Archive

Archive for June, 2009

Law enforcement = 0 / Bad guys = 1

June 30th, 2009 4 comments

It's a sad day for all of us when bad guys get caught, yet are allowed to walk freely.

As reported by TheReg, James Reno, involved in the creation, distribution and scams using Rogue Antivirus such as ErrorSafe, WinAntiviurs and XPAntivirus,  was allowed to "walk" with just a small fine of $116K. The article suggest he scammed users out of $50 million by infecting their PCs with rogue crapware and scaring them into paying up.

http://www.theregister.co.uk/2009/06/29/scareware_settlement/

What kind of message is the FTC sending to the rest of the bad guys? "Go ahead, infect millions of users and don't worry about jail time. Just give us a small percentage and we'll let you go." 

I already had small hopes that law enforcement and governments do anything useful to help protect users. But this goes beyond absurd and is sending the wrong message that cyber-crime is OK as long as they pay their dues to governments.

Categories: News Tags:

First Independent Test of Panda Internet Security 2010

June 26th, 2009 23 comments

As you may know we released our Panda 2010 products yesterday. In addition to the traditional Panda Antivirus Pro 2010, Panda Internet Security 2010 and Panda Global Protection 2010, this year we've also released a tailor-made product for netbooks and ultra portables called Panda Antivirus for Netbooks.

I just got word from Andreas Marx from AV-Test.org that they've put Panda Internet Security 2010 (PIS 2010) to the test today. Some conclusions from the test can be seen below, using Andreas' own words:

WildList Test.  We started with a detection test against all samples from the most recent WildList 05/2009 and malware from older releases. Our test set includes 3,194 confirmed malicious and widespread samples. We tested the set with the on-demand scanner and on-access guard. In both cases, Panda was able to detect and remove these viruses, worms and bots easily.

Full Collection Test. We were able to test PIS 2010 against a larger set of about 680,000 malware samples, including ad- and spyware, trojan horses and other critters. It detected 99.6% of these files, without flagging any files in our false positive / clean file test set, which is a very good result.

TruPrevent Test.  We have tested the dynamic (behaviour-based) detection with a few recently released malware samples which are not yet detected by heuristics, signatures or the "in the cloud" features and found that Panda warned in about 45% of the cases when we executed the malware sample. However, it only blocked and quarantined just a few of these tested samples. (More testing in this area needs to be performed to report statistically significant results.)

Disinfection Test. The detection and removal of an already infected PC was working properly, all active components were removed during the system repair process and just in some cases, registry keys belonging to the malware were left behind.

Rootkit Test. The detection and removal of actively running rootkits was quite impressive: all rootkits in our test were successfully identified and deleted.

As you may imagine we're very happy about the results of this test and hope other independent tests come along soon that also validate the highest level of quality provided by our most advanced ever anti-malware solutions.

For detailed testing methodology (for rootkit detection and removal, system disinfection, dynamic detection, etc.) I recommend you visit AV-Test.org Papers selection.

Other advanced testing methodologies worth reading up on can also be found at ATMSO's Document Library.

Panda USB Vaccine with NTFS Support

June 18th, 2009 68 comments

First off many thanks to the hundreds of thousands of users who have downloaded, used and given us feedback on Panda USB Vaccine. Not only is it allowing us to improve this free utility for the community, it also helps protect users a little better from spreading malware infections.

Finally Panda USB Vaccine is out of beta and version 1.0.0.50 is here. Some of the most notable improvements are the following:

  • Support for vaccinating NTFS drives. This uses a completely different technique than the vaccination of FAT/FAT32 drives.
  • Executing USBVaccine.exe launches an installer which allows you to configure whether you want USBVaccine to start automatically with Windows.
  • Configuration option during setup to hide the tray icon.
  • Configuration option during setup to automatically vaccinate any new USB drives inserted into the PC.
  • Fixed bug on PC shutdown when USBVaccine was running in the background (Vista).
  • Other bug fixes reported by users on certain types of USB drives.

Some screenshots of the new Panda USB Vaccine:

 

As always you can get it directly from download.com:

Get it from CNET Download.com!

Categories: Utils Tags:

Feedback on Morro

June 18th, 2009 7 comments

Excellent comment via pcworld regarding Morro (kudos to avdude15):

Just what we need – a security mono-culture.

If Microsoft's free av product succeeds it will knock more than a few av developers out of the market and weaken the rest. This at a time when the more innovative players are investing heavily in the infrastructure and technology to deliver protection as a service. Cloud scanning, reputation systems, sand boxes are just a few of the new technologies being rolled out by many of the AV players. So Microsoft says, "let's give away a product and kill all that innovation". Whether or not Microsoft delivers a good product or not, all of our security will suffer.

 

To counter some press articles, Morro is not cloud-based. It simply sends detection statistics back to MS over the Internet (encrypted over SSL so you can't see what is being sent).

Also there's nothing innovative about Morro. It requires big signature updates and doesn't use cloud-scanning. Just the same old traditional and basic AV.

What's your take on MS Morro? 

Categories: News Tags:

Online banking

June 8th, 2009 1 comment

:) 

Don't know where I got this from. I think it's from Vey.

Categories: Fun Tags:

When the going gets tough, AMTSO gets going

June 2nd, 2009 2 comments

You've probably read about this in other blogs already. At the risk of sounding like a broken record I'll post it here as well as this is really important and I think we should all help spread the word as much as possible. As you may know AMTSO is a non-profit organization made up of a lot of companies from the industry, from independent tests (such as AV-Test, AV-Comparatives, CascadiaLabs, Dennis Technology Lab, ICSA, NSS, PC Security Labs, and West Coast Labs) to antivirus vendors and academia. Visit AMTSO website to view the full member list.

Last month we attended the 5th Anti-Malware Testing Standards Organization (AMTSO) meeting held in Budapest and hosted by VirusBuster. This follows a bunch of other meetings held in Bilbao (Panda), The Netherlands (Norman), Oxford (Sophos) and Cupertino (Symantec). You can read the AMTSO Press Release titled AMTSO to start analysis of Anti-Malware Reviews for the official details.

Most of the work went into validating in a face to face meeting the different documented methodologies and processes which we've all been working on over the last few months. In all, AMTSO has now published a respectable document library about different issues concerning Anti-Malware Testing, and the list keeps on growing.

  • AMTSO Fundamental Principles of Testing. A high level overview which covers the 9 principle guidelines to follow while testing anti-malware products.
  • AMTSO Best Practices for Dynamic Testing. Probably the first document AMTSO started working on the early days of its foundation. Covers the main issues while running dynamic tests (versus static tests which consist of on-demand scans of many samples).
  • AMTSO Best Practices for Validation of Samples. One of the most important and most often overlooked issues of anti-malware testing. How to select valid samples for testing.
  • AMTSO Best Practices for Testing In-the-Cloud Security Products. Specially important for products which incorporate this latest method of protection. We were specially interested in this document as you can imagine as some of our latest products such as Panda Cloud Antivirus and Panda 2010 products include cloud-scanning.
  • AMTSO Analysis of Reviews Process. Viewed as one of the most important tasks of AMTSO, this document provides insight into the process that AMTSO will follow to review, based on the principles and methodologies published, the different Anti-Malware Tests that are published out there. This process is completely transparent and open to the publlic, so anybody can request a "Review Analysis" of a published test.

One of the most interesting things during these AMTSO meetings is the of openness & sharing of information between what are normally fierce competitors. It's not a very common practice to link to "competitors" sites (and I'm sure I'll get in trouble for it when/if my boss sees this), but I do recommend that you read up some of our colleagues blog posts about AMTSO progress, such as the ones from Sophos, Norman, McAfee, Trend, Avira, PC Tools, Kaspersky, ESET, and last but not least VirusBuster who hosted the event (sorry if I left someone out).

Categories: News Tags: