Microsoft Security Essentials –“Here I Come To Save The Day”

Oh, the embarrassment of it all! I haven’t had to deal with a malware issue (other than self infecting in AV product testing), for more than 2 years – until this past week. No big deal, except perhaps, for the way I got infected – that old, old, old, malware attack vector – an infected search engine result.

The manipulation of search engine results, exploiting legitimate pages, and the seeding of malicious websites among the top results returned by search engines in order to infect users with malware, continues to be a major threat to system security. And, why not? It bloody well works!

Over the years, I’ve written more than a few articles on search engine malware – the last – Search Engine Malware – The Same Old, Same Old – this past August.

From that article:

Here’s how the cyber crooks do it:

Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code.

When a potential victim visits one of these infected sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

So there I was, happily bouncing along the Internet highway Googling a phrase I had read on another blog. Choosing the first Google return proved to be a very bad idea indeed, since I immediately stepped into an infected iFrame.

But thankfully, all was not lost – Microsoft Security Essentials (which incorporates antivirus, antispyware and rootkit protection), halted the malware – Trojan:JS/BlacoleRef.K – in its tracks!

So what’s the lesson here?

A couple really – AV settings are very important. In this case, as per the following screen shot – nothing moves into, or out of this machine, without being scanned. Microsoft Security Essentials makes it so simple – no esoteric choices.

The second lesson – a MOST important lesson – absolutely, positively, without fail, come hell or high water, ensure that AV definitions are updated at least daily. Preferably, more often.

You might be surprised to learn, that on the day I stumbled, while MSE recognized the intruder, the vast majority of AVs did not – as per the following VirusTotal report (partially reproduced here).

Since it was preposterous to assume that MSE had in fact eradicated the Trojan (paranoia has its upside don’t you know?    ), I then ran a full scan with Kaspersky Rescue Disk – a free Linux-based antimalware application (a live CD), which scans from the outside looking in. Malware generally can’t hide if it’s not running.

The result? The Kaspersky Rescue Disk scan was clean. MSE had in fact, sent Trojan:JS/BlacoleRef.K to malware hell. Yes!!

I suppose there’s one more lesson that can be dug out of this experience, and that is – those tech journalists who absolutely insist that “pay for” antimalware applications are superior to all free AVs (often, without ever having tested the damn product in real world conditions), should take a step back and reconsider their speculative approach to antimalware application ratings.

Worth repeating: Despite the fact that I’m provided with a free license for all the security applications I test (and then some), I have chosen to run with the following FREE  applications.

Microsoft Security Essentials (free) – an all-in-one antimalware application.

Immunet Protect – a free Cloud based companion antimalware application.

ThreatFire (free) – this application is built around a Host Intrusion Prevention System (HIPS), and behavior based blocking combination.

WinPatrol (free) – another HIPS application with considerable additional functionality. WinPatrol is the elder statesman of this application class and, it just keeps on getting better. A must have application.

PC Tools Firewall Plus (free) – PC Tools Firewall Plus is advanced Firewall technology designed for typical users, not just experts.  The “plus” refers to a HIPS component. Generally, if the ThreatFire HIPS component is triggered on my machine, PC Tools Firewall Plus is triggered as well.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Running More Than One AV Is A Lurking Conflict

We get a lot of questions here on Tech Thoughts, and the following question (in one form or another), is a regular – “If I have one antimalware can I install and use another one as well?”

If the question is, can you install and run two antimalware applications concurrently (both of which perform the same task), the answer is – not without the potential for conflict.

As a rule of thumb, it’s not a good practice to run two antimalware applications (both of which perform the same task), concurrently. At the very least, system resources take an inappropriate, and wasteful hit. Beyond that, serious issues, including system crashes are possible.

It’s always a good idea of course to scan your machine with a second antimalware application, say once a week or so, since depending on a single security applications to provide broad scale protection, is an absolute “non-starter”. A single security applications does not, and never has had the ability to do this, despite the commonly help belief to the contrary.

Part of the layered security  process (stacking security solutions, one on top of the other, to cover the gaps that exist in the protection capabilities of even the most sophisticated security applications), consists of supplementing the primary AV application with an on-demand malware application. So yes, go ahead and install another AV solution; but use it as a secondary on demand scanner.

Just to be clear – don’t run both programs both programs concurrently. That is, don’t allow both programs to start on Windows startup. Instead, launch the “on demand” scanner from the program menu, or the desktop, when needed.

Two free highly recommended antimalware applications that excel as “on demand” antimalware applications, follow. It’s important to note, that the real time protection module is disabled in the free versions of these applications. But, this is actually perfect for your purpose.

SUPERAntiSpyware Free:

I’ve been using SUPERAntiSpyware as a secondary scanner for years, and I have no hesitation in stating that this application deserves its reputation as a first class security application.

SUPERAntiSpyware is fast, efficient, and effective, and I highly recommend that you add it to your security toolbox, as a secondary line of defense.

Malwarebytes’ Anti-Malware:

Malwarebytes’ Anti-Malware has an excellent reputation (shared by me), as a first class security application, for its ability to identify and remove adware, Trojans, key-loggers, home page hijackers, and other malware threats.

A simple, intuitive, and easy to use interface, makes Malwarebytes’ Anti-Malware straightforward to setup, customize and run, for both less experienced and expert users alike.

Note: Virtually all free security applications are programmed to autostart after installation, so be aware of this, and make the necessary adjustments using MSConfig. New users may find it easier to use Advanced System Care to control autostart behavior with the Startup Manager, which can be found under Admin Tools.

Note: Each day, as I manually update the definition database for these applications, I’ve noticed that typically, the definition databases have been updated 3/5 times in the previous 24 hours.

Since study after study indicate that new malware is created at the rate of 20,000, or more, new versions every day, be sure to manually update the definition databases before running a scan with either of these applications.

We’re not quite finished yet.

If the question you’re really asking is – can you run an online antimalware scanner while your principal onboard AV application is running? The answer is – yes.

Here are some Online scanners that have developed a good reputation for accuracy; be sure to read the Terms of Use or Privacy Statements carefully, and be aware, that not all Online scanners will disinfect.

Panda NanoScan

McAfee FreeScan

Symantec Security Check

Trend Micro’s HouseCall

ESET Online Scanner

Kaspersky Online Scanner

Now that I’ve given you the “rule of thumb” – let me break it!

There is one class of antimalware application that can run currently with your principal AV, and that is – a cloud based security application. Specifically, those that are designed to be “companion” security applications.

A terrific free application in this class of security applications, and the one I use personally is – Immunet Protect.

Immunet provides cloud-based protection that is always up-to-date against viruses, spyware, bots, worms, Trojans, and keyloggers without slowing down your PC. No need to download any virus signature files.

Immunet Protect is compatible with existing antivirus products and adds an extra, lightweight layer of protection, for free

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Immunet 3.0 Released – Exciting Improvements

The latest version of Immunet Protect has just been released (February 9, 2010), and in the development process, this outstanding free companion Antivirus has undergone a name change to – Immunet 3.0 – Powered by ClamAV.

Regular readers here, will remember that in previous reviews of this freebie, I have been very enthusiastic in my recommendations. Now, I have one more reason to be even more enthusiastic.

From the developer’s site:

Toll-Free Customer Support is available for all Immunet Protect FREE users 24 hours a day, 7 days a week through our Immunet Technical Support line at 1-866-891-4480. Immunet Support representatives can help with installation issues, potential virus issues, or even computer performance issues that may or may not be virus-related.

How cool is that?

Immunet Protect 3, is a superior community driven cloud based security application, (now closing in on a million users), which continues to gain increasing popularity – and rightfully so.

In real time, Immunet Protect keeps track of the state of security in the collective community (network), and should a member of the network (the community), encounter malware, you (as a member of the protected community), are instantly protected against the threat.

A rather more impressive security solution than having to wait for a malware definition database update. An update that may take several days. Days in which you are effectively open to infection.

A community driven security application like Immunet Protect, does not suffer from this obvious disadvantage of having to chase runway malware. It’s significant advantage is it’s user base community – operating in real time.

Immunet Protect is designed to add a layer of protection while working in partnership with the most popular antimalware solutions. On my principal home machine for example, Immunet Protect lines up with Microsoft Security Essentials and ThreatFire, to shore up any vulnerabilities my system might have to to zero-day threats.

Version 3 has increased functionality over previous versions, and incorporates a number of new features.

From the developer’s site:

Offline engine – The 3.0 release will now ship with an ‘Offline’ engine. This engine (ClamAV .97) once enabled, will automatically pull down our latest detection sets and allow for complete detection coverage, even when you are not connected to the Internet.

With our Offline protection we now also have several complex engines for detection native to the desktop and have support for file formats such as .DOC, .XLS, HTML etc. as well as strong unpacking support.

Cloud Recall – Unlike traditional Anti-Virus, or even other Cloud Anti-Virus we constantly reconsider all the data we see or have seen in our community. This ‘Cloud Recall’ ensures that your security is advanced with every new piece of information we become aware of. You will always know as much as we do, when we do.

Custom Signature Creation – With 3.0 we now offer the first Windows Anti-Virus product which allows our users to write their own detections with our engines just as we would.

Users can now hunt threats (or Advanced Persistent Threats if you like) by creating signatures which range from simplistic (straight MD5 matches) to complex (logically chained expressive signatures w/ offset support and wild carding).

You’ll find Immunet Protect straightforward to install, and easy to run without complication. The screen captures I’ve setout below, will help you get a good overall feel for the application.

Setting the operating parameters (the protection settings), is straightforward. In the following screen capture you’ll notice tooltip pop outs which explain the function of each setting. A very cool feature for less experienced users.

I have a preference for antimalware solutions that include the ability to launch a specific file scan from the Windows Explorer context menu, and Immunet Protect has included this important feature.

Should you consider installing, and running, a Cloud Antivirus as supplementary antimalware protection?

If you are uncertain, then consider this:

The Internet is an uncertain world at the best of times

Cybercriminals design specific malware to exploit vulnerable systems without user interaction being required.

No single security application is capable (nor should we expect a single application to be capable), of providing adequate computer system protection. Gaps exist, in protection capabilities, in even the most sophisticated security applications.

Layering (or stacking) security applications, offers the best chance of remaining infection free, by closing these gaps.

A cloud based protective solution, in this case Immunet Protect, is a major step in shoring up any weaknesses, or gaps, and significantly increase your overall ability to detect malware.

Keep in mind however, that even the best layered protection strategy will not make up for lack of experience, and intuitiveness, when surfing the Internet. So, I’ll repeat what I have said here, many times – “knowledge, awareness, and experience are critical ingredients in the escalating battle, against cybercriminals.”

Immunet Protect fast facts:

Fast Antivirus Protection leverages the speed of cloud computing to deliver real-time protection to your PC. Stay protected against over 13 million viruses and thousands of new threats daily without ever downloading another virus detection file again.

Immunet Protect FREE is ideal for consumers who want fast protection that doesn’t slow down their PC, including students, families, and netbook users.

Small and Light Footprint is up to 35 times lighter than traditional antivirus solutions. Immunet’s low disk and memory use won’t weigh down your PC unlike other solutions.

Companion Antivirus means that Immunet is compatible with existing antivirus solutions. Immunet adds an extra, lightweight layer of protection for greater peace of mind. Since traditional antivirus solutions detect on average only 50% of online threats, most users are underprotected, which is why every PC can benefit from Immunet’s essential layer of security.

Collective Immunity technology leverages the shared intelligence on threats gathered within the Immunet Cloud. Immunet’s virus detection technology continuously improves with each new user who installs Immunet Protect. When Immunet detects a threat on one user’s PC, that threat is blocked from harming all users in the Immunet Community simultaneously, giving all Immunet users shared immunity against computer viruses.

Real-time Detection from the Immunet Cloud against viruses, spyware, bots, worms, trojans, and keyloggers without downloading any virus signature files. Stay protected with Collective Immunity™ and intelligent virus detection technology that doesn’t slow down your PC.

Intelligent Scans effectively detect and remove viruses, bots, worms, trojans, keyloggers and spyware, thanks to the power of collective intelligence and the Immunet Cloud.

Choose from several scan options:

• Flash Scan (Process and Registry)
• Custom Scan (Specific Files and Directories)
• Full System Scan

System requirements: Windows XP with Service Pack 2 or later, Vista (32-bit and 64 bit), Windows 7 (32-bit and 64-bit).

Download at: Developer’s site

I have no hesitation in recommending this application. I can’t think of another security application that has enjoyed a such a major increase in users in the last six months, like Immunet Protect has. That’s no accident.

Note: Along with Avast Free Antivirus, Immunet Protect is now offered as part of Google Pack.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.