Category Archives: Malware Protection

OPSWAT’s Security Score Beta – NOT Ready for Primetime

imageThe concept behind OPSWAT’s  Security Score (currently in Beta) – that is – active PC monitoring with a view to insuring the security status of the machine is in good order – has obvious value. In this case unfortunately, the execution could do with a shake-up. Let’s take a quick walkthrough.

As a security professional it came as more than just a mild surprise to see my test bed (a Win 8 reinstall just 2 days ago), pop out of this application with a dismal security score of 60/100, as shown in the following graphic. Yikes!!

BTW, I ran a series of identical tests – the results – identical – 60/100.

 image

No, no, no – it won’t get away with it.   Smile

Firewall:

image

The lack of response, in the application, to the Windows Firewall – I’m assuming that the Windows Firewall has not been certified by OPSWAT – is a head-shaker.

If I can make the argument that the majority of computer users are not particularly “PC savvy”, I suspect that a “Not Detected” notification might be cause for panic.

The reality – as the following graphic illustrates; Windows Firewall is up and running.

I’ll take 5 points back, thank you!

image

Hard Disk Encryption: Sorry – but, I don’t do full disk encryption. However, since I do encrypt selected files/folders (a much better choice for most users in my view), using what has long been considered the premier free encryption application available – TrueCrypt (shown below) – I’ll take my 10 points back, thank you.

image

Patch management: Now I’m insulted – sort of. I’m a bear for patch management!   Smile

image

Secunia PSI, a free patch management application (again, perhaps the premier example of such software), begs to differ with OPSWAT’s  Security Score. This application, as it has for many years, runs in the background on all my machines.

I’ll take my 10 points back, thank you.

Todays score:

image

Public File Sharing: Yes, I do run a torrent application on this machine but, not all file sharing is illegal. To the contrary – virtually all file sharing is legal.

I’ll take my 5 points back, thank you.

image

Antivirus score – 18/30: During the system reinstall on this machine, on the recommendation of super user and regular reader Bob Gostischa, I installed avast! Free Antivirus (substituting for AVG Free – a great app too). Much to my delight, incidentally.

avast! Free Antivirus, has been, and continues to be, an exceptional free application ( a quarter of a Billion downloads on CNET alone, speaks to that) – so, an OPSWAT certification of “Bronze” puzzles me. I’m not suggestion that popularity equates to an effective solution – we all know better.

Equally however, many of us do know that avast! Free Antivirus is a very effective solution.

Since OPSWAT suggests that the user may well be better off substituting the installed security application with an OPSWAT certified higher level product, let me counter-suggest that the developer provide access to an explanation of the certification process and, the testing methodology.

In this particular case, OPSWAT’s assessment of avast! Free Antivirus falls short of the generally accepted view as to this application’s effectiveness. I know that, and I suspect that you do as well – but, a typical computer user may not.

image

avast! Free Antivirus – My new number one.

image

I’ve long been a fan and a strong supporter of OPSWAT, and continue to be – with good reason – the company provides a series of superb free products which techies have come to rely on. AppRemover, as well as Metascan Online and Secure Virtual Desktop.

Yep – I realize this application is in Beta – but, there are Betas and then there are Betas. In the past few years, we have gotten quite use to the “Beta” that for all practical purposes, represents a fully functioning product. This is not one of them. Nice presentation, but…………….

I like the idea – so c’mon guys, hurry with a fix.

I have no doubt that this application will be brought up to the standard we have come to expect from OPSWAT. But, in its current state of Beta, this application provides neither accurate, nor complete information. Incidentally, I awarded myself a 10 point bonus just for the sheer aggravation.   Smile

If you want to take this one out for a test drive, you can download the application here. If you do so, I’d be interested in hearing about the results.

Advertisements

6 Comments

Filed under Anti-Malware Tools, downloads, Freeware, Malware Protection, OPSWAT

Sandboxie! – Think INSIDE The Box!

imageWouldn’t it be terrific if, following a mistake which led to malware making its way on to your computer, you could wave a magic wand, utter the words – “get thee gone” – and, quick as you like – no more malware infection?

Luckily, you can do just that. You don’t have to be a mage or a magician – you don’t have to deliver a magic enchantment – but, you do need to be running a sandbox based isolation application.

And that, brings me to Sandboxie (last updated December 16, 2012) – the King of isolation applications in Geek territory. Rather than geek you into the land of nod – today’s review is what I like to refer to as a “soft review”.

Simply put, Sandboxie, when active, creates a virtual environment (of a sort), on a computer by redirecting all system and application changes, to an unused location on a Hard Drive. These changes can be permanently saved to disk or, completely discarded.

A case in point for isolating web surfing:

While surfing the Net, an inexperienced user mistakenly accepts an invitation to install a scareware application but realizes, after the fact, that this is a scam. Operating in a “real” environment, the damage, unfortunately, would already have been done.

Operating in an isolated environment with Sandboxie active; the system changes made by this parasite could be completely discarded – since the attack occurred in a – “I’m not really here” environment .

An obvious part of reviewing an application is, providing a technical breakdown of just how an application gets the job done – or, in some cases how/why an application doesn’t quite get it done.

It’s not often that I get caught between the proverbial “rock and a hard place” in terms of illustrating an application’s aptitude in getting the task accomplished. In this case however, Ronen Tzur, Sandboxie’s developer, has taken the expression – a picture is worth a thousand words – and definitely run with it.

From the site: Introducing Sandboxie

Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.

The red arrows indicate changes flowing from a running program into your computer. The box labeled Hard disk (no sandbox) shows changes by a program running normally.

The box labeled Hard disk (with sandbox) shows changes by a program running under Sandboxie. The animation illustrates that Sandboxie is able to intercept the changes and isolate them within a sandbox, depicted as a yellow rectangle. It also illustrates that grouping the changes together makes it easy to delete all of them at once.

Fast facts:

Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.

Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don’t leak into Windows.

Secure E-mail: Viruses and other malicious software that might be hiding in your email can’t break out of the sandbox and can’t infect your real system.

Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.

The developer has provided a clear and concise Getting Started tutorial – which includes:

How to to use Sandboxie to run your applications.

How the changes are trapped in the sandbox.

How to recover important files and documents out of the sandbox.

How to delete the sandbox.

System requirements: Windows XP, Vista, Win 7 (32 and 64 bit), Win 8 (32 and 64 bit).

Available languages: English, Albanian, Arabic, Chinese (Simplified and Traditional), Czech, Danish, Estonian, Finnish, French, German, Greek, Hebrew, Indonesian, Italian, Japanese, Korean, Macedonian, Polish, Portuguese (Brazil and Portugal), Russian, Spanish, Swedish, Turkish, and Ukrainian.

Download at: Sandboxie

A Caveat: You may run with Sandboxie free of charge – but, once past the initial 30 days, you will be reminded that a lifetime licensed version is available for € 29 (approximately $38 USD at today’s conversion rate).

10 Comments

Filed under 64 Bit Software, Anti-Malware Tools, Don't Get Hacked, downloads, Malware Protection, Virtualization

Android Malware – Take the Security of Your Device Seriously

Guest writer Megan Berry has some timely advice on how you can avoid avoid malware on Android smartphones and tablets.

imageRule #1 of Android security: don’t download apps from websites other than Google Play for fear that you unwittingly infect your smartphone or tablet with malware. Well, not surprisingly, cybercriminals found a way to invalidate rule #1.

A security researcher at Symantec recently discovered two apps infected with malware in the app store that were quickly removed. But not before tens of thousands of users downloaded them.

This scenario is particularly troubling for companies with BYOD programs that permit Android devices to connect to their network. How do companies protect corporate assets without taking away employees’ ability to use their favorite mobile devices on the job? Especially since it seems that cybercriminals are always one step ahead of security experts.

Whether you use an Android device at home, on the job, or both, the growing threat of Android malware means it is more important than ever to take the security of your device seriously.

How to avoid malware on Android smartphones and tablets

Nothing you can do will guarantee you will never be infected with malware, but there are things you can do to minimize the risk.

· Before downloading an app, do a quick web search to check up on the developer and the app itself. Look for red flags in the search results, such as negative user reviews or complaints, that indicate you need to dig deeper before tapping that “Accept & download” button. Hint: You can visit the developer’s webpage from the app listing.

· Some malicious apps try to hide behind a legitimate brand name. Make sure the name of the developer jives with the title of the app.

· Read the app’s user reviews. Red flags will show up here, too.

· Examine the permissions of the app: are they in line with the app’s intended use? For example, does a news app really need to access your contacts or send text messages?

· IT managers should insist that employees install an Android anti-virus app. Or, better yet, insist that users turn their devices over to IT before they’re allowed to connect to the network for the first time. This way IT can install anti-virus software it has evaluated, configure it properly and enforce its use.

Android anti-virus apps: worth it or not?

The effectiveness of Android anti-virus apps is debatable, though. In a recent study, only a handful of Android anti-virus apps were found to detect most types of threats. The March 2012 study by AV-Test.org rated 23 out of 41 apps effective, or 56%. Of those 23, only 10 detected greater than 90% of known malware types.

Still, the authors of the study say any of the anti-virus apps that were found to detect greater than 65% of known malware types provide adequate protection.

Unpatched system software: Your device’s Achilles’ heel

Even though you’re careful about what apps you install and you run an anti-virus program, your device may still be vulnerable because of unpatched system software.

According to security vendor Duo Security, the speed at which wireless carriers supply updates to their users varies. Therefore, it’s possible for devices to go unprotected for long periods of time. The fragmentation of the Android platform complicates the task of rolling out updates, not to mention the fact that companies have little incentive to fix existing flaws when new devices with the latest system software are already on the shelves.

This is of particular concern for companies that allow their employees to connect their personal Android devices to the company network. It should also be of concern to employees, who may be liable if their device infects their employer’s network – many corporate bring-your-own-device (BYOD) policies place the responsibility for keeping devices malware-free squarely on the shoulders of the user.

Duo Security’s new app, X-ray, scans Android devices to discover unpatched flaws in system software. If the app finds a problem, the user can go to Settings>About Phone>System Updates to download the latest version. If an official update isn’t available via System Updates, Duo Security encourages users to contact their carrier for more information, or at the very least, exercise extreme caution when downloading apps.

Individual users can download and install the app from the X-Ray for Android website. Organizations can get an enterprise-level version by emailing the company.

Lesson learned

The lesson here is that unfortunately, it’s no longer safe to assume that just because an app is available from a reputable source, it’s malware-free. And, educating yourself and your users, combined with tried-and-true anti-virus software, is still the best protection against the quickly evolving threat that Android malware presents.

About the Author: Senior writer for IT Manager Daily, Megan covers the latest technology news and trends impacting business.

8 Comments

Filed under Android, Anti-Malware Tools, Guest Writers, Malware Protection

Put BitDefender Safego Between You And Facebook, Twitter Scammers

It’s an awesome summer day here, and the sum-sum-summer time lazies have gotten a stranglehold on my motivation to stay connected. Since it won’t be all that long until it’s back to snowstorms and blizzards, today is a day to just hang out, crash in the sunshine – and maybe pour a jar or two – or three.   Smile

So, in order to assuage my guilt somewhat (feeling guilty over disconnecting from the Internet – who knew?), I though I’d rerun a post from August of last year – BitDefender Safego – A Free Social Network Cyber Criminal Defense System – since, it’s as timely now, as it was then.

imageNo matter my own thoughts on Facebook and Twitter (which are not entirely positive), it’s impossible to ignore the impact social networking has had on how we communicate.

It’s hardly surprising then, that Facebook and Twitter, and sites like them, have proven to be the perfect channel for cyber criminals to “communicate” with potential victims.

In the past hour alone, over 25,000 articles dealing with Facebook malware have been posted to the Net – as the following screen capture indicates. Ponder on that – 25,000 articles dealing with Facebook malware in one hour! That number certainly reaches the threshold of what I consider an epidemic.

image

Just for a reference point – the “any time” total, using the same search string, is 44 Million results.

image

My usual skeptical observation:

You might think, given those numbers, that a typical social network user would take minimum precautions to ensure that their privacy, and computer system security, are protected against compromise by employing a sound safety strategy. But no, typical social network users’ are #####, ********, !!!!!!!!!! , ………… Unfortunately, given that this is a G rated blog, I’ll have to leave the expletives deleted.

Still, for the sake of fairness, I will note – cyber criminal craftiness should not be underestimated. The video below is just one example of how an unaware user can be misled; leading to a perfect storm of malware issues.

Click on the following graphic to play the video.

image

There is no perfect safety solution in an open system like Facebook, or Twitter – but, there are steps that can be taken to reduce the likelihood that cyber criminals will successfully disrupt your piece of mind.

A few months ago, Bitdefender released a free application – Safego for Facebook- which has just been updated to offer the same level of protection to Twitter users. If you are a Twitter or Facebook users, I urge you to checkout this free application.

From the Bitdefender site:

Bitdefender Safego for Facebook:

Using in-the-cloud scanning, Bitdefender Safego protects your social network account from all sorts of e-trouble: scams, spam, malware and private data exposure. But, most importantly, Safego keeps your online friends safe and …close.

By installing the BitDefender Safego app, users will receive:

Privacy protection – users are warned when they should modify their Facebook privacy settings so personal information isn’t exposed

Automatic scanning –users simply press the “scan now” button to get a snapshot of their Facebook security status

24/7 protection– Facebook accounts are protected even when users are not logged in to Facebook

Protection for friends – users will have the ability to warn their friends about infected links in their Facebook accounts

Bitdefender Safego for Twitter:

Initially launched for Facebook users, Bitdefender Safego is now ready to protect Twitter accounts as well. Bitdefender Safego uses the Bitdefender antimalware and antiphishing engines to scan URLs in the cloud.

Bitdefender Safego keeps your Twitter account safe by:

Checking unknown users before you follow them
Checking the accounts you are following
Scanning your direct messages for spam, suspicious links or highjacking attempts.

See BitDefender Safego in action on YouTube.

BitDefender Safego dashboard shown below.

image

For additional information on BitDefender Safego, please visit the BitDefender Safego app page on Facebook, or the app page on Twitter.

Comments Off on Put BitDefender Safego Between You And Facebook, Twitter Scammers

Filed under BitDefender, Don't Get Scammed, Don't Get Hacked, downloads, FaceBook, Freeware, Malware Protection, Twitter

System Explorer and System Security Guard – A Review

https://i1.wp.com/careeroptionscoach.com/wp-content/uploads/2012/03/iStock_000013997777XSmall-focus-magnifying-glass.jpgDepending on which version of Windows Task Manager you use, you may find that it provides you with usable information – or not. Windows Task Manager is most commonly used to display information on all processes running on your computer, as well as advising you of the CPU and memory usage stats for a given process. Additional selective information on running applications, performance, local area connection and information on users, is also available.

But, back to running processes for a moment. What if you need additional information on a running process – or, processes? How, for example, would you determine which processes are safe if you rely on Windows Task Manager?

Running Windows Task Manager in Windows 8 (a major improvement over previous versions), as I’ve done for the following example, is not particularly useful since the only option is a raw online search. Which, in a real sense, is a hit and miss affair. Give it a try with your version of Windows Task Manager – you might be surprised to see just how cumbersome it is.

image

Instead, taking advantage of one of the built-in features in the freeware application, System Explorer, is a much more appropriate solution. In the following example, the selected process can easily be checked at VirusTotal, and at VirusScan, directly from within System Explorer.

image

It’s unlikely however, that you’ll have to take this extra step – since System Explorer has been designed to automatically rate, and provide details on processes that are listed in the developer’s extensive database.

image

Further information can be obtained by clicking on the “See More Details” link which will open the database reference at the developer’s site, as shown below.

image

System Explorer is not a one-trick pony since it has the capacity to provide detailed information on Tasks, Processes, Modules, Startups, IE Add-ons, Uninstallers, Windows, Services, Drivers, Connections and Opened Files. For this review I’ve focused on the security aspect and next up is System Explorer’s “Security Scan” which is easily launched from the GUI.

image

As you can see in the following screen capture – running processes are checked online against the developer’s extensive database.

image

The following screen capture shows a small portion of the 808 processes compared against the developer’s database.

image

Additional information on any specific process can easily be obtained by clicking on the “Details” link, as illustrated below.

image

One aspect of this application which I found intriguing is the “History” function. Running this function allows the user to view and develop information on currently running processes as well as those process running earlier but which are no longer running.

image

System requirements: Windows XP, Vista, Win 7.

Download at: System Explorer Net

Note: also available in a portable version that is just right for geeks on the go.

System Security Guard

System Security Guard, in a broad sense, is very much like the “Security Scan” built into System Explorer. System Security Guard however, as a stand alone small security utility, is designed to run at system startup and automatically scan running processes. As well, all new processes, as they are launched, are scanned.

The results of the initial run with System Security Guard shown below.

image

For this review I set the application to run at startup, and the following graphic represents the results following a week or so of automatic running. You’ll note that the application has identified 4 “Threat Files” – which, in reality, is the same file which has been flagged 4 times (each time the application was launched).

image

The application (CurrPorts), was flagged for good reason since it behaves in a way similar to that of a remote access Trojan. That is – it connects to the Internet in a peculiar way.

image

For illustrative purposes only, I ran the file against the developer’s database. However, since I use this application frequently throughout the day, I’m aware that this is a safe program.

image

System requirements: Windows XP, Vista and Win 7.

Download at: the developer’s site.

A big “Thank You” to regular reader Charlie L. for referring me to these applications.

8 Comments

Filed under downloads, Freeware, Malware Protection, System Utilities, Windows Task Manager Replacement

Who’s Phoning Home On Your Internet Connection? Find Out With CurrPorts and, Process and Port Analyzer

imageThere’s not much point (from a cybercriminal’s perspective), in infecting a computer with malware unless the information which it’s been designed to capture, ends up in the nasty hands of the criminal.

Generally speaking then, it’s reasonable to say that the most important function of malware (again, from a cybercriminals perspective) is to “phone home” with the information it’s been designed to steal. It’s hardly surprising that much of the malware infecting the Internet does just that.

You can, if you like, trust that your AV solution will tip you off to any nasty behavior occurring in the background. But, as a follower of  the “better safe than sorry” school of thought, trusting in any AV solution to safeguard my systems in all instances, just doesn’t compute with me. There are no perfect AV solutions.

All to often, “new” malware has already rampaged through the Internet (despite the best AV providers have to offer), before average users become aware. As a result, I’ve long made it a practice to monitor my open ports and Internet connections frequently, throughout a browsing session.

At first glance you might think port checking is time consuming and not worth the effort. But it is worth the effort, and it’s not time consuming – it often takes no more than a few seconds. More to the point, in my view, it is a critical component of the layered defense approach to Internet security that regular readers of this site are familiar with.

There are a number of free real-time port analyzers available for download, and the following is a brief description of each. If you are familiar and comfortable with using the Windows command structure, then you may want to try the command line utility Netstat, which displays protocol statistics and current TCP/IP connections. This utility and the process, are covered later in this article.

But first:

CurrPorts (this is the port tool I use daily), allows you to view a list of ports that are currently in use, and the application (keep in mind, that malware, for all practical purposes – is an application) that is using those ports. You can close a selected connection as well as terminating the process using it.

In addition, you can export all, or selected items, to an HTML or text report. Additional information includes the local port name, local/remote IP address, highlighted status changes and more.

Shown in this screen capture – Browser is not running. No remote connections. Looks like I’m safe.

CurrPorts 2

Shown in this screen capture – Browser is running. Thirty remote connections, all of which are legitimate.

image

Fast Facts:

View current active ports and their starting applications

Close selected connections and processes

Save a text/ HTML report

Info on local port name, local/remote IP address, highlighted status changes

Download at: NirSoft (you’ll need to cursor down the page to the download link).

Next up:

Process and Port Analyzer is a real time process, port and network connections analyzer which will allow you to find which processes are using which ports. A good little utility that does what it says it will do.

image

Fast Facts:

View currently running processes along with the full path and file which started it

View the active TCP Listeners and the processes using them

View the active TCP and UDP connections along with Process ID

Double click on a process to view the list of DLL’s

Download at: http://sourceforge.net

Netstat:

Windows includes a command line utility which will help you determine if you have Spyware/Botware running on your system. Netstat displays protocol statistics and current TCP/IP connections.

I use this utility as a test, to ensure that the anti-malware tools and Firewall running on my systems are functioning correctly, and that there are no open outgoing connections to the Internet that I am not aware of.

image

How to use Netstat:

You should close all open programs before you begin the following process if you are unsure which ports/connections are normally open while you are connected to the Internet. On the other hand, if you are familiar with the ports/connections that are normally open, there is no need to close programs.

There are a number of methods that will take you to a command prompt, but the following works well.

Click Start>Run>type “cmd” – without the quotes>click OK> this will open a command box.

In Windows 8 – type “cmd” at the Metro screen.

From the command prompt, type Netstat –a (be sure to leave a space), to display all connections and listening ports.

You can obtain additional information by using the following switches.

Type Netstat -r to display the contents of the IP routing table, and any persistent routes.

The -n switch tells Netstat not to convert addresses and port numbers to names, which speeds up execution.

The Netstat -s option shows all protocol statistics.

The Netstat-p option can be used to show statistics for a specific protocol or together with the -s option to show connections only for the protocol specified.

The -e switch displays interface statistics.

Running Netstat occasionally is a prudent move, since it allows you to double check which applications are connecting to the Internet.

If you find there are application connections to the Internet, or open ports, that you are unfamiliar with, a Google search should provide answers.

Steve Gibson’s website, Shields Up, is a terrific source of information where you can test all the ports on your machine as well as testing the efficiency of your Firewall. I recommend that you take the Firewall test; you may be surprised at the results!

12 Comments

Filed under 64 Bit Software, Don't Get Hacked, downloads, Freeware, Internet Safety Tools, Malware Protection, Software, Utilities

Trend Micro Titanium Internet Security – Free 3 Year License

Well regarded Trend Micro, is offering a free 3 year license to students – as best I can determine, based on a Google translation from the original French – “This license is valid only within the market of Education for the protection of personal computers of the agents used for strictly professional.”

image

From the site:

Utilizes Trend Micro Smart Protection Network to proactively stop threats before they reach you

Protect your PC from viruses, spyware, worms, trojans, botnets and rootkits

Fake AV Cleaner – eliminates malware posing as antivirus software

Prevent unauthorized changes to your applications

Includes a copy of Smart Surfing for Mac

Customize your Titanium with a favorite photo or image

Block downloads and access to and from malicious websites photo or image

Find and block malicious links in emails or IMs

Block email and image spam

Windows Firewall Booster

Protect your children online

Restrict Internet content and set an access schedule for your kids

Parental Controls

Maximize your PC’s performance

System Tuner improves PC performance by cleaning up browser history, cookies, temporary files, registries, and more

Protect and defend your data from loss and theft

Data theft prevention keeps your sensitive personal information, like credit card numbers and passwords safe

Secure Erase- Shred computer files with sensitive information

This offer is hosted in France but, the installer recognized my machine is “English” and installed the application accordingly.

How to get this application:

Go to http://edu.trendmicro.fr/

You will see the following form.

Insert your email address – then hit ENTER. DO NOT click.

image

You will receive an email with the license code and the following download links.

XP – Download Trend Micro Internet Security by clicking the following link:
http://www.trendmicro.com/ftp/products/emea/TIS3264_FR.exe

VISTA – Download Titanium Internet Security by clicking the following link:
http://www.trendmicro.com/ftp/products/tti/Ti_TIS_5.0_Global_Full.exe

Window 7 – Download Titanium Internet Security by clicking the following link:
http://www.trendmicro.com/ftp/products/tti/Ti_TIS_5.0_Global_Full.exe

You’ll notice that each link includes the “global” application. In other words, the OS will determine the appropriate language.

Let me be clear – I am not advocating that you take advantage of this offer if you are not a student. Still, since we live in a world of “lifelong learning” – the definition of “student” is rather elastic.

I have no personal experience with this application and can’t offer an opinion but, reviews of Trend Micro Internet Security are available at the following links.

http://www.pcmag.com/article2/0,2817,2391436,00.asp

http://download.cnet.com/Trend-Micro-Titanium-Internet-Security-2012/3000-8022_4-10567655.html

https://www.pcworld.com/article/248895/trend_micro_titanium_internet_security_2012_review_nofrills_pc_protection.html

5 Comments

Filed under Antimalware Suites, downloads, Free Full Versions, Giveaways, Malware Protection, System Security