Category: Desktop Security Software

The French have fielded another alternative to TrueCrypt

Article (French language / Langue Française)

VeraCrypt, une alternative française à TrueCrypt | Le Monde Informatique

From the horse’s mouth

Idrix

VeraCrypt product page

My Comments

TrueCrypt is a source-available encryption engine used primarily in Windows 7 and 8 as part of the BitLocker volume encryption function that the operating systems offer. Lately, further maintenance of this encryption engine had ceased with accusations of the likes of NSA putting pressure on the developers to cease maintaining it.

A few other third-party encryption engines have surfaced from Europe such as the VeraCrypt engine from France and a fork of this engine constructed in Switzerland. This is in response to Europeans having a distrust for “big government” having access to personal data due to being burnt by the Hitler, Mussolini and Franco regimes in the West and the Communist governments in Russia and the East.

Idrix has worked on the French VeraCrypt project which is pitched as being easy to use for small business, non-profit organisations and individual users. Like all encryption software, it doesn’t support the ability to “trans-crypt” i.e. convert an encrypted volume over to another encryption mechanism.

It will be initially issued for the Windows regular-computer platform but a port is being expected soon for the MacOS X (Apple Macintosh) and Linux platforms. As well, it is being made available for free and as open-source software.

But what I see of this is an attempt for European companies to “break through” the US stranglehold that can accompany the computer software scene and for European culture and norms to be respected in this field.

The Apple Macintosh platform–now the target for malware

Introduction

In the late 1980s when the scourge of computer viruses hitting popular home and small-business computing platforms was real, this issue was exposed across all of the platforms that were in use during that year. This encompassed Apple’s two desktop platforms i.e. the Apple II and the Macintosh; along with the Commodore Amiga, the Atari ST and, of course the MS-DOS-driven “IBM” platform. Of course, the computer magazines ran articles about this threat and how to protect against it and disinfect your computing environment from these software pests.

But through the 1990s, the Windows / DOS systems were the main malware target, especially the Windows 98 and XP systems that ran Internet Explorer due to their popularity. The other platforms weren’t targeted that much due to their lesser popularity in the field and the computer press didn’t touch on that issue much. It was also because some of these platforms like the Amiga and Atari ST weren’t being supported any more by their manufacturers.

But lately there has become a trend for people to hop from the Windows platform to the Macintosh platform due to reduced targeting by malware authors and the perceived hardening that Apple has done to this platform. This has been recently augmented by the popularity of the iOS mobile-computing devices i.e. the iPhone, iPod Touch and iPad as well as elegant computing devices available to this platform. All of these factors has led to an increased popularity of Apple Macintosh computers in the feild and they have become a target for malware authors.

But most Macintosh users run their computers with the Apple-authored Safari Web browser and are likely to implement Apple iWork or Microsoft Office productivity software. They also run these computers without any desktop-security or system-maintenance tools because they perceive that Apple has made the task of keeping these computers in ideal condition easier than with the Windows platform.

What can Macintosh users do

Macintosh users can harden their computers against malware by installing and keeping up-to-date a desktop security suite. A free example of this is the Avast program that has been recently ported to the Macintosh platform and another paid-for premium example is the Kaspersky desktop-security suite. These programs are, along with a system-maintenance suite like Norton Utilities, a must-have so you can keep these computers working in an ideal condition.

Another practice that I always encourage is to keep all the software on your Macintosh computer lock-step with the latest updates. This can also help with dealing with any bugs or stability issues that may affect how the software runs on your computer. Here, you may want to enable a fully-automatic update routine for security and other important updates or a semi-automatic routine where the Macintosh checks for these updates and draws your attention to any newly-available updates, that you then deploy.

It is also worth disabling Adobe Flash Player, Java and similar “all-platform runtime” environments if you don’t need to run them. There are many articles on the Web about this in response to the Flashback Trojan Horse. Otherwise make sure that the runtime environments are kept updated. Similarly, you may want to change your default Web browser to a purely-open-source browsers like Firefox or Chrome, which is more likely to be kept up-to-date against known bugs and weaknesses. This was also made easier with new-build installations of MacOS X Lion i.e. when you had a new Macintosh with this operating system “out of the box”. Prior operating systems had the Java runtime installed by default and this survived any operating-system upgrade.

What Apple needs to do

Apple needs to come down from its silver cloud and see the realities of what is involved with keeping a computer in good order. For example, they need to provide desktop-security and system-tuning tools so that users can keep their Macintosh computers in tip-top condition and free from malware. They also need to transparently and immediately implement all updates and upgrades that Oracle releases for the Java environment in to their distribution or allow Oracle to distribute the Java environment  for the Macintosh platform.

As well, they need to take a leaf out of Microsoft’s book by implenenting a “default-standard-user” setup that has the user operating as a “desktop-user” privilege level by default. Then the user is asked if they want to go to an “administrator” privilege-level when they perform a task that requires this level and only for the duration of that task. This is important with home and small-business computer setups where there is typically only one fully-privileged user created for that system.

Conclusion

What the recent “Flashback” Trojan Horse has done is to bring the Apple Macintosh platform to a real level where issues concerning desktop security and system maintenance are as important for it as they are for other platforms.

Microsoft Security Essentials–now free to small shops and offices and the like

News article

Microsoft Security Essentials available to Small Businesses on October 7

My comments

Microsoft have an entry-level antimalware program called Security Essentials which was previously available free to home users and students. This required all business users to consider using their premium Forefront Security Suite or other competing desktop security software solutions for their computer security.

This put small businesses and organisations lie shops, medical practices, religious organisations, non-profits and the like who had a few computers on their network in a very difficult position especially when it came to easy-to-manage desktop security software, Now Microsoft have answered this need by varying the End User License Agreement for this program to allow small business users with up to 10 computers to run this program.

One of the reasons that I am pleased with this change is that it is easy for the owner of a small organisation (who is responsible for that organisation’s IT) to set up and manage desktop security on Windows-based computers with this easy-to-manage program. It works in conjunction with Windows Firewall and has very little that is needed to adjust, which will please most of this kind of user who may not have good computer skills.

This therefore may be a way for a small shop or similar operation with a few Windows computers to save money on their desktop security software. One improvement I would like to see is for Apple MacOS users to benefit from a free desktop-security program because as this platform becomes popular, malware writers will target it.

Now McAfee is under Intel’s control

Articles

Intel acquires McAfee for $7.68 billion – Engadget

My comments

Most of the laptops that I have reviewed on this blog came with a trial edition of a McAfee desktop-security program. Similarly, there are some people who have cottoned on to a McAfee desktop-security solution of some form, either by taking out a full subscription to a trial program that came with their new computer, used a business-supplied program or, for long-time computer hobbyists and students, ran the shareware program on their DOS-based PCs to keep the likes of “Ping Pong” or “Stoned” off their hard disks.

This program, one of the “old dogs” of PC virus control and desktop security, has served many users very well but some users would find that Intel owning McAfee may change the course of the McAfee product lineup either to make it more cheaper or costlier. It could also be a chance to make for a “vertical” desktop-security package directed at a particular user group or, as I would hope for, prepare a competitive antivirus program for the Apple Macintosh platform. This is because as more people take to the Macintosh platform, the “computer underworld” could work on that platform and create malware for it.

A good question to ask is whether McAfee, being profitable, was simply bought out by Intel or whether McAfee was posting a loss and Intel offered to buy out the software company to offset the losses. The latter situation may be brought about by the arrival of the free desktop antivirus programs offered by AVG, Avira, Avast and Microsoft; and the fact that Microsoft is providing a highly-competent desktop firewall program that is baked in to the Windows Vista and 7 operating systems.

Who knows what could be the direction for premium desktop security programs, especially for the Windows platforms.

Criminal legal action now being taken concerning “scareware”

 Articles

Scareware Indictments Put Cybercriminals on Notice – Microsoft On The Issues

Swede charged in US over ‘scareware’ scheme | The Local (Sweden’s News in English) – Sweden

US-Behörden klagen Scareware-Betrüger an | Der Standard (Austria – German language)

From the horse’s mouth

FBI Press release

My comments

What is scareware

Scareware is a form of malware that presents itself as desktop security software. Typically this software uses a lot of emphasis on “flashing-up” of user-interface dialogs that mimic known desktop security programs, whether as add-on programs or functions that are integral to the operating system. They also put up dialogs requiring you to “register” or “activate” the software in a similar manner to most respected programs. This usually leads you to Web sites that require you to enter your credit-card number to pay for the program.

In reality, they are simply another form of Trojan Horse that is in a similar manner to the easy-to-write “fake login screen” Trojans that computer hackers have created in order to capture an administrator’s high-privilege login credentials. Some of the scareware is even written to take over the computer user’s interactive session, usually with processes that start when the computer starts, so as to “ring-fence” the user from vital system-control utilities like Task Manager, Control Panel or command-line options. In some cases, they also stop any executable files from running unless it is one of a narrow list of approved executable files. They are also known to nobble regular desktop anti-malware programs so that they don’t interfere with their nefarious activities. This behaviour outlined here is from observations that I had made over the last few weeks when I was trying to get a teenager’s computer that was infested with “scareware” back to normal operation.

Who ends up with this scareware on their computer

Typically the kind of user who will end up with such software on their computer would be consumers and small-business operators who are computer-naive or computer-illiterate and are most likely to respond to banner ads hawking “free anti-virus software”. They may not know which free consumer-grade anti-virus programs exist for their computing environment. In a similar context, they may have found their computer is operating below par and they have often heard advice that their computer is infested with viruses.

What you should do to avoid scareware and how should you handle an infestation

The proper steps to take to avoid your computer being infested with scareware is to make sure you are using reputable desktop security software on your computer. If you are strapped for cash, you should consider using AVG, Avast, Avira or Microsoft Security Essentials which have the links in the links column on the right of your screen when reading this article on the site.

If you have a computer that is already infected with this menace, it is a good idea to use another computer, whether on your home network or at your workplace, to download a “process-kill” utility like rkill.com to a USB memory key or CD-R and run this on the infected computer immediately after you log in. It may alos be worth visiting the “Bleeping Computer” resource site for further information regarding removing that particular scareware threat that is affecting your computer. This is because I have had very good experience with this site as a resource when I handled a computer that was infested with scareware.

If you are at a large workplace with a system administrator, ask them to prepare a “rescue CD” with the utilities from the “bleeping-computer” Web site or provide a link or “safe-site” option on your work-home laptop to this site so you can use this computer as a “reference” unit for finding out how to remove scareware from a computer on your home network.

How the criminal law fits in to this equation

The criminal law is now being used to target the “scareware” epidemic through the use of charges centred around fraud or deception. Like other criminal cases involving the online world, the situation will touch on legal situations where the offenders are resident in one or more differing countries and the victims are in the same or different other countries at the time of the offence.

This case could raise questions concerning different standards of proof concerning trans-national criminal offences as well as the point of trial for any such offences. 

Conclusion

Once you know what the “scareware” menace is, you are able to know that criminal-law measures are being used to tackle it and that you can recognise these threats and handle an infestation.

Disclaimer regarding ongoing criminal cases

This article pertains to an ongoing criminal-law action that is likely to go to trial. Nothing in this article is written to infer guilt on the accused parties who are innocent until proven guilty beyond reasonable doubt in a court of law. All comments are based either on previously-published material or my personal observations relevant to the facts commonly known.

Criminal legal action now being taken concerning “scareware”

Articles

Scareware Indictments Put Cybercriminals on Notice – Microsoft On The Issues

Swede charged in US over ‘scareware’ scheme | The Local (Sweden’s News in English) – Sweden

US-Behörden klagen Scareware-Betrüger an | Der Standard (Austria – German language)

From the horse’s mouth

FBI Press release

My comments

What is scareware

Scareware is a form of malware that presents itself as desktop security software. Typically this software uses a lot of emphasis on “flashing-up” of user-interface dialogs that mimic known desktop security programs, whether as add-on programs or functions that are integral to the operating system. They also put up dialogs requiring you to “register” or “activate” the software in a similar manner to most respected programs. This usually leads you to Web sites that require you to enter your credit-card number to pay for the program.

In reality, they are simply another form of Trojan Horse that is in a similar manner to the easy-to-write “fake login screen” Trojans that computer hackers have created in order to capture an administrator’s high-privilege login credentials. Some of the scareware is even written to take over the computer user’s interactive session, usually with processes that start when the computer starts, so as to “ring-fence” the user from vital system-control utilities like Task Manager, Control Panel or command-line options. In some cases, they also stop any executable files from running unless it is one of a narrow list of approved executable files. They are also known to nobble regular desktop anti-malware programs so that they don’t interfere with their nefarious activities. This behaviour outlined here is from observations that I had made over the last few weeks when I was trying to get a teenager’s computer that was infested with “scareware” back to normal operation.

Who ends up with this scareware on their computer

Typically the kind of user who will end up with such software on their computer would be consumers and small-business operators who are computer-naive or computer-illiterate and are most likely to respond to banner ads hawking “free anti-virus software”. They may not know which free consumer-grade anti-virus programs exist for their computing environment. In a similar context, they may have found their computer is operating below par and they have often heard advice that their computer is infested with viruses.

What you should do to avoid scareware and how should you handle an infestation

The proper steps to take to avoid your computer being infested with scareware is to make sure you are using reputable desktop security software on your computer. If you are strapped for cash, you should consider using AVG, Avast, Avira or Microsoft Security Essentials which have the links in the links column on the right of your screen when reading this article on the site.

If you have a computer that is already infected with this menace, it is a good idea to use another computer, whether on your home network or at your workplace, to download a “process-kill” utility like rkill.com to a USB memory key or CD-R and run this on the infected computer immediately after you log in. It may alos be worth visiting the “Bleeping Computer” resource site for further information regarding removing that particular scareware threat that is affecting your computer. This is because I have had very good experience with this site as a resource when I handled a computer that was infested with scareware.

If you are at a large workplace with a system administrator, ask them to prepare a “rescue CD” with the utilities from the “bleeping-computer” Web site or provide a link or “safe-site” option on your work-home laptop to this site so you can use this computer as a “reference” unit for finding out how to remove scareware from a computer on your home network.

How the criminal law fits in to this equation

The criminal law is now being used to target the “scareware” epidemic through the use of charges centred around fraud or deception. Like other criminal cases involving the online world, the situation will touch on legal situations where the offenders are resident in one or more differing countries and the victims are in the same or different other countries at the time of the offence.

This case could raise questions concerning different standards of proof concerning trans-national criminal offences as well as the point of trial for any such offences.

Conclusion

Once you know what the “scareware” menace is, you are able to know that criminal-law measures are being used to tackle it and that you can recognise these threats and handle an infestation.

Disclaimer regarding ongoing criminal cases

This article pertains to an ongoing criminal-law action that is likely to go to trial. Nothing in this article is written to infer guilt on the accused parties who are innocent until proven guilty beyond reasonable doubt in a court of law. All comments are based either on previously-published material or my personal observations relevant to the facts commonly known.

Product Review – Kaspersky Internet Security 2010

This is my first Internet-security product review for this blog and this product class is a very competitive one, now that there are free “home edition” or “entry edition” programs being offered to Windows platform users from the likes of AVG, Avast and Microsoft. Kaspersky has been known to offer a line of affordable desktop and network security programs that have been built on a strong security platform and this program is no exception.

Installation and Use

The installation went ahead very smoothly and was able to draw attention to a clash between this program and my prior setup which was Windows Firewall as the desktop firewall solution and Avast Home Edition as the anti-malware solution, and offered to uninstall Avast Home Edition before installing itself.

Kaspersky - dashboard

Kaspersky's main operating console

The main software dashboard has a “traffic-light” bar at the top which glows green for a safe environment, yellow for situations that need your attention and red for dangerous environments. It uses a tabbed interface which can show information that pertains to particular aspects of the program. This dashboard can be minimised to a “red K” indicator located in the System Notification Area on the Taskbar and ends up being relative unobtrusive. If it needs to draw your attention, a coloured “pop-up” message shows near that area. You don’t even see “splash screens” when the program starts during the system’s boot cycle, unlike what happens with Norton AntiVirus and other computer-security software delivered as “crapware” with many Windows computers.

Kaspersky - notification bar

Notification Tray icon

The program does download many updates through the day because of the nature of the computer-security threats that evolve too quickly. This is typically indicated with a “globe” symbol underneath the “red K” indicator when the program is minimised to the System Notification Area.

Performance

Kaspersky’s performance under a “full-scan” situation is typical for may desktop computer-security applications because this involves reading files from the computer’s hard disk which is competitive with applications that need use of the hard disk. It had highlighted a password-protected executable file as a risk because of the fact that this can become a way of concealing malware.

The software’s “behind-the-scenes” behaviour can impinge on system performance if you are doing anything that is graphic intensive. But there is an option to have the program concede resources to other computing tasks.

Kaspersky - Gaming profile

Gaming Profile option

The program also has options available for optimising its behaviour to particular situations. For example, there is an option to disable scheduled scans when a laptop computer is running on batteries and a “gaming mode” which reduces its presence and can disable scheduled scans and updates when you are playing a full-screen game or video and you don’t want the program to interrupt you.

From what I have observed, Kaspersky does a very good job at maintaining a “sterile zone” for your computer. For example, if you plug in a USB memory key, the program will scan the memory key for malware. This is important with malware like the Conficker worm that has been attacking Windows computers and creeping on to USB memory keys.

Privacy protection and security options

There is an optional on-screen virtual keyboard that works against keystroke loggers which capture data from the hardware keyboard.It may not be a defence against keystroke loggers that capture the character stream that is received by an application or software that records on-screen activity.

There is also an anti-banner-ad module which may appeal only to those who “hear no ads, see no ads, speak no ads”. I wouldn’t use this for most Web browsing activities and you still need to be careful that you run only one “pop-up blocker” at a time. I would rather that this can be used to filter advertising that is used for “fly-by-night” offers.

The e-mail protection does work with Windows Live Mail but, if you want to run it as an anti-spam solution for any e-mail client, you have to have it list your mail on a separate screen so you can tell which mail is which. This feature may be useless if you are running multiple other anti-spam measures such as a spam filter integrated in to your mail client or provided as part of your email service.

Desktop content filter

I do have a personal reservation about desktop-based “parental-control” programs because these programs only control the content that arrives at the computer that they run on. This may be OK for situations where the Internet access is primarily on the general-purpose computer that they run on. It doesn’t suit an increasingly-real environment where Internet access is being done on other terminals such as smartphones, multifunction Internet devices, games consoles, and Internet-enabled TVs. Here, I would prefer a “clean feed” that is provided as an option in the Internet service or the content-filtering software to be installed in a very fast router. The desktop filter can work well if a computer is taken to places like hotspots that don’t provide a filtered Internet service.

The content control is also limited to few categories such as the “usual suspects” (porn, gambling, drugs, violence, weapons, explicit language). There isn’t the ability to filter on “hatred” and “intolerance” sites which may be a real issue in today’s world, although the weapons and violence categories may encompass some of that material. I would like to see more granular filtering to suit different age groups and needs.

Nice to have

A feature that this program could have is management of interface to UPnP IGD routers. This could include identifying port-forward requests by applications and checking that these port-forward requests are destroyed when the application is stopped. This could include destroying port-forward requests when the application crashes or clearing all port-forward requests when the system starts so as to clean up port-forwarding “holes” left when a UPnP-enabled application or the system crashes. This is because I have noticed port-forward settings being left standing when an instant-messaging application, game or similar UPnP-enabled application crashes and the router’s UPnP port-forward list has settings from these prior sessions still open. This can provide various back door opportunities to exist for hackers and botnets to operate.

Macintosh users are looked after by Kaspersky through the “Kaspersky AntiVirus For Mac” program which provides virus protection for that platform. It doesn’t provide the full Internet security options that this program has to offer but there may be a desktop firewall built in to MacOS X which can protect against Internet hacks.

As far as the desktop content filter is concerned, I would like to see increased filtering options like an option to filter out “hatred” / “intolerance” sites; and “games and sports” for business needs. There should also be the ability to set up granular filtering options to suit different user needs.

Conclusion

This program may be a valid option for those of us who want to pay for “that bit more” out of our computer security software and want to go beyond the operating-system-standard desktop firewall and the free anti-virus programs like AVG and Avast.

Statement of benefit: I have been provided with the 3-computer 2-year subscription which is worth AUD$159.95 including GST (street price $84 including GST) as a complementary product in order for me to review it.