I am worried: AV-Comparatives tests of Business Security products

Av-Comparatives did a long-term test of security Business Products. The details can be seen here: Initially, I wanted to write about this test because I was surprised to see how well Microsoft Defender performed. But then, I started to read the details, even if the full report will only be released in December 2022.   Read below the things which surprised me:   Engines used Information about additional third-party engines/signatures used by some of the products: Acronis, Cisco, Cybereason, G Data, Trellix and VIPRE use the Bitdefender engine (in addition to their own protection features). VMware uses the Avira engine (in addition to their own protection features). G Data’s OutbreakShield is based on Cyren.   Of course, most of this is not new … What surprised me was: Cisco is using Bitdefender Watch Guard, Crowdstrike and K7 have own engines Crowdstrike’s ML engine is good G Data is using also Cyren    2) The special settings are not even close to the defaults. It is normal that in business environments, and with business products in general, to be configured by the system administrator, in accordance with vendor’s guidelines and their own expectations. But, this also tells me that there can be huge differences in the detection, performance and FP rate of…

Security for free, update after 4 years

About 4 years ago, while I was working at Avira,  I wrote this article for (ISC)2’s blog. Security “for free”? I wrote back then about how to cover all attack vectors for malware. I also wrote about the hidden costs, which many people tend to ignore. These costs are not acquisition costs. They are even not easily visible. I concluded, that it is possible to achieve a decent degree of security without any acquisition costs. However, there are drawbacks and there are hidden maintenance costs. For those who are interested in having software that works for them and not the other way around, it is advisable to get a paid security solution that covers all the relevant attack vectors and offers a decent quality of service.   I am very proud to say that I would not change anything in that article, even back then I could have been biased by working for Avira, one of the major players in this space. I guess that this is what makes one a professional.   Four years later In these four years, AVG, one of the major players in Free AV field was acquired by Avast. Malware Bytes became a major player… Cybertalk with IT security expert Sorin Mustaca

Cybertalk with IT security expert Sorin Mustaca   vpnMentor has had the privilege of talking with Sorin Mustaca, a Certified IT consultant with over 15 years of experience in IT security, and author of “Improve Your Security”, a guide for the common end user that deals with the question of how to beware of cyber threats on the individual level.   By Ditsa Keren, 16/06/2016 Content Can you tell us a little bit about your background in IT security? With so many new threats and with the fast development of hacking technologies, how can an anti-virus stay up to date and protect a company from being hacked? What can you tell us about the recently emerging Ransomware encryption Malware attacks? What defenses would you recommend in the case of a ransomware attack? What can you tell us about the recent leak of over 32 million twitter accounts? Why do we only see these leaks now? Do you recognize a specific country from which the majority of hackers operate? Do you see any leakage of cyber technology between military intelligence organizations and the dark net? Can you give us some examples? What kind of new cyber threats can we expect to see…

Classical Antivirus is dead.Long live EDR?

We recall last year’s article in WSJ  quoted executives from antivirus pioneer Symantec declaring antivirus software “dead” and stating that the company is focusing on developing technologies that attack online threats from a different angle. I also wrote about it here:   Now the new concept has a name: Endpoint Detection and Response (EDR). Kelly Jackson Higgins, an experienced editor at Dark Reading wrote this week an interesting article called “The Rebirth Of Endpoint Security” where she interviews representatives of various cybersecurity startups. “This is is clearly a pretty hot market from a VC perspective. There’s a lot of money flowing in from a lot of new startups,” says Peter Firstbrook, a vice president at Gartner. Firstbrook is tracking more than 30 vendors now in the so-called endpoint detection and response (EDR) security space, and in the past 12 months, EDR startups have raised $322 million, he says. $322mil is a lot of money, but by far not enough to reach the tipping point where these technologies would be able to replace traditional antivirus (based on signatures and heuristics) which is multi billion worth yearly. Krebs wrote also about it last year:     My opinion As also expressed in the article, I think…

No Image

Is Antivirus really dead? It depends on what you call Antivirus

Every once in a while, someone or some company in the information security industry comes up and says, “antivirus is dead.” This happened again last week, when Symantec’s Brian Dye told the Wall Street Journal that antivirus was dead and that it was no longer a “moneymaker.” Avira Security Expert and Product Manager Sorin Mustaca tells us via email: “This hardly comes as news for anyone in the security industry who’s been in the business for more than a few years. I’ve written in April 2014 in the Virus Bulletin magazine an article called ‘Is the IT security industry up to the new challenges to come?’ where I describe exactly this situation. For the past 25 years, the IT security industry has done a great job of protecting users against existing and emerging threats, in the form of files (copied, downloaded or emailed), streams of data (remember Code Red), and recently, even against common vulnerabilities in third-party software. We started with Windows, continued with MacOS and Linux, and lately we have extended the protection to mobile devices running various operating systems. Saying that the ‘Antivirus is dead’ is incomplete. The classical antivirus, the one that works only with signatures or patterns,…

No Image

Signs that your smartphone is potentially infected with malware

1. You notice that you pay more than usual for your mobile phone bill This is a sign that some trojan might send SMSs or make phone calls to super expensive phone numbers oversees. 2. Data usage increase Malware usually sends data to the cybercriminals. If you notice an increase in the data usage or if your provider is slowing down your data transfer because you consumed too much, it might be a sign that malicious software communicates without your knowledge. 3. Calls are interrupted often and SMSs don’t reach their destination Even if you see that you have maximum reception sometimes the most basic functions of the phone don’t work reliably. Sometimes malware tries to intercept the calls and even re-route them to more expensive numbers or through proxies. 4. Battery consumption grows unexpectedly If without using your phone more than usual you notice that the battery drains, there might be some program that is residing in the active memory. Such programs can be trojans that try to intercept the calls and SMSs you make. 5. Bad overall performance of the smartphone If your smartphone becomes slower than usual and apps take much longer to start and function, something…

No Image

Why Intel bought McAfee?

Everybody knows about this acquisition. Now, why did Intel (chip produced) needs a Software Security company ? There are some possible reasons: 1. To enter in a multi-billion market which needs fresh ideas and technologies 2.  To produce better security software which makes use of their multi-core processors 3. Both 4. Add AV in the CPU (or on the board) directly(with some help from the “cloud”) 5. Create an AntiVirus Chip -> move from software to hardware (which they know better) Of course, I vote for 3… Both. But also 4 isn’t so bad 😉 Why ? Well, because there is what the so called “Moore’s Law“. And, Intel is preparing for the point when it will stop being valid. So, if they can’t produce better hardware, they would better adapt the software that runs on it so that it works much, much better. Intel is already a major player in the software industry. They produce a lot of good software ranging from drivers and software for the hardware, compilers, code analyzers and integrated development environment. So, what the AV world is missing is software that runs optimized on those cores. We all try to implement our code in such…

No Image

Avira’s Free AV is celebrating 10 years

Quote from the Techblog: “Amazing! Avira’s free antivirus solution, Avira AntiVir Personal available at our web site, is now getting 10 years old! For ten years, we added an additional security layer around companies by protecting the employees personal computers from malware infections for free. Amazon: Bestsellers Electronics and Photo The free version always offered the latest antivirus techniques available, and the best detection rates and superb protection due to heuristics detections. For us that is a good reason to celebrate. For ten days our present to our customers is an additional runtime of 10 months if you buy a usual 1 years license of our premium products or the small business suite. Happy birthday, FreeAV! ” Amazon: Bestsellers Electronics and Photo Amazon: Bestsellers Electronics and Photo

%d bloggers like this: