Annual Antivirus Toplist Report – 2013 (premium & free)

Welcome to our second toplist of antivirus software. The following are independently reviewed security products, compiled from a list of average reviews for 2013 products!

Premium

Premium antivirus software provides the best antivirus protection and safeguards your computer, your identity, and all of your personal information saved on the computer. Some programs provide extra features, such as free online backup, auto-sandbox (which runs your programs in a safe environment to make sure they are not malicious), and social networking protection. The percentages in rank were based on an average of virus removal, protection, and overall performance. Note: only some testing data is available, here.

1. Bitdefender – 95% – Bitdefender Antivirus Plus 2013 builds on #1 ranked silent security technology to stop e-threats, secure online transactions, and defend your privacy on social networks.
2. Kaspersky – 90% – The next recommended program, Kaspersky Antivirus, usually yields the highest results in antivirus testing groups, and is one of the most trusted. Its antivirus product is well worth its cost. What’s even better is the amount of features it has – and the strength of each feature. Each individual feature has a good amount of protection involved. It truly is the pro-active piece of software that every computer needs!
3. Norton – 87% – Symantec’s awesome Norton products have grown up from a nice antivirus to a very awesome powerhouse packed with great features and a cool-looking interface. Although the interface is a little tough for beginners, it sure has the amount of protection-based features needed to keep the viruses out! With its new identity protection interfaces, it deserves spot two!
4. F-Secure – 84.4% – F-Secure software has risen up to become a great competitor to other antivirus vendors. Its feature-rich interface and good heuristics, paired with lightweight performance, makes this program a star! Kudos!
5. Trend Micro – 83.8% – This vendor has absolutely grown up lately, from a bit mediocre to a much better, more advanced antivirus program. They have truly made reviewers (like me) proud!
6. G Data – 81% – This vendor is not exactly as we expected, when people were telling us how good they are. But, they did do a good job blocking threats, but removing existing threats took quite a while to do. I can understand being thorough, but being a bit more timely might be a good idea..
7. BullGuard – 78% – This was unexpected. BullGuard, like Trend Micro, surprised us big time. The amount of effort the developers put into this program was unbelievable. We say kudos to the developers! Some improvement is still needed, but nonetheless, good job!
8. AVG – 77% – AVG for years has provided good protection. It provides great feature rich software. The only takeaway, the problem of false positives, but more realistically – once a system has been infected, AVG software gets hostile (which requires complete uninstall and reinstall for it to work properly again). Their response on false positives is not quick enough, which can cause problems with trust. Trust is very important to PC users. This program came in spot eight, again, because of that!
9. Avast – 76% – This antivirus program may very well be the feature-rich program of the year. Improving greatly from previous years, it shows each new year how much it has grown to be a beneficial program for almost any system. The only problem that was seen in Avast Pro Antivirus compared to other ones listed above this one, were the ability to stop a malicious download immediately in its tracks. However, with every new program update comes a much better way to block these infected sites.
10. Webroot – 75% – Webroot has stepped it up with SecureAnywhere, after SpySweeper was retired, but they need to step it up more. Especially on the aspects of removal and protection. Antivirus software needs to be more of protecting and keeping the user safe, not just removing viruses.
11. Avira – 74% – Avira provides social networking protection, anti-phishing, and pro-active HIPS protection in its newer versions of antivirus. However, it may not be as feature-rich as other programs in its class, and this may take away from the functionality of the antivirus engine (which failed to block a few threats) and does not remove some viruses very well (maybe lacking the proper tools to do it). It did not block 100% of malware, but came fairly – blocking approximately 96% of threats.
12. ESET – 72.3% ESET has done a great job making NOD32 Antivirus in to a lightweight powerhouse! However, it lacks the ability to find all of the viruses on a hostile system, and the heuristics are a bit lacking. But, hopefully, next year will be much better.
13. Panda Security – 71.9% – This one was a hard one to judge. When tested on many different systems in the past, it was recognized to provide good protection and great features, however, it lacked performance. Some of the performance lacks had to do with running on a hostile system around a lot of viruses: the program had slowed to a halt. However, the sandbox system, good heuristics, and overall complete protection is what makes it okay!
14. GFI Vipre – 70.7% – no review written.
15. McAfee – 66% – no review written.

Free

Free antivirus software provides a temporary means to safeguard your computer, while you can save money for a premium investment…

1. Avast  – This is growing itself a trend for the best free antivirus. It is thought one of the best promotion techniques they have used in the recent year was contests for their users. From what was seen in our perspective, Avast has an awesomely fast antivirus engine. However, it barely slipped from first place due to its false positives and lack of stronger heuristics needed for the bigger threats. But, since it is free, it goes to show that users need a premium antivirus protection.
2. AVG – Its good detection and smart heuristics allow it to be a powerful antivirus program, however, it has dealt with false positives on an uncomfortable scale before, so second place is where it sits this time!
3. Avira  – What is good about Avira Free is that it continually shows good protection against all Windows platforms. What is bad is that it cannot run 100% on heavily infected systems. This is a common problem with antivirus software, but Avira Free has shown to not function very well. May be due to the lack of a well-coded self-protection driver, but nonetheless good luck in the future!
4. ZoneAlarm – It is assured that ZoneAlarm’s new free program has what it takes to be a good antivirus program. However, due to a few false positives, it ranked 4th this time.
5. Microsoft Security Essentials – This comes far as one of the most lightweight and simplistic antivirus programs on the market. Microsoft is the maker of the Windows operating system, of course, so it gave users a trustworthiness factor for Microsoft Security Essentials. However, due to the fact it has missed quite a few viruses and it does not remove viruses pretty well, it ranked last on the free list.

Thanks for reading this review. Feel free to comment below. 🙂

Kelihos Botnet Appears Again with New Variant

Kelihos appears again with a new variant as many researchers have discovered. The variant enables it to remain dormant on the machine with sinkholing techniques, and other rootkit-style operations. It hides domains, and does many other things to conceal itself, as researchers have discovered.

This is the third attempt for the Kelihos botnet. When it got shutdown back in 2011 by a collaborative effort between Kaspersky Lab and Microsoft, it was figured that it was a P2P botnet, which made it more difficult to shutdown completely all operations for the botnet. At least its main servers were cut off, but it didn’t stop the malware from spreading since tons of blackhats still had the malcode on their own server/computer.

Researchers at Deep End Research and FireEye have new samples that have been analyzing, and after some impressive research, it was found that the Kelihos network is back on the rise.

“Since automated analysis systems are configured to execute a sample within a specified time frame, by executing a sleep call with a long timeout, Nap can prevent an automated analysis system from capturing its malicious behavior. Besides making a call to the function SleepEx(), the code also makes a call to the undocumented API NtDelayExecution() for performing sleep,” Abhishek Singh and Ali Islam of FireEye wrote in an analysis.

Experts are trying to discover the new roots, and another takedown may be in order. This is insanity.

ChronoPay Co-Founder Plants Lawsuit on Kaspersky Lab

Co-founder with ChronoPay, Pavel Vrublevsky, has decided to plant a lawsuit on Kaspersky Lab. ChronoPay is a large e-payment system in Russia. The lawsuit arises when Vrublevsky accused Kaspersky Lab of publishing defamatory blog posts about him, because of his ongoing trial. His trial is about cybercrime, as he is allegedly believed to have hired the creator of the Festi spam botnet to launch an attack on one of ChronoPay’s competitors.

Apparently, Vrublevsky is known for past campaigns in pharma-scams and other associated cybercrimes. His trial does not come light.

From what it seems like, this situation is a bit out-of-reach for Kaspersky, only because they were just blogging about news that goes on. If the posts were truly defamatory, what tact would Vrublevsky have on them anyway?

Kaspersky secure operating system in production

Kaspersky Lab is currently working on their own operating system from scratch, which includes the ability to help monitor business and government servers, further protecting them from government malware attacks. Government malware include Stuxnet, Flame, Duqu, Gauss, etc.

The whole point of the OS is to protect the various complex industrial systems we see today, especially in government facilities, corporations, and other industrial sectors.

Many government agencies are in fear that their systems/servers are still compromised, and without a good operating system, these systems/servers may still be at risk. Meanwhile, some companies/government facilities are overwhelmed with the idea of having to update their programs, keep patches up-to-date, etc., and also keeping the system continually running. Therefore, a secure operating system is a good plan to be in the works.

Kaspersky Lab held the operating system as a secret for quite a while, but now will be releasing information and updates: “Quite a few rumors about this project have appeared already on the Internet, so I guess it’s time to lift the curtain (a little) on our secret project and let you know (a bit) about what’s really going on,” Eugene Kaspersky, CEO of Kaspersky Lab, said in a blog post.

Apparently, the protocols SCADA (Supervisory Control and Data Acquisition) and PLCs (Programmable Logic Controllers) don’t require authentication to access them, which present a huge security risk. With that in mind, the secure OS will work on making that more of a secure approach.

With these new ideas into a secure OS, it will pave the way for a greater security realm in the industrial, corporate, governmental sectors, etc.

 

Facebook alliance with key antivirus companies continues, update enclosed

Facebook has announced the expansion of their alliance with antivirus companies in hopes to better secure its users and promote good privacy… here is a quick scope of the details:

Today, we are excited to announce the expansion of our AV Marketplace to include 7 new partners to our growing coalition of security companies. Starting now, Facebook users will be able to download software from – avast!, AVG, Avira, Kaspersky, Panda, Total Defense, and Webroot. Not only do we have new partners but also many of our existing partners – Microsoft, McAfee, Norton, TrendMicro, and Sophos – will begin offering anti-virus software for your mobile devices. You can visit the AV Marketplace now to download your free anti-virus software for PC, Mac and Mobile.

Our new anti-virus partners bring with them both the latest software and comprehensive intelligence. As with our existing partners, these seven companies will help protect Facebook’s community of over a billion users by improving our URL blacklist system. This system scans trillions of clicks per per day, and before each click, the system consults the databases of all our AV Marketplace partners to make sure the website you are about to visit is safe. This means that whenever you click a link on our site you are protected both by Facebook and 12 of the industry leaders in computer security. We will be cooperating with these partners more in the future, and look forward to announcing new tools soon.

Read more now at the Facebook blog

 

 

See more antivirus recommendations

Tech support and fake antivirus scams crackdown by FTC

Yesterday, the Federal Trade Commission (FTC) announced a crackdown on tech support and fake antivirus scams that have been problematic for years. The scams such as bogus computer cleanup programs, phone-based tech support scares, etc. is subject to freezing of assets, as well as lawsuits for the six companies involved in the crackdown. Some of these Technogennie, Virtual PC Solutions, and Connexions InfoTech Services, among others.

Scareware scams have gone on for years, whether the classic ones such as SpySheriff (2005) to Personal Antivirus (2009). Many bouts of scareware have been apparent over the years, and they have really fell off the planet more and more the last couple of years. Why is this? Scareware crackdown from the FBI, FTC, etc. Many scams are being sought out a lot faster so the damage to the user communities is very limited.

These companies caught in the current wrap-up/crackdown from the FTC were boiler-room based, making cold calls to people in English speaking communities. Their attempts were to subject the potential customers to fear that their computer is infected, and telling them to purchase solutions to their problems by paying right away with credit card. However, when the users realized their computer was either not infected at all, or that it was a scam, it was too late and the customer was ripped off. Many banks have given the opportunity for chargeback, but that’s only if the person can truly identify that it was a scam. If no evidence can be drawn up, then it’s hard to get the chargeback.

After getting over 2,000 complaints (estimated 2,400), the FTC immediately froze assets of those companies, shut down their phone numbers used for the cold calling, and began a rapid investigation. Victims were usually charged between $49 to $450 to have a “techie” clean their system. Many of the cold callers posed as Dell, Symantec, or even McAfee.

More news about this freezing on the FTC website.

Now, earlier this week, the FTC won a $163 million settlement in a three year-old case against Innovative Marketing Inc. (IMI) and Kristy Ross, former officer of the company. More on that at the FTC website as well.

Kaspersky Lab offers an award-winning line of antivirus software, anti-spyware and Internet security solutions for your home computer or laptop. Block scareware… Download today!

DNSChanger cleanup investigated

This is the description of an attack happening in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, which affected 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems.

We will show how cybercriminals exploited an under-the-radar vulnerability which affected thousands of outdated DSL modems across the country. This enabled the attack to reach network devices belonging to millions of individual and business users, spreading malware and engineering malicious redirects over the course of several months. The scenario was fuelled by the widespread neglect of ISPs, blunders from hardware manufacturers, under-educated users and official apathy.

If you think the task of cleaning up victims of the DNS Changer malware was a big challenge, imagine what it would be like to deal with 4.5 million modems compromised in this attack – all of them in sunny, beautiful Brazil.

Read more by Kaspersky Lab

 

Report: Oracle databases vulnerable to hacking

A researcher showed today that Oracle’s databases could be hacked with brute-force attacks using only the database’s name and a username, according to Kaspersky Lab Security News.

Esteban Martinez Fayo, who works for AppSec Inc., was demonstrating his discovery at a security conference in Argentina and said that within just five hours on a regular PC using a special tool he could hack through easy passwords and access users’ data.

This isn’t the first time that security flaws have been found on Oracle databases. In January, the company squashed 78 software bugs in a major patch that stemmed from a flaw that allowed hackers into its databases remotely. And, just last month, new vulnerabilities that can be exploited to run arbitrary code were discovered in Oracle’s latest Java 7 update.

Read more on CNET

New TDL4 variant affecting government, ISPs, etc.

TDL4 is the newest type of the TDSS rootkit, which is a classic rootkit malware/virus that has been infecting computers and constructing a botnet since 2006. Now, with its new dangerous properties, it has the ability to sneak in to government agency computers, ISPs, and even popular companies. It uses stealthy properties and exploits to get itself installed, where it can hide itself in a different partition on the computer or create its own partition.

The new threat, which has been assigned the generic name DGAv14 until its true nature is clarified, has affected at least 250,000 unique victims so far, including 46 of the Fortune 500 companies, several government agencies and ISPs, the Damballa researchers said in a research paper released Monday.

In collaboration with researchers from the Georgia Tech Information Security Center (GTISC), the Damballa researchers registered some of the domain names the new threat was attempting to access and monitored the traffic it sent to them.

TDL4, also known as TDSS, is considered to be one of the most sophisticated malware threats ever created and used by cybercriminals – without counting threats like Stuxnet, Flame,Gauss and others that are believed to have been created by nation states for cyberespionage purposes.

TDL4 is part of a category of malware known as bootkits – boot rootkits – because it infects the hard disk drive’s Master Boot Record (MBR), the sector that contains information about a disk’s partition table and the file systems. The code that resides in the MBR is executed before the OS actually starts.

Much of this information pulled from TechWorld.

 

One of the newer partition infections includes a dropper located at c:\windows\svchost.exe

 

Protect your computer from rootkits by the makers of TDSSKiller, Kaspersky Lab for only $59.95 (a $79.95 value):

 

Related articles

• Elusive TDL4 malware variant infected Fortune 500 companies, government agencies (infoworld.com)
• TDSS Malware Infecting Fortune 500 Includes Evasion Tactic (eweek.com)
• Elusive TDL4 malware variant infected Fortune 500 companies, government agencies, researchers say (pcadvisor.co.uk)

Flame malware command-and-control servers reveal earlier origins, among other links

Government malware, Flame, Stuxnet, etc. is expanding and becoming more of a problem. Computer systems are getting even more inventive, but not at the alarming rate that dangerous malware is expanding. There may be more links other than Stuxnet for Flame.

First, computer systems are created for specific purposes, and have been for about forty years now. However, some of the newer computer systems are created to become like robots, which means that the computer system works on its own without user intervention. But, what happens when malware targets the core computer systems of oil industries, energy companies, military plants, etc.? It can cause dangerous and severe consequences if the system were to become compromised.

Second, the Flame malware became uprising just this past May, where it infected over 1000 computers, according to Kaspersky Lab. The victims of the first attack included governmental organizations, educational institutes, and personal users. Most of the attacks were central over West Asia, including Iran, Israel, Syria, Saudi Arabia, Egypt, among others. Supporting a kill command, which would eliminate all traces of the malware from the computer attacked, this command was sent soon after the malware’s exposure. Right now, there are no reported active infections of Flame, or other variants being created.

However, there are derivatives of the Flame malware being created. We reported a few weeks ago about Shamoon being actively distributed using its skiddie approach. There are other links that were recently found (like Gauss) that can relate Flame to command-and-control usage back to 2006. Which means this Flame project could be as much as 6 years old, or is related to malware from then.

Instead of looking like a botnet interface, the Flame command centers look more like content-management systems (CMS), and have many other new approaches. One of its approaches included the three fraudulent certificates, which Microsoft patched to block them back in June.

More news about the findings and C&C servers were fully unveiled to the recent Flame investigation by Kaspersky Lab and the news from Symantec (PDF). Researchers at Kaspersky Lab state they were suspicious about the findings of a development link to Stuxnet back in June, when communication was eavesdropped between the team.

Some of the key developers behind all of this situation include speculation of the US & Israel combined. However, there is no known evidence backing these claims, except for what researchers can reveal about coding types and other methods used.

Much of the articles by Kaspersky Lab and Symantec include the following speculations as well:

• Four programmers at least tag-teamed on the job of development as their nicknames were left in the code.
• One-server called home 5000 victim machines during just a one-week period in May, suggesting at least 10,000 victims.
• The infections weren’t just focused on one-group of organizations or people, but in separate groups of targets in many countries.
• Many of the targets focused a lot on Iran and Sudan.
• Different custom protocols were used to communicate with the servers, not just one protocol. Meaning that there were at least four different protocols used to communicate to the servers.
• Tons of data was stolen, which 5.5 GBs was reported in just one week of data-mining from the malware.
• The attackers are either mining for government information, or attempting to gain military intelligence.

The developers behind the Flame malware have a lot more secrets, which are being unveiled. More ties are being linked to Stuxnet and Flame, and when the information becomes available, it’ll be here on seCURE Connexion’s blog. The Flame developers obviously have a lot of nerve developing these cyber-weapons. But, many politicians and security experts have warned of this information warfare for years. Here we are at the peak!

To protect your computer from hackers, use Kaspersky’s PURE Total Security: