Tuesday, July 17, 2012

Symantec antivirus update causes Windows XP machines to crash

Customers were not happy after security firm Symantec made a recent update to its antivirus software, causing some Windows-based PCs to crash repeatedly, showing a dreadful “blue screen of death” in many cases. The company released a statement on its website saying it received a number of reports with machines running Windows XP that were continuing to show the blue screen after rebooting.

It was discovered that the issue had been limited to machines running any combination of Windows XP, the latest Sonar antivirus software version, the 18 Sonar signature set from the July 11 revision and software from third parties. “The root cause of the issue was an incompatibility due to a three way interaction between some third party software that implements a file system driver using kernel stack based file objects – typical of encryption drivers, the SONAR signature and the Windows XP Cache manager,” Symantec said.

Enraged customers said they were forced to remove the software manually and disable their machines. Someone had said on the discussion boards that Symantec would compensate customers for the inconvenience, but the company recently responded to the problem saying that it would not be providing compensation packages. Symantec said it was working hard on a solution and providing technical support to customers, including directly reaching out to customers who had posted about the issue on the discussion boards.

Monday, July 16, 2012

Bitdefender 2013 launched

Bitdefender has released its 2013 range: Antivirus Plus 2013 ($49.95), Internet Security 2013 ($69.95), and the high-end Total Security 2013 ($79.95).

And the headline addition this time is Safepay, a secure virtual browser which aims to protect your online banking and shopping details (although the technology will help to shield any confidential online activity). It’s a useful feature and is available on all three products.

The 2013 products also now include a “USB Immunizer”. Right-click a flash drive in Explorer, select “Immunize this drive” and it’ll be protected against future infection by autorun-based malware.



The other major new feature is Anti-Theft, a computer location service which is available in Total Security 2013 only. If your system is lost or stolen then just log in to your Bitdefender account, and you may be able to display its whereabouts on a map, as well as locking the computer remotely or, as a last resort, wiping it clean.

And just as you’d expect, several of the existing features have also seen worthwhile enhancements. The parental controls are more capable, Safebox now allows secure file sharing, and the MyBitdefender dashboard now makes your program status accessible to any internet-connected device, for instance.

Put it all together and this looks like a solid move forward for Bitdefender. Safepay in particular seems a very effective way to avoid malware, and it’s good to see the tool available in every program across the range. If you’re looking for a new security suite then Antivirus Plus 2013, Internet Security 2013, and Total Security 2013 deserve careful consideration, and 30-day trial builds of each are available now.


Thursday, July 12, 2012

Avira AV update hangs systems

A faulty update for Avira's paid-for anti-virus software blocks harmless processes and may in some cases stop computers from booting. The update results in the ProActiv behavioural monitoring component becoming oversensitive in its treatment of executable files.

According to user reports, ProActiv blocks trusted system processes such as cmd.exe, rundll32.exe, taskeng.exe, wuauclt.exe, dllhost.exe, iexplore.exe, notepad.exe and regedit.exe. In some cases this results in Windows failing to boot properly. It also appears to be blocking non-OS applications such as Microsoft Office, the Opera web browser and Google's Updater program.

All versions which include the ProActiv behavioural monitoring component are affected, including Avira Antivirus Premium 2012 and the enterprise version; only 32-bit systems are affected, as ProActiv doesn't currently support 64-bit operating systems. On the Avira forum, an employee of a company which runs Avira on one hundred computers complains that, "This update has been pretty catastrophic. The whole company ground to a standstill."



Until the problem has been resolved, users are advised to disable Avira's ProActiv behavioural monitoring component
In view of the arbitrariness with which the behavioural monitoring component is blocking files, users who have installed the update are advised to disable ProActiv. To do so, access Avira's settings, activate the Expert mode using the switch on the left and uncheck 'Enable Avira ProActiv' under 'Realtime Protection', 'ProActiv'. According to user reports, if Windows is having difficulty booting, this can be fixed in some cases by starting in safe mode and then deactivating ProActiv.

In a statement to The H's associates at heise Security, Avira confirmed the problem and said that its developers are currently working on an automatic update to resolve the bug. The potential scale of the bug is huge – according to Avira, the faulty update has already been downloaded more than 70 million times; this figure includes those running the free version of Avira which is not affected. The company has now stopped distributing the update.

Update: Avira recommends adding exceptions for the affected system processes to the ProActiv's Application filter. However, as the list of processes is rather long, it is still advised for the time being to disable ProActiv.

Update 16-05-12: Avira has released an update for its products that caused them to block legitimate Windows applications and system processes.

Monday, July 9, 2012

Bitdefender Clueful removed from the Apple app store

The Bitdefender app for Apple devices cluefulapp.com was removed from the appstore.

Clueful was designed to be the only way to really understand iOS apps, how they use your private data and treat your privacy. This one-of-a-kind product identifies intrusive applications and shows you what they do behind your back.

We do not know at the moment why Apple did this, no comments were issued on the topic.

With Clueful, Bitdefender said it can now answer questions about what your apps are doing. It shows which apps are accessing your location, tracking your in-app usage, reading your address book, linking your actions across apps to a single identity, needlessly keep GPS running, thereby draining your battery, accessing your UDID, and a host of other ills. To do so, Clueful examines what applications are running in memory and then retrieves audit information from the “Clueful Cloud.” (That’s the name for the space where Bitdefender maintains all the data on apps, and it’s also the way they ensure communication between the app and Bitdefender’s research labs.)
To create the Clueful Cloud, Bitdefender built proprietary technology similar to what they use for their anti-virus products, but customized for iOS apps. But because it’s a proprietary technology and patent pending, the company won’t go into detail about the specifics of how it works. But the long and short of it is this: Bitdefender tests apps, creates a database, and then shares that info with the Clueful app to give you insight about the apps you use on your phone.

Sunday, July 8, 2012

Facebook announces Antivirus Marketplace

Facebook today announced the Antivirus Marketplace, or just The AV Marketplace for short. The news is two-fold: the social network giant has partnered with Microsoft, McAfee, TrendMicro, Sophos, and Symantec to provide its users with access to full version antivirus software free for six months, and the five companies will also augment Facebook's URL blacklist system with their own URL blacklist databases.

First let's talk about the free software, since everyone likes free stuff. The AV Marketplace is aimed at the hundreds of millions of Facebook users who don't currently have security protection on their computer. Facebook lets you download licenses to full versions of antivirus software: Microsoft Security Essentials, McAfee Internet Security 2012, Norton AntiVirus, Sophos Anti-Virus for Mac Home Edition, and Trend Micro internet security for PCs and Macs. After six months, for the ones that aren't free forever, you'll have to pay up.

Out of the five options, I prefer Microsoft Security Essentials, which is free forever, not just six months. I've recommended MSE since day one, and I will continue to do so until something better comes along.

The marketplace is accessible from the Facebook Security Facebook Page, or via this direct link: on.fb.me/FBAVMarketplace. Facebook wouldn't say, but I'm assuming it will eventually expand its list of antivirus partners to offer further free alternatives for its users. The social networking giant says arming its users with antivirus software will "empower them to stay safe no matter where they are on the web."

At the same time, Facebook's over 901 million active users will now be protected by the combined intelligence blacklists of the security industry. Facebook's URL blacklist system, which already scans trillions of clicks per day, will now incorporate the malicious URL databases from these security companies.

This means that whenever you click a link on Facebook, it not only be checked against Facebook's blacklist, but also the blacklists provided by Microsoft, McAfee, TrendMicro, Sophos, and Symantec. For more information on how Facebook's URL blacklist system works, check out How Facebook protects users from malicious URLs.

Last but not least, Facebook also said these companies will be writing posts on Facebook Security to provide important security material to help Facebook users keep themselves, and their data, safe. To get these updates in your News Feed and Ticker, you'll need to Like the Facebook Page.

"Nothing is more important to us than the safety of the people who use Facebook, and the security of their data," a Facebook spokesperson said in a statement. "The Facebook Security Team has pioneered many innovative defense systems against viruses, spam and phishing attacks, as well as extensive automated enforcement mechanisms that quickly shut down malicious pages, accounts and apps. Truly effective security requires cooperation and we are excited about this partnership with many of the leaders in the security community to better help us defend against existing threats, anticipate new ones and arm people with the tools they need to protect themselves."

Article Source

Friday, July 6, 2012

Flame worm one of the most complex threats ever discovered

The jury is out on whether 'Flame' (also known as 'Flamer' or 'Skywiper') is 'the most lethal cyberweapon to date' as some have claimed, or just a highly complex and sophisticated piece of malware. But simply from looking at the volume of security vendors' blog posts dedicated to the malware since its discovery this week, it is clear that Flame is far from ordinary.




One thing we do know is that there is a lot that isn't known yet. Because of both its size - when fully deployed, it is almost 20MB - and its complexity, researchers expect the full analysis to take several months at least.

What is known is that Flame is a modular piece of malware that has worm-like features, which allows it to spread on a local network. The use of modules is not unique to Flame: prevalent trojans such as ZeuS and SpyEye allow for the use of modules or plug-ins. However, whereas the latter kinds of malware are used to target the masses (stealing online banking details, sending spam), Flame's capabilities, which include network-sniffing, taking screenshots and recording audio conversations, suggest it is being used for cyber-espionage purposes.

So far, a few hundred infections are known, with victims varying from individuals to state-related organisations. Most of the victims are located in the Middle East: of the few hundred known infections, Iran features most prominently as a location, followed by Israel and Sudan.

The complexity of the malware, the prevalence of infections in Iran, as well as a number of technical features (such as the use of the Lua scripting language), suggest similarities with Stuxnet and Duqu. However, there are many differences too: unlike Stuxnet it does not appear to target SCADAs and the number of infections is probably significantly larger than that of Duqu. It is currently unclear whether the malware uses any zero-day exploits.

It is possible that Flame was developed by the same group that developed Stuxnet and Duqu, though likely as a parallel project. Given the location of the infections and the fact that developing something like Flame would require huge resources, many believe the governments of one or more rich Western nations are behind the malware. However, as with Duqu and Stuxnet, noone has been able to prove such claims.

While it has been discovered only recently, it is believed that Flame has been around for some time, possibly going back as far as March 2010. Writing about the malware, F-Secure's Mikko Hyppönen said that this is a case where the anti-virus industry has failed.

Virus Bulletin will continue to follow the developments around Flame and report about it on www.virusbtn.com and on our Twitter feed. While complacency is rarely a good idea when it comes to cybercrime, it is worth pointing out that the vast majority of users and organisations are unlikely to be affected by the malware.
Article Source