Tag Archive | Symantec

Annual Antivirus Toplist Report – 2013 (premium & free)

Welcome to our second toplist of antivirus software. The following are independently reviewed security products, compiled from a list of average reviews for 2013 products!

Premium

Premium antivirus software provides the best antivirus protection and safeguards your computer, your identity, and all of your personal information saved on the computer. Some programs provide extra features, such as free online backup, auto-sandbox (which runs your programs in a safe environment to make sure they are not malicious), and social networking protection. The percentages in rank were based on an average of virus removal, protection, and overall performance. Note: only some testing data is available, here.

  1. Bitdefender – 95% – Bitdefender Antivirus Plus 2013 builds on #1 ranked silent security technology to stop e-threats, secure online transactions, and defend your privacy on social networks.
  2. Kaspersky – 90% – The next recommended program, Kaspersky Antivirus, usually yields the highest results in antivirus testing groups, and is one of the most trusted. Its antivirus product is well worth its cost. What’s even better is the amount of features it has – and the strength of each feature. Each individual feature has a good amount of protection involved. It truly is the pro-active piece of software that every computer needs!
  3. Norton – 87% – Symantec’s awesome Norton products have grown up from a nice antivirus to a very awesome powerhouse packed with great features and a cool-looking interface. Although the interface is a little tough for beginners, it sure has the amount of protection-based features needed to keep the viruses out! With its new identity protection interfaces, it deserves spot two!
  4. F-Secure – 84.4% – F-Secure software has risen up to become a great competitor to other antivirus vendors. Its feature-rich interface and good heuristics, paired with lightweight performance, makes this program a star! Kudos!
  5. Trend Micro – 83.8% – This vendor has absolutely grown up lately, from a bit mediocre to a much better, more advanced antivirus program. They have truly made reviewers (like me) proud!
  6. G Data – 81% – This vendor is not exactly as we expected, when people were telling us how good they are. But, they did do a good job blocking threats, but removing existing threats took quite a while to do. I can understand being thorough, but being a bit more timely might be a good idea..
  7. BullGuard – 78% – This was unexpected. BullGuard, like Trend Micro, surprised us big time. The amount of effort the developers put into this program was unbelievable. We say kudos to the developers! Some improvement is still needed, but nonetheless, good job!
  8. AVG – 77% – AVG for years has provided good protection. It provides great feature rich software. The only takeaway, the problem of false positives, but more realistically – once a system has been infected, AVG software gets hostile (which requires complete uninstall and reinstall for it to work properly again). Their response on false positives is not quick enough, which can cause problems with trust. Trust is very important to PC users. This program came in spot eight, again, because of that!
  9. Avast – 76% – This antivirus program may very well be the feature-rich program of the year. Improving greatly from previous years, it shows each new year how much it has grown to be a beneficial program for almost any system. The only problem that was seen in Avast Pro Antivirus compared to other ones listed above this one, were the ability to stop a malicious download immediately in its tracks. However, with every new program update comes a much better way to block these infected sites.
  10. Webroot – 75% – Webroot has stepped it up with SecureAnywhere, after SpySweeper was retired, but they need to step it up more. Especially on the aspects of removal and protection. Antivirus software needs to be more of protecting and keeping the user safe, not just removing viruses.
  11. Avira – 74% – Avira provides social networking protection, anti-phishing, and pro-active HIPS protection in its newer versions of antivirus. However, it may not be as feature-rich as other programs in its class, and this may take away from the functionality of the antivirus engine (which failed to block a few threats) and does not remove some viruses very well (maybe lacking the proper tools to do it). It did not block 100% of malware, but came fairly – blocking approximately 96% of threats.
  12. ESET – 72.3% ESET has done a great job making NOD32 Antivirus in to a lightweight powerhouse! However, it lacks the ability to find all of the viruses on a hostile system, and the heuristics are a bit lacking. But, hopefully, next year will be much better.
  13. Panda Security – 71.9% – This one was a hard one to judge. When tested on many different systems in the past, it was recognized to provide good protection and great features, however, it lacked performance. Some of the performance lacks had to do with running on a hostile system around a lot of viruses: the program had slowed to a halt. However, the sandbox system, good heuristics, and overall complete protection is what makes it okay!
  14. GFI Vipre – 70.7% – no review written.
  15. McAfee – 66% – no review written.

Free

Free antivirus software provides a temporary means to safeguard your computer, while you can save money for a premium investment…

  1. Avast  – This is growing itself a trend for the best free antivirus. It is thought one of the best promotion techniques they have used in the recent year was contests for their users. From what was seen in our perspective, Avast has an awesomely fast antivirus engine. However, it barely slipped from first place due to its false positives and lack of stronger heuristics needed for the bigger threats. But, since it is free, it goes to show that users need a premium antivirus protection.
  2. AVG – Its good detection and smart heuristics allow it to be a powerful antivirus program, however, it has dealt with false positives on an uncomfortable scale before, so second place is where it sits this time!
  3. Avira  – What is good about Avira Free is that it continually shows good protection against all Windows platforms. What is bad is that it cannot run 100% on heavily infected systems. This is a common problem with antivirus software, but Avira Free has shown to not function very well. May be due to the lack of a well-coded self-protection driver, but nonetheless good luck in the future!
  4. ZoneAlarmIt is assured that ZoneAlarm’s new free program has what it takes to be a good antivirus program. However, due to a few false positives, it ranked 4th this time.
  5. Microsoft Security Essentials – This comes far as one of the most lightweight and simplistic antivirus programs on the market. Microsoft is the maker of the Windows operating system, of course, so it gave users a trustworthiness factor for Microsoft Security Essentials. However, due to the fact it has missed quite a few viruses and it does not remove viruses pretty well, it ranked last on the free list.

Thanks for reading this review. Feel free to comment below. 🙂

Advertisements

Kelihos Botnet Appears Again with New Variant

Kelihos appears again with a new variant as many researchers have discovered. The variant enables it to remain dormant on the machine with sinkholing techniques, and other rootkit-style operations. It hides domains, and does many other things to conceal itself, as researchers have discovered.

This is the third attempt for the Kelihos botnet. When it got shutdown back in 2011 by a collaborative effort between Kaspersky Lab and Microsoft, it was figured that it was a P2P botnet, which made it more difficult to shutdown completely all operations for the botnet. At least its main servers were cut off, but it didn’t stop the malware from spreading since tons of blackhats still had the malcode on their own server/computer.

Researchers at Deep End Research and FireEye have new samples that have been analyzing, and after some impressive research, it was found that the Kelihos network is back on the rise.

“Since automated analysis systems are configured to execute a sample within a specified time frame, by executing a sleep call with a long timeout, Nap can prevent an automated analysis system from capturing its malicious behavior. Besides making a call to the function SleepEx(), the code also makes a call to the undocumented API NtDelayExecution() for performing sleep,” Abhishek Singh and Ali Islam of FireEye wrote in an analysis.

Experts are trying to discover the new roots, and another takedown may be in order. This is insanity.

Symantec Teams With Microsoft to Destroy Bamital Botnet

The Bamital Botnet, known for grossing about $1 million a year using fraudulent means has been destroyed by the investigative teams of Microsoft and Symantec. With help from the feds, the two teams collaborated in the investigation of a number of data centers for the botnet servers. This operation is the sixth operation in the past three years to take down botnets, titled Operation b58. This operation began around a year ago, when Symantec approached Microsoft with intent to collaborate and take down this botnet.

The most notorious means of the botnet are very typical, inflicting a fraudulent payload via search redirects. The victims were lured in to a scam (social engineering), in which malware was then installed to infect the machine. Once done, the victim will do their normal activities including searching, which the malware will redirect to scam sites, selling fake (or legitimate but modified) software or services, attempting to steal credit card data.

For the last two years of its continual attack on internet users, the botnet totaled 8 million computers, approximately, and stole/racked in around $1 million USD. Right now, it’s estimated that anywhere from 300,000 to 1 million computers are still infected with the botnet.

During the takedown operation, Microsoft’s crew constructed a lawsuit against the botnet operators to pull the plug on the zombie network. Yesterday, February 6, after the request was granted by the court, Microsoft was escorted by the US Marshals Service to go to every facility in Virginia and New Jersey to seize servers.

According to Richard Boscovich, assistant general counsel with Microsoft’s Digital Crimes Unit, the operators of the Virginia data center were persuaded to take down the server at the parent facility in the Netherlands.

Many of the cybercriminals involved include about 18 of them, scattered all around the world from the US, to the UK, to Australia, and even Romania.

Cleaning Up

Microsoft and Symantec seek to help users who’re infected. The search redirect and querying system by the rogue servers will be broken, therefore the search function on victim computers will be broken, too. There will be removal tools to help this, as well as the ability to repair the broken functions.

It is sure this will make it a lot harder for the cybercriminals behind Bamital to restart their servers, as Microsoft and possibly others like the feds and Symantec, have the servers in their custody.

 

Take down of the Virut Botnet in Progress

Virut is being targeted now in an effort of allied security forces. Virut is a very dangerous botnet, which when infecting your computer can cause irreversible damage to your files, can steal a lot of personal information, and cause you to lose almost all of your data.

(Our security arm, SecuraGeek Forums, published an article helpful to users about Virut a few years ago, here.)

This takedown effort involved researchers of Poland’s Computer Emergency Response Team (CERT), Russian CERT-GIB, and the Spamhaus Project that aimed at disrupting the operations of the Virut botnet, which involved 300,000 some infected machines.

In December, the Spamhaus Project helped to work against all the domains owned in the Virut botnet, and attempted to have them shutdown. Most of the domains, if not all, were registered under the .pl cc TLD. However, the gang behind the botnet moved all of the malicious domain names toward a new registrar called home.pl.

The botnet’s operations were limited a bit during this time, when NASK (Research and Academic Network) in Poland, began to move on the infrastructure of this botnet. The NASK operates the Poland CERT and is the national registry of the .pl domain. Therefore, its presence in this situation is very important.

“In past few days, Spamhaus has been in close contact with the sponsoring registrar (home.pl), the Polish Computer Emergency Response Team (CERT.pl) to get the domain names suspended,” Morrison blogged Jan. 19. “In cooperation with the Polish CERT and the registrar home.pl, we managed to get all the Virut domain names within the .pl ccTLD sinkholed.”

“In addition, Spamhaus reached out to the Austrian CERT and the Russian-based Company Group-IB CERT-GIB to shut down the remaining Virut domains within the .at and .ru ccTLDs,” he added. “In cooperation with Spamhaus, and due to the evidence and intelligence provided by Spamhaus, CERT-GIB was able to shut down all the Virut domains within the .ru ccTLD within a few hours.”

Symantec researchers have noted that the maintainers of Virut are also involved with the Waledac botnet. The evidence is due in part to the malware writers behind both botnets using affiliate programs to spread the threats. It’s been noted also that Virut has helped to spread malware such as TDL, Zeus, and others. Also, Symantec warned that Virut had been used to redeploy Waledac. Problem is, the Waledac botnet was seized by Microsoft in 2010. So, redeploying that botnet is opening up the fields for lots of trouble.

As this takedown has occurred, three dozen domain names have been seized in total, with no sign (to researchers) of them starting back up on a different network. Since domains are so critical in the infrastructure, it’s going to be difficult for the malware writers to orchestrate a new plan.

For the past five or so years, domains like ircgalaxy.pl, zief.pl, etc. were used by the botnet…now are seized! It’s not exactly clear how NASK will affect the future operations of Virut, but right now, things are looking good and steady!

Facebook alliance with key antivirus companies continues, update enclosed

Facebook has announced the expansion of their alliance with antivirus companies in hopes to better secure its users and promote good privacy… here is a quick scope of the details:

Today, we are excited to announce the expansion of our AV Marketplace to include 7 new partners to our growing coalition of security companies. Starting now, Facebook users will be able to download software from – avast!, AVG, Avira, Kaspersky, Panda, Total Defense, and Webroot. Not only do we have new partners but also many of our existing partners – Microsoft, McAfee, Norton, TrendMicro, and Sophos – will begin offering anti-virus software for your mobile devices. You can visit the AV Marketplace now to download your free anti-virus software for PC, Mac and Mobile.

Our new anti-virus partners bring with them both the latest software and comprehensive intelligence. As with our existing partners, these seven companies will help protect Facebook’s community of over a billion users by improving our URL blacklist system. This system scans trillions of clicks per per day, and before each click, the system consults the databases of all our AV Marketplace partners to make sure the website you are about to visit is safe. This means that whenever you click a link on our site you are protected both by Facebook and 12 of the industry leaders in computer security. We will be cooperating with these partners more in the future, and look forward to announcing new tools soon.

Read more now at the Facebook blog

 

 

See more antivirus recommendations

Tech support and fake antivirus scams crackdown by FTC

Yesterday, the Federal Trade Commission (FTC) announced a crackdown on tech support and fake antivirus scams that have been problematic for years. The scams such as bogus computer cleanup programs, phone-based tech support scares, etc. is subject to freezing of assets, as well as lawsuits for the six companies involved in the crackdown. Some of these Technogennie, Virtual PC Solutions, and Connexions InfoTech Services, among others.

Scareware scams have gone on for years, whether the classic ones such as SpySheriff (2005) to Personal Antivirus (2009). Many bouts of scareware have been apparent over the years, and they have really fell off the planet more and more the last couple of years. Why is this? Scareware crackdown from the FBI, FTC, etc. Many scams are being sought out a lot faster so the damage to the user communities is very limited.

These companies caught in the current wrap-up/crackdown from the FTC were boiler-room based, making cold calls to people in English speaking communities. Their attempts were to subject the potential customers to fear that their computer is infected, and telling them to purchase solutions to their problems by paying right away with credit card. However, when the users realized their computer was either not infected at all, or that it was a scam, it was too late and the customer was ripped off. Many banks have given the opportunity for chargeback, but that’s only if the person can truly identify that it was a scam. If no evidence can be drawn up, then it’s hard to get the chargeback.

After getting over 2,000 complaints (estimated 2,400), the FTC immediately froze assets of those companies, shut down their phone numbers used for the cold calling, and began a rapid investigation. Victims were usually charged between $49 to $450 to have a “techie” clean their system. Many of the cold callers posed as Dell, Symantec, or even McAfee.

More news about this freezing on the FTC website.

Now, earlier this week, the FTC won a $163 million settlement in a three year-old case against Innovative Marketing Inc. (IMI) and Kristy Ross, former officer of the company. More on that at the FTC website as well.

Kaspersky Lab offers an award-winning line of antivirus software, anti-spyware and Internet security solutions for your home computer or laptop. Block scareware… Download today!

Flame malware command-and-control servers reveal earlier origins, among other links

Government malware, Flame, Stuxnet, etc. is expanding and becoming more of a problem. Computer systems are getting even more inventive, but not at the alarming rate that dangerous malware is expanding. There may be more links other than Stuxnet for Flame.

First, computer systems are created for specific purposes, and have been for about forty years now. However, some of the newer computer systems are created to become like robots, which means that the computer system works on its own without user intervention. But, what happens when malware targets the core computer systems of oil industries, energy companies, military plants, etc.? It can cause dangerous and severe consequences if the system were to become compromised.

Second, the Flame malware became uprising just this past May, where it infected over 1000 computers, according to Kaspersky Lab. The victims of the first attack included governmental organizations, educational institutes, and personal users. Most of the attacks were central over West Asia, including Iran, Israel, Syria, Saudi Arabia, Egypt, among others. Supporting a kill command, which would eliminate all traces of the malware from the computer attacked, this command was sent soon after the malware’s exposure. Right now, there are no reported active infections of Flame, or other variants being created.

However, there are derivatives of the Flame malware being created. We reported a few weeks ago about Shamoon being actively distributed using its skiddie approach. There are other links that were recently found (like Gauss) that can relate Flame to command-and-control usage back to 2006. Which means this Flame project could be as much as 6 years old, or is related to malware from then.

Instead of looking like a botnet interface, the Flame command centers look more like content-management systems (CMS), and have many other new approaches. One of its approaches included the three fraudulent certificates, which Microsoft patched to block them back in June.

More news about the findings and C&C servers were fully unveiled to the recent Flame investigation by Kaspersky Lab and the news from Symantec (PDF). Researchers at Kaspersky Lab state they were suspicious about the findings of a development link to Stuxnet back in June, when communication was eavesdropped between the team.

Some of the key developers behind all of this situation include speculation of the US & Israel combined. However, there is no known evidence backing these claims, except for what researchers can reveal about coding types and other methods used.

Much of the articles by Kaspersky Lab and Symantec include the following speculations as well:

  • Four programmers at least tag-teamed on the job of development as their nicknames were left in the code.
  • One-server called home 5000 victim machines during just a one-week period in May, suggesting at least 10,000 victims.
  • The infections weren’t just focused on one-group of organizations or people, but in separate groups of targets in many countries.
  • Many of the targets focused a lot on Iran and Sudan.
  • Different custom protocols were used to communicate with the servers, not just one protocol. Meaning that there were at least four different protocols used to communicate to the servers.
  • Tons of data was stolen, which 5.5 GBs was reported in just one week of data-mining from the malware.
  • The attackers are either mining for government information, or attempting to gain military intelligence.

The developers behind the Flame malware have a lot more secrets, which are being unveiled. More ties are being linked to Stuxnet and Flame, and when the information becomes available, it’ll be here on seCURE Connexion’s blog. The Flame developers obviously have a lot of nerve developing these cyber-weapons. But, many politicians and security experts have warned of this information warfare for years. Here we are at the peak!

To protect your computer from hackers, use Kaspersky’s PURE Total Security:
Kaspersky PURE Total Security

%d bloggers like this: