More »

Synchronized Security

Next-gen security with real-time intelligence sharing between your endpoints and firewall. More »


Category Archives: antivirus

Our toughest ever antivirus software test reveals new Best Buys Read more:

Protect your PC or Mac from the worst nasties the internet can throw at it with simple, effective antivirus software

Cyber threats now regularly hit the headlines. Hackers and virus-writers aren’t bored teenagers in hoodies – they’re organised groups able to cripple NHS computers and even allegedly sway presidential elections. With more than one billion Windows PCs running today, it’s perhaps unsurprising that volumes of malware worldwide have more than tripled over the past five years. Despite such digital doom and gloom, there’s no need to panic about your home computer. All you need to do to protect your PC or Mac is install a Best Buy antivirus package. It will run in the background, zapping nasties without you even knowing. Plus, with some great free packages available, all that protections could cost you nothing.

A global security problem, a global solution

As cyber security is a global problem, we need to think globally for the best solution. We’ve joined forces with other consumer organisations around the world – including in the US and across Europe – to create the most rigorous antivirus test we’ve ever conducted. When we say tough, we mean it. Each package is bombarded with more than 10,000 samples of malware. We test how well they work while your computer is online, and offline, too. As the world of cyber threats never sleeps, testing only once a year isn’t good enough. We’ll fire new malware at the programs every three months to ensure their standards haven’t slipped, and update our reviews accordingly.

In search of the internet’s worst nasties

Unlike most computer users, we’re constantly searching for the world’s worst computer bugs. To test antivirus programs, we need plenty of the internet’s most destructive nasties, whether that may be viruses, ransomware or fraudulent phishing messages. Our specialist lab operates what are called ‘honeypots’ – think of these as digital fishing nets designed to capture thousands of strains of murky malware, viruses and other online undesirables. We have more than 60 honeypots around the world, capturing and storing up to 400,000 files every day.

Britain Issues Warning Over Russian Anti-virus Software

The National Cyber Security Centre’s (NSCS) is understood to have been in dialogue with Kaspersky Labs and says it will explore ways of mitigating the risks to see if a system can be developed to independently verify the security of its products.

London: The British government has issued a fresh warning about the security risks of using Russian anti-virus software.

The National Cyber Security Centre is to write to all government departments warning against using the products for systems related to national security, BBC reported on Friday.

The UK cyber-security agency will say the software could be exploited by the Russian government. Security firm Kaspersky Labs, accused in the US of being used by the Russian state for espionage, denied wrongdoing.
Kaspersky Labs is widely used by consumers and businesses across the globe, as well as by some parts of the UK government.
Around the world, 400 million people use Kaspersky products.
For it to work, anti-virus software like that sold by Kaspersky Labs requires extensive access to files on computers and networks to scan for malicious code.

The NCSC is understood to have been in dialogue with Kaspersky Labs and says it will explore ways of mitigating the risks to see if a system can be developed to independently verify the security of its products.
It comes amid heightened concern about Russian activity against the UK.
Last month, Prime Minister Theresa May warned the Russian state was acting against the UK’s national interest in cyberspace.Following her warning, Ciaran Martin, chief executive of the NCSC, said Russia had targeted British infrastructure, including power and telecoms.

Officials stress they are not recommending members of the public or companies stop using Kaspersky software.
“Beyond this relatively small number of systems we see no compelling case at present to extend that advice to the wider public sector, more general enterprises, or individuals,” Levy added.
“Whatever you do, don’t panic. For example, we really don’t want people doing things like ripping out Kaspersky software at large as it makes little sense.”


Still not on Windows 10? Fine, sighs Microsoft, here are its antivirus tools for Windows 7, 8.1

Microsoft has back-ported its Windows Defender Advanced Threat Protection (ATP) antivirus tool from Windows 10 to Windows 7 and 8.1.

The release will allow those holding out with older versions of the OS to get some of the same exploit and malware-infection prevention and event reporting features it offers on Windows 10, particularly when used with Windows Defender.

For enterprises, the extension to Windows 7 and 8.1 will, more importantly, allow admins to bring their older machines under the same security management and administration tools they use for Windows 10 PCs.

This is where Microsoft is focusing its pitch: by adding ATP to Windows 7 and 8.1, Redmond hopes it will convince sysadmins to add those machines to the Windows Defender monitoring systems they use for Windows 10 devices and, in the process, prod companies towards migrating the older PCs to Windows 10.

“We hear from our customers security is one of the biggest motivators for their move to Windows 10,” wrote Craig Lefferts, partner director of security and enterprise for the Windows and Devices group, earlier today.

“Meanwhile, we know that while in their transition, some may have a mix of Windows 10 and Windows 7 devices in their environments.”

Microsoft noted that Windows 7 is still slated for retirement in January of 2020.

Meanwhile, the software giant is also looking to extend ATP support for non-Windows devices by signing up another partner for its security push. SentinelOne will be adding ATP support to the EndPoint Protection Platform security tool it sells for Windows, Mac, Linux, and VDI. This means administrators can set up SentinelOne to automatically pass alerts along to management consoles via ATP.

Avoid this Mac Antivirus software

As the audience for macOS grows, so too does the amount of malware on the platform. That’s not as much of a problem as it once was, since there are now at least eight antivirus products that can repel almost anything a malefactor can toss your Mac’s way.

Testing lab AV-Test evaluated nine Mac home antivirus programs, and found that no matter which one you use, your system is probably pretty safe — unless you use Comodo, that is.

AV-Test is a Madgeburg, Germany-based lab that periodically evaluates antivirus software for Windows, macOS and Android. The old canard that Macs don’t need antivirus software has by now been (we hope) thoroughly debunked, but if not: AV-Test measured more than 12 million attacks on Macs and 38,000 new Mac malware samples in 2017, peaking in December.

If you buy a Mac and don’t use some kind of antivirus product on it, don’t be surprised if you find yourself facing down a very complicated — and costly — repair.

First, the good news. Avast Security 12.9, Bitdefender Antivirus for Mac 6.1, Kaspersky Lab Internet Security for Mac 18.0, Sophos Home 1.2, Symantec Norton Security 7.5 and Trend Micro Antivirus 8.0 all earned perfect scores in system protection. They caught all 514 pieces of Mac malware that AV-Test threw at them. If you have one of these programs, you can rest easy.

On the other hand, Comodo Antivirus 2.2 caught only 38.1 percent of Mac malicious software. Even by AV-Test’s relatively lenient standards (it will recommend anything with a 10 out of a possible 18 points in its Windows AV evaluations), the company called this performance “unacceptable.”

Somewhere in the middle were Intego Mac Security X9 10.9, at 99.4 percent efficacy, and F-Secure Safe 17.0, at 93.8 percent. The former is close enough to 100 percent to be safe; the latter is better than not running any security software, but still leaves a higher margin of error than it really should.

AV-Test also evaluates a program’s impact on system resources, as well as whether a program finds false positives during its scans. None of the programs added more than a second or two to everyday functions, and none of them pegged legitimate programs incorrectly.

AV-Test also looked at four business-oriented Mac antivirus programs — ESET Endpoint Security, McAfee Endpoint Security for Mac, Sentinel One Next Generation Endpoint Security and Sophos Central Endpoint — and all did well. ESET, McAfee and Sophos also make home Mac antivirus, which use the same detection engines as the enterprise products.

The lesson here seems clear enough: If you have a Mac, don’t protect it with Comodo, and maybe think twice before protecting it with F-Secure or Intego. Beyond that, exercise some common sense online, and your Mac will purr like a kitten, until Apple kneecaps it to extend battery life.

Slow Computer? Feel Free To Blame Your Antivirus Software

You might be blaming and cursing Intel CPU bug patches for the slowness of your computer or frequent reboots. But there is a piece of software that might make your computer more time-consuming when doing tasks: your antivirus.

AV-Test regularly examines antivirus software for different operating systems and provides a summary every month. Other than the level of protection and security provided, they also test how different antivirus software affect the performance of your computer.

As per the numbers released for December 2017 for Windows operating system, antivirus software could slow down (average numbers):

  • Loading time of websites (Standard PC: 11%, High-End PC: 16%)
  • Download of apps (Standard: 4%, High-End: 3%)
  • Launching of apps (Standard: 15%, High-End: 9%)
  • Installation of apps (Standard: 26%, High End: 35%)
  • Copying of files (Standard: 7%, High End: 18%)

The configuration for AV-Test’s standard PC included an Intel Xeon X3360 (2.83GHz) with 4GB RAM and 500GB storage. Their high-end PC packed an Intel Core i7 3770 (3.40GHz), 16GB RAM, and 512GB SSD storage.

If we talk about individual numbers, Avast which is a known name in the security market did fine with its numbers tending towards the average. Windows 10’s built-in security software Windows Defender seems to slow down the app installation for standard machines by up to 42%, but it doesn’t affect the download of apps at all.

In a nutshell, almost every security product could have an impact on your system performance in one way or the other. But this doesn’t mean you should start avoiding AV software. The digital world is full of malicious stuff.

Windows 10’s antivirus will start removing PC ‘optimizer’ scareware next month

Microsoft’s built-in antivirus software for Windows 10, Windows Defender, is getting an important new feature next month. Microsoft has announced that Windows Defender will start removing software that has “coercive messages” or “misleading content to pressure you into paying for additional services or performing superfluous actions.”

This type of software is commonly known as scareware, and is typically found in cleaner apps that will supposedly optimize your registry on a Windows PC or promise to otherwise speed a machine up. “There has been an increase in free versions of programs that purport to scan computers for various errors, and then use alarming, coercive messages to scare customers into buying a premium version of the same program,” says Barak Shein, from Microsoft’s Windows Defender team. “The paid version of these programs, usually called cleaner or optimizer applications, purportedly fixes the problems discovered by the free version.”

Microsoft finds these apps “problematic” for regular Windows users, so Windows Defender will now classify these apps as “unwanted software” and remove them from PCs. These types of cleaner apps and crapware have been available for years, but it’s good to see Microsoft act to remove them. Microsoft will start removing the apps on March 1st, and developers can test their apps over at the company’s Windows Defender portal.

Windows Defender, McAfee Antivirus Move Up in Rankings

Here’s what you probably already know: Bit defender, Kaspersky Lab and Trend Micro topped the latest AV-Test evaluations for home antivirus programs running on Windows 10. That’s no surprise; they’ve been doing that for years. But what you might not know is that Microsoft Windows Defender has continued to make great strides — and McAfee has absolutely topped the charts after struggling for many years.

AV-Test, a Madgeburg, Germany-based testing lab, evaluates antivirus programs for Windows, Mac and Android every few months. For Windows 10, the trend was pretty clear for years: Bitdefender and Kaspersky top the charts, some of the Chinese programs bring up the rear, and Windows Defender and McAfee Internet Security fall pretty close to the bottom.

Over the last few test periods, however, both Windows Defender and McAfee have bucked the trend, moving up in the world by offering better and better protection with less of a drain on system resources. AV-Test measures a program’s protection (how well it secures a machine against both known and zero-day flaws), its performance (its impact on how well a computer runs) and its usability (interface and navigation), and assigns a possible six points to each category.

AV-Test awards a “Top Product” badge to any program that scores either a 17.5 or a perfect 18. This time around, there were a whopping seven winners of that badge: AhnLab V3 Internet Security 9.0, Bitdefender Internet Security 22.0, Kaspersky Lab Internet Security 18.0, McAfee Internet Security 20.5, Trend Micro Internet Security 12.0, VIPRE Advanced Security 10.1 and Avira Antivirus Pro 15.0 all earned top marks.

Interestingly, there wasn’t really an ignominious low score this time around. The very lowest score was a very respectable 15, earned by ESET Internet Security 11.0.

Products with similar ratings included Avast Free AntiVirus 17.7 & 17.8, AVG Internet Security 17.7 & 17.8, BullGuard Internet Security 18.0, Comodo Internet Security Premium 10.0, F-Secure Safe 17, G Data InternetSecurity 25.4, K7 Computing Total Security 15.1, Microsoft Windows Defender 4.12, MicroWorld eScan Internet Security Suite 14.0, Norton Security 22.11, Panda Security Free Antivirus 1.0 and PC Pitstop PC Matic 3.0.

Based on the above evaluation, it may seem like Windows Defender is just another me-too, good-enough security program — and it is. That’s remarkable, given how subpar it was, even just a year ago. Then again, if every single program tested protects Windows 10 fairly well, that could also speak to the relatively resistant nature of the Windows 10 OS itself.

The bottom line is that you should use an antivirus program on Windows 10, but as long as you exercise some common sense online, it doesn’t matter tremendously which one you choose.

Kaspersky Opens Antivirus Source Code for Independent Review to Rebuild Trust

Russia-based Antivirus firm hits back with what it calls a “comprehensive transparency initiative,” to allow independent third-party review of its source code and internal processes to win back the trust of customers and infosec community.
Kaspersky launches this initiative days after it was accused of helping, knowingly or unknowingly, Russian government hackers to steal classified material from a computer belonging to an NSA contractor.
Earlier this month another story published by the New York Times claimed that Israeli government hackers hacked into Kaspersky’s network in 2015 and caught Russian hackers red-handed hacking US government with the help of Kaspersky.

US officials have long been suspicious that Kaspersky antivirus firm may have ties to Russian intelligence agencies.
Back in July, the company offered to turn over the source code for the U.S. government to audit.

However, the offer did not stop U.S. Department of Homeland Security (DHS) from banning and removing Kaspersky software from all of the government computers.

In a blog post today the company published a four-point plan:

  • Kaspersky will submit its source code for independent review by internationally recognised authorities, starting in Q1 2018.
  • Kaspersky also announced an independent review of its business practices to assure the integrity of its solutions and internal processes.
  • Kaspersky will establish three transparency centres in next three years, “enabling clients, government bodies & concerned organisations to review source code, update code and threat detection rules.”
  • Kaspersky will pay up to $100,000 in bug bounty rewards for finding and reporting vulnerabilities in its products.

“With these actions, we will be able to overcome mistrust and support our commitment to protecting people in any country on our planet.” Kaspersky’s CEO Eugene said.

However, infosec experts’ twitter commentary shows that the damage has already been done.

“Code review is absolutely meaningless. All Russian intelligence need is an access to KSN, Kaspersky’s data lake which is a treasure trove of data. Even open sourcing the entire product won’t reveal or even help with revealing that.” Amit Serper, the security researcher at Cybereason, tweeted.

Now it is important to see whether these actions will be enough to restore the confidence of US government agencies in Kaspersky or the company will be forced to move its base out of Russia.

Unpatched Microsoft Word DDE Exploit Being Used In Widespread Malware Attacks

A newly discovered unpatched attacking method that exploits a built-in feature of Microsoft Office is currently being used in various widespread malware attack campaigns.

Last week we reported how hackers could leveraging an old Microsoft Office feature called Dynamic Data Exchange (DDE), to perform malicious code execution on the targeted device without requiring Macros enabled or memory corruption.
DDE protocol is one of the several methods that Microsoft uses to allow two running applications to share the same data.
The protocol is being used by thousands of apps, including MS Excel, MS Word, Quattro Pro, and Visual Basic for one-time data transfers and for continuous exchanges for sending updates to one another.
The DDE exploitation technique displays no “security” warnings to victims, except asking them if they want to execute the application specified in the command—although this popup alert could also be eliminated “with proper syntax modification.”

Soon after the details of DDE attack technique went public, Cisco’s Talos threat research group published a report about an attack campaign actively exploiting this attack technique in the wild to target several organisations with a fileless remote access trojan (RAT) called DNSMessenger.Now, hackers have been found using the Necurs Botnet—malware that currently controls over 6 million infected computers worldwide and sends millions of emails—to distribute Locky ransomware and TrickBot banking trojan using Word documents that leverage the newly discovered DDE attack technique, reportedSANS ISC.
Locky ransomware hackers previously relied on macros-based booby-trapped MS Office documents, but now they have updated the Nercus Botnet to deliver malware via the DDE exploit and gain an ability to take screenshots of the desktops of victims.

“What’s interesting about this new wave is that the downloader now contains new functionality to gather telemetry from victims,” Symantec said in a blog post.

“It can take screen grabs and send them back to a remote server. There’s also an error-reporting capability that will send back details of any errors that the downloader encounters when it tries to carry out its activities.”

Hancitor Malware Using DDE Attack

Another separate malware spam campaign discovered by security researchers has also been found distributing Hancitor malware (also known as Chanitor and Tordal) using Microsoft Office DDE exploit.Hancitor is a downloader that installs malicious payloads like Banking Trojans, data theft malware and Ransomware on infected machines and is usually delivered as a macro-enabled MS Office document in phishing emails.

How to Protect Yourself From Word DDE Attacks?

Since DDE is a Microsoft’s legitimate feature, most antivirus solutions do not flag any warning or block MS Office documents with DDE fields, neither the tech company has any plans of issuing a patch that would remove its functionality.
So, you can protect yourself and your organisation from such attacks by disabling the “update automatic links at open” option in the MS Office programs.
To do so, Open Word → Select File → Options → Advanced and scroll down to General and then uncheck “Update Automatic links at Open.”
However, the best way to protect yourself from such attacks is always to be suspicious of any uninvited document sent via an email and never click on links inside those documents unless adequately verifying the source.

Dangerous Malware Allows Anyone to Empty ATMs—And It’s On Sale!

Hacking ATM is now easier than ever before.
Usually, hackers exploit hardware and software vulnerabilities to hack ATMs and force them to spit out cash, but now anyone can simply buy a malware to steal millions in cash from ATMs.
Hackers are selling ready-made ATM malware on an underground hacking forum that anybody can simply buy for around $5000, researchers at Kaspersky Lab discovered after spotting a forum post advertising the malware, dubbed Cutlet Maker.
The forum post provides a brief description and a detailed manual for the malware toolkit designed to target various ATMs models with the help of a vendor API, without interacting with ATM users and their data.
Therefore, this malware does not affect bank customers directly; instead, it is intended to trick the bank ATMs from a specific vendor to release cash without authorisation.The manual also mentions an infamous piece of ATM malware, dubbed Tyupkin, which was first analysed in 2014 by Kaspersky Lab and used by an international cybercrime gang to conduct Jackpotting attack and make Millions by infecting ATMs across Europe and beyond.

The list of crimeware contains in the toolkit includes:

  • Cutlet Maker—ATM malware which is the primary element of the toolkit
  • Stimulator—an application to gather cash cassette statuses of a targeted ATM
  • c0decalc—a simple terminal-based application to generate a password for the malware.

According to Kaspersky researchers, the functionality of the Cutlet Maker malware suggests that two people are supposed to be involved in the ATM money theft—the roles are called “drop” and “drop master.”

“Access to the dispense mechanism of CUTLET MAKER is password protected. Though there could be just one person with the c0decalc application needed to generate a password,” the researchers say.

“Either network or physical access to an ATM is required to enter the code in the application text area and also to interact with the user interface.”

In order to operate, the application needs a special library, which is part of a proprietary ATM API and controls the cash dispenser unit—this shows how cyber “criminals are using legitimate proprietary libraries and a small piece of code to dispense money from an ATM.”

The price of this ATM malware toolkit was $5000 at the time of Kaspersky’s research.

The advertisement of this Cutlet Maker ATM malware was initially published on the AlphaBay Darknet marketplace, which was recently taken down by the FBI.