Antivirus Security | Anti virus Software Review | Antivirus Products 2010 - Reviewcity » Blog

US lifts lid on top secret plan for internet security

thereviewcity — Mon, 08 Mar 2010 07:59:45 +0000

The White House has declassified parts of a top secret plan outlining how government will protect the nation’s computer networks from cyber warfare.

The announcement by cybersecurity tsar Howard Schmidt was made at the world’s biggest security event.

The move is aimed at encouraging greater co-operation between academia, government and the private sector.

“We have to fully recognise the importance cybersecurity has in our lives,” Mr Schmidt said.

“We must continue to seek out innovative new partnerships – not only within government, but also among industry, government and the American public,” he told delegates at the event, hosted by the security company RSA in San Francisco.

It was his first major speech to industry peers since being appointed to the job in December 2009.

The Comprehensive National Cybersecurity Initiative (CNCI) was introduced in 2008 by then-President George W Bush.

Going public

There are 12 parts to the CNCI, including cyber counterintelligence and deterrence strategies.

For the first time the government has published a general description of what they are on its website.

The aim of the programme is threefold:

To establish a front line of defence against today’s immediate threats
To defend against the full spectrum of threats
To strengthen the future cybersecurity environment

The CNCI funds a number of sensitive projects including the government’s Einstein technology, which focuses on securing the vast computer network that operates under the dot.gov domain, as well as detecting attempts to access those systems.

sign who’s your hacker
The president has likened threats to the internet to that of a nuclear attack

The document acknowledges that traditional security approaches have fallen short, but says the federal government is moving forward in outlining “grand challenges” for the research community to help solve.

Mr Schmidt said the declassification would show that the government has a workable strategy for protecting the nation’s computer systems in the event of a cyber attack.

Parts of the initiative that deal with the nation’s offensive plans for cyberwarfare have not been made public.

‘Common sense’

Reaction to the announcement ranged from caution to praise.

One supporter is Michael Markulec, chief operating officer for Lumeta, a company that provides large organisations and government agencies with secure network solutions.

“This move brings more people to the table – organisations like mine that play in the cybersecurity space, experts here at the RSA who are currently not involved in discussions because they have been at a classified level inside the government.

“So this allows more people to play and given that 85% of the critical infrastructure is not in government hands, it certainly makes sense to include the rest of the expertise,” Mr Markulec told BBC News.

Hilton Collins of Government Technology Magazine agrees.

“The private sector has so much knowledge, power and money that for them to help the government innovate more technology security solutions is the right way to go.”

The Electronic Privacy Information Centre (Epic), which had demanded the full text of the CNCI, said it was pleased about the declassification.

However the group said it still wanted to see the full document and what privacy safeguards are in place when assessing cyber threats.

Read -Best Antivirus Reviews

By Maggie Shiels
Technology reporter, BBC News, San Francisco

Adobe hit by major download security flaw

thereviewcity — Mon, 22 Feb 2010 17:56:28 +0000

Software giant Adobe – the maker of Flash and Reader software that this week celebrated the 20th anniversary of Photoshop – has been hit by a major security vulnerability that is misrouting Mac updates to Windows updates.

Hot on the heels of controversy over known vulnerabilities in Adobe Reader 9.3.0, according to reports the Adobe Download Manager is flawed with a bug that allegedly allows hackers to remotely install malicious files on user’s PCs.

It has been suggested that the Download Manager is an ActiveX script that is widely used to install a variety of software and patches across Adobe’s network.

An Israeli security researcher Aviv Raff has identified the flaw which allows a third party application to be installed on the remote machine if users click on a link.

In his blog Raff says that despite informing Adobe the company downplayed the risk.

“While it is true that the Adobe Download Manager is removed upon computer restart, the user, who has just updated their Adobe product (usually without the requirement to restart the computer after the update), is still exposed to forced automatic installation until they restart their computer.

“This specific design flaw does indeed force installation of the latest version of Adobe products. But, what if there is a zero-day flaw in an Adobe product, and you have decided to remove it from your system because of that zero-day?

“An attacker can force you to automatically download and install the vulnerable Adobe product, and then exploit the zero-day vulnerability in that product.”

A recent report from Scansafe found that based on more than a trillion web requests processed in 2009, the use of malicious PDF files exploiting flaws in Adobe Reader/Adobe Acrobat not only outpaced the use of Flash exploits, but also, grew to 80pc of all exploits the company encountered throughout the year.

“This is the kind of scenario that’s common when skilled, motivated attackers are going after select targets.

And yes, you do get a big dialog box when you are forced to download the software. Like this will really matter to the attacker, when all he wants is to get his malicious software on your machine,” Raff said.

By John Kennedy

New Zbot Sample Thanks Antivirus Firms

thereviewcity — Sat, 20 Feb 2010 07:35:30 +0000

Trend Micro security researchers spotted a new variant of the banking Trojan Zeus/Zbot which they named TROJ_ZBOT.BTM. The variant arrives through an e-mail whose senders sarcastically thank some antivirus firms because they seemingly helped the malware creators (e-mail senders) to improve their malicious software. The e-mail expresses particular gratitude to Avira and Kaspersky Lab.

Trend Micro states that the e-mail is exposed with the unpacking of a binary file which replicates and copies itself in the infected computer memory. The sarcastic message suggests that cyber criminals can watch the antivirus companies making malware detections so that they continuously modify their software against possible detection.

Explaining how the Trojan works, the researchers state that it comes like a file obtained from a remote website. After making a copy, the malware drops itself into the Windows system directory and adds certain garbage code that makes it elusive to detection. Subsequently, the Trojan tries to obtain a configuration file from a website to place an updated replica of itself along with the destination for transmitting stolen data. The configuration file further displays various bank-related websites from where information would be stolen.

Moreover, TROJ_ZBOT.BTM tries to capture usernames and passwords – the credentials needed for logging into users’ online banking sites.

The variant then stores and transmits the stolen credentials through HTTP POST to the ZBot controllers’ chosen website. It also opens a particular website and downloads a configuration file that names the place where the Trojan’s latest copy will be placed, along with the destination for sending the captured details.

A lot has been reported about Zbot during the 2nd week of February 2010. A pair of fresh Trojans vying the well-known malware has been detected. One of this is distributed through the Zeus/Zbot botnet, while the other can remove Zeus from a contaminated machine to establish itself as the only malware on that system.

Besides, Websense warned that a surge of Zeus attacks were currently targeting military departments and government agencies worldwide.

Source: SPAMfighter News

Buy Kaspersky Antivirus 2010 – Best Antivirus Software

thereviewcity — Fri, 19 Feb 2010 07:50:56 +0000

Buy Kaspersky Antivirus 2010 – Best Antivirus Software

Like other similar apps, Kaspersky Anti-Virus 2010 takes you through a lengthy installation process, including the eventual removal of any non-compatible security software. But, once launched, it will not only take care of your file system, but also your email, web browsing and even IM conversations. All these filters can be tweaked in the program’s comprehensive settings menu.The program also includes the so called Proactive Defense, a special module that protects your system in real time and can take care of any suspicious behavior right on the spot. Kaspersky is a strong security antivirus, but the extra features only available in Internet Security mean that buyers should definitely test the full trial before committing to it. Also has Kaspersky Toolbar for Internet browsers to warn you about infected or unsafe websites.

The Features of Kaspersky

Protects instant messengers (ICQ, MSN)
Provides proactive protection from unknown threats
Detects viruses based on the packers used to compress code
Self-protection from being disabled or stopped
Basic identity theft protection
Urgent Detection System
Next generation proactive protection
Special Game Mode
Automatic configuration
Automatic or interactive mode
Round-the-clock technical support
Automatic database updates

Buy Now

Microsoft to Launch Free Anti-Virus Program in Bulgarian

thereviewcity — Tue, 16 Feb 2010 12:14:09 +0000

US computer giant Microsoft is set to launch a free antivirus program, Microsoft Security Essentials, in a further 18 countries and 14 new languages, including Bulgarian, on February 17.

The software does not require registration or trial versions and updates can be downloaded directly from the Microsoft website after February 17.

Microsoft Security Essentials is offered as an additional benefit only for computers running genuine Windows and is being lauded as a great way to stop malicious codes.

It is available for Windows XP SP2 or SP3, Windows Vista and Windows 7, including the Windows XP mode for 32 bit and 64 bit operating systems.

Kaspersky Patents Hardware-Based Antivirus

thereviewcity — Tue, 16 Feb 2010 11:58:02 +0000

Kaspersky Lab has announced they have received a U.S. patent for a hardware-based antivirus solution. The announcement emphasizes that the hardware operates below the level of rootkits and therefore can’t be bypassed by them.

The patent, #7,657,941, is entitled “Hardware-based anti-virus system,” is awarded to inventor Oleg V. Zaitsev (Technology Expert at Kaspersky Lab) and assigned to Kaspersky. The abstract reads:

An anti-virus (AV) system based on a hardware-implemented AV module for curing infected computer systems and a method for updating AV databases for effective curing of the computer system. The hardware-based AV system is located between a PC and a disk device. The hardware-based AV system can be implemented as a separate device or it can be integrated into a disk controller. An update method of the AV databases uses a two-phase approach. First, the updates are transferred to from a trusted utility to an update sector of the AV system. Then, the updates are verified within the AV system and the AV databases are updated. The AV system has its own CPU and memory and can be used in combination with AV application.

So it seems this device is an actual separate computer running an embedded AV application. While the press release and abstract emphasize that the AV functionality doesn’t strictly need a software counterpart running in the host system, it does need host software in order to update itself, because the AV hardware won’t have network access. This update application will need to be trusted and hardened against attack.

The difficulty of detecting rootkits once they have installed does call for unconventional measures. Whether a hardware approach is truly more effective remains to be seen. If the device is just an AV system running below the level of the rootkit then the improvement will be small, as it will still only operate as well as the signature process allows. If the fact that the device is running below rootkits allows it to run heuristic tests which are better capable of detecting rootkit behavior then the difference could be substantial.

There is another advantage to hardware-based AV: Because the device has its own CPU and memory and minimal software running on the host PC, the performance impact on the PC will be lessened. But in fact, this device can not be a complete security solution, since it can only monitor disk operations. Modern security suites also monitor network connections, for example.

Source: pcmag security blog

Microsoft systems crash following update

thereviewcity — Mon, 15 Feb 2010 07:37:51 +0000

Infected machines could experience “blue screen” crashes.

Microsoft is warning users to scan their machines for malware following a recent string of system crashes.

The company said that one of the patches included in Tuesday’s monthly update was potentially causing a conflict with certain malware infections on Windows XP systems.

When installing the MS 10-015 patch, which addresses a vulnerability in the Windows kernel, the infected systems experienced the infamous “blue screen of death” system crash.

In order to avoid the crash, Microsoft is advising users to scan their systems with a trusted, up-to-date antivirus tool.The news first surfaced Thursday when the company disclosed reports on its security response blog of system crashes with the February update. The issue was later traced to the MS 10-015 bulletin and eventually found to be from a malware infection.

“One of the key components when investigating issues like this are obtaining memory dumps from computers experiencing the problem,” wrote senior security communications manager Jerry Bryant.

“In order to get the information we need to fully analyse the issue, some of our support engineers have actually driven to customer locations and picked up affected systems so we can get the needed crash data directly and help inform our investigation.”

Source: v3.co.uk

F-Secure Brings AntiVirus Protection For Mac OS X

thereviewcity — Mon, 15 Feb 2010 07:36:24 +0000

Mac Protection from F-Secure Antivirus is a new product for computers with Mac OS X. Although it is known that very few viruses affect the Mac OS X, F-Secure Mac Protection will safeguard your PC against any of them out there.

For now, F-Secure Mac Protection is simply a Technology Preview, which means that it is in the testing phase. It is still not able to detect malware. It only detects a file based on the evidence. However, the ability to detect viruses, worms, trojans etc. will be implemented with a simple upgrade, when this product will be ready.

All users who will try F-Secure Mac Protection and will contribute to the improvement by giving suggestions and warnings or errors, will get F-Secure Mac Protection free for a year. And there is also a possibility of getting gifts from F-Secure.

It is obvious that the development of Mac OS X is attracting the attention of some security companies, such as F-Secure. F-Secure Mac Protection is the first antivirus for Mac, although certainly it will not be the last. F-Secure Mac Protection trial version can be downloaded now from F-Secure’s website.

Source: Google News

Kaspersky Internet Security 2010(KIS 2010) named Best in Class by PC for Alla in Sweden

thereviewcity — Thu, 11 Feb 2010 21:22:33 +0000

Source : Internet

Kaspersky Lab – a leading developer of antivirus software

Announces that Kaspersky Internet Security 2010 has been awarded with the Best in Class by PC för Alla – Sweden’s most popular computer magazine.The award was announced in an article carried by the magazine’s February issue which reported on tests performed by the publication on eight of the most popular security packages available on the Swedish market. Kaspersky Internet Security 2010 is described as being an ambitious security package with many smart functions over and above the usual antivirus, anti-spyware and anti-phishing technologies.

The Kaspersky Lab product was named ‘Best in Class’, beating Norton Internet Security 2010, Eset Smart Security 4, F-Secure Internet Security 2010, McAfee Internet Security 2010, Panda Global Protection 2010, Trend Micro Internet Security 2010 and Avast Antivirus 4.8.

PC for Alla stated that Kaspersky Internet Security 2010 had the highest overall detection rates of any of the solutions that they tested and was among the fastest solutions for on-demand scanning – being twice as fast as most of the competition. The test results also showed that Kaspersky Internet Security 2010, along with another program, impacted the performance of the host machine the least – using only two per cent of the system’s resources. The product’s many features, such as the virtual keyboard to combat keyloggers, gaming mode and parental control, contributed heavily to the solution being voted the best all-round security package for 2010.

Kaspersky Internet Security 2010 incorporates a Safe Run mode based on innovative new Sandbox technology – a unique feature amongst Internet Security Suites. Safe Run enables the user to run suspect software in an isolated, virtual environment that protects the operating system against all types of malicious damage. Statistically, it has been demonstrated that vulnerabilities in operating systems and trusted applications are often exploited by hackers to attack applications that make use of the Internet.

click here to read more antivirus software reviews