antivirus

antivirus October 19, 2022

I am worried: AV-Comparatives tests of Business Security products

Av-Comparatives did a long-term test of security Business Products. The details can be seen here: https://www.av-comparatives.org/tests/business-security-test-august-september-2022-factsheet/ Initially, I wanted to write about this test because I was surprised to see how well Microsoft Defender performed. But then, I started to read the details, even if the full report will only be released in December 2022.   Read below the things which surprised me:   Engines used Information about additional third-party engines/signatures used by some of the products: Acronis, Cisco, Cybereason, G Data, Trellix and VIPRE use the Bitdefender engine (in addition to their own protection features). VMware uses the Avira engine (in addition to their own protection features). G Data’s OutbreakShield is based on Cyren.   Of course, most of this is not new … What surprised me was: Cisco is using Bitdefender Watch Guard, Crowdstrike and K7 have own engines Crowdstrike’s ML engine is good G Data is using also Cyren    2) The special settings are not even close to the defaults. It is normal that in business environments, and with business products in general, to be configured by the system administrator, in accordance with vendor’s guidelines and their own expectations. But, this also tells me that there can be huge differences in the detection, performance and FP rate of…

Read More

antivirus, Educational, News August 21, 2020

Speaking at the Virus Bulletin Conference 2020: ‘One year later: Challenges for young anti-malware products today’

Source: https://vblocalhost.com/presentations/one-year-later-challenges-for-young-anti-malware-products-today/ A year ago, at VB2019 we presented for the first time an overview of how the anti-malware world looks from the perspective of a young company trying to enter the market: how they try to build products, how they try to enter the market, how they try to convert users, and what challenges they face in these activities. In this new paper we will present an overview of the situation for such a company after one year of experience. We will look at the situation from several angles: that of the consulting company helping them to build the product and enter the market that of working with certification companies regularly, checking the products for detection and performance that of working with Microsoft to make the company compliant and keep them compliant One year later, many still have a hard time understanding that the security market is no longer the Wild Wild West, but we also see that a lot of visible efforts are being made to improve. This means that compliance with ‘clean software’ regulations is becoming an issue. We will present some interesting statistics and compare data from the past with current data. The young companies still…

antivirus, News September 6, 2019

My presentation “Challenges for young anti-malware products today” accepted at the Virus Bulletin 2019 Conference in London

I am happy to inform everybody that my presentation “Challenges for young anti-malware products today” was accepted at the Virus Bulletin 2019 Conference in London. This is the abstract: “There are two categories of anti-malware vendors: Established anti-malware vendors, who are preoccupied with getting the best scores in detection tests and capturing more market share. Emerging anti-malware vendors, who are trying to understand what they need to do in order to enter the market. This paper is about the second category of companies: those who are trying to enter the market either because they have identified a small market segment which they think they can serve, or simply because they’ve heard they can make some easy money. None of these emergent companies actually know what it takes to make a ‘real’ anti-virus product. They try to enter the market by creating some software that detects malware using a third-party scanning engine and soon realize that things are much more complicated than estimated: they face a multitude of problems they don’t understand and realize that there are more who want to see them fail than who are able and willing to help them. In this paper I will discuss some of…

antivirus, CSSLP, News June 3, 2019

At Infosec London this week

I am going to be visiting Infosecurity London from Tuesday to Thursday this week. If you are one of my friends or customers and you are around, ping me and we could meet. I am planning to attend the (ISC)2 Member Reception on Wednesday afternoon.   Meet me at #Infoseclondon https://www.infosecurityeurope.com/   Click here to register : https://www.infosecurityeurope.com/en/visit/ Click here to see the programe: https://www.infosecurityeurope.com/en/conference/ Look here for my company’s consulting and OEM offers: http://www.mustaca.com

antivirus July 18, 2018

“Independent” support hotlines and how to deal with them (updated: who is in the picture?)

I got contacted by “Anatha anatha”, a support specialist ( :))) – can’t stop laughing) who is offering “free” support to Avira Antivirus customers. As the description says, they are “an independent Support Provider for Avira Antivirus” and they have a free telephone number (+ 49-800-181-0338) for all customers in Germany. A simple search for that number gives you: A LOT of activity online. There are videos on Youtube, there are pictures on Flickr and there is even a website: http://www.supportaviranummer.com If you look at this website, it is half in German and half in English. Yes, they even have a Refund Policy : http://www.supportaviranummer.com/refund-policy.html So, if it is “free”, why is there a refund policy? 🙂   If you look at the whois information, you see that it is actually owned by an Indian company “Y.E.C.A. COMPUTERS”: Registrant Name: Y.E.C.A. COMPUTERS Registrant Organization: Y.E.C.A. COMPUTERS Registrant Street: 111, SHIVPURI, PATEL NAGAR, NEAR CENTRAL BANK OF INDIA Registrant City: Kanpur Registrant State/Province: Uttar Pradesh Registrant Postal Code: 208007 Registrant Country: IN Registrant Phone: +91.8081810673 Registrant Phone Ext: Registrant Fax: +91.8081989024 Registrant Fax Ext: Registrant Email:  The domain is fresh: Creation Date: 2018-03-30T14:28:49Z Registrar Registration Expiration Date: 2019-03-30T14:28:49Z     So, why are they doing that? Are there also such services for other AV producers? Let’s see: http://supportsymantecnummer.com/ : NO http://supportbitdefendernummer.com/ : NO http://supportkasperskynummer.com/ : NO http://supportmcafeenummer.com/ : NO … well … I guess Avira deserves special attention.     As for the nice lady…

antivirus, security, Spam & Phishing August 18, 2017

Targeted Malware on the rise

  Ever wondered what a “spear phishing” is ? Or a “targeted malware” ? See below: It is an email targeted to a member of an organization, which is made to look as legitimate as possible. The difference between normal phishing and malware emails and a targeted one is that the contents of the emails are referring to locations or persons of the organization being targeted. In this case, Avira: as you can see below, there are apparent links to internal locations. Of course, they are all fake (like in phishing). In reality, they point to malicious documents and locations which have nothing to do with the company.   The interesting part here is that the email is made to look as if I send the first email and this “Cameron” is replying to my email. This is social engineering to its best. Avira will block the content as W2000M/Dldr.Agent.CG and the URLs.  

antivirus, security May 22, 2017

WannaCry Ransomware – Executive summary

If you want news from the IT Security industry, please check IT Security News here: http://www.itsecuritynews.info/?s=WannaCry This is my summary, inspired from various sources on the web mentioned in the Sources (see at the end).   The ransomware Wannacry has infected systems across the globe and has been the topic of discussion among security professionals for quite some days now. The WannaCry ransomware attack – 5 things you need to know A ransomware attack of “unprecedented level” (Europol) started spreading WannaCry ransomware around the world on Friday, May 12, 2017, around 11 AM ET/3PM GMT. Until now, hundreds of thousands of Windows-running computers in 99 countries have been affected, with the highest numbers of infections in Russia, Ukraine, India and Taiwan. Cyber criminals are using the EternalBlue exploit released by The Shadow Brokers on April 14, 2017. This exploit was patched a month before that, when Microsoft issued a critical security update (Microsoft Security Bulletin MS17-010). The reason why this particular campaign became so extensive is because it exploits a vulnerability in Windows SMBv1 and SMBv2 to move laterally within networks and infect other computers. If you haven’t installed the updates and are running a vulnerable operating system (see list below), even…

antivirus August 9, 2016

Awesome Malware Analysis – Resources

Source and credit: https://github.com/rshipp/awesome-malware-analysis   I save it here for easier reference. Do note that this list grows a lot !   A curated list of awesome malware analysis tools and resources. Inspired by awesome-python and awesome-php. Awesome Malware Analysis Malware Collection Anonymizers Honeypots Malware Corpora Open Source Threat Intelligence Tools Other Resources Detection and Classification Online Scanners and Sandboxes Domain Analysis Browser Malware Documents and Shellcode File Carving Deobfuscation Debugging and Reverse Engineering Network Memory Forensics Windows Artifacts Storage and Workflow Miscellaneous Resources Books Twitter Other Related Awesome Lists Contributing Thanks Malware Collection Anonymizers Web traffic anonymizers for analysts. Anonymouse.org – A free, web based anonymizer. OpenVPN – VPN software and hosting solutions. Privoxy – An open source proxy server with some privacy features. Tor – The Onion Router, for browsing the web without leaving traces of the client IP. Honeypots Trap and collect your own samples. Conpot – ICS/SCADA honeypot. Cowrie – SSH honeypot, based on Kippo. Dionaea – Honeypot designed to trap malware. Glastopf – Web application honeypot. Honeyd – Create a virtual honeynet. HoneyDrive – Honeypot bundle Linux distro. Mnemosyne – A normalizer for honeypot data; supports Dionaea. Thug – Low interaction honeyclient, for investigating malicious…

antivirus, automotive, Educational, General, security June 16, 2016

Do you actually need a security product in your car? Part 3 : Intrusion Prevention and Detection Systems

I ended part 2 with the promise that we will discuss about : 2) Intrusion detection and prevention systems (IDS/IPS or IDPS) From Wikipedia: Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address.   IDPS for cars? Once inside, an attacker can utilize the vehicle’s internal communication bus and take control of additional modules inside the vehicle, including safety critical systems like the ABS and Engine Electronic Control Units (ECUs). Therefore, there is no “trusted device” anymore. Everything has to be assumed to be compromised. The…

antivirus, automotive, General June 8, 2016

Let the competition for “securing the car” begin!

I didn’t actually want to write such a post, but several press releases drew my attention. So, the competition to protect the car has begun. Big players are now on the hunt for customers. But, when you talk to customers like Daimler, VW, BMW, Nissan and others, the discussions  will take a while. I will maintain the list below with technologies I see in categories. Please note that I write here only vendors that actually have a technology that mitigates threats in the cars and not just any vendor that talks generic about IoT or embedded solutions. I also exclude solutions which address only encryption and/or authentication because this is not enough to protect vehicles. Feel free to contact me if you see a vendor is not here and it should be.     Classic security vendors Company Technology Symantec Symantec Embedded Security: Critical System Protection       Newcomers Company Technology Argus Security Partnered with CheckPoint IDS/IPS TowerSec ECUShield             Vendors that have only papers: Company  Link Intel/McAfee http://www.mcafee.com/us/solutions/embedded-security.aspx

%d bloggers like this: