Tuesday, October 25, 2011

What is the best antivirus program?

 What is the best antivirus program? This topic is highly debatable and causes many online wars over which AV is the best. Well I am here to answer that question so we can finally put this question to rest. So the best AV award goes to.............................none. Now you might be wondering why I am saying none, now please note I am not saying running no AV is best I am saying not one AV is the best.

 To start my "research project" I decided to do a Yahoo! Search and see what would come up if I searched "What is the Best Antivirus" and "Best Free Antivirus". The result's I got (which as you might expect) a bunch of sites and magazines comparing all the antivirus programs to tell you which one is (according to them) "the best".

 Now the problem with these "tests" is that one size does not fit all. It's pretty unrealistic that all of us have malware files just sitting on our desktop that we plan to execute all at one time. If we were to be running into malware it would most likely be from a drive by download (or even an illegal download) so even if all the AV's only missed one infection that could be the infection that infects the machine. If a AntiMalware product does great at protecting from malware from one region but fails in another if you are more likely to download from the region it does well it that product will be better for you even though it may have a lower over all score.

 The next thing that needs to be better for an indivsual is memory usage. You may have a program on your machine that causes high CPU usage for one AV but if you did not have it the AV would be the lightest AV out there. It all depends on what works for you, you should not be forced to change all your habits because your security software is not working for you.

Monday, October 24, 2011

Daily Social Scam report 10-24-2011

 Time for today's daily social scam report

 I love Walmart: Get A Free $1,000 Walmart Gift Card!

 Do you love Walmart? Sure it may be a nice store but they are not going to be giving out $1000 gift cards to everyone on Facebook. So just ignore any messages that say you will be getting free walmart gift cards

 Free Macbook Air

This is something else that will not be coming you way even if you fill out all the information they ask for. On the bright side MyWot already has the site listed as red.

 Free Outback Steakhouse
  
 This scam is still spreading around once again just ignore it.

What is a cloud antivirus program?

 What is a cloud antivirus? The "cloud" has been a popular term lately with Antivirus and Security vendors but what does the term stand for? Lets take a look at what the term stands for and bust some of the myths.

 Using wikipedia to define the cloud we get the following definition: Cloud computing is the delivery of computing as a service rather than a product, whereby shared resources, software, and information are provided to computers and other devices as a utility (like the electricity grid) over a network (typically the Internet). - Source Wikipedia

 Now lets translate this into how its used in the computer security world. The shared resource is the real-time malware analysis service and the information delivered is the malware detection definition. Now this is a very basic and slightly vague way to describe it but I will be diving in deeper later on in this article.

 Now the first thing to remember is that not all AV clouds are equal, not every cloud is designed and works the same way. The first Cloud AV we will take a look at it Panda Cloud Antivirus. The Panda Security cloud is called the Collective Intelligence database. Panda Security describes the CI service here as the next generation of Anti-Malware services. The CI system automatically analyzes the files it receives and classifies them as either goodware or badware. This system is the core backbone of their Cloud Antivirus product.

 The next cloud product we are going to take a look at is Prevx (also known as Webroot SecureAnywhere). Prevx does more behavior analysis on files as they are executed and check them with the Webroot/Prevx cloud server (info here). The on-demand scanners does a much smaller analysis then what is done in real time.

 McAfee has the Global Threat Intell service to help detect new threats. They do a rather good job of outlining how it works in their KnowledgeBase. I have no personal experience of testing this product but I have seen only reports of it blocking new malware so it seems to be working.

 The final type I am going to share about is the telemetry cloud. About every vendor at the least collects telemetry data on all of its machines. An example of telemetry data would be a program detects a file as possibly bad but not enough to detect it as malware so it marks it as suspicious and on it's next update it would send the file to the vendors server. The vendor would then research it and if it was bad it would be added in one of the next threat database updates. This could be considered as one of the first generation clouds.

 Now these are just a small amount of all the cloud products out there. Every vendor continues to keep adding and improving to their cloud network and I have not had time to take a look at every one of them. Some more I can think of off the top of my mind are Kingsoft Cloud, Kaspersky Security Network, Norton Sonar, PC Tools ThreatFire Community Detection, and Rising Security Network the list goes on and on.

 So now lets end some Cloud Antivirus myths:

 Every time a new file is detected the whole file must be sent to the cloud:

 This is incorrect most vendors use an inverse file sig and sends that data to the cloud and only sends the full file to the cloud if it was 100% needed.

 If a Antivirus is a cloud product I can run other security software with it:

  This is also incorrect if a product can be ran with another product has nothing to do with it being cloud supported. If a AV is a cloud AV its still recommended to only use one AV product.  

  

Tuesday, October 18, 2011

DuQu Malware

 Well it seems Symantec may have found the successor of Stuxnet. I am not going to repeat what has already been said but I recommend that you take a look at this Symantec blog post which will provide all the details that are currently known. Also thanks to Mikko from F-Secure I was able to get a MD5 of the sample so here is the VirusTotal analysis of the file.

 When more information comes available I will update this blog post

Monday, October 17, 2011

Daily Social Scam Report (twitter edition) 10-17-2011

 Time for today's social scam report, so for the lack of them I had caught the flu for a bit and was not feeling up to writing them.

 Have you seen that horrible blog about you?

 Some of you may have gotten the DM message with a message similar to the above going around recently. Just so everyone is aware this is a phishing attack and if you click the link you will be taken to a site that will attempt to get you to enter your twitter ID. I do not have a copy of the message in front of me personally but do be on the lookout for this phishing attack.

 New twitter for PC (link)

 Once again their is no new twitter for pc and its once again a phishing scam so please avoid all the links from messages like this.

 For all you twitter users I highly recommend you follow the @safety account to keep up with the latest scam news directly from twitter.

Wednesday, October 12, 2011

Reduce, Reuse, Recycle: Three things you should never do with your password

 Reduce, Reuse, Recycle: It may work good for the environment but it not a good idea when it comes to your online password.. With the news about all the different accounts being hacked it's a good idea to remember the three R's for passwords.

 Do not reduce the password size: Making it simpler for you to remember makes it simpler for hackers to guess. Make sure you use both letters and numbers, Caps and non caps (if possible) so you have a nice strong password.

Do not reuse your password: It may be a good idea to reuse some things in the current economy but your password it not one of them. Just think if one site you have a password at is hacked and the hackers gain access to all the passwords. Then the hackers would be able to simply guess what other accounts you have and use that password and then they would have access.

 Do not recycle your password: It is not a good idea to recycle your password by just making minor changes to it each time. Make sure each of your passwords are not similar so it's harder to guess by hackers.

Another important message from Sony

 As some of you may have seen reports of already people are claiming that Sony has been hacked again. This is because of a new post on their blog that they had detected a massive amount of sign-in ID-password pairs against their network. According to Sony "it is likely the data came from another source and not from our Networks". Also according to the post less then one tenth of all PSN, SEN, and SOE users have been affected. They have locked the accounts the accounts that may have been accessed so the gamers can reset their password.

 As many of you may remember Sony had a large issue before when details of PSN users were hacked and the whole PSN was shut down. Like I recommend before it's also a good idea to use a strong password and to never use the same password at different sites. If any new information is released I will update you.

 Trend Micro did a good job of describing it here

Tuesday, October 11, 2011

Daily Social Scam Report 10-11-2011

 Time for today's social scam report. Sorry about the lack of these daily now that school has started back up I have been busy.

 Take advantage of this special Outback Steakhouse offer! Receive two FREE dinner vouchers today! Act quickly before the supply runs out. With only a few coupons left, they'll go fast!

 This one made me laugh. I saw a whole a post of this scam which said only 108 remaining coupons for free Outback but then a post above it that said 306 coupons were available. Doing a URLVoid it tells me that not services are currently detecting it.

 I saw a real bad blog about you, have you seen this?

 This is a twitter DM phishing attack that has been going through the Twitter social network. Please ignore any messages you get with the message and inform the friend who sent it that their friend has been hacked. Make sure you do not click the URL and do not enter your twitter (or any other) information at the URL that you get sent.

 This girl has a spider living under her skin, she is most likely spidermans daughter

 The spider under the skin scam is back, once again make sure you ignore these messages and tell the person who sent it to you that it is a scam. This message has been going through the social network for a while.

 Get 2 Free Southwest Airline Tickets  

 No clicking on the link will not give you two free south airline tickets. They are a scam so please ignore this message and tell the person who posted it that it is a scam. 

Sunday, October 9, 2011

Daily Social Scam report (10-9-2011)

 So the new Iphone was released the Iphone 4S not the Iphone 5. So what about all those scams that offered free Iphone 5 if you just take a survey? Well first this proves them wrong and next it mean they should all die down. That is incorrect and free iphone 5 messages are still spreading through the social network. Lets take a look at the free iphone scams going through now.

 Test & Keep a Free iPhone 5! <-How can you test something that does not exist? I did a URLvoid and no services were detecting it. I next did a test with WebSense ACE since it will be part of the tech added to Facebook for security. It did not detect anything as bad so the WebSense Engine maybe more for malware tech.

 So once again be careful about these free offers on Facebook and read into things before you share them. You can't get a free Iphone 5 if an Iphone 5 does not exist.

Thursday, October 6, 2011

Be on the lookout for Steve Jobs death scams

 Yesterday as most of you are aware it was announced Steve Jobs had passed away. As many big news stories like this do it has attracted scamers to start making scam and spam posts and pages in different social networks. I have already seen reports from Panda Security (http://pandalabs.pandasecurity.com/r-i-p-steve-jobs/) that scammers are creating fake R.I.P Steve Jobs pages on Facebook to make a push saying Apple is giving away free products because he died. F-Secure (http://www.f-secure.com/weblog/archives/00002248.html) has already found pages on Google that are taking advantage of those looking up his death information. So please be careful online as you are looking up information on his death.

Tuesday, October 4, 2011

Beware of Iphone Spam Emails

 The new Iphone was announced today, not the Iphone 5 many were thinking was going to be released but the Iphone 4s. However that has not stopped spammers from taking advantage of those looking for information on the new device.

 Reports have already came out with malware filled emails going out targeting those looking about Iphone information. This is likely just the start I would expect to see twitter scams, and Facebook scams on the topic to start spreading through social networks soon.

 So please be-careful when looking up information online you don't want to fall into a scam or infect your machine with malware. Malware authors and scammers love to use big news like this to attract people to their bad sites.

Monday, October 3, 2011

Facebook adds more security

 According to a new report that has just came out Facebook has teamed up with WebSense Security to add protection of bad links in Facebook links. This is great news that Facebook is working on improving the security because as I have said I have seen lots of scam and spam links spreading through the social network. You just have to look through some of the past posts here on the IGL-Security blog and you will see what I mean.

 One of the interesting tools I found at the WebSense website is called ACEInsight which is a tool I have just heard about for the first time today. ACE stands for Advance Classification Engine so I ran a quick check on the IGL-Security blog and I must say its a pretty cool tool and does provide a lot of data. If you are looking for URL information this would be one of the tools I recommend. So will this help cut back on the social spam? We will just have to wait and see if the amount of social scams and spam drop.

 If you want to read the full information Websense provides on how it works you will be able to find it here and I must say they do provide a good amount of information.