10/11/2009

Conficker Sill Active

Back in March 2009 the worm Conficker gained notoriety for its countdown-to-activation.

We covered Conficker and removing Conficker quite extensively before and after the launch date, and now about six months later, it unfortunately comes as no surprise that systems are still being infected by it.

In fact, Kaspersky Antivirus, who publishes a list of the top malware stats every month in September 2009 still has Conficker in its various forms (called 'Net-Worm.Win32.Kido' by Kaspersky) occupying three of the top 20 malware spots.

The folks at Viruslist.com, who (along with a ton of other things) report on Kaspersky's malware statistics, go on to point out that, Kido (Conficker) remains active. Kido.ih, the leader of this Top Twenty for the last six months, has been joined by another variant, Kido.ir, which is a newcomer to the rankings

Removing Conficker isn't easy and many antivirus software vendors had a tough time getting a handle on how to remove the worm from infected PCs, but as far as we know every major antivirus program today is now capable of stopping and removing Conficker/Kido.

This is part of the reason, no doubt, why the authors of Conficker continue to write new versions: to try to thwart the A/V programs from stopping and removing their worm.

Regardless of whether or not your PC has been infected, make no mistake: just because it has been six months since Conficker's activation date, it's still a real threat, and if your PC is unpatched, all you have to do is be connected to a network (or the Internet) where there are other infected machines for yours to be at risk of infection, too.

This threat is all but eliminated if you're running any of the best firewall antivirus software or Internet security suites.

Lastly, as a reminder, do make sure your PC is has the latest patches. It typically takes just a few minutes to apply the patches and after a reboot (sometimes two!) you're in business.

Prior coverage of Conficker

08/17/2009

Antivirus Software: What's Real? What's Fake?

One of the growing concerns for many security and antivirus professionals is the dramatic growth of fake antivirus software.

The idea behind fake A/V software is to trick unsuspecting consumers into downloading and installing their fake software in an effort to get trojans, viruses, spyware, and other malware installed onto PCs in the process.

There's nothing real about the fake software, except the threat it poses.

The process works like this:

  1. Trick consumer with a real looking, real sounding ad on an (often unsuspecting) legitimate website
  2. Get consumer to install the phony (but very real looking) antivirus application
  3. Stuff any number of trojans, keyloggers, spyware, and other evil applications into the fake antivirus program
  4. Use the newly infected computer to do their bidding, including (among other things):
    1. identity theft
    2. credit card fraud
    3. bank theft
    4. infecting other computers
    5. spamming

Solution to the Fake Antivirus Software Problem

Word is filtering out today about a way to tell fake antivirus software from legitimate ones.

A new site from security and SSL vendor Comodo of a project they're backing called, "Common Computing Security Standards Forum," aims to help consumers figure out what's real and what's not.

In their list of all known legitimate antivirus software vendors, they hope to help put an end to the dummy antivirus programs out there and to help consumers stay clear of the crap.

In addition to thanking them for their efforts, here is a complete list of current antivirus vendors known to Comodo to be the real deal:

Legitimate Antivirus Software Vendors
  • AhnLab
  • Aladdin
  • ALWIL
  • Antiy
  • Authentium
  • AVG Technologies
  • Avira GmBH
  • BitDefender (BitDefender Antivirus & Internet Security)
  • BullGuard
  • CA Inc (CA Anti-Virus)
  • Checkpoint
  • Cisco
  • ClamAV
  • Comodo
  • CSIS Security Group
  • Drive Sentry
  • Dr.Web
  • Emsi software
  • ESET
  • F-Secure
  • Fortinet
  • Frisk Software
  • G Data Software
  • GFI/Sunbelt Software (VIPRE Antivirus & Internet Security)
  • Ikarus Software
  • Intego
  • iolo
  • IObit.com
  • Kaspersky Lab (Kaspersky Anti-Virus & Internet Security)
  • Kingsoft
  • Malwarebytes
  • McAfee McAfee VirusScan Plus & Internet Security)
  • Norman
  • Panda (Panda Antivirus Pro & Internet Security)
  • PC Tools
  • Prevx
  • Rising
  • Sophos
  • SuperAntispyware
  • Symantec (Norton AntiVirus & Internet Security)
  • Trend Micro (Trend Micro AntiVirus & Internet Security)


  • You'll note, every one of the programs (reviews linked above) are included in our antivirus reviews since day one of our site are included on the list.

    If you know of other legitimate A/V software not on the list, please contact us so that we can share your insight with the folks at Comodo.

    07/03/2009

    Kaspersky Labs Wins Precedent-Setting Case Against Adware / Spyware

    Late June brought a victory--and some delightful news--to those looking to put a little sanity into the adware / spyware front.

    It should be no surprise to regular readers that we feel that labeling adware as spyware is a logical thing to do. While many adware purveyors take umbrage at the notion that they're spyware, since many don't report the visitor's activities back to a central server, we don't.

     That's splitting hairs as far as I'm concerned. 

    Any software that records your actions and, no matter how loosly, takes action now or later based upon what your actions are/were, that software is spying on you--even if it's just serving ads.

    What's important about the Kaspersky legal victory is that it deals with the adware/spyware Zango.

    According to the Kaspersky press release about Zango, where Kaspersky Lab Americas President, Steve Orenberg says,

    '"...we feel it’s our responsibility to warn a user when we classify an application as malicious, thus giving the user the choice to stop the application or let it run.

    "We are thrilled with the outcome of this case because it supports the key message of the information security industry ‐‐ consumer protection comes first and that a legal suit cannot force a vendor to classify a potentially malicious program in a certain way."'

    What Kaspersky was hoping for, and got, was so-called "Good Samaritan immunity."

     This means Kaspersky's users can be notified if this software is on their computers via the Kaspersky Antivirus spyware detection mechanism (which we rate highly). At that point it's up to the user to keep or block Zango. 

    What the court decided, among other things, is that it's your choice.

    This is a real victory for anyone--software vendor or consumer--who wants to keep crapware off their computers. Zango isn't a virus to be sure, but it may be spyware, and it's most definitely adware.

    If you want Zango, and you're running Kaspersky antivirus software, keep it; if you don't block it. Seems logical to me.

    06/04/2009

    Sluggish System? Your Antivirus Software is Probably to Blame

    While many consumers are starting to realize the importance of antivirus software, many are unaware of the significant differences in performance from one antivirus program to another.

    Why is this so important?

    Realizing that many consumers just go with whatever is pre-installed on their system when they get it or with whatever their ISP installs/recommends, it seemed important to question the rationale behind that.

    Often, the security application that has been installed is chosen for one reason: money.

    Understanding the relationship between the PC manufacturers and ISPs and the antivirus vendors is an easy one: the AV makers often pay to have their software installed (if not, they often let the manufacturers install it for free.) Huh?

    The reason is, the A/V makers realize that many, if not most, consumers will renew their antivirus subscription when it expires, thus while they may have to "pay" for their antivirus software when they get their computer, they do buy the renewal subscription.

    And, once they're in there, they have a revenue stream from you.

    Sluggish System?

    So, you're cruising around with your PC for a while--maybe even a year or more, when it just doesn't feel as fast as it once did.

    All those files and pictures and videos you've created and viewed over the many moons you've had your computer are stored somewhere, often they live in your Temporary Internet Files directory.

    Over time, as these files accumulate in the various places of your hard drive, your antivirus software has to work harder and harder to keep up.

    What happens next is where it gets ugly.

    You get fed up with it slowing things down and disable it, "just to get some stuff done."

    The problem is the software stays off for a while--sometimes for a long while, maybe even forever.

    Now that antivirus subscription you just renewed is totally, completely, utterly useless.

    Real Antivirus Solutions

    What this boils down to is that choosing your antivirus software, and not just taking the easy route, is critical.

    This is part of the reason we rate VIPRE antivirus so highly: it's highly efficient and uses very few CPU, RAM, and system resources to keep your computer safe and virus-free.

    We're not the only ones saying this, either. I just came across a VIPRE review from August 2008 on ZDNet's Hardware 2.0 blog by the much-respected Adrian Kingsley-Hughes.

    The lowdown:
    "Security software can have a shocking effect on performance, and can take a new system and make it feel like one that’s a few years old.

    I’m pleased to see that Sunbelt Software’s claim that VIPRE doesn’t hog system resources and doesn’t slow down a PC isn’t just marketing hyperbole but is actually true."

    (N.B. emphasis mine)

    Adrian's images, originally located here ZDNet (archived now at our site), really tell the story about VIPRE well. (Visit ZDNet for complete details.)

    In his review, he compares system performance with:
    Take a look at the below images and judge for yourself...

    Original source: http://i.zdnet.com/blogs/av_shootout_system01.png



    Original source: http://i.zdnet.com/blogs/av_shootout_system02.png



    Original source: http://i.zdnet.com/blogs/av_shootout_system03.png


    It's good to see we're not alone in leading antivirus review sites singing VIPRE's praises, they're well-deserved.

    05/13/2009

    Are Viruses Getting Worse?

    As you might imagine, we get a lot of email. Most of it is from really nice people all around the world looking for help choosing the best antivirus software for a new computer or are looking to upgrade antivirus software to a newer version.

    Although it's asked a million different ways, one of the most common questions that comes from these emails is,

    "Do I really need to upgrade my antivirus software or can I just keep getting new definitions?"

    There should be no question in anyone's mind that the malware creators are constantly getting smarter and are making their viruses, worms, trojans, keyloggers, and the like more clever and harder to detect. In fact, an article in ZDNet talks about this very problem and that it's getting harder to detect viruses. The article cites, Konstantin Sapronov, one of the Kaspersky antivirus lab heads is paraphrased in the article, saying,

    "new methods of infiltration have also rendered it nearly impossible for users to avoid infection, even if they are careful. Seemingly clean sites can also perform backend redirection to malware-ridden sites."

    It's definitely a game of cat-and-mouse where the antivirus companies are always on the prowl looking for ways to refine their tools to make them smarter, faster, and more able. Likewise, the malware writers are constantly doing their best to avoid detection.

    Do I Need to Upgrade Antivirus Software?

    When considering whether to keep your existing software and extend your definition subscription or to purchase new antivirus software or upgrade versions, the buying decision can be boiled down to a few questions:

    1. Are you happy with the overall performance of your current software?
    2. In other words, does it run smoothly for you or is your system slow when the software is running?

      Today's best antivirus software really should run smoothly nearly all the time. In fact, most of the time you really should barely notice it.

    3. Do you get a lot of "false positives?"
    4. These are warnings about a virus or other infection that turn out to be nothing at all. If you're getting a lot of false positives this can often lead you to disable the software even though you know better.

      If you're disabling the software frequently (and not just when you're installing new software onto your computer), the software isn't doing it's job. Plain and simple. First of all, if it's disabled, it can't do its job. Secondly, if you didn't have the false positives, you wouldn't have to disable it.

      So, if you're disabling your antivirus software, it's not doing its job.

    5. How long has it been since you purchased your current antivirus protection?
    6. As a rule of thumb, if it has been more than six months, you should look at what's new. That doesn't mean go buy new software every six months. It means be aware of what's out there.

      Sometimes, there's little more than cosmetic changes to software; other times the underlying antivirus detection engine has had significant upgrades to detect new threats, minimize false positives, run lighter, or any number of other improvements.

      When the changes are mostly cosmetic, it's usually safe to skip a version and stick with your older software; when the changes are fundamental to the way the software works, it's wise to consider an upgrade.

      This doesn't necessarily mean you should upgrade, just that you should take time every few months to see what's new and if your needs are better suited to a new version.

      Ultimately, you're responsible for your own computer's security, so chances are no one will remind you to go check out what's new in the latest antivirus software.

    11/21/2008

    Morro: Microsoft's free anti-virus / anti-malware

    Our friends in Redmond, Washington, are at it again. :-)

    Microsoft just announced their own free anti-malware / anti-virus software. cnet has full coverage of Microsoft's Morro anti-virus software and the general consensus amongst security industry companies seems to be a universal shrug.

    Here's what reps from some of the leading companies had to say in interviews for the article:

    Company   Quote
    McAfee "With more malware attacks than ever before, we believe our advanced technology... will provide consumers the confidence to choose McAfee as their trusted adviser and expert in security."
    Symantec "...it's simply not in Microsoft's DNA to provide high-quality, frequently updated security protection."
    Kaspersky "[Microsoft has] continued to hold a very low market share in the consumer market, and we don't expect the exit of OneCare to change the playing field drastically."

    Hmmm... doesn't sound like any are quaking at the thought of having Microsoft as a competitor in the antivirus software marketplace anytime soon.