Intel acquires McAfee for $7.68 billion – Engadget

My comments

Most of the laptops that I have reviewed on this blog came with a trial edition of a McAfee desktop-security program. Similarly, there are some people who have cottoned on to a McAfee desktop-security solution of some form, either by taking out a full subscription to a trial program that came with their new computer, used a business-supplied program or, for long-time computer hobbyists and students, ran the shareware program on their DOS-based PCs to keep the likes of “Ping Pong” or “Stoned” off their hard disks.

This program, one of the “old dogs” of PC virus control and desktop security, has served many users very well but some users would find that Intel owning McAfee may change the course of the McAfee product lineup either to make it more cheaper or costlier. It could also be a chance to make for a “vertical” desktop-security package directed at a particular user group or, as I would hope for, prepare a competitive antivirus program for the Apple Macintosh platform. This is because as more people take to the Macintosh platform, the “computer underworld” could work on that platform and create malware for it.

A good question to ask is whether McAfee, being profitable, was simply bought out by Intel or whether McAfee was posting a loss and Intel offered to buy out the software company to offset the losses. The latter situation may be brought about by the arrival of the free desktop antivirus programs offered by AVG, Avira, Avast and Microsoft; and the fact that Microsoft is providing a highly-competent desktop firewall program that is baked in to the Windows Vista and 7 operating systems.

Who knows what could be the direction for premium desktop security programs, especially for the Windows platforms.

Scareware Indictments Put Cybercriminals on Notice – Microsoft On The Issues

Swede charged in US over ‘scareware’ scheme | The Local (Sweden’s News in English) – Sweden

US-Behörden klagen Scareware-Betrüger an | Der Standard (Austria – German language)

From the horse’s mouth

FBI Press release

My comments

What is scareware

Scareware is a form of malware that presents itself as desktop security software. Typically this software uses a lot of emphasis on “flashing-up” of user-interface dialogs that mimic known desktop security programs, whether as add-on programs or functions that are integral to the operating system. They also put up dialogs requiring you to “register” or “activate” the software in a similar manner to most respected programs. This usually leads you to Web sites that require you to enter your credit-card number to pay for the program.

In reality, they are simply another form of Trojan Horse that is in a similar manner to the easy-to-write “fake login screen” Trojans that computer hackers have created in order to capture an administrator’s high-privilege login credentials. Some of the scareware is even written to take over the computer user’s interactive session, usually with processes that start when the computer starts, so as to “ring-fence” the user from vital system-control utilities like Task Manager, Control Panel or command-line options. In some cases, they also stop any executable files from running unless it is one of a narrow list of approved executable files. They are also known to nobble regular desktop anti-malware programs so that they don’t interfere with their nefarious activities. This behaviour outlined here is from observations that I had made over the last few weeks when I was trying to get a teenager’s computer that was infested with “scareware” back to normal operation.

Who ends up with this scareware on their computer

Typically the kind of user who will end up with such software on their computer would be consumers and small-business operators who are computer-naive or computer-illiterate and are most likely to respond to banner ads hawking “free anti-virus software”. They may not know which free consumer-grade anti-virus programs exist for their computing environment. In a similar context, they may have found their computer is operating below par and they have often heard advice that their computer is infested with viruses.

What you should do to avoid scareware and how should you handle an infestation

The proper steps to take to avoid your computer being infested with scareware is to make sure you are using reputable desktop security software on your computer. If you are strapped for cash, you should consider using AVG, Avast, Avira or Microsoft Security Essentials which have the links in the links column on the right of your screen when reading this article on the site.

If you have a computer that is already infected with this menace, it is a good idea to use another computer, whether on your home network or at your workplace, to download a “process-kill” utility like rkill.com to a USB memory key or CD-R and run this on the infected computer immediately after you log in. It may alos be worth visiting the “Bleeping Computer” resource site for further information regarding removing that particular scareware threat that is affecting your computer. This is because I have had very good experience with this site as a resource when I handled a computer that was infested with scareware.

If you are at a large workplace with a system administrator, ask them to prepare a “rescue CD” with the utilities from the “bleeping-computer” Web site or provide a link or “safe-site” option on your work-home laptop to this site so you can use this computer as a “reference” unit for finding out how to remove scareware from a computer on your home network.

How the criminal law fits in to this equation

The criminal law is now being used to target the “scareware” epidemic through the use of charges centred around fraud or deception. Like other criminal cases involving the online world, the situation will touch on legal situations where the offenders are resident in one or more differing countries and the victims are in the same or different other countries at the time of the offence.

This case could raise questions concerning different standards of proof concerning trans-national criminal offences as well as the point of trial for any such offences. 

Conclusion

Once you know what the “scareware” menace is, you are able to know that criminal-law measures are being used to tackle it and that you can recognise these threats and handle an infestation.

Disclaimer regarding ongoing criminal cases

This article pertains to an ongoing criminal-law action that is likely to go to trial. Nothing in this article is written to infer guilt on the accused parties who are innocent until proven guilty beyond reasonable doubt in a court of law. All comments are based either on previously-published material or my personal observations relevant to the facts commonly known.

Scareware Indictments Put Cybercriminals on Notice – Microsoft On The Issues

Swede charged in US over ‘scareware’ scheme | The Local (Sweden’s News in English) – Sweden

US-Behörden klagen Scareware-Betrüger an | Der Standard (Austria – German language)

From the horse’s mouth

FBI Press release

My comments

What is scareware

Scareware is a form of malware that presents itself as desktop security software. Typically this software uses a lot of emphasis on “flashing-up” of user-interface dialogs that mimic known desktop security programs, whether as add-on programs or functions that are integral to the operating system. They also put up dialogs requiring you to “register” or “activate” the software in a similar manner to most respected programs. This usually leads you to Web sites that require you to enter your credit-card number to pay for the program.

In reality, they are simply another form of Trojan Horse that is in a similar manner to the easy-to-write “fake login screen” Trojans that computer hackers have created in order to capture an administrator’s high-privilege login credentials. Some of the scareware is even written to take over the computer user’s interactive session, usually with processes that start when the computer starts, so as to “ring-fence” the user from vital system-control utilities like Task Manager, Control Panel or command-line options. In some cases, they also stop any executable files from running unless it is one of a narrow list of approved executable files. They are also known to nobble regular desktop anti-malware programs so that they don’t interfere with their nefarious activities. This behaviour outlined here is from observations that I had made over the last few weeks when I was trying to get a teenager’s computer that was infested with “scareware” back to normal operation.

Who ends up with this scareware on their computer

Typically the kind of user who will end up with such software on their computer would be consumers and small-business operators who are computer-naive or computer-illiterate and are most likely to respond to banner ads hawking “free anti-virus software”. They may not know which free consumer-grade anti-virus programs exist for their computing environment. In a similar context, they may have found their computer is operating below par and they have often heard advice that their computer is infested with viruses.

What you should do to avoid scareware and how should you handle an infestation

The proper steps to take to avoid your computer being infested with scareware is to make sure you are using reputable desktop security software on your computer. If you are strapped for cash, you should consider using AVG, Avast, Avira or Microsoft Security Essentials which have the links in the links column on the right of your screen when reading this article on the site.

If you have a computer that is already infected with this menace, it is a good idea to use another computer, whether on your home network or at your workplace, to download a “process-kill” utility like rkill.com to a USB memory key or CD-R and run this on the infected computer immediately after you log in. It may alos be worth visiting the “Bleeping Computer” resource site for further information regarding removing that particular scareware threat that is affecting your computer. This is because I have had very good experience with this site as a resource when I handled a computer that was infested with scareware.

If you are at a large workplace with a system administrator, ask them to prepare a “rescue CD” with the utilities from the “bleeping-computer” Web site or provide a link or “safe-site” option on your work-home laptop to this site so you can use this computer as a “reference” unit for finding out how to remove scareware from a computer on your home network.

How the criminal law fits in to this equation

The criminal law is now being used to target the “scareware” epidemic through the use of charges centred around fraud or deception. Like other criminal cases involving the online world, the situation will touch on legal situations where the offenders are resident in one or more differing countries and the victims are in the same or different other countries at the time of the offence.

This case could raise questions concerning different standards of proof concerning trans-national criminal offences as well as the point of trial for any such offences.

Conclusion

Once you know what the “scareware” menace is, you are able to know that criminal-law measures are being used to tackle it and that you can recognise these threats and handle an infestation.

Disclaimer regarding ongoing criminal cases

This article pertains to an ongoing criminal-law action that is likely to go to trial. Nothing in this article is written to infer guilt on the accused parties who are innocent until proven guilty beyond reasonable doubt in a court of law. All comments are based either on previously-published material or my personal observations relevant to the facts commonly known.

Installation and Use

The installation went ahead very smoothly and was able to draw attention to a clash between this program and my prior setup which was Windows Firewall as the desktop firewall solution and Avast Home Edition as the anti-malware solution, and offered to uninstall Avast Home Edition before installing itself.

Kaspersky's main operating console

The main software dashboard has a “traffic-light” bar at the top which glows green for a safe environment, yellow for situations that need your attention and red for dangerous environments. It uses a tabbed interface which can show information that pertains to particular aspects of the program. This dashboard can be minimised to a “red K” indicator located in the System Notification Area on the Taskbar and ends up being relative unobtrusive. If it needs to draw your attention, a coloured “pop-up” message shows near that area. You don’t even see “splash screens” when the program starts during the system’s boot cycle, unlike what happens with Norton AntiVirus and other computer-security software delivered as “crapware” with many Windows computers.

Notification Tray icon

The program does download many updates through the day because of the nature of the computer-security threats that evolve too quickly. This is typically indicated with a “globe” symbol underneath the “red K” indicator when the program is minimised to the System Notification Area.

Performance

Kaspersky’s performance under a “full-scan” situation is typical for may desktop computer-security applications because this involves reading files from the computer’s hard disk which is competitive with applications that need use of the hard disk. It had highlighted a password-protected executable file as a risk because of the fact that this can become a way of concealing malware.

The software’s “behind-the-scenes” behaviour can impinge on system performance if you are doing anything that is graphic intensive. But there is an option to have the program concede resources to other computing tasks.

Gaming Profile option

The program also has options available for optimising its behaviour to particular situations. For example, there is an option to disable scheduled scans when a laptop computer is running on batteries and a “gaming mode” which reduces its presence and can disable scheduled scans and updates when you are playing a full-screen game or video and you don’t want the program to interrupt you.

From what I have observed, Kaspersky does a very good job at maintaining a “sterile zone” for your computer. For example, if you plug in a USB memory key, the program will scan the memory key for malware. This is important with malware like the Conficker worm that has been attacking Windows computers and creeping on to USB memory keys.

Privacy protection and security options

There is an optional on-screen virtual keyboard that works against keystroke loggers which capture data from the hardware keyboard.It may not be a defence against keystroke loggers that capture the character stream that is received by an application or software that records on-screen activity.

There is also an anti-banner-ad module which may appeal only to those who “hear no ads, see no ads, speak no ads”. I wouldn’t use this for most Web browsing activities and you still need to be careful that you run only one “pop-up blocker” at a time. I would rather that this can be used to filter advertising that is used for “fly-by-night” offers.

The e-mail protection does work with Windows Live Mail but, if you want to run it as an anti-spam solution for any e-mail client, you have to have it list your mail on a separate screen so you can tell which mail is which. This feature may be useless if you are running multiple other anti-spam measures such as a spam filter integrated in to your mail client or provided as part of your email service.

Desktop content filter

I do have a personal reservation about desktop-based “parental-control” programs because these programs only control the content that arrives at the computer that they run on. This may be OK for situations where the Internet access is primarily on the general-purpose computer that they run on. It doesn’t suit an increasingly-real environment where Internet access is being done on other terminals such as smartphones, multifunction Internet devices, games consoles, and Internet-enabled TVs. Here, I would prefer a “clean feed” that is provided as an option in the Internet service or the content-filtering software to be installed in a very fast router. The desktop filter can work well if a computer is taken to places like hotspots that don’t provide a filtered Internet service.

The content control is also limited to few categories such as the “usual suspects” (porn, gambling, drugs, violence, weapons, explicit language). There isn’t the ability to filter on “hatred” and “intolerance” sites which may be a real issue in today’s world, although the weapons and violence categories may encompass some of that material. I would like to see more granular filtering to suit different age groups and needs.

Nice to have

A feature that this program could have is management of interface to UPnP IGD routers. This could include identifying port-forward requests by applications and checking that these port-forward requests are destroyed when the application is stopped. This could include destroying port-forward requests when the application crashes or clearing all port-forward requests when the system starts so as to clean up port-forwarding “holes” left when a UPnP-enabled application or the system crashes. This is because I have noticed port-forward settings being left standing when an instant-messaging application, game or similar UPnP-enabled application crashes and the router’s UPnP port-forward list has settings from these prior sessions still open. This can provide various back door opportunities to exist for hackers and botnets to operate.

Macintosh users are looked after by Kaspersky through the “Kaspersky AntiVirus For Mac” program which provides virus protection for that platform. It doesn’t provide the full Internet security options that this program has to offer but there may be a desktop firewall built in to MacOS X which can protect against Internet hacks.

As far as the desktop content filter is concerned, I would like to see increased filtering options like an option to filter out “hatred” / “intolerance” sites; and “games and sports” for business needs. There should also be the ability to set up granular filtering options to suit different user needs.

Conclusion

This program may be a valid option for those of us who want to pay for “that bit more” out of our computer security software and want to go beyond the operating-system-standard desktop firewall and the free anti-virus programs like AVG and Avast.

Statement of benefit: I have been provided with the 3-computer 2-year subscription which is worth AUD$159.95 including GST (street price $84 including GST) as a complementary product in order for me to review it.