Archive for the ‘Fun’ Category

Dear Microsoft: Please Stop Pushing Potentially Unwanted Software Through Windows Update

October 23rd, 2010 25 comments

One of my home machines is Windows 7 Enterprise x64. A few days ago an interesting thing started happening. Windows Update (WU) traybar is notifying that there is a new “Important Update” that needs to be installed. I have it configured for manual update because I want to decide what gets installed and what doesn’t. So I open the WU console and look at the details of the “Important Update” and to my surprise its not an update at all but rather a bunch of new software which I don’t really want in the first place nor have already installed on my machine, so it doesn’t need updating.

It seems Microsoft is reverting to using WU to push unwanted software, kinda like what adware, spyware and rogue software does. I guess if you can’t convince users to download and install your software the next best thing is to push it down their throats whether they like it or not. Nice move MSFT!

I decide to un-check the “Important Update” and forget about it. But to my (second) surprise, the WU notification from the traybar does not disappear as it normally does when you decide not to install an update. I open the WU console again and, surprise surprise, the “Important Update” is still there checked by default (even though I already told it I don’t want it), ready to be installed as soon as a user hits the “Install Updates” button.

The “important” software bundle is named Windows Live Essentials 2011 and at a 160MB size includes the following:
– Messenger
– Photo Gallery
– Mail
– Movie Maker
– Writer
– Family Safety
– Windows Live Mesh
– Messenger Companion
– Microsoft Outlook Hotmail Connector
– MS Outlook Social Connector Provider for Messenger
– Microsoft Silverlight
– And as a BONUS you also get: Bing Toolbar for your browser, agreeing to a new Service Agreement and a new Privacy Policy updated a couple of months ago and asking you to provide personal information.

Searching around a bit I found a couple of interesting blog posts by Microsoft. One here saying that the install will only be shown as “Recommended Update” or even “Optional Update”, which is not true as it is showing as an “Important Update”. But more interestingly, here and here there’s hundreds of users complaining not only about the tactics of the installation but also about the buggy software and how this “update” has changed their preferences, lost their business contacts, lost functionality previsouly used in other software, etc.

This is wrong is so many levels that I’m still amazed that such a respectable company can get away with it.

a) Microsoft is conveniently confusing “updating” with “installing” and using WU for their own business benefit. WU should only be used for updating software and drivers already on the machine, not for installing completely new software which the user didn’t ask for and which in some cases replaces non-Microsoft software chosen by the user and already installed on the machine.

b) The tactics for installing this software bundle are less than ethical. Microsoft has configured it so that it tries to install again and again, even if WU is configured as allowing the user to choose which updates s/he wants and even if the user already chose not to install it. Even if you’re part of the lucky ones that has WU set to manual, chances are the next time Microsoft releases some real security updates, Windows Live Essentials 2011 will be installed along with it as it is checked by default. This is suspiciously close to how adware and spyware behaves.

c) Is this the type of behaviour we are to expect from Microsft’s WU in the future? What’s to stop them from changing your browser, your Office, your settings, your search engine provider, your preference for other software, etc. and replacing it with their own? What if I don’t want Silverlight, Bing toolbar, Writer or any of that other software? I already have chosen other software or services to perform those tasks. Is Microsoft ignoring user decisions and imposing their own software without anybody stopping them from doing so? What if we did the same and started installing Chrome and disabling Internet Explorer in all our users’ machines citing “security reasons” for the change?







Virus Bulletin 2010

October 5th, 2010 7 comments

This year’s Virus Bulletin conference in Vancouver was a big success as it included some very interesting talks, specially on Stuxnet and social media security issues. There were also some presentations about ongoing efforts in the IEEE regarding telemetry on malware and a taggant system for runtime packers. Overall some great talks by very knowleadgeable folks.

I also gave a presentation on the ButterFly and Mariposa botnet shutdown with details of the arrests made earlier this year. Both Kaspersky and Avira mentioned the talk in their respective blogs here and here.

Tony Lee and Jimmy Kuo from Microsoft giving a presentation on telemetry sharing and an interesting idea of using telemetry to prioritize certain signatures over others, something we have been doing with Panda Cloud Antivirus for almost 2 years now ;)

During the conference Andreas Marx from officially handed us the “Certified” plaque for Panda Internet Security, which achieved the top ranking in the Full Product Test of Q2 2010.

VB is a great chance for people from competing AV companies to get together and talk shop. If you’re lucky you might even catch the rare sight of competing testing labs talking together. Here we can see “the Andreases” from both and

Jeff Williams (Microsoft), myself and Mark Kennedy (Symantec) during the gala dinner:

Phillip (Avira), Jong (Webroot), Andreas ( and Tjark (Avira) hanging out:

Andy from ICSALabs always behind a camara:

The Ikarus and G-Data crews. Great guys!:

Finally as is now a yearly tradition, G-Data held they table soccer tournament. Unfortunately Luis and I were only able to get 4th rank after Sophos brought in the guns from their local Vancouver office. But next year’s VB 2011 in Barcelona will be payback!!

Spain (Panda) kicking some UK (Sophos) butt during the initial rounds:

USA (Microsoft) losing to Germany (G-Data) in the final:

All pictures above were taken by Andreas Marx from I’m sure VB will soon be uploading more photos to their VB2010 conference webpage here, so be sure to keep an eye on that.

OT: Vacation

January 1st, 2010 12 comments

Happy new year everybody !

I’m taking some days off with the family. This is the view our from cabin :)


I’ll be back in a few days…. maybe :)

Categories: Fun, Malware, News Tags:

Panda Security Days in Sweden 09

October 14th, 2009 Comments off

Just as we did last year and other years before that, last week we had our Panda Security Days in Sweden. This year we started in Malmö, followed by Gothenburg and ending up in Stockholm. There were very good speakers from Panda presenting different topics; Cecilia Carlsdotter talked about Panda's corporate social responsabilities innitiatives. Sebastian Zabala talked about our different products and technologies. Daniel Nyström, Head of Tech Support in Sweden, talked about various support issues and presented his excellent team. Luis Corrons talked about the latest cyber-crime techniques, focusing on banking trojans and rogue antivirus. Petter Lautin talked about the different corporate objectives for Panda in Sweden and lastly I talked about internal statistics of Collective Intelligence and other stuff we're working on.

As I know you'll be curious about this, here's some of the Collective Intelligence stats we presented during the talks:
25 TB          Size of Collective Intelligence Database
48 million     Files hosted by Collective Intelligence
80 million     Files analyzed by Collective Intelligence
61.000         New files received daily at Collective Intelligence
99.4%         Files processed automatically every day
150 GB       Size of logs generated every day by Collective Intelligence
165 million   Files queried against Collective Intelligence every day
127 KB        Bandwith usage of each Panda Cloud Antivirus agent every day

In addition to the interesting stats I'll also leave you with some pictures of this fun week in Sweden.

Categories: Fun, News Tags:

The Perfect Antivirus!

September 21st, 2009 5 comments


Categories: Fun Tags:

Cool video

September 16th, 2009 2 comments

Cool dragonball-like video from our partner in Taiwan :)

I specially like the part about TruPrevent.


Categories: Fun, News Tags:

Online banking

June 8th, 2009 1 comment


Don't know where I got this from. I think it's from Vey.

Categories: Fun Tags:

Progress on Anti-Malware Testing Standards Organization (AMTSO)

February 9th, 2009 2 comments

Last week the 4th AMTSO meeting took place in Cupertino, hosted by Symantec. As you may remember Panda Security hosted the first AMTSO meeting in Bilbao early last year.

This has been by far the most productive AMTSO meeting so far. We really advanced a lot in specifying different testing guidelines, principles, education documents and methodologies. Please watch the AMTSO website at for these official documents. Some of the most important documents that are either already published or which we worked on during last week are the following:

  • AMTSO Fundamental Principles of Testing
  • AMTSO Best Practices for Dynamic Testing
  • AMTSO Best Practices for In-The-Cloud Testing
  • AMTSO Review of Reviews
  • AMTSO Whole Product Testing
  • Educational Documents such as Obtaining Samples, Creating Samples and Verificating Samples

It was truly a great experience to work alongside such a great group of professionals including testing organizations such AV-Test, ICSA, NSS, CheckMark, AV-Comparatives, PC Magazine and competing AV vendors. As always I have some pics for you:




Of course there was also a fun part to the trip. We had a few days to relax and went to San Francisco with Philipp from Avira and Nick from SonicWall to have a good time. As you can see from the pics below the locals were really friendly :)



Categories: Fun, News Tags:

Getting to know AV-Test labs

December 4th, 2008 3 comments

We just got back from a two day visit to our friends at, one of the most respected antivirus testing organizations worldwide. Magdeburg is a really beautiful city with very old but well preserved buildings. During our stay at AV-Test offices we had a chance to meet the entire team and their testing facilities and laboratories.

At the very left Andreas Marx, owner of AV-Test, next to Maik. Guido and Frank in the background and Markus (Panda Germany) and Luis (PandaLabs) at the very right. The rest of the guys in the middle are AV-Test developers and testers.


Shot of Magdeburg city center and buildings.



This pic is for our boss, so he sees that we actually did some work as well ;)

Categories: Fun, News Tags:

Antivirus industry 10 years ago

June 20th, 2008 8 comments

From our friends at Ikarus. In the last Virus Bulletin I got a t-shirt from them with this picture on it, but forgot it at the G-Data Table Soccer Championship booth after the final match against BitDefender :(

I wonder what the 2009 picture will look like :) 

Categories: Fun Tags: