03/30/2009

Defeating & Removing Conficker

"What we've found is pretty cool: Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously, and very, very quickly. You can literally ask a server if it's infected with Conficker, and it will tell you."
So says security researcher Dan Kaminsky in his blog about detecting and removing Conficker (also called Downandup).

What this means is there may be a way for computer users and network administrators to both detect and patch systems and also block further infection of other computers from their computers.

This is really the first news of a possible crack in Conficker's armor and definitely good news.

When a virus, trojan, or other malware hits mainstream news, it's something to watch out for, and if you haven' t heard anything about this worm yet, here's some info from the official Conficker Work Group and their FAQs that will help anyone who's asking, "What is Conficker?" learn more about it.

Removing Conficker / Downandup

Thanks to PCMag.com for a great list, included below, of several resources and tools for detecting, removing, and uninstalling Conficker / Downandup if you've reason to believe your computer (or that of a friend or colleague may have been infected).

03/22/2009

What's the Best Free Antivirus Software?

In the interest of full-disclosure, I'll begin by saying that everyone who's a part of pcAntivirusReviews.com are advocates of Open Source Software (OSS) and Free Software.

Both individually and as a company, we have made significant financial and other contributions to various open source and free software projects. This very site runs on free software, in fact, and we couldn't be happier with it. Then again, we are geeks. ;-)

That said, we're also strong proponents of commercial software, too. We believe there's room for everything and in using the right tool for a job.

Preamble complete, back to the point of this piece is to answer the question we're often posed:

What's the Best Free Antivirus Software?

While a valid question, it's one we can't answer. (Sorry, everyone.) Why not?

We only review commercial applications. Why only commercial applications?

Five words: Commercial applications mean commercial support.

For the average consumer, they're unwilling and/or unable to wade through the often complex process of getting help from newsgroups, search engines, and other places where typically one must go to get help for free software.

Given just what's at stake when it comes to antivirus software and people's data, we feel like not paying for antivirus protection and choosing free antivirus software--for most people--isn't worth it.

Bear in mind, too, how strongly we feel about antivirus software--we feel it's one of the three things we consider most important in securing a computer, including:

  1. A software firewall
  2. Antivirus software
  3. Backup software

With that in mind, there's simply so much at risk--and so much to lose--in choosing these programs. That sense of something to lose means someone to contact directly and say, "Look, I'm having such-and-such problem, and I need help!"

In our experience, most companies--particularly the good ones like Sunbelt, makers of VIPRE Antivirus, the product we rate as the best antivirus software--respond to their customers' needs and help them.

Even if some people (read: your uber tech-savvy nephew ;-) think it's a silly notion, having a phone number to call means a lot: it means (hopefully) there's a friendly technologically adept person on the other end who's able to help bail them out and to comfort them through removing the virus or to get through whatever other tech challenges they may face.

While we understand the need for free antivirus software and have tremendous respect for those applications, it's beyond the scope of what we feel is best for consumers.

Lastly, as for testimonials, we get testimonials all... the... time... from individuals and companies thanking us for having helped them choose a good commercial antivirus program to replace a free one they've depended on for years.

Interestingly, the two most common things we hear in these customer testimonials are:

  1. How much less resource intensive the new software they just purchased runs.
  2. How their commercial software managed to remove a virus the free antivirus software missed.

Now, make no mistake, I'm not saying free antivirus software is bad. Far from it. There is definitely a place for it. What I am saying though is that the customers we hear from tell us resoundingly: they're glad they bought antivirus software.

03/21/2009

Conficker Worm April 1 Activation Date

What's in store for us on April 1st 2009 with the Conficker worm?

There are a lot of educated guesses being floated, many of which are in this New York Times piece on the Conficker activation.

As the piece points out,

"It is possible to detect and remove Conficker using commercial antivirus tools offered by many companies. However, the most recent version of the program has a significantly improved capacity to remove commercial antivirus software and to turn off Microsoft’s security update service.
"It can also block communications with Web services provided by security companies to update their products. It even systematically opens holes in firewalls in an effort to improve its communication with other infected computers."

For more information on detecting it, here's the Microsoft Conficker detection tool and Norton instructions on how to manually remove Conficker.

Conficker Removal? First is Conficker activation...

What's in store for us on April 1st 2009 with the Conficker worm?

If your computer has been infected with Conficker/Downandup, there's still time before the so-called Conficker activation date for you to remove Conficker.

Why the urgency?

According to the security researchers who've looked at the innards of the Conficker worm, April 1, 2009, is the date programmed into Conficker for it to activate.

What then?

Called one of the most sophisticated viruses/worms/trojans ever, Conficker's purpose remains murky and its removal still somewhat of a tricky, delicate process. (See below for details on manual removal details from Symantec.)

What happens when it does activate is a real mystery. Is it some sort of a criminal enterprise network? Or perhaps just some sort of a "little" joke.

There are a lot of educated guesses being floated, many of which are in this New York Times piece on the Conficker activation.

Which theory is right? Who knows. Perhaps it's a multi-faceted tool and many of the theories are right. With the sophistication already shown by the worm, it's unlikely this is just some prank and likely that it will remain a problem for some time.

As for removing Conficker, as the piece points out,
"It is possible to detect and remove Conficker using commercial antivirus tools offered by many companies. However, the most recent version of the program has a significantly improved capacity to remove commercial antivirus software and to turn off Microsoft’s security update service. It can also block communications with Web services provided by security companies to update their products. It even systematically opens holes in firewalls in an effort to improve its communication with other infected computers."

How to Remove Conficker / Downandup

For more information on detecting it, here's the Microsoft Conficker detection tool and Symantec instructions on how to manually remove Conficker.

Bear in mind, too, that given Conficker's sophistication, it's quite possible for your computer to be infected and for you to not know it. That said, I encourage you to read the various articles on the worm and familiarize yourself with it or at very least make sure you're running current antivirus software and that your antivirus signatures are updated.

If you're unsure if yours is up to the task, our reviews of the best antivirus software have just been updated for 2009 so you can easily see how your antivirus protection stacks up against other software.

03/13/2009

Conficker Removal Tool Released

Score one for the good guys today!

Our friends at BitDefender, which we regard as among the best antivirus software available, have released the first tool aimed at removing the Conficker / Conflicker / Downandup virus.

This worm, which we've covered quite a bit here, has been notoriously pesky... and notoriously pesky to remove.

The news was covered in many places, including in this article on the Conficker removal tool.

The folks at BitDefender, long known as makers of top antivirus software, have managed a praiseworthy technical feat, especially given how long Conficker has been causing havoc for PC owners and antivirus companies alike.

If you think you've been infected by Conficker, here's where you can find BitDefender's Conficker / Downandup Removal Tool.

Come to think about it, it's probably a good idea to keep a copy of this removal tool on a CD or keychain drive, regardless of whether or not you've been infected by the worm.

03/05/2009

Microsoft Not Patching Excel Security Flaw

In one of the more disappointing announcements of late coming from Microsoft, they announced today that even though they were rolling out three security updates, including a critical one, they weren't fixing one in Excel that, sadly, crackers are now exploiting.

Symantec's researchers, according to a Computerworld article on the Excel bug, described it this way:

"The vulnerability is a file format bug in all supported versions, including the latest -- Excel 2007 on Windows and Excel 2008 for the Mac."

Given that it is such a widespread bug, it makes sense that it takes time to sort through all the ramifications of such a fix; however, we'd really hoped that for that very reason, it being a widespread bug, because it does affect all versions of Excel, Microsoft would have taken after this patch aggressively and come up with a fix more quickly.

Now, given that Microsoft only releases patches 12 times a year, it's especially important to know that the person sending you an Excel spreadsheet really has sent the sheet, and it's equally important to make sure you're staying atop antivirus software updates.

We're going to continue to monitor the status of this bug and any fallout from it (or a subsequent patch) here, so watch this section for details as they become available.

Editors update: Having missed the link to the Microsoft Security Advisory on Excel, I thought it prudent to include it should someone come across this post looking for information on dealing with the exploit.

Since having posting this piece Microsoft has subsequently made several patches available for the different versions of Microsoft Office. Here's MS security bulletin MS09-009 on how to patch Microsoft Excel against this (and other vulnerabilities).

03/02/2009

New Trojan Targets Unpatched Microsoft Excel Flaws

There's recent news afoot from a number of sources, including The Register about a Microsoft Excel Trojan.

Several versions of Excel are vulnerable to this particular bit of malware including:

  • Excel 2000
  • Excel 2002
  • Excel 2003
  • Excel 2007
  • Excel 2004/2008 for Mac
  • Excel Viewer
  • Excel Viewer 2003
  • How do you get this trojan

    Since it takes advantage of a flaw in Excel (and the Excel viewer), all you need to do is open an Excel spreadsheet with a specially crafted spreadsheet. Once you open it, the trojan payload is instantly delivered to your system.

    What's being done

    As of this writing, Microsoft's official word on the Excel Vulnerability is,

    "At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability."

    The Microsoft Security Advisory goes on to say they've not yet decided to release a patch as a part of "Patch Tuesday", a service pack, or something "out-of-cycle."

    As with any new virus, trojan, or other malware, we urge readers to make sure you're running current antivirus software and that your antivirus signatures are up to date.

    If you're not sure if your antivirus software is up-to-snuff and does everything it should, we have a page to help you compare antivirus software.