Comments Off

By admin, February 19, 2009 14:54

Hot:

I saw this comment today on a malware site and I normally read them to see how folks troll malware sites looking for blame.
Folks, malware is your problem, not anyone elses.  I am constantly reminded how people fail to understand that its their actions and choices that cause the infections, and today social engineering is a big reason.
Even malware experts are not immune from falling victim to their tricks.  Its been like this for years and outside of the increase in targetted attacks,
its still the #1 reason.

Continue reading 'Editorial: Understanding why Malware infects your PC'»

Comments Off

By Admin, December 12, 2007 08:51

Hot:

I recently came across an article from ‘Information Security’ that reviewed several “Enterprise” class security suites. I have reviewed several here on this blog in the past year and have found very disappointing results. There have been a couple of new comer’s to the land of the personal desktop namely ‘Blink’ by eEye that I have been testing for several months. The tool isn’t ready for personal use, but it’s professional version has been commended for a while. This article compared Blink’s Enterprise tool (at time of writing I haven’t been able to confirm the differences between Pro and Enterprise).

For most readers of this blog, they may dismiss reviews of enterprise class applications but I decided to include it since for most of these vendors the Enterprise version represents the ‘best of the best’ of their offerings. As this review compares all the top providers including Symantec, CA, Trend Micro, ISS, eEye and a few others I decided it was worth while comparing them.

The article can be found here:

(I included the print-friendly version of the article as it is a 15 page review, and 15 pages is ridiculous since every page is barely a screenful on my PC, I prefer reading to clicking links and waiting for advertising to load so…)

A lot of these offerings are strictly for Windows machines, very few have linux offerings or Mac. Something to keep in mind if your network has blended OS’s you will have to seek other options for a network wide protection. However if your network is mostly Windows bases these products will meet your needs.

The offerings were presented and reviewed by many criteria, such as ‘ease of information gathering’ to usage, to malware detection capability.

The most interesting note to this is that NONE of the products had 100% detection. NONE! The best came in around 92% detection.

It’s also important to note that some were plainly incompetent at detecting malware that was present and moving around a machine. This too was a interesting consequence of the article.

Here is the features offered in the product.

The real nice extra feature that only two of the above offer is vulnerability scanning. This is a must to ensure your machines are patched and up to date. However the features can be very valuable in a work environment that can have strict policies, in a home environment its benefits will be less. My experience shows that they typically have inaccurate results so being able to use this as a guideline rather than a definitive state is important. Its still very valuable.

Since we like Blink, it’s also important to note that even the Personal version of their product offers all these features, most of the other vendors are not so accommodating for their lower end versions of the product.

So this review does in fact support our arguments regarding malware. There is NO 100% effective solution, so a multi-tiered approach to malware is wise.

It also proves our case about not relying on a traditional antivirus product alone. This type of product has pretty much no life in todays market. A blended product is what is required which most of these provide. It’s unfortunate that most of these companies cannot improve their offering to be more effective.

Additionally it’s important to note that ‘false positives’ are the #1 problem with most of these packages so it’s critical to compare ‘detection results’ with other products before making a decision to buy. As a lot of spyware vendors like to do with their product offerings is to have LARGE numbers of detection, regardless of it’s importance or even accuracy.

Comments Off

By Admin, September 4, 2006 13:40

Hot:

Like most folks these days I presume, you typically scan your computer either daily or weekly using a Anti-Virus program.  You also probably run cleanmgr.exe routinely to clean up your drives from junk and temp files.  You probably use some kind of firewall on the PC.  You probably also then use some kind of spyware product also.

I’ve become very disappointed with most spyware/adware products these days.  They are simply either ineffective or too paranoid.  Neither is an effective solution.  The industry leading Webroot is probably the most balanced on the market today, but it’s updating is making it ineffective when a outbreak occurs.  I for one will not buy a product that doesn’t effectively update its database constantly.  This is a big job and why I think it’s worth the money to spend on a solution, ONLY if it stays up to date. 

For a free solution you can always turn to SpyBot and Ad-aware SE.  Both these tools can be had for no cost stay ”reasonably” up to date, if not as current as some of the non-free products.  However every day one see’s a new product coming out claiming to be the latest and greatest. 

In order to get the most effective detection capabilities I think one needs to run the anti-spyware using a central repository that is constantly updated and does not require ”downloading” to update, or does so with the latest (built hourly) rules.

I have tried out Trend Micro Anti-Spyware Online Scan and will provide you with a step by step usage.

Using Trend Micro Online Scan

This is a very easy process.  The first thing you’ll obviously need is a PC connected to the Internet and to be running Internet Explorer v6.01 or greater to use the ActiveX component.

I tried it with Firefox using the ”IE Tab” extension, which worked fine, and also with the ”Open in IE” extension, which also worked fine.  Obviously the latter actually spawns IE, where the former simply opens a window within the firefox chrome.  If you don’t understand all this, don’t worry.  It works.

So, next you go to the link I provided above and allow the web site to install the ActiveX component which downloads the executable to perform the update and scan.

Once you get the executable running it will then update it’s rules from the repository at trend micro and start scanning.

Now we wait until it’s done.  The final result is noted by this screenshot we took:

From here we would have taken a very serious glance at the machine itself, if it wasn”t for the simple facts.

1.  This PC has Avast AV running, Scanned before detected nothing.
2.  This PC also has Tiny PF 2005 installed, and could not verify any infection directly or indirectly.
3.  We don’t know what it exactly found that was the problem.
So we take a closer look at the details that Trend Micro found, and this was the screenshot:


Taking a closer look would again give us indication that our box is owned.  But a few of these items are not a total surprise as far as the findings, the others are just lacking any real detail.
So we click on the ”Threat Details” link at the bottom for a select item such as this keyfinder.  Unfortunately the ”Detail” is rather pathetic.

As you can see for yourself this doesn’t tell us anything, and doesn’t confirm what we’ve found.  So I decide to submit these ”positives” to virus.com for testing against the worlds top AV programs.

First though, lets just double check it against our machines Avast AV:

Nothing. Well lets just make 100% sure.

As I was able to verify NONE OF THE ”POSITIVES DETECTED BY TREND MICRO ANTI-SPYWARE were legit.  Most of them in fact would have been cleaned and then rendered numerous software packages unusable.  The ONLY agreement with Trend Micro was noted in this screenshot below.  No other files were tested positive.

This is not an acceptable tool for any ”type” of detection and certainly not acceptable as a cleaner. 

I would not consider this tool to be ”beta” quality.  You are better off running NOTHING than this software.