new market for antivirus companies as they are seen as targets “of the same security and privacy threats that plague laptops and desktops”. Verizon launches Mobile Security app for Android as antivirus companies target carriers that when consumers haven’t taken to antivirus software on mobile, companies like McAfee are striking deals directly with carriers: Verizon has introduced a McAfee-based Mobile Security app for its line of Android devices with monthly fee. F-secure also makes mobile anti-virus software and they have for long time co-operated with operators.
Maybe the co-operation with operators and trying to push to mobile devices is the way the antivirus software companies should be heading because the value people see on traditional antivirus software could be declining due those recent event that show the problems of traditional antivirus software and the competition from many free antivirus software choices. Many companies offer free versions of their popular antivirus programs for home users while offering versions with more advanced features as an upgrade option for professional and business users. Many computers also come with decent antivirus software bundled with the computer (some are preview that work for short time, but quite often the bundled antivirus license can works for 1-3 years). For example Symantec has been facing declining license sales, but increased subscriptions as customers prefer to pay for security software as a subscription.
Corporate level antivirus software is not cheap and make good money for anti virus software companies. Anti-virus software sucks up too much security cash claims study article tells that computer scientists at the University of Cambridge carried out the cybercrime study (Lead author Prof Ross Anderson). Tech boffins: Spend gov money on catching cyber crooks, not on AV article tells that Cambridge brains say that the UK government should be spending more on catching cybercriminals instead of splurging taxpayers’ money on antivirus software. Cure is the best form of prevention. “In fact, a small number of gangs lie behind many incidents and locking them up would be far more effective than telling the public to fit an anti-phishing toolbar or purchase antivirus software.” The report indicated that the UK was spending almost £640m annually on the problem and less than £10m of that sum was spent on cybercrime law enforcement.
Some Hacked Companies Fight Back With Controversial Steps. Known in the cyber security industry as “active defense” or “strike-back” technology, the reprisals range from modest steps to distract and delay a hacker to more controversial measures. Hacked companies fight back with controversial steps article tells that private sector does need to fight back more boldly against cyber espionage, but does not recommend that companies try to breach their opponent’s computers. There are already companies that will enable victims to fight back, within the bounds of the law, by also identifying the source of attacks. “Hacking back would be illegal, but there are measures you can take against people benefiting from your data that raise the business costs of the attackers”. Deception plays an enormous role. Also asking the government to raise a case with the World Trade Organization, or going public with what happened to shame perpetrators of industrial espionage are ways to go.
According to Prof Anderson it is mainly the US government – and the FBI in particular – that carry out the “heavy lifting” when it comes to pursuing cybercrime. “Cybercrime has created a swamp,” he added. “You need to drain the swamp by arresting people.” Prof Anderson also recommended improving consumer protection legislation for victims of credit card fraud. He said that the fear of fraud by businesses and consumers was leading some to avoid on-line transactions, imposing an indirect cost on the economy. Consumers in countries like the Netherlands, Finland and Ireland enjoyed much stronger protection than in UK. Consumer protection is clearly an important part of the cybersecurity puzzle.
54 Comments
Tomi Engdahl says:
Intel’s Demos McAfee Social Protection, A Condom For Your Digital Life
http://hothardware.com/News/Intels-Demos-McAfee-Social-Protection-A-Condom-For-Your-Digital-Life/
During the Day Two keynote address at the Intel Developer Forum, Renee James, Senior Vice President and General Manager of Intel’s Software & Services Group, talked about software development, security and services in an “age of transparent computing”.
During the security-centric portion of the keynote, however, Renee brought out a rep from Intel’s McAfee division to show off a beta release of the McAfee Social Protection app.
McAfee Social protection is a soon to be released app and browser plug-in for Facebook that gives users the ability to securely share their photos. As it stands today, if you upload a photo to Facebook, anyone viewing that photo can simply download it or take a screen capture and alter or share it to their wherever they want, however they want. With McAfee Social Protection installed though, users viewing your images will not be able to copy or capture them.
McAfee Social Protection demo rep claimed, “McAfee Social Protection – It’s like a condom for your digital life.”
Tomi Engdahl says:
Is this good or bad news for antivirus companies is hard to say:
Blackhole 2: Crimeware kit gets stealthier, Windows 8 support
Malware-flinging tool to target mobiles too
http://www.theregister.co.uk/2012/09/13/blackhole_exploit_kit_revamp/
Cybercrooks have unveiled a new version of the Blackhole exploit kit. Version 2 of Blackhole is expressly designed to better avoid security defences. Support for Windows 8 and mobile devices is another key feature, a sign of the changing target platforms for malware-based cyberscams
Rental prices run from $50 a day while leasing the software for a year costs around $1,500.
The Blackhole exploit kit has been around for about two years, during which time it has become the preferred tool for running drive-by download attacks.
The end result is that an unpatched Windows PC becomes infected with a banking Trojan, fake anti-virus or botnet agent after visiting a compromised website.
Tomi Engdahl says:
Freebie virus scan biz punts belt-and-braces security for suits
Two AV software products are better than one
http://www.theregister.co.uk/2012/09/17/malwarebytes_enterprise_launch/
Malwarebytes, the anti-virus firm best known for its freebie scanner software, branched out into the enterprise with the launch of corporate products on Monday.
Malwarebytes Enterprise Edition (MEE) is designed to catch malware that other anti-virus programs sometimes miss
The technology runs in batch mode and is designed to avoid conflicts with any regular anti-malware software already loaded on the same corporate desktop.
The tech is designed to work in tandem with other security kit rather than as a replacement to existing anti-virus software.
A two-scanner approach can yield benefits, according to Edwards, who has clocked up years of experience in testing the effectiveness of various anti-virus products.
Malwarebytes is offering a anti-virus scanner, rather than an on-access, real-time system. “As such, as long as you don’t run a scan using more than one scanner at a time, performance should not be too much of an issue,” says Edwards.
Malwarebytes boasts that 150 million consumers worldwid
Tomi Engdahl says:
Mikko’s Malware Odyssey
http://www.darkreading.com/threat-intelligence/167901121/security/vulnerabilities/240007556/mikko-s-malware-odyssey.html
Security guru Mikko Hypponen talks malware evolution, factory-automation vulnerabilities, Space Invaders, and jamming to Justin Bieber
Today, the 42-year-old Hypponen is chief research officer at F-Secure and considered one of the world’s foremost security gurus and visionaries. If anyone in this industry has experienced the evolution of malware firsthand, it’s Hypponen.
Tomi Engdahl says:
Ask Slashdot: Actual Best-in-Show For Free Anti Virus?
http://ask.slashdot.org/story/12/09/24/1839231/ask-slashdot-actual-best-in-show-for-free-anti-virus
Comments:
Windows: Microsoft Security Essentials, free if you have Microsoft Windows XP or higher, and it does work especially for the technical, not too adventerous link clicker. Gives you that extra layer of protection you seem to want for those ‘oh shit’ moments.
Not only is it a reasonably good anti-malware tool, its the least intrusive one I’ve ever used, both as far as annoying popups and abusing system resources. My first download on any new Windows install.
Yep.. I’m a big-ol M$ hater, and I can say that MSSE is a pretty decent product.. FIrst thing I put on everyone else’s computer after I fail to convince them to run Linux..
Well then you obviously don’t have any mid to large size archives on your disk. MSE chokes and uses tons of CPU ( a known issue, supposedly “has gotten better” , not that you would notice a whole lot… ) on rar / or zip files and sometimes cab files when it scans random files in the background and lands on the archive
That said it SEEMS to do a decent job
Combine that with FireFox + AdBlockPlus + NoScript + Ghostery + Certificate Patrol and some common sense, and you should be pretty well off.
MSE is good IF, and its a BIG IF, you are not going anywhere risky, as it doesn’t seem to do as well on drive bys as the others.
A better choice IMHO and one I’ve been giving to my customers for a couple of years now is Comodo Antivirus [comodo.com] as its butt simple, pretty much install and forget, is free, and is VERY good at stopping malware cold.
All in all out of the free AVs I’d rate it “best of show” because not only does it have sane defaults and great sandboxing
doesn’t pop up 40 ads a week trying to sell you crap like Avast has been doing lately
Avast. Used to use AVG, but Avast seems to work better.
AVG Free http://free.avg.com/us-en/homepage [avg.com]
or
Avira Free http://www.avira.com/en/avira-free-antivirus [avira.com]
Clam AntiVirus – http://www.clamav.net/ [clamav.net]
http://av-comparatives.org/ [av-comparatives.org]
This tests a lot of antivirus and shows you their detection rate, false-positive rate, etc.
I myself promote Avira Antivir, which is lightweight, does well on AV-Comparatives.org, and is gratis.
Of course, the best solution is to install Ubuntu; if you choose it, I can give you free support over email.
And remember: any Windows antivirus (even, to a lesser degree, Ubuntu) will only attenuate the problem. You are _not_ safe just because you have a good antivirus (or run Ubuntu). You _must_ take care: don’t go to rogue sites, don’t execute untrusted executables, don’t use pirated software, etc.
Tomi Engdahl says:
The only thing AV provides is a false sense of security. With AV, you’re waiting until AFTER an infection occurs and then HOPING the AV company you’ve chosen has A) seen the malware before, B) bothered to add a signature to their definitions list, and C) is actually capable of removing the virus.
Better ideas: Turning on AppLocker & running most of the time as an unprivileged user. Check out OSSEC for use as a File Integrity Monitor and Host-based Intrusion Detection System. Disable unnecessary services, remove unnecessary programs, use an ad-blocker, a “default deny all” firewall policy and get a 3rd party patch manager to keep all your non-MS bits up to date. Secunia PSI is a free patch manager/vuln scanner for home use – there are others.
For a detailed description of just how bad AV is at protecting systems, check out the following blog post at computer-forensics.sans.org:
http://computer-forensics.sans.org/blog/2012/04/09/is-anti-virus-really-dead-a-real-world-simulation-created-for-forensic-data-yields-surprising-results [sans.org]
Have you tried Common Sense 2012? I hear it works well in most sensible cases.
One of the primary causes of malware is drive-by intrusion via compromised or unmaintained ad servers. Instead of worrying about free antivirus (which by definition rarely catches real 0-day threats), I’d get an ad blocker, or a utility like the paid version of Malwarebytes which blocks malicious website IPs.
Block the IPs and what spits out the malware, don’t bother playing whack-a-mole against the latest polymorphic stuff.
Source: http://ask.slashdot.org/story/12/09/24/1839231/ask-slashdot-actual-best-in-show-for-free-anti-virus
Tomi Engdahl says:
Hackers break onto White House military network
Spear phish hits ‘unclassified’ presidential system
http://www.theregister.co.uk/2012/10/01/white_house_hack/
US officials familiar with the incident said unidentified hackers launched an attack early last month on the network used by the White House Military Office (WHMO), an military office in charge of sensitive communications, including systems to send and authenticate nuclear strike commands.
Rob Rachwald, director of security strategy at Imperva, said the attempted attack should nonetheless act as a wake up call.
“Yet again traditional security software has failed to keep the bad guys out. Enterprise needed to assume that they have been compromised which means we need to detect abnormal access to data and Intellectual Property. This is yet another example of why we need to rethink the current security model and implement a new one that puts cameras on sensitive information.”
Tomi Engdahl says:
Why Antivirus Companies Like Mine Failed to Catch Flame and Stuxnet
http://www.wired.com/threatlevel/2012/06/internet-security-fail/
Tomi Engdahl says:
FireEye: Silicon Valley’s Hottest Security Start-up
http://www.forbes.com/sites/petercohan/2012/05/24/fireeye-silicon-valleys-hottest-security-start-up/
You wouldn’t get too far trying to drive by looking in the rear view mirror. But since they compare incoming network traffic to a database of previously detected malware, that’s what most companies do when it comes to protecting their computer networks from organized cyber-criminals.
Security today is based on signature-based and pattern-matching technology that today’s sophisticated cyber-criminals can easily outsmart. The offense, the cyber-criminals, has essentially outpaced the defense, which is why there are so many high profile cyber-attacks.
FireEye has an ingenuous way of detecting and preventing attacks the likes of which have never happened before. Ashar Aziz, founder and CEO explained to me that FireEye developed a “portfolio of appliances” based on a so-called virtual execution environment.
There FireEye can safely detonate the Advanced Persistent Threats (APTs) that cyber-crooks cook up. As a result, malicious programs despoil these virtual environments so system administrators can block or quarantine them without endangering the corporate network.
Aziz claims that FireEye’s product pays for itself in less than 24 hours because it makes companies aware of attacks that their existing security products miss.
And in competition with other products, companies test the FireEye product by installing it behind their firewalls and other security products.
Aziz claims that FireEye wins these bake offs “over 99% of the time” since it find threats that all the other products miss. He points out that the median number of attacks it finds that have evaded all other traditional security is a “staggering 450 per week.”
FireEye has a compelling business model. It sells an appliance for between $15,000 and $120,000. And companies also buy a support and maintenance contract priced at between 18% and 20% of the cost of the appliance.
Catherine Hauser says:
Oh my God, this is seriously cool. Just think about the implications! I’m pretty sure it would cure the blind, but might as well stop the process of losing our sight! Thanks for sharing!
Tomi Engdahl says:
Human Rights Groups Report A Surge In Highly Targeted Malware For Macs
http://www.forbes.com/sites/andygreenberg/2012/10/08/human-rights-groups-report-a-surge-in-highly-targeted-malware-for-macs/
The security world has long cautioned Mac users that the lack of malware targeting their machines has been a function of cybercriminals’ focus on Windows’ larger market share, not of Apple’s brilliant security.
So when today’s espionage-focused hackers now set out to infect networks in highly targeted attacks, one human-rights group is warning that the illusion of security Mac users once enjoyed is a thing of the past.
At the SecTor conference in Toronto last week, security researcher Seth Hardy of the University of Toronto’s Citizen Lab research center warned that 2012 has seen a significant increase in new variants of targeted, Mac-focused malware reported to the group by the human rights organizations it seeks to aid.
many of the groups are in the Tibetan activist community. And given the difficult nature of tracing cyberattacks, Citizen Lab hasn’t tried to identify the groups behind the malware variants or whether they were used by government or private hackers, either.
Hardy believes that Mac-focused, targeted malware is just beginning to grow in volume and sophistication, and he suggests Apple users take the same precautions as other organizations, like teaching staffers to take a skeptical approach to attachments or external links in emails that might run a software exploit on their machine or route them to an infected web page, as well as running antivirus as a secondary layer of defense.
Tamara Wilmoth says:
I really like edmodo!!!! =)
Dung Gochanour says:
Chicago thugs at their Best! Need to put their A$$es in jail and hold the top aids and the Administration Accountable for their actions!
Tomi Engdahl says:
Finnish security software company F-Secure’s made better result than expectations for third-quarter. However, the company warns slowing growth and says to lay-off 50 employees.
F-Secure expects sales to slow down in the coming months and warns specifically for cloud services with sagging sales.
Source: http://www.tietoviikko.fi/kaikki_uutiset/fsecure+irtisanoo+50+henkiloa/a850831?s=r&wtm=tietoviikko/-26102012&
Tomi Engdahl says:
UPDATE 1-F-Secure profit gains on security software demand
http://mobile.reuters.com/article/idUSL5E8LP37G20121025?irpc=932
The company cautioned, however, that the economic slowdown could hurt growth in coming quarters.
“Due to the global financial uncertainty we are facing some slowness in decision making, especially in the Content Cloud business,” chief executive Christian Fredrikson said in a statement.
F-Secure – which competes with larger rivals Symantec and Intel’s McAfee – said it sees 2012 annual sales growth of 5-10 percent and operating profit margin, excluding one-offs, around 15 percent.
Overnight, Symantec reported results ahead of Wall Street expectations
Tomi Engdahl says:
F-Secure will start to offer companies a new product that helps keep the software up to date.
The company justifies the need for the product, the fact that more than 80 per cent of its laboratory detection of malicious programs take advantage of software vulnerabilities.
F-Secure’s new solution to check that the operating systems and other software-party applications are up to date. Software Updater to install missing updates if necessary.
Source: http://www.tietoviikko.fi/kaikki_uutiset/fsecure+alkaa+paivittaa+ohjelmistoja/a851780?s=r&wtm=tietoviikko/-30102012&
Tomi Engdahl says:
Assessing the Effectiveness of Antivirus Solutions
http://www.imperva.com/docs/HII_Assessing_the_Effectiveness_of_Antivirus_Solutions.pdf
In 2012, Imperva, with a group of students from The Technion – Israeli Institute of Technology, conducted a study of more than 80
malware samples to assess the effectiveness of antivirus software.
Based on our review, we believe:
1. The initial detection rate of a newly created virus is less than 5%. Although vendors try to update their detection
mechanisms, the initial detection rate of new viruses is nearly zero. We believe that the majority of antivirus products on the
market can’t keep up with the rate of virus propagation on the Internet.
2. For certain antivirus vendors, it may take up to four weeks to detect a new virus from the time of the initial scan.
3. The vendors with the best detection capabilities include those with free antivirus packages, Avast and Emisoft,
though they do have a high false positive rate.
To be clear, we don’t recommend eliminating antivirus.
Tomi says:
Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt
http://www.nytimes.com/2013/01/01/technology/antivirus-makers-work-on-software-to-catch-malware-more-effectively.html?pagewanted=all&_r=0
The antivirus industry has a dirty little secret: its products are often not very good at stopping viruses.
Consumers and businesses spend billions of dollars every year on antivirus software. But these programs rarely, if ever, block freshly minted computer viruses, experts say, because the virus creators move too quickly. That is prompting start-ups and other companies to get creative about new approaches to computer security.
On average, it took almost a month for antivirus products to update their detection mechanisms and spot the new viruses. And two of the products with the best detection rates — Avast and Emsisoft — are available free; users are encouraged to pay for additional features.
“Existing methodologies we’ve been protecting ourselves with have lost their efficacy,” said Ted Schlein, a security-focused investment partner at Kleiner Perkins Caufield & Byers. “This study is just another indicator of that. But the whole concept of detecting what is bad is a broken concept.”
Mikko H. Hypponen, chief researcher at F-Secure, called Flame “a spectacular failure” for the antivirus industry.
Symantec and McAfee, which built their businesses on antivirus products, have begun to acknowledge their limitations and to try new approaches.
“Nobody is saying antivirus is enough,”
“Technologies that once were only used by very sensitive industries like finance are moving into the mainstream,”
Companies have started working from the assumption that they will be hacked,
If and when antivirus makers are able to fortify desktop computers, chances are the criminals will have already moved on to smartphones.
Tomi Engdahl says:
Anti-virus products are rubbish, says Imperva
‘Spend not proportional to effectiveness’
http://www.theregister.co.uk/2013/01/01/anti_virus_is_rubbish/
deal of the day, group deal, coupons says:
Hi there, I discovered your site by the use of Google even as looking for a similar topic, your site got here up, it seems good. I have added to my favourites|added to my bookmarks.
Tony Andrews says:
Really good blog, thank you very much for your effort in writing the posts.
Tomi Engdahl says:
Hackers in China Attacked The Times for Last 4 Months
http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html?pagewanted=3&_r=1&
Based on a forensic analysis going back months, it appears the hackers broke into The Times computers on Sept. 13, when the reporting for the Wen articles was nearing completion.
Over the course of three months, attackers installed 45 pieces of custom malware. The Times — which uses antivirus products made by Symantec — found only one instance in which Symantec identified an attacker’s software as malicious and quarantined it, according to Mandiant.
Tomi Engdahl says:
Symantec Gets A Black Eye In Chinese Hack Of The New York Times
http://www.forbes.com/sites/andygreenberg/2013/01/31/symantec-gets-a-black-eye-in-chinese-hack-of-new-york-times/
Having your email hacked and malicious software spread on your servers for months may be embarrassing. But being outed as the antivirus vendor that failed to catch the vast majority of that malware is likely more humiliating still.
One fact, however, will be of particular concern to the world’s largest antivirus firm, Symantec: Out of the 45 different pieces of malware planted on the Times‘ systems over the course of three months, just one of those programs was spotted by the Symantec antivirus software the Times used, according to Mandiant, the data breach response firm hired by the Times. The other 44 were only found in Mandiant’s post-breach investigation months later, according to the Times‘ report.
Symantec, which sells the widely-used Norton Antivirus, declined to comment
It may come as little surprise that antivirus programs largely fail to detect the type of custom-built malware the Times‘ hackers used, as opposed to previously-seen strains of malicious software often re-deployed by less sophisticated cybercriminals. A study by the Times‘ breach response firm, Mandiant, in 2010 found that only 24% of the custom malware it found on its clients’ systems had been detected by antivirus.
Another analysis performed by the security firm Imperva along with the Technion Israeli Institute of Technology found that antivirus managed to detect only 5% of new threats, and that it took an average of four weeks for antivirus firms to identify a new piece of malicious code.
It’s not clear exactly what lesson companies can draw from the Times‘ penetration.
Tomi Engdahl says:
Microsoft just destroyed the antivirus software industry
http://www.theverge.com/2013/2/8/3966500/microsoft-just-destroyed-the-antivirus-software-industry
Today I came across an article from Neowin about another antivirus test which Microsoft’s Security Essentials failed, from a new, unknown lab after a continuous stream of similar claims from other tests. Meanwhile, MSE is the most used antivirus software in North America and second in the world as of March 2012, after less than 3 years of being released (Source).
I think this clearly shows that the big players of this scam industry are quite worried about people switching from their paid, bloated antivirus software to MSE, and that could explain these questionable tests, which are known to be unreliable and are sponsored by companies like Symantec.
Tomi Engdahl says:
Microsoft Security Essentials fails another antivirus test
http://www.neowin.net/news/microsoft-security-essentials-fails-another-antivirus-test
Microsoft Security Essentials has once again proven that it’s not adequate for protecting a user’s computer, after failing another antivirus test by scoring well below competitors’ products. Dennis Technology Labs evaluated eight major antivirus programs from October to December 2012, awarding each program both a total accuracy rating and a protection rating, and in their testing they found Microsoft Security Essentials to be significantly worse than the other seven products on the test bed.
It should be noted here that MSE was the only free anti-malware solution tested, but even so it goes to show how inadequate Microsoft’s product is against a proper paid anti-virus application. If you were going only by Dennis Technology Labs’ tests, you should replace MSE with either Norton Internet Security 2013, ESET Smart Security 5 or Kaspersky Internet Security 2013, which were the top three best performing programs.
Tomi Engdahl says:
Bit9 hacked after it forgot to install ITS OWN security product
Malware signed by stolen crypto certs then flung at big-cheese clients
http://www.theregister.co.uk/2013/02/11/bit9_hack/
IT security biz Bit9′s private digital certificates were copied by hackers and used to cryptographically sign malware to infect the company’s customers.
The software whitelisting firm’s certificates were swiped when its core systems were hacked last week. The intruders then signed malicious code and distributed it to the company’s corporate clients.
A number of Bit9′s customers were subsequently infected by the malware because the software was – thanks to the purloined certificates – regarded as safe by networks guarded by Bit9′s technology.
Bit9 said that its subsequent investigation discovered that three of its customers were affected by the illegitimately signed malware.
Bit9 admitted it had been hit by an advanced attack hours after posting a blog post titled “It’s the Same Old Song: Antivirus Can’t Stop Advanced Threats”.
“This incident is a classic example of why relying on one technology to protect your network can be so risky,” notes security consultant Brian Honan.
Honan says the attack aimed to exploit the confidence its client placed in Bit9 in much the same way that the attack against RSA Security was used in attempts to infiltrate the remote access systems of RSA SecurID two-factor authentication customers two years ago.
Tomi Engdahl says:
Cybercrime: Mobile Changes Everything — And No One’s Safe
http://www.wired.com/opinion/2012/10/from-spyware-to-mobile-malware/
We can’t think of a smartphone as just a computer that fits in one’s pocket, because then we assume that approaches for addressing traditional malware can simply be applied to mobile malware. This is a common misconception: Even major anti-virus companies suffer from it, as evidenced by their product offerings.
Because mobile phones aren’t just small computers when it comes to defending against malware: They’re small computers with small batteries, and important updates on them can take weeks. These seemingly minor differences are exactly what makes mobile malware more difficult to address than malware on computers.
The anti-virus system compares each piece of software on a device with the list of signatures to identify unwanted software.
Unfortunately, malware writers check if their code matches any such signatures by running popular anti-virus software, continually making modifications until their code is no longer detected, and only then releasing it.
Smartphones can’t monitor everything going on as computers can, because that requires a lot of computational resources … which devours battery life.
Tomi Engdahl says:
When It Comes to Security, We’re Back to Feudalism
Bruce Schneier
http://www.wired.com/opinion/2012/11/feudal-security/
Some of us have pledged our allegiance to Google: We have Gmail accounts, we use Google Calendar and Google Docs, and we have Android phones. Others have pledged allegiance to Apple: We have Macintosh laptops, iPhones, and iPads; and we let iCloud automatically synchronize and back up everything. Still others of us let Microsoft do it all. Or we buy our music and e-books from Amazon, which keeps records of what we own and allows downloading to a Kindle, computer, or phone. Some of us have pretty much abandoned e-mail altogether … for Facebook.
These vendors are becoming our feudal lords, and we are becoming their vassals. We might refuse to pledge allegiance to all of them – or to a particular one we don’t like. Or we can spread our allegiance around. But either way, it’s becoming increasingly difficult to not pledge allegiance to at least one of them.
Traditional computer security centered around users. Users had to purchase and install anti-virus software and firewalls, ensure their operating system and network were configured properly, update their software, and generally manage their own security.
This model is breaking, largely due to two developments:
New Internet-enabled devices where the vendor maintains more control over the hardware and software than we do – like the iPhone and Kindle; and
Services where the host maintains our data for us – like Flickr and Hotmail.
Now, we users must trust the security of these hardware manufacturers, software vendors, and cloud providers.
We choose to do it because of the convenience, redundancy, automation, and shareability. We like it when we can access our e-mail anywhere, from any computer. We like it when we can restore our contact lists after we’ve lost our phones.
In this new world of computing, we give up a certain amount of control, and in exchange we trust that our lords will both treat us well and protect us from harm. Not only will our software be continually updated with the newest and coolest functionality, but we trust it will happen without our being overtaxed by fees and required upgrades. We trust that our data and devices won’t be exposed to hackers, criminals, and malware. We trust that governments won’t be allowed to illegally spy on us.
Trust is our only option. In this system, we have no control over the security provided by our feudal lords. We don’t know what sort of security methods they’re using, or how they’re configured. We mostly can’t install our own security products on iPhones or Android phones; we certainly can’t install them on Facebook, Gmail, or Twitter.
Tomi Engdahl says:
Flooding market with cheap antivirus kit isn’t going to help ANYONE
Not the reseller, not the vendor and especially not the user
http://www.channelregister.co.uk/2013/03/18/tim_ayling_on_commodity_av/
There has been a lot of talk in information security circles over the past few weeks about the revelations of advanced persistent cyber attacks on several big name US newspapers including the Wall Street Journal and The New York Times.
The truth is that these kinds of attacks are becoming an increasingly common sight on the global stage. The worry for organisations is that they’re no longer being launched by nation states alone. Once a victim has been chosen and the trap set, it can be extremely difficult to protect against that initial network infection – which often comes in the form of a zero day threat – and most firms’ security systems are simply not advanced enough to spot the silent cyber insurgent lifting data from right under their noses.
The New York Times claimed that software from its security provider Symantec detected only one out of 45 pieces of malware used by its attackers. This in turn provoked a robust response from the vendor, which maintained that customers relying on basic, signature-based antivirus products cannot possibly hope to defend themselves against this kind of advanced threat.
Signature AV has been the bread-and-butter of the security industry for years and will still protect against 99 per cent of threats. The problem is that the one per cent that cause an organisation real damage, like the targeted attacks above, are not covered.
the reseller race to the bottom has spawned a market flooded with cheap AV kit. The fact is that resellers are missing a trick here by failing to offer those tools which are designed to defend against targeted threats.
Basic AV and advanced protection against targeted threats have become polarised during the wide-ranging debate on where the threat landscape is headed, but they need to come under the same roof to provide truly effective protection.
com.pl says:
This is i would say the main reason behind the growth having to do with these custom Longer shirts rapidly.
You can be the exact designer of you are own t-shirt.
Tomi Engdahl says:
Popular Android Anti-Virus Software Fooled By Trivial Techniques
http://it.slashdot.org/story/13/05/07/0226229/popular-android-anti-virus-software-fooled-by-trivial-techniques
“A group of researchers from Northwestern University and North Carolina State University tested ten of the most popular AV products on Android, and discovered that they were easily fooled by common obfuscation techniques.”
“Known malware samples were transformed to generate new variants that contain the exact malicious functions as before. These new variants were then passed to the AV products, and much to the surprise of the paper’s authors, they were rarely flagged — if at all. According to the research, 43% of the signatures used by the AV products are based on file names, checksums or information obtained by the PackageManager API. This means that, as mentioned, common transformations will render their protection useless for the most part. “
Tomi Engdahl says:
McAfee all-in-one security suite covers PCs, tablets, and smartphones
Put your passport and ID docs in the cloud
http://www.theregister.co.uk/2013/05/15/mcafee_livesafe/
McAfee has launched an all-in-one cross-platform security suite for consumers that incorporates online storage through biometric authentication as well as a host of other security technologies. Equally importantly, the Intel security division is trying to shake up the way security software is sold to consumers.
The McAfee LiveSafe service features a cloud-based “safety deposit box” – Personal Locker – that allows online users to store their most sensitive documents, including financial records and copies of IDs and passports, providing they fit into the 1GB allocated storage space. Users would access their documents through biometric authentication – using voice, face, and device recognition technologies.
This is delivered through Intel Identity Protection Technology, a tamper-resistant hardware authentication mechanism, built into the latest Intel processors.
The cross-device service offers protection for a user’s PCs, Macs, smartphones, and tablets against the latest malware and spam, along with a host of other security technologies, including McAfee Anti-Theft. This aspect of the technology gives consumer the means to remotely lock, disable or wipe a device as well as an ability to recover some data if a device gets either lost or stolen.
The LiveSafe service will be offered from July 2013 at a special introductory price of £19.99 with the purchase of selected new PCs or tablets. LiveSafe will come preinstalled on Ultrabook devices
Despite the new offer, McAfee has no plans to discontinue its traditional consumer and home-office security-suite and anti-virus product lines
Tomi Engdahl says:
Malware-splosion: 2013 Will be Malware’s Biggest Year Ever
http://securitywatch.pcmag.com/security/311804-malware-splosion-2013-will-be-malware-s-biggest-year-ever
According to the German security company AV-Test, malware has exploded in the past five years to unprecedented levels. More troublingly, they anticipate seeing over 60 million new pieces of malicious software by the end of the year.
Andreas Marx, CEO of AV-Test, told SecurityWatch that his company has been compiling malware samples since 1984. Their database had humble beginnings: just 12 samples of malicious software. By 2003 there were over a million and nearly ten million by 2008. But by the beginning of this year, the number had jumped to 104,437,337 unique samples.
“The AV-TEST database used to record current malware is now working flat out,” said Marx. He went on to say that the system has already recorded, “over 20 million samples of new malware between January and the beginning of May.”
To put those numbers in context, AV-Test didn’t reach 20 million new samples until August of last year. In 2011 and 2010, the company collected less than 20 million samples.
AV-Test says they expect to see five million new malware samples each month—about double the rate from last year. This works out to about 60 million new malware samples by year’s end.
Where’s It Coming From?
“Malware is getting ‘personal,’” Marx explained to SecurityWatch. “Instead of sending 100,000 users the identical malware sample, a malware writer generates 10,000 unique samples for 10 users each or even 100,000 completely unique samples.” By doing so, malware creators hope to sidestep security software by making the new malware just different enough to pass by unnoticed.
“In the majority of cases, the malware writers are using the same executable and then, it will automatically be encrypted, packed and scrambled in different ways,” said Marx.
Tomi says:
Scanner Identifies Malware Strains, Could Be Future of AV
http://it.slashdot.org/story/13/05/24/2242256/scanner-identifies-malware-strains-could-be-future-of-av
“When it comes to spotting malware, signature-based detection, heuristics and cloud-based recognition and information sharing used by many antivirus solutions today work well up a certain point, but the polymorphic malware still gives them a run for their money. At the annual AusCert conference held this week in Australia a doctorate candidate from Deakin University in Melbourne has presented the result of his research and work that just might be the solution to this problem.”
Scanner identifies malware strains, could be future of AV
http://www.net-security.org/malware_news.php?id=2505
When it comes to spotting malware, signature-based detection, heuristics and cloud-based recognition and information sharing used by many antivirus solutions today work well up a certain point, but the polymorphic malware still gives them a run for their money.
Security researcher Silvio Cesare had noticed that malware code consists of small “structures” that remain the same even after moderate changes to its code.
“Using structures, you can detect approximate matches of malware, and it’s possible to pick an entire family of malware pretty easily with just one structure,” he shared with CSO Australia.
So he created Simseer, a free online service that performs automated analysis on submitted malware samples and tells and shows you just how similar they are to other submitted specimens. It scores the similarity between malware (any kind of software, really), and it charts the results and visualizes program relationships as an evolutionary tree.
If a sample has less then 98 percent similarity with an existing malware strain, the sample gets catalogued as a completely new strain.
Tomi Engdahl says:
Symantec retires low-end security software
PC Tools’ security wares won’t make it into post-PC era, but PC-tuners safe
http://www.theregister.co.uk/2013/05/28/symantec_retires_lowend_security_software/
Symantec has quietly retired its PC Tools range of security products.
Acquired in 2008, PC Tools offered consumer-and-micro-business-grade anti-virus and network security tools dubbed “Spyware Doctor”, “Internet Security” and “Spyware Doctor with Antivirus”. Buying the Australian company that created the products gave Symantec a low-end brand to make its main Norton mark look posh.
A “special offer” will herd encourage PC Tools users to adopt a Norton product.
PC Tools’ “Registry Mechanic” and “Performance Toolkit” products live on
Nowy-Technik.pl says:
From time to time a cell or probably a solar
panel can easily fail, and they’ll need to be changed. The alternative is to purchase small independent solar panel of 60 t.
gong targets says:
Hey very nice blog!! Guy .. Excellent .. Wonderful .. I’ll bookmark your web site and take the feeds also? I’m glad to find so many helpful info here
within the post, we need develop extra strategies
in this regard, thanks for sharing. . . . . .
Rosana Swancutt says:
It seems too complicated and very broad for me. I’m looking forward for your next post, I’ll try to get the hang of it!
Love Goins says:
I found the same file on keygenpen except unlike this one it didn’t have a fucking trojan.
midsummer says:
It’s enormous that you are getting ideas from this paragraph as well as from our dialogue made here.
Tomi Engdahl says:
Research detects dangerous malware hiding in peripherals
DAGGER malware targets direct memory access
http://www.scmagazine.com.au/News/358265,research-detects-dangerous-malware-hiding-in-peripherals.aspx
A Berlin researcher has demonstrated the capability to detect previously undetectable stealthy malware that resides in graphics and network cards.
Patrick Stewin’s proof of concept demonstrated that a detector could be built to find the sophisticated malware that ran on dedicated devices and attacked direct memory access (DMA).
The attacks launched by the malware dubbed DAGGER targeted host runtime memory using DMA provided to hardware devices. These attacks were not within scope of antimalware systems and therefore not detected.
DAGGER, also developed by Stewin and Iurii Bystrov of the FGSect Technical University of Berlin research group, attacked 32bit and 64bit Windows and Linux systems and could bypass memory address randomisation.
“DMA malware is stealthy to a point where the host cannot detect its presence,” Stewin said.
“DMA-based attacks launched from peripherals are capable of compromising the host without exploiting vulnerabilities present in the operating system running on the host.”
“Therefore they present a highly critical threat to system security and integrity. Unfortunately,to date no OS (operating system) implements security mechanisms that can detect DMA-based attacks. Furthermore, attacks against memory management units have been demonstrated in the past and therefore cannot be considered trustworthy.”
Tomi Engdahl says:
Study: Only these anti-virus software to prevent all infections
Only three anti-virus program to block all virus infections, shows a new survey .
Software to test the AV-Comparatives website report the full 100 per cent protection offered only by Kaspersky, Panda and Trend Micro software. F-Secure ranked seventh in 99.4 per cent of earnings.
The result was particularly because of user self-made errors (stupid configuration)
The study compared 21 were anti-virus software, as well as with each other and in relation to Windows 7 for your own protection factory settings.
Kingsoft fared worst, with software fared even worse than Windows’ own virus protection – the user was, therefore, more secure, without extra software.
Sources:
http://chart.av-comparatives.org/chart1.php?chart=chart2&year=2013&month=10&sort=0&zoom=2
http://www.tietoviikko.fi/kaikki_uutiset/selvitys+vain+nama+virustorjuntaohjelmat+estavat+kaikki+tartunnat/a948068
Tomi Engdahl says:
Firewall-floggers in FLAMING MESS: Where’d our mystery margin go?
Endpoints: The world has moved on… and become a lot more complex
http://www.channelregister.co.uk/2013/12/02/mesguich_complex_security/
If you work in the fields of technology distribution, services and resale, you’ll surely hear about cloud, mobile, social and virtual more than anything else. However, it is the changing patterns in security spending that are perhaps most dramatically re-shaping our businesses.
Gone are the good old days of pushing traditional endpoint security licences for homogenous Wintel environments – resellers and distributors now need to adapt to a vastly more complex demand from customers if they’re to survive and thrive.
For distributors especially, the stats aren’t looking particularly good at the moment. Taken as a whole, the enterprise distribution market across Europe declined by 3.5 per cent in the third quarter from Q3 2012.
Security in particular was badly hit, showing a decline of 18.1 per cent. If we look more closely at this segment, we can see why. Firstly, PC spend is down while mobile device shipments are up. On these new smartphones, tablets and convertibles, users often don’t consider endpoint security – their main assumption being that data is mainly stored in the cloud anyway with little saved to the actual device. Even those who buy security do so through mobile apps or mobile device management solutions.
Security vendors realised this shift some time ago and have been refocusing their portfolios accordingly
It’s no surprise then that according to CONTEXT data, total revenue in the UK endpoint security market fell 34 per cent in Q3 year-on-year, while the number of licences dropped 41 per cent. Yet when we look at just endpoint mobile security, revenue went up 237 per cent over the same period. Kaspersky has been one of the most successful vendors in the UK in anticipating these changing buyer patterns.
Distributors are seeing their traditional endpoint security channel shrinking due to these factors but also because more retail customers are buying directly from vendors online.
As for the resellers, they too have to arm themselves with skills in this new era in security. They need to offer their customers hosted services and cloud apps with the security piece built in to the deal. This isn’t easy, with the multiplicity of operating systems, device types and form factors, and data access requirements of modern computing environments – not to mention the growing volume and sophistication of threats.
It’s no easy task and finding the right talent in the industry to support this changing business model could be tricky.
Steven says:
Great web site you have got here.. It’s difficult to
find excellent writing like yours nowadays.
I seriously appreciate individuals like you! Take care!!
http://www.artschoolvets.com/ says:
I think what you published was actually very logical.
But, think about this, what if you composed a catchier
title? I mean, I don’t want to tell you how to run your
website, but what if you added a title to possibly grab a person’s
attention? I mean The traditional antivirus era is over?
eset smart security says:
Thanks for your personal marvelous posting! I seriously enjoyed reading it, you happen to be a great
author.I will be sure to bookmark your blog
and may come back later on. I want to encourage you to continue
your great writing, have a nice weekend!
Tomi Engdahl says:
Symantec: Antivirus is ‘DEAD’ – no longer ‘a moneymaker’
Oh, and it’s still 40 per cent of our business
http://www.theregister.co.uk/2014/05/06/symantec_antivirus_is_dead_and_not_a_moneymaker/
Symantec, a company that has made huge amounts of cash as the largest antivirus software vendor for the last quarter of a century, looks to be getting out of that business and into fixing hacking problems rather than stopping them.
“We don’t think of antivirus as a moneymaker in any way,” Brian Dye, Symantec’s senior vice president for information security, told The Wall Street Journal, adding that antivirus was “dead.”
Dye did take the time to say that the security suite for individual devices is still worth buying, as it blocks spam, manages passwords, and spots dodgy links in third-party websites.
But given that endpoint software accounts for around 40 per cent of Symantec’s revenues, it’s still a worrying admission.
Tomi Engdahl says:
Symantec Develops New Attack on Cyberhacking
Declaring Antivirus Software Dead, Firm Turns to Minimizing Damage From Breaches
http://online.wsj.com/news/article_email/SB10001424052702303417104579542140235850578-lMyQjAxMTA0MDAwNTEwNDUyWj
Symantec Corp. SYMC -1.33% invented commercial antivirus software to protect computers from hackers a quarter-century ago. Now the company says such tactics are doomed to failure.
Antivirus “is dead,” says Brian Dye, Symantec’s senior vice president for information security. “We don’t think of antivirus as a moneymaker in any way.”
Antivirus products aim to prevent hackers from getting into a computer. But hackers often get in anyway these days. So Mr. Dye is leading a reinvention effort at Symantec that reflects a broader shift in the $70 billion a year cybersecurity industry.
Rather than fighting to keep the bad guys out, new technologies from an array of companies assume hackers get in so aim to spot them and minimize the damage.
Symantec seeks to join the fray this week. It is creating its own response team to help hacked businesses.
Symantec pioneered computer security with its antivirus software in the late 1980s.
But hackers increasingly use novel bugs. Mr. Dye estimates antivirus now catches just 45% of cyberattacks.
Tomi Engdahl says:
Symantec And Security Starlets Say Anti-Virus Is Dead
Is anti-virus finally dying? Sort of, say Symantec and its rivals
http://www.techweekeurope.co.uk/news/anti-virus-dead-or-dying-symantec-144954
“The overall detection by anti-virus software in January was disappointing — only 70.62 percent. For February it is even worse — only 64.77 percent was detected. And in March the average detection was 73.56 percent. That might not sound too bad but it means that 29 percent, 35 percent and 26 percent was not detected,” the company’s report read.
“Protecting your data from Internet-based threats is not an easy task – and relying on protection from anti-virus companies, no matter how established their brand, is simply not enough. Comprehensive protection requires an entirely new approach.”
“To be clear, single-iteration malware will continue to persist, and a minor need for AV will remain to provide a layer of reactive protection against these unsophisticated, benign threats. But with high-profile breaches occurring frequently, being driven by fast-moving, advanced threats, it is clear that next generation technologies and approaches are needed,” FireEye’s Zheng Bu and Rob Rachwald said in a blog post.
“Today’s AV model makes everyone a sacrificial lamb.”
Tomi Engdahl says:
Security company : Virus detection systems are not in vain – ” Also aspirin does the trick for a hangover ”
Security company Symantec announced earlier in the week studying the virus to be in vain, and that the focus should be on minimizing the damage caused by the attacks. Symantec Brian Dye justified its position that the virus scanner detects now only about 45 per cent of the attacks .
The competitor Bitdefender does not claim to swallow . “It’s almost like saying that aspirin is dead, because it can not cure cancer, AIDS , or indeed all diseases of mankind ,”
“Asperin does the trick still a slight hangover or the flu, and people still like the product to the medicine cabinet . ”
Virus Radar should rather seen as part of a broader security solution as the only weapon.
Source: http://www.tietoviikko.fi/kaikki_uutiset/tietoturvayhtio+virustutkat+eivat+ole+turhia++quotaspiriinikin+tepsii+krapulaanquot/a986850