Tag: antivirus

You can get Kaspersky desktop security for free if you bank with Barclays

Article – From the horse’s mouth

Barclays Bank

Special offer for Barclays Bank online customers

My Comments

Kaspersky Internet Security 2014 - press image courtesy Kaspersky LabsIn 2009, I had reviewed a copy of Kaspersky Internet security and had found that it was the start of things to come for a capable desktop-security program. Then I had read some comparisons of various desktop security programs and found that this same program was doing its job without trading off performance unlike the Norton software where I have heard complaints about sluggish performance. Lately, I have even recommended this program as a desktop-security solution for people who have asked me about their home-computer security needs.

Barclays, a well-known UK bank who had been the victim of a “distraction-burglary” hacking scam, has now offered a partnership deal with their online-banking customers by offering free copies of this software. This also applies to those of us who have continued a subscription with Kaspersky for the software and the subscription is up for renewal.

What I like of this is that Barclays have led the field by a partnership with a desktop security software vendor to protect their customers from the varying forms of malware that can compromise the sanctity of their customer’s banking and personal data.

Desktop security moves from virus-hunting to more tasks according to Symantec

Article

“Antivirus is dead” says maker of Norton AntiVirus | PC World

Antivirus Is Dead — Long Live Antivirus | Krebs On Security

My Comments

What did anti-virus software do?

McAfee LiveSafe desktop security program

A typical desktop-security program in action

Previously, an anti-virus program was regularly vetting software against a known signature-based list of virus software or, in some cases, Trojan-Horse software. Better programs of this class also implemented “heuristics-based” detection that observed software behaviour for known virus-like characteristics.

The software authors beihind the anti-virus programs were playing cat-and-mouse with the malware authors who are trying to get their rotten software on to our computers. For example, malware authors use “crypting” services to hide their software from the gateway software, typically through the use of obfuscation.

What have the anti-virus software programs evolved to?

These have evolved to robust “desktop security” software suites that perform many different security functions for the computers they are protecting.

Firstly they work with your email client software to vet your incoming email for spam and phishing emails. This will typically work with client-based email setups like Outlook, Apple Mail, Windows Live Mail and others rather than Webmail setups like GMail or Hotmail.

As well, they implement a desktop firewall that  verifies traffic coming to and from the Internet and home network so that malware can’t easily “report to sender” to fulfill its task.

They also implement a wider malware-checking mandate such as catching out rootkits, adware and spyware. Sometimes this is done on a “software reputation” mechanism or observing for particular behaviour traits.

Another function is to implement a “reputation check” for the websites that you visit. This checks whether a Website is a host for questionable software or implementing other questionable practices. This may also be included with a desktop content-filtering function which filters against pornography, hatred and other undesireable content.

They also work as a privacy watchdog by monitoring Websites or social-media services for improper activity that threatens your privacy or that of your child or other vulnerable person.

But, wait, there’s more!

Some of these programs offer extra functionality in the form of a password vault which looks after the passwords for the Websites and other resources you visit.

They may offer a client-server VPN so you can use the Web from other networks like your friends’ and relatives homes or public networks in a secure manner. Similarly, they offer a secure file-storage option, whether on the cloud or on your local machine.

Different levels of functionality available

Most desktop security suites pitched at the home or small-business user tend to be sold with client-focused manageability where you set their parameters to manage that particular client computer. If you have multiple computers, you have to manually replicate that same setup across those computers. As well, they are priced either “per machine” or in a licence-pack that covers up to five or, in some cases, ten machines. You may be lucky to have the software provided as a site-licence that covers equipment owned by a particular household.

Conversely, desktop-security software that is targeted at the big business or at some small businesses is set up for management of multiple machines from one logical point. This includes the ability to deploy the same software across multiple machines yet have the same standards preserved across the multiple machines. They are typically priced in licence-packs that encompass many machines or may also offer a site-licence deal which covers all equipment kept at a particular location or by a particular organisation.

Microsoft Security Essentials–now free to small shops and offices and the like

News article

Microsoft Security Essentials available to Small Businesses on October 7

My comments

Microsoft have an entry-level antimalware program called Security Essentials which was previously available free to home users and students. This required all business users to consider using their premium Forefront Security Suite or other competing desktop security software solutions for their computer security.

This put small businesses and organisations lie shops, medical practices, religious organisations, non-profits and the like who had a few computers on their network in a very difficult position especially when it came to easy-to-manage desktop security software, Now Microsoft have answered this need by varying the End User License Agreement for this program to allow small business users with up to 10 computers to run this program.

One of the reasons that I am pleased with this change is that it is easy for the owner of a small organisation (who is responsible for that organisation’s IT) to set up and manage desktop security on Windows-based computers with this easy-to-manage program. It works in conjunction with Windows Firewall and has very little that is needed to adjust, which will please most of this kind of user who may not have good computer skills.

This therefore may be a way for a small shop or similar operation with a few Windows computers to save money on their desktop security software. One improvement I would like to see is for Apple MacOS users to benefit from a free desktop-security program because as this platform becomes popular, malware writers will target it.

Criminal legal action now being taken concerning “scareware”

 Articles

Scareware Indictments Put Cybercriminals on Notice – Microsoft On The Issues

Swede charged in US over ‘scareware’ scheme | The Local (Sweden’s News in English) – Sweden

US-Behörden klagen Scareware-Betrüger an | Der Standard (Austria – German language)

From the horse’s mouth

FBI Press release

My comments

What is scareware

Scareware is a form of malware that presents itself as desktop security software. Typically this software uses a lot of emphasis on “flashing-up” of user-interface dialogs that mimic known desktop security programs, whether as add-on programs or functions that are integral to the operating system. They also put up dialogs requiring you to “register” or “activate” the software in a similar manner to most respected programs. This usually leads you to Web sites that require you to enter your credit-card number to pay for the program.

In reality, they are simply another form of Trojan Horse that is in a similar manner to the easy-to-write “fake login screen” Trojans that computer hackers have created in order to capture an administrator’s high-privilege login credentials. Some of the scareware is even written to take over the computer user’s interactive session, usually with processes that start when the computer starts, so as to “ring-fence” the user from vital system-control utilities like Task Manager, Control Panel or command-line options. In some cases, they also stop any executable files from running unless it is one of a narrow list of approved executable files. They are also known to nobble regular desktop anti-malware programs so that they don’t interfere with their nefarious activities. This behaviour outlined here is from observations that I had made over the last few weeks when I was trying to get a teenager’s computer that was infested with “scareware” back to normal operation.

Who ends up with this scareware on their computer

Typically the kind of user who will end up with such software on their computer would be consumers and small-business operators who are computer-naive or computer-illiterate and are most likely to respond to banner ads hawking “free anti-virus software”. They may not know which free consumer-grade anti-virus programs exist for their computing environment. In a similar context, they may have found their computer is operating below par and they have often heard advice that their computer is infested with viruses.

What you should do to avoid scareware and how should you handle an infestation

The proper steps to take to avoid your computer being infested with scareware is to make sure you are using reputable desktop security software on your computer. If you are strapped for cash, you should consider using AVG, Avast, Avira or Microsoft Security Essentials which have the links in the links column on the right of your screen when reading this article on the site.

If you have a computer that is already infected with this menace, it is a good idea to use another computer, whether on your home network or at your workplace, to download a “process-kill” utility like rkill.com to a USB memory key or CD-R and run this on the infected computer immediately after you log in. It may alos be worth visiting the “Bleeping Computer” resource site for further information regarding removing that particular scareware threat that is affecting your computer. This is because I have had very good experience with this site as a resource when I handled a computer that was infested with scareware.

If you are at a large workplace with a system administrator, ask them to prepare a “rescue CD” with the utilities from the “bleeping-computer” Web site or provide a link or “safe-site” option on your work-home laptop to this site so you can use this computer as a “reference” unit for finding out how to remove scareware from a computer on your home network.

How the criminal law fits in to this equation

The criminal law is now being used to target the “scareware” epidemic through the use of charges centred around fraud or deception. Like other criminal cases involving the online world, the situation will touch on legal situations where the offenders are resident in one or more differing countries and the victims are in the same or different other countries at the time of the offence.

This case could raise questions concerning different standards of proof concerning trans-national criminal offences as well as the point of trial for any such offences. 

Conclusion

Once you know what the “scareware” menace is, you are able to know that criminal-law measures are being used to tackle it and that you can recognise these threats and handle an infestation.

Disclaimer regarding ongoing criminal cases

This article pertains to an ongoing criminal-law action that is likely to go to trial. Nothing in this article is written to infer guilt on the accused parties who are innocent until proven guilty beyond reasonable doubt in a court of law. All comments are based either on previously-published material or my personal observations relevant to the facts commonly known.

Criminal legal action now being taken concerning “scareware”

Articles

Scareware Indictments Put Cybercriminals on Notice – Microsoft On The Issues

Swede charged in US over ‘scareware’ scheme | The Local (Sweden’s News in English) – Sweden

US-Behörden klagen Scareware-Betrüger an | Der Standard (Austria – German language)

From the horse’s mouth

FBI Press release

My comments

What is scareware

Scareware is a form of malware that presents itself as desktop security software. Typically this software uses a lot of emphasis on “flashing-up” of user-interface dialogs that mimic known desktop security programs, whether as add-on programs or functions that are integral to the operating system. They also put up dialogs requiring you to “register” or “activate” the software in a similar manner to most respected programs. This usually leads you to Web sites that require you to enter your credit-card number to pay for the program.

In reality, they are simply another form of Trojan Horse that is in a similar manner to the easy-to-write “fake login screen” Trojans that computer hackers have created in order to capture an administrator’s high-privilege login credentials. Some of the scareware is even written to take over the computer user’s interactive session, usually with processes that start when the computer starts, so as to “ring-fence” the user from vital system-control utilities like Task Manager, Control Panel or command-line options. In some cases, they also stop any executable files from running unless it is one of a narrow list of approved executable files. They are also known to nobble regular desktop anti-malware programs so that they don’t interfere with their nefarious activities. This behaviour outlined here is from observations that I had made over the last few weeks when I was trying to get a teenager’s computer that was infested with “scareware” back to normal operation.

Who ends up with this scareware on their computer

Typically the kind of user who will end up with such software on their computer would be consumers and small-business operators who are computer-naive or computer-illiterate and are most likely to respond to banner ads hawking “free anti-virus software”. They may not know which free consumer-grade anti-virus programs exist for their computing environment. In a similar context, they may have found their computer is operating below par and they have often heard advice that their computer is infested with viruses.

What you should do to avoid scareware and how should you handle an infestation

The proper steps to take to avoid your computer being infested with scareware is to make sure you are using reputable desktop security software on your computer. If you are strapped for cash, you should consider using AVG, Avast, Avira or Microsoft Security Essentials which have the links in the links column on the right of your screen when reading this article on the site.

If you have a computer that is already infected with this menace, it is a good idea to use another computer, whether on your home network or at your workplace, to download a “process-kill” utility like rkill.com to a USB memory key or CD-R and run this on the infected computer immediately after you log in. It may alos be worth visiting the “Bleeping Computer” resource site for further information regarding removing that particular scareware threat that is affecting your computer. This is because I have had very good experience with this site as a resource when I handled a computer that was infested with scareware.

If you are at a large workplace with a system administrator, ask them to prepare a “rescue CD” with the utilities from the “bleeping-computer” Web site or provide a link or “safe-site” option on your work-home laptop to this site so you can use this computer as a “reference” unit for finding out how to remove scareware from a computer on your home network.

How the criminal law fits in to this equation

The criminal law is now being used to target the “scareware” epidemic through the use of charges centred around fraud or deception. Like other criminal cases involving the online world, the situation will touch on legal situations where the offenders are resident in one or more differing countries and the victims are in the same or different other countries at the time of the offence.

This case could raise questions concerning different standards of proof concerning trans-national criminal offences as well as the point of trial for any such offences.

Conclusion

Once you know what the “scareware” menace is, you are able to know that criminal-law measures are being used to tackle it and that you can recognise these threats and handle an infestation.

Disclaimer regarding ongoing criminal cases

This article pertains to an ongoing criminal-law action that is likely to go to trial. Nothing in this article is written to infer guilt on the accused parties who are innocent until proven guilty beyond reasonable doubt in a court of law. All comments are based either on previously-published material or my personal observations relevant to the facts commonly known.

Product Review – Kaspersky Internet Security 2010

This is my first Internet-security product review for this blog and this product class is a very competitive one, now that there are free “home edition” or “entry edition” programs being offered to Windows platform users from the likes of AVG, Avast and Microsoft. Kaspersky has been known to offer a line of affordable desktop and network security programs that have been built on a strong security platform and this program is no exception.

Installation and Use

The installation went ahead very smoothly and was able to draw attention to a clash between this program and my prior setup which was Windows Firewall as the desktop firewall solution and Avast Home Edition as the anti-malware solution, and offered to uninstall Avast Home Edition before installing itself.

Kaspersky - dashboard

Kaspersky's main operating console

The main software dashboard has a “traffic-light” bar at the top which glows green for a safe environment, yellow for situations that need your attention and red for dangerous environments. It uses a tabbed interface which can show information that pertains to particular aspects of the program. This dashboard can be minimised to a “red K” indicator located in the System Notification Area on the Taskbar and ends up being relative unobtrusive. If it needs to draw your attention, a coloured “pop-up” message shows near that area. You don’t even see “splash screens” when the program starts during the system’s boot cycle, unlike what happens with Norton AntiVirus and other computer-security software delivered as “crapware” with many Windows computers.

Kaspersky - notification bar

Notification Tray icon

The program does download many updates through the day because of the nature of the computer-security threats that evolve too quickly. This is typically indicated with a “globe” symbol underneath the “red K” indicator when the program is minimised to the System Notification Area.

Performance

Kaspersky’s performance under a “full-scan” situation is typical for may desktop computer-security applications because this involves reading files from the computer’s hard disk which is competitive with applications that need use of the hard disk. It had highlighted a password-protected executable file as a risk because of the fact that this can become a way of concealing malware.

The software’s “behind-the-scenes” behaviour can impinge on system performance if you are doing anything that is graphic intensive. But there is an option to have the program concede resources to other computing tasks.

Kaspersky - Gaming profile

Gaming Profile option

The program also has options available for optimising its behaviour to particular situations. For example, there is an option to disable scheduled scans when a laptop computer is running on batteries and a “gaming mode” which reduces its presence and can disable scheduled scans and updates when you are playing a full-screen game or video and you don’t want the program to interrupt you.

From what I have observed, Kaspersky does a very good job at maintaining a “sterile zone” for your computer. For example, if you plug in a USB memory key, the program will scan the memory key for malware. This is important with malware like the Conficker worm that has been attacking Windows computers and creeping on to USB memory keys.

Privacy protection and security options

There is an optional on-screen virtual keyboard that works against keystroke loggers which capture data from the hardware keyboard.It may not be a defence against keystroke loggers that capture the character stream that is received by an application or software that records on-screen activity.

There is also an anti-banner-ad module which may appeal only to those who “hear no ads, see no ads, speak no ads”. I wouldn’t use this for most Web browsing activities and you still need to be careful that you run only one “pop-up blocker” at a time. I would rather that this can be used to filter advertising that is used for “fly-by-night” offers.

The e-mail protection does work with Windows Live Mail but, if you want to run it as an anti-spam solution for any e-mail client, you have to have it list your mail on a separate screen so you can tell which mail is which. This feature may be useless if you are running multiple other anti-spam measures such as a spam filter integrated in to your mail client or provided as part of your email service.

Desktop content filter

I do have a personal reservation about desktop-based “parental-control” programs because these programs only control the content that arrives at the computer that they run on. This may be OK for situations where the Internet access is primarily on the general-purpose computer that they run on. It doesn’t suit an increasingly-real environment where Internet access is being done on other terminals such as smartphones, multifunction Internet devices, games consoles, and Internet-enabled TVs. Here, I would prefer a “clean feed” that is provided as an option in the Internet service or the content-filtering software to be installed in a very fast router. The desktop filter can work well if a computer is taken to places like hotspots that don’t provide a filtered Internet service.

The content control is also limited to few categories such as the “usual suspects” (porn, gambling, drugs, violence, weapons, explicit language). There isn’t the ability to filter on “hatred” and “intolerance” sites which may be a real issue in today’s world, although the weapons and violence categories may encompass some of that material. I would like to see more granular filtering to suit different age groups and needs.

Nice to have

A feature that this program could have is management of interface to UPnP IGD routers. This could include identifying port-forward requests by applications and checking that these port-forward requests are destroyed when the application is stopped. This could include destroying port-forward requests when the application crashes or clearing all port-forward requests when the system starts so as to clean up port-forwarding “holes” left when a UPnP-enabled application or the system crashes. This is because I have noticed port-forward settings being left standing when an instant-messaging application, game or similar UPnP-enabled application crashes and the router’s UPnP port-forward list has settings from these prior sessions still open. This can provide various back door opportunities to exist for hackers and botnets to operate.

Macintosh users are looked after by Kaspersky through the “Kaspersky AntiVirus For Mac” program which provides virus protection for that platform. It doesn’t provide the full Internet security options that this program has to offer but there may be a desktop firewall built in to MacOS X which can protect against Internet hacks.

As far as the desktop content filter is concerned, I would like to see increased filtering options like an option to filter out “hatred” / “intolerance” sites; and “games and sports” for business needs. There should also be the ability to set up granular filtering options to suit different user needs.

Conclusion

This program may be a valid option for those of us who want to pay for “that bit more” out of our computer security software and want to go beyond the operating-system-standard desktop firewall and the free anti-virus programs like AVG and Avast.

Statement of benefit: I have been provided with the 3-computer 2-year subscription which is worth AUD$159.95 including GST (street price $84 including GST) as a complementary product in order for me to review it.

avast! blog » Can you Trust Free Anti-Virus?

avast! blog » Can you Trust Free Anti-Virus? – Link to blog on Avast site

My comments on the issue concerning free anti-virus software

I always prefer that every computer has a reputable anti-virus software program running on it and, through this blog, I have always recommended AVG or avast free anti-virus solutions for home users and students. I would also consider the paid-for versions of these programs for users that don’t fit the mould provided for the free versions.

From my experience, these programs and their paid-for equivalents from the same suppliers, can do their job without placing too much stress on the computer. This is compared to the likes of the “big majors” (Trend Micro, Symantec, etc) who supply the computers sold in chain stores with trialware anti-virus solutions that can place a dent on the computer’s performance with their dominant graphics.

As well, the free programs and their paid-for equivalents work tightly with the operating system rather than take over the operating system. This is more so with the latest incarnations of Windows because of the designed-in security functionality that these operating systems have like Windows Firewall. Here, you can do most of your configuring through Windows and your default browser rather than through weird panels that take up a large part of the screen. The programs are as regularly updated as the majors and are even updated to include protection from newer infection vectors like instant messaging.

One thing that AVG, avast and the like could do is “offer” a trade-in deal where if a person who is subscribing to a “major” anti-virus solution like Norton or Trend Micro can switch over to the “professional” versions of these free anti-virus solutions for a cheaper price or for free. If the “professional” solution is sold on a subscription basis, they could offer a longer subscription deal like a “2 years for 1 year” package or a “first year is on us” deal.

This could allow the user to save money on their anti-virus solutions without forfeiting the security level that they are benefiting from..