2010年7月30日 星期五

FW: NABU Trend Micro Weekly News Summary 07.30.10


-------------------------------------------
From: Andrea Mueller (MKT-US)
Sent: Saturday, July 31, 2010 6:08:00 AM
To: Newsbank; All of Trend Corporate Marketing Department;
All of Trend Global PR; All of US Sales; All of US Marcom Dept.
Cc: Steve Quane (Seg GM-SMB); Thomas Miller (SAL-US); 'Mark Vangel';
Darren Blank (SAL-US); Alan Wallace (MKT-US); Tobias Lee (MKT-US);
Natalie Severino (MKT-US); Dan Conlon (MKT-UK); Mark Beyer (MKT-DE);
Colin Richardson (MKT-UK); Steve Mungall (SAL-US)
Subject: NABU Trend Micro Weekly News Summary 07.30.10
Auto forwarded by a Rule


 

logo

NABU Trend Micro Weekly News Summary

Fri, 30 Jul 2010

View mobile version.

Word version.

RSS.



Trend Micro Quotes

BHSEO Attacks Exploit Fake YouTube Pages & Flash Player Updates
SPAMfighter News, By Staff, Mon, 26 Jul 2010, 396 words
After the detailed investigation of this threat, Marco Dela Vega (Threat Response Engineer, Trend Micro) states that the cyber criminals behind his attack know every detail as they used a trustable interface regarding the bogus Adobe installer and a convincing strong URL suggesting that this is an actual Adobe-based site, as reported by trendmicro on July 14, 2010.

Usage of Social Networking at Workplace Pose Risk
SPAMfighter News, By Staff, Mon, 26 Jul 2010, 397 words
David Perty, Global Director of Education, Trend Micro, states that social networking is a significant tool to establish both professional and personal links. While most of the companies' are concerned over the negative impact of social networking sites on employee output, they forget that many social networking websites are designed on interactive technologies.

Citigroup Upgrades Careless iPhone Banking App
MacNewsWorld.com, By Sidney Hill, Tue, 27 Jul 2010, 561 words
First, turn on the device lock. "That's why it's there," admonished Jamz Yaneza, threat research manager at Trend Micro. Second, recognize what content is in your device, and "treat that content as if you were carrying it in your wallet instead of your mobile device. If it's important, don't leave it lying around."

Microsoft IE8 stops one billion malware attacks
V3.co.uk, By Miya Knight, Mon, 26 Jul 2010, 340 words
"Out technology works in a similar fashion to the SmartScreen blacklists," Rik Ferguson, senior security advisor for Trend Micro. "But it works across emails, URLs and other malware files because all threats operate on multiple vectors."

Attackers Abuse Facebook's Translation Application
Softpedia, By Lucian Constantin, Thu, 29 Jul 2010, 406 words
Perhaps there were possibilities here for criminals to take advantage of by substituting obfuscated URLs for the popular words. Perhaps it is fortunate that the hole has been exposed through a prank in the first instance and not something more nefarious. Any online service, whether it's transaltion or reputation services, which solicits user generated content would be well advised to quality check that content before going live with it," Rik Ferguson, writes.

Botnet hacker caught in Slovenia
BBC, By Staff, Wed, 28 Jul 2010, 487 words
"The thing with the underground economy is that it's full of niche vendors and players, it mirrors legitimate business. There's a lot of competition - it's not unusual to see malware designed to remove other malware, just so that it can take over." -- Rik Ferguson

Citigroup Upgrades Careless iPhone Banking App
Ecommerce Times, By Sidney Hill, Tue, 27 Jul 2010, 555 words
"That's why it's there," admonished Jamz Yaneza, threat research manager at Trend Micro . Second, recognize what content is in your device, and "treat that content as if you were carrying it in your wallet instead of your mobile device. If it's important, don't leave it lying around."

FBI Sting Nabs Botnet Kingpin Who Infected 12M+ Machines
Daily Tech, By Jason Mick, Wed, 28 Jul 2010, 497 words
Trend Micro security advisor Rik Ferguson comments, "The guys behind it said it was more successful than they had intended to be.  As is the case with most botnets, the more widespread they are the more likely they are to be discovered. They were a victim of their own success."

Is Your Virtual Machine Invisible To the Security Eye?
Data Center Journal, By Rakesh Dogra, Tue, 27 Jul 2010, 721 words
As Richard Sheng, regional director for Trend Micro's Asia Pacific business, states, "treat your VDI desktop on the same platform as you would your physical laptop."

IT industry news: 'Social media users should be more careful'
Computeach, By Derek Oldman, Fri, 30 Jul 2010, 196 words
"Hopefully people are moving more towards that 'trust nobody' point of view, which is pretty much where we've ended up with email," Mr Ferguson said.

Pharma Spammers Abuse Legit Websites
Softpedia, By Lucian Constantin, Wed, 28 Jul 2010, 425 words
"We're currently seeing a wave of fake pharma spam emails which do not directly advertise the URL of the fake pharma website in the spam email. Instead, the spam emails advertise URLs which points to HTML pages that are hosted in compromised sites," threat researchers from antivirus vendor Trend Micro, warn.

Turkish pranksters load Facebook Translate with swears
Register, By John Leyden, Thu, 29 Jul 2010, 279 words
"Perhaps it is fortunate that the hole has been exposed through a prank in the first instance and not something more nefarious," Ferguson said.

How to Protect Remote Employees' PCs from Security Threats
Entrepreneur, By Dal Gemmell, Tue, 27 Jul 2010, 774 words
 "Unfortunately, a remote staff poses different risks from employees who spend the majority of their time in the office, and compromised data can end up costing business owners a lot more than they would be saving by allowing their employees to work remotely." -- Dal Gemmell, senior global product marketing manager in the Trend Micro Small Business solutions team

Trend Micro Mentions

Microsoft sets emergency Windows patch for Monday
Computerworld, By Gregg Keizer, Fri, 30 Jul 2010, 610 words
On Tuesday, Trend Micro reported that the shortcut vector was being used not only by Sality, but also by other malware clans, such as the Zeus botnet-building Trojan.

Movie files run in QuickTime Player trigger malware download
Help Net Security, By Zeljka Zorz, Fri, 30 Jul 2010, 180 words
Specifically crafted .mov files trigger the download of malware masquerading as a codec update and an installation file for another player when run in the latest (7.6.6) version of QuickTime Player, TrendLabs reports.

Best Antivirus 2010 Buyers Guide
NotebookReview.com, By Charles P. Jefferies, Tue, 27 Jul 2010, 1241 words
ESET and Panda both received an extra point because their installer files were less than 50MB; all others were 75MB+, with Trend Micro the largest at 108MB.

Can Google Solve the Cloud Security Problem for Enterprises?
Read Write Web, By Klint Finley, Mon, 26 Jul 2010, 690 words
Other companies, such as Trend Micro, are working on creating ways for enterprises to encrypt data before places it in cloud service providers hands - but it's not clear that a solution like that would work well in conjunction with Google Apps.

Good security practices for online banking
Helium.com, By Elizabeth M. Young, Fri, 23 Jul 2010, 614 words
Third, get the best security software available. Currently the agreement seems to be about Kapersky and Trend Micro. The best security software will have automatic updates.

LNK Vulnerability Exploited by More Families of Malware
Softpedia.com, By Lucian Constantin, Tue, 27 Jul 2010, 416 words
Now, Trend Micro and F-Secure both warn that hackers behind Sality, a family of file infectors, have adopted the LNK exploit and are using it to spread a variant of the notorious polymorphic viruses.

Peer-to-Peer Security
Network World, By Jon Oltsik, Tue, 27 Jul 2010, 412 words
Several vendors including Blue Coat, Cisco, and Trend Micro already have hybrid cloud offerings that could serve as the foundation for my peer-to-peer model.

Power 100: The Most Powerful Women Of The Channel (Part 2)
CRN.com, By Staff, Mon, 26 Jul 2010, 72 words
Lozano oversaw the alignment between marketing and sales and highlights the launch of Worry-Free Business Security Services. She will recruit new partners, support existing ones.

Removing Virus Could Harm Power Grid Operations Firm Warns
The New New Internet, By Michael W. Cheek, Sat, 24 Jul 2010, 131 words
The firm is distributing Sysclean, a product made by Trend Micro.

VMware previews new vShield security features
Search Server Virtualization, By Beth Pariseau, Mon, 26 Jul 2010, 1000 words
Currently, Trend Micro is the only partner that supports the near-agentless approach.

9 security suites: maximum protection, minimum fuss
Computerworld, By Frank Ohlhorst, Wed, 28 Jul 2010, 8331 words
Trend Micro has an interesting and useful product. The Wi-Fi adviser can be a handy feature for people who work in unsecured locations such as Internet cafes, and the ability to control device access such as USB connectivity is a good feature to prevent unauthorized individuals from copying information from an unattended PC.

ANALYSIS: Head in the clouds – how secure is the new IT?
Silicon Republic, By Staff, Fri, 30 Jul 2010, 1211 words
Current intrusion detection and prevention systems can't track malicious activity in communications between virtual machines; Trend Micro has a product to address this concern.

BitDefender Offers Partners 100% Margins on Antivirus
Channel Insider, By Larry Walsh, Tue, 27 Jul 2010, 695 words
Kaspersky Lab is dueling with Trend Micro to assume third place in the market leadership triad. Companies such as Panda Security, ESET, AVG and Sunbelt are looking to the channel to increase their market share and sales.

Japanese Stocks Rise, Buoying Topix for Fourth Day; Canon Gains
SFGate.com, By Staff, Wed, 28 Jul 2010, 320 words
Trend Micro Inc., a software developer that earns about 60 percent of its revenue overseas, climbed 3.4 percent.

VMware shows off vShield security enhancements
Search Security, By Beth Pariseau, Wed, 28 Jul 2010, 997 words
Currently, Trend Micro is the only partner that supports the near-agentless approach.

Ultimate security software guide - choose the suite that's right for you
IT Business CA, By Frank J. Ohlhorst, Fri, 30 Jul 2010, 4215 words
Trend Micro Internet Security Pro is one of the most comprehensive Internet security suites available. It features full protection, including antivirus, antispyware and antispam tools, a firewall, parental controls and rootkit detection capability. What's more, Trend Micro throws in a behavioral engine, which improves protection, and a security toolbar for use with your browser.

Trend Micro Social Media at Work Study

Workplace Social Networking Use On The Rise
Processor.com, By Staff, Fri, 30 Jul 2010, 138 words
Social networking activity in the workplace has increased to 24% of workers, according to a Trend Micro survey of 1,600 people.

 

Full Text

BHSEO Attacks Exploit Fake YouTube Pages & Flash Player Updates

After the detailed investigation of this threat, Marco Dela Vega (Threat Response Engineer, Trend Micro) states that the cyber criminals behind his attack know every detail as they used a trustable interface regarding the bogus Adobe installer and a convincing strong URL suggesting that this is an actual Adobe-based site, as reported by trendmicro on July 14, 2010.

The Trend Micro security experts have released a warning about the growing black hat search optimization (BHSEO) campaigns, which take advantage of the fake YouTube pages and Flash Player updates to make the users install malware on their systems.

It should be noted that BHSEO has been a commonly used process to spread malware on the Internet in recent times. In this process, a malicious website PageRank is falsely inflated to make them appear on the first pages of search results for keywords matched to recent news events.

Trend Micro has stated that in the latest attacks, the company noticed that the enquiries for links like videos of "Teresa Guidice,"(a reality TV celebrity) "Holly Davidson,"(British actress) and the oil spill of BP initially led to pages like YouTube even before appearing to the fake malware threat warnings. These results are mainly compromised sites which will entice the users to open these infected sites.

The Trend Micro security experts have also noticed a change, where blackhat SEO combines with another famous malware system. In this case, the search results to the thread "Mel Gibson Tapes" get directly connected to the installer of Adobe Flash Player instead of going to pages having malware infection instructions.

Such pages can fool users by making them believe that link attached with the video needs an Adobe Flash Player installation to see it.

After the detailed investigation of this threat, Marco Dela Vega (Threat Response Engineer, Trend Micro) states that the cyber criminals behind his attack know every detail as they used a trustable interface regarding the bogus Adobe installer and a convincing strong URL suggesting that this is an actual Adobe-based site, as reported by trendmicro on July 14, 2010.

Norman Ingal, Threat Response Engineer at Trend Micro, states that with the continuous increase in SEO blackhat attacks, users are recommended that they should be extremely cautious when conducting searches. He further advices that the users should use a full-proof and up-to-date antivirus program on the system.

http://www.spamfighter.com/News-14807-BHSEO-Attacks-Exploit-Fake-YouTube-Pages-Flash-Player-Updates.htm

Back to top


Usage of Social Networking at Workplace Pose Risk

David Perty, Global Director of Education, Trend Micro, states that social networking is a significant tool to establish both professional and personal links. While most of the companies' are concerned over the negative impact of social networking sites on employee output, they forget that many social networking websites are designed on interactive technologies.

Trend Micro researchers have warned that the popular social networking websites like Facebook and Twitter have scattered all over the workplace which results into extreme security hazards.

According to a study conducted by the IT security firm on corporate end users released on 12th July, 2010, the usage of social networking websites at workplace has increased from 19% in 2008 to 24% in 2010. Around 1600 end users were surveyed in countries like the United States, United Kingdom, Germany and Japan.

It should be taken into account that the maximum amount of social networking usage on the corporate network happened in the United Kingdom and Germany. These countries have seen a surge of 6% and 10% respectively.

David Perty, Global Director of Education, Trend Micro, states that social networking is a significant tool to establish both professional and personal links. While most of the companies' are concerned over the negative impact of social networking sites on employee output, they forget that many social networking websites are designed on interactive technologies. These technologies enable cyber criminals to steal users' personal or business information and corrupt the professional networks with malicious codes, as reported by eWeek SECURITY WATCH on 12th July, 2010.

A similar survey was conducted by the security firm Sophos in the first half of 2010 where they had supported the McAfees's report on the hazards of increasing usage of social networking at workplaces resulting into more malware and spamming.

Sophos has mentioned in its report that the company CEOs are getting worried day-by-day about their company's security because of the increasing usage of social networking by their employees. More than 500 companies were surveyed by Sophos and found that around 72% thought social networking was a threat to their companies. 60% said that Facebook posed the maximum security threat and after it there was My Space, Twitter and LinkedIn.

If the companies (who allow their employees use these sites) follow the required security solutions and social networking guidelines, they will not face any kind of risk from social networking. 

http://www.spamfighter.com/News-14809-Usage-of-Social-Networking-at-Workplace-Pose-Risk.htm

Back to top


Citigroup Upgrades Careless iPhone Banking App

First, turn on the device lock. "That's why it's there," admonished Jamz Yaneza, threat research manager at Trend Micro. Second, recognize what content is in your device, and "treat that content as if you were carrying it in your wallet instead of your mobile device. If it's important, don't leave it lying around."

Citigroup (NYSE: C) customers who do mobile banking on an iPhone should head to the Apple (Nasdaq: AAPL) App Store immediately for an upgrade.

A flaw in the Citigroup mobile banking iPhone app released in March 2009 causes personal information to be saved in a hidden file on the mobile device, the banking giant revealed in a letter to customers dated July 20, a day after it released an upgraded application.

Without the upgrade, customers' personal data -- including account numbers, bill payment information and access codes -- is saved on the iPhone. This data also may be saved on customers' computers when synched with their iPhones using iTunes, Citigroup said.

'No Data Breach'
Roughly 117,000 of Citgroup's estimated 800,000 mobile banking customers are believed to have been impacted by the flaw, but the company contends no customers suffered a financial loss because of the glitch.

"We have no reason to believe that our customers' personal information has been accessed or used inappropriately by anyone," Natalie Riper, a Citigroup spokesperson, told MacNewsWorld. "In other words, there has been no data breach."

Even if no Citigroup customers suffered financial harm, this incident highlights the growing need for security  around mobile devices as more users rely on smartphones to do everything from managing email to organizing their finances.

Secure Your Devices
The Citi Mobile app, which ranks 11th in popularity in the Apple App Store's finance category, allows customers to check account balances, transfer funds and pay bills.

If that type of information were saved on an iPhone -- or any other mobile device -- it would be easily accessible to anyone who picked up the device, according to Jamz Yaneza, threat research manager at Trend Micro (Nasdaq: TMIC).

"Any device is a potential target [for people looking to steal personal data] when you consider how much data people store on them these days," Yaneza told MacNewsWorld. "You have banking apps, browsing history, office documents, emails, pictures and notes being stored on mobile devices. That's a treasure trove in the wrong hands."

Read the Fine Print
Keeping data from traveling from your mobile device into the wrong hands requires the same attention to security that users generally give to desktop and laptop computers, Yaneza declared.

"There are many things users can do to protect their mobile devices, and most of them are common sense," he said.

First, turn on the device lock. "That's why it's there," he admonished. Second, recognize what content is in your device, and "treat that content as if you were carrying it in your wallet instead of your mobile device. If it's important, don't leave it lying around."

Finally, be careful about the applications you install, even if they come from trusted sources like your bank, Yaneza advised.

"Before running a banking application, make sure your financial institution guarantees privacy and the same loss protection that comes with traditional online or teller transactions," he said. "Read the application's fine print."

http://www.macnewsworld.com/rsstory/70494.html?wlc=1280260640&wlc=1280331178

Back to top


Microsoft IE8 stops one billion malware attacks

"Out technology works in a similar fashion to the SmartScreen blacklists," Rik Ferguson, senior security advisor for Trend Micro. "But it works across emails, URLs and other malware files because all threats operate on multiple vectors."

Microsoft has revealed its web browser spam filter technology has stopped its one-billionth piece of malware from being downloaded.

Internet Explorer 8's (IE8's) SmartScreen Filter uses URL reputation-based anti-malware technology to warn users if they are visiting web sites hosted by servers known to distribute unsafe content.

 James Pratt, Internet Explorer business and marketing senior product manager, said the milestone was evidence of continued investment in the browser's back-end service since IE8 was released in March 2009.

"Your browser needs to continually enhance and improve its service," noted Pratt in a blog posting. "We have got better and better at blocking malware through the SmartScreen Filter."

Pratt was also quick to point to figures from Net Applications released last week that gave IE8 a total browser market share of nearly 26 per cent.

The last milestone for SmartScreen Filter was announced in August 2009, when Microsoft said 80 million malicious downloads had been blocked.

Rik Ferguson, senior security advisor for Trend Micro, told V3.co.uk that, by comparison, his firm's Smart Protection Network received 45 billion daily requests and blocked 4.3 billion queries a day.

"Out technology works in a similar fashion to the SmartScreen blacklists," he said. "But it works across emails, URLs and other malware files because all threats operate on multiple vectors."

Like Ferguson, senior technology consultant for Sophos Graham Cluley conceded that it was good to see browser software developers like Microsoft and Mozilla add more malware protection in at the back end for users.

"More and more malicious software is distributed via the web," Cluley said. "Technology like the SmartScreen Filter is a good thing because many users don't keep their anti-virus software up-to-date."

But he added it was no substitute for full anti-virus software protection. 

http://www.v3.co.uk/v3/news/2267041/ie8-announces-smartscreen

Back to top


Attackers Abuse Facebook's Translation Application

Perhaps there were possibilities here for criminals to take advantage of by substituting obfuscated URLs for the popular words. Perhaps it is fortunate that the hole has been exposed through a prank in the first instance and not something more nefarious. Any online service, whether it's transaltion or reputation services, which solicits user generated content would be well advised to quality check that content before going live with it," Rik Ferguson, writes.

Pranksters have managed to replace popular Facebook system messages in Turkish with offensive language yesterday. The attack leveraged the power of crowdsourcing to vote the automatic approval of rogue changes.

Facebook provides an application called "Translations" for people to translate the thousands of system messages and alerts into their native language. Through a submission voting system the app also allows the community to improve on the existent translations.

Unfortunately, a group of Turkish pranksters realized that if they could get enough votes to back up a proposed translation, the change would be accepted automatically. Therefore, they asked all members of a forum to help poison popular Facebook messages in Turkish with offensive terms for fun.

"The word 'Like' for example was substituted for another word that rhymes with Luck but begins with an F," Rik Ferguson, a senior security advisor at Trend Micro, who tracked the attack as it was happening, reports. Clearly this change affected a lot of people, including children, since the the "Like" feature is an extremely popular one. Another frequently-encountered system message reading "Your message could not be sent because the user is offline" was modified to include insulting references to the male anatomical parts.

The vote flooding and translation poisoning went on for a while, until Facebook staff caught on to it and reverted all rogue changes. The translation application was also disabled temporarily for multiple languages. It's not yet clear if this decision was prompted by similar attacks performed by other groups who wanted to imitate the Turkish pranksters.

"Perhaps there were possibilities here for criminals to take advantage of by substituting obfuscated URLs for the popular words. Perhaps it is fortunate that the hole has been exposed through a prank in the first instance and not something more nefarious. Any online service, whether it's transaltion or reputation services, which solicits user generated content would be well advised to quality check that content before going live with it," Rik Ferguson, writes.

http://news.softpedia.com/news/Attackers-Abuse-Facebook-s-Translation-Application-149771.shtml

Back to top


Botnet hacker caught in Slovenia

"The thing with the underground economy is that it's full of niche vendors and players, it mirrors legitimate business. There's a lot of competition - it's not unusual to see malware designed to remove other malware, just so that it can take over." -- Rik Ferguson

The FBI described the capture of Iserdo as a "huge break" in the ongoing Mariposa investigation. A computer hacker known as Iserdo has been arrested in Slovenia.

The 23-year-old is believed to have written the program behind the mariposa virus, also known as butterfly.

The botnet, one of the world's largest, was dismantled earlier this year after infecting 12.7 million computers.

It was designed to steal personal financial details and was also found in the PCs of banks and major companies.

Officials from around the world have been working together to capture the criminals behind the massive malware operation.

In December 2009, three people believed to have been running it were arrested in Spain.

"To use an analogy here, as opposed to arresting the guy who broke into your home, we've arrested the guy that gave him the crowbar, the map and the best houses in the neighbourhood," Jeffrey Troy, deputy assistant director for the FBI cyber division told Associated Press.

Botnet background
 
Botnets are malicious computer programs that are downloaded from the internet and install themselves onto a computer without the owner realising.

They can be set to send spam e-mail from the host's machine or to search for information such as credit card details and send them back to their creator. They also send replica programmes to other computers, sometimes via the e-mail of the host.

Security expert Rik Ferguson told the BBC that the mariposa botnet had got out of control.

"They guys behind it said it was more successful than they had intended to be," he said.

"As is the case with most botnets, the more widespread they are the more likely they are to be discovered. They were a victim of their own success."

Mr Ferguson, senior security adviser at Trend Micro, added that while it was not unusual for a botnet to infect hundreds of thousands of computers, one infecting several million was rare.

Nobody has yet been arrested in connection with the Conficker worm, a similar virus which is currently running on 6 million Windows PCs and is believed to peaked at up to 12 million, he said.

While the core group behind a particular botnet is generally quite small, there is a whole industry of people offering "cyber crime services" such as tool kit building and program writing, he added.

"The thing with the underground economy is that it's full of niche vendors and players, it mirrors legitimate business. There's a lot of competition - it's not unusual to see malware designed to remove other malware, just so that it can take over."

http://www.bbc.co.uk/news/technology-10786701

Back to top


Citigroup Upgrades Careless iPhone Banking App

"That's why it's there," admonished Jamz Yaneza, threat research manager at Trend Micro . Second, recognize what content is in your device, and "treat that content as if you were carrying it in your wallet instead of your mobile device. If it's important, don't leave it lying around."

Citigroup (NYSE: C) customers who do mobile banking on an iPhone should head to the Apple (Nasdaq: AAPL) App Store immediately for an upgrade.

A flaw in the Citigroup mobile banking iPhone app released in March 2009 causes personal information to be saved in a hidden file on the mobile device, the banking giant revealed in a letter to customers dated July 20, a day after it released an upgraded application.

Without the upgrade, customers' personal data -- including account numbers, bill payment information and access codes -- is saved on the iPhone. This data also may be saved on customers' computers when synched with their iPhones using iTunes, Citigroup said.

'No Data Breach'
Roughly 117,000 of Citgroup's estimated 800,000 mobile banking customers are believed to have been impacted by the flaw, but the company contends no customers suffered a financial loss because of the glitch.

"We have no reason to believe that our customers' personal information has been accessed or used inappropriately by anyone," Natalie Riper, a Citigroup spokesperson, told MacNewsWorld. "In other words, there has been no data breach."

Even if no Citigroup customers suffered financial harm, this incident highlights the growing need for security  around mobile devices as more users rely on smartphones to do everything from managing email to organizing their finances.

Secure Your Devices
The Citi Mobile app, which ranks 11th in popularity in the Apple App Store's finance category, allows customers to check account balances, transfer funds and pay bills.

If that type of information were saved on an iPhone -- or any other mobile device -- it would be easily accessible to anyone who picked up the device, according to Jamz Yaneza, threat research manager at Trend Micro (Nasdaq: TMIC).

"Any device is a potential target [for people looking to steal personal data] when you consider how much data people store on them these days," Yaneza told MacNewsWorld. "You have banking apps, browsing history, office documents, emails, pictures and notes being stored on mobile devices. That's a treasure trove in the wrong hands."

Read the Fine Print
Keeping data from traveling from your mobile device into the wrong hands requires the same attention to security that users generally give to desktop and laptop computers, Yaneza declared.

"There are many things users can do to protect their mobile devices, and most of them are common sense," he said.

First, turn on the device lock. "That's why it's there," he admonished. Second, recognize what content is in your device, and "treat that content as if you were carrying it in your wallet instead of your mobile device. If it's important, don't leave it lying around."

Finally, be careful about the applications you install, even if they come from trusted sources like your bank, Yaneza advised.

"Before running a banking application, make sure your financial institution guarantees privacy and the same loss protection that comes with traditional online or teller transactions," he said. "Read the application's fine print." 

http://www.ecommercetimes.com/story/Citigroup-Upgrades-Careless-iPhone-Banking-App-70494.html

Back to top


FBI Sting Nabs Botnet Kingpin Who Infected 12M+ Machines

Trend Micro security advisor Rik Ferguson comments, "The guys behind it said it was more successful than they had intended to be.  As is the case with most botnets, the more widespread they are the more likely they are to be discovered. They were a victim of their own success."

For malicious users, botnets represent one of the most lucrative get rich schemes.  The premise is relatively straightforward -- craft a virus that exploits vulnerabilities in the most used operating systems and infect numerous machines.  Once you have a mass of infected computers communicating with your command servers, they can be used as a for-hire army to perform such insidious tasks as mass spam mailing, mass theft of financial information, and denial of service attacks.

The key problem with the scheme is that its easy to spot and frequently is run by just a couple of individuals.  Take down those individuals and you can take down the botnet.  That's exactly the kind of breakthrough the FBI just made in the case of the botnet formed from the mariposa virus, also known as butterfly.

The mariposa virus first was launched in December 2008.  The virus quickly infected computers on half of the Fortune 1,000 companies and at least 40 major banks.

Back in 2009, the FBI and Spanish authorities arrested three individuals in Spain who had been maintaining the virus's botnet, which consisted of 12.7 million infected computers.  Now the FBI have nabbed a hacker in Maribor, Slovenia, named Iserdo, who allegedly wrote the virus.

States Jeffrey Troy, deputy assistant director for the FBI cyber division, "To use an analogy here, as opposed to arresting the guy who broke into your home, we've arrested the guy that gave him the crowbar, the map and the best houses in the neighborhood."

The mariposa botnet was primarily used to steal financial information from the infected victims.  It may have actually been designed for a smaller infection, but inadvertently infected many more machines.  Trend Micro security advisor Rik Ferguson comments, "The guys behind it said it was more successful than they had intended to be.  As is the case with most botnets, the more widespread they are the more likely they are to be discovered. They were a victim of their own success."

Ferguson says that takedown of Mariposa leaves the Conficker botnet as likely the world's largest.  There's an estimated 6M Conficker-infected machines, down from a peak of 12M machines.  While there's many smaller botnets, Conficker may be the last remaining huge botnet whose operators remain at large.

Despite the FBI's success in taking down botnets, Ferguson says the industry supporting botnets is still thriving.  He states, "The thing with the underground economy is that it's full of niche vendors and players, it mirrors legitimate business. There's a lot of competition - it's not unusual to see malware designed to remove other malware, just so that it can take over."

http://www.dailytech.com/FBI+Sting+Nabs+Botnet+Kingpin+Who+Infected+12M+Machines/article19188.htm

Back to top


Is Your Virtual Machine Invisible To the Security Eye?

As Richard Sheng, regional director for Trend Micro's Asia Pacific business, states, "treat your VDI desktop on the same platform as you would your physical laptop."

Virtualization has become a key ingredient in the IT recipe of most companies today. Data centers and enterprises are increasingly turning to some form of virtualization to meet their requirements of scale and operational efficiency.

Desktop or client virtualization lets a company or user segregate physical machines from the desktop ecosystem, and it allows access to the resultant virtualized desktop even from a remote location. Using a virtualized desktop, the user's business is not limited by geographical boundaries. Any device equipped to operate in a virtualized infrastructure can give the user access to all his data and applications, regardless of location.

Although this approach has advantages like remote access, flexibility of operations, and minimal downtime, concern is increasing regarding the security software for a virtualized infrastructure.

A hosted virtual desktop system is not automatically immune from viruses simply because its original ("real") system has protection. The VDI, or virtual desktop infrastructure, faces a mammoth task in being "detected" by security tools like malware protection and anti-virus software. To put it simply, such software tools have not been programmed to seek, locate, and protect VMs (virtual machines). The software protection is programmed to vie for resources only at the network, storage, and CPU levels. In a virtualized system, a single physical server can support several desktops at one time. So, when the software is vying for "attention," it can put huge pressure on the machine.

Performance and operations can thus become lethargic. As Brian Madden of SearchVirtualDesktop.com says, desktop virtualization is more difficult than server virtualization because the user needs to have the same flexibility that a physical machine would provide him. Desktop virtualization also cannot be done with half measures and cannot have restrictions on the types of devices that can support them or even on the amount of work that can be done offline.

The security risks can be exacerbated if the network is improperly managed. Consider a scenario in which a VDI system goes through a previously scheduled scan. By placing an extra load on the CPU, such a scan can slow down the entire network. A client in need of swift operations at that time may be tempted to remove the security systems from their VDI ecosystem. Such a disastrous move will leave that client's desktops vulnerable to all kinds of attacks.

A company also needs to be wise to the different options available for protecting its VDIs. Depending on whether it is operating at the enterprise level or smaller-size-business level, the company can choose virtual-machine-based security software or agent-based desktop virtualization security software.

A pertinent question is where exactly the security software would run in a virtualized network. For instance, would it run on the primary operating system, the guest operating system, or some combination of both? Each of the three solutions has a downside

A company can resort to one simple way of addressing this concern. As Richard Sheng, regional director for Trend Micro's Asia Pacific business, states, "treat your VDI desktop on the same platform as you would your physical laptop." This means that the same security measures and steps, like data backup and management, need to apply to the virtualized desktop, too.

Trend Micro offers wide-ranging desktop virtualization protection technology. The company's latest product is Trend Micro OfficeScan 10.5, which is a "virtual desktop aware" package. This software can also work in association with a virtual desktop infrastructure put into place by Citrix or VMware. It offers management of up to 20,000 physical and virtual desktop endpoints from one console.

As the company's product marketing manager, Joerg Schneider-Simon, states, with the VDI-aware anti-virus package, a company can even "double the number of desktop hosts with no lowering of performance."

Companies like VMware and Citrix are working on security software for virtualized networks as well. Citrix has been working with McAfee on the latter's MOVE-AV which is an anti-virus package built specifically for virtualized surroundings. VMware is confident that the future belongs more to the virtualized desktop rather than the virtualized server, and the company states that a virtualized desktop is even more secure than the conventional personal computer.

http://datacenterjournal.com/index.php?option=com_content&view=article&id=3749:is-your-virtual-machine-invisible-to-the-security-eye&catid=23&Itemid=100128

Back to top


IT industry news: 'Social media users should be more careful'

"Hopefully people are moving more towards that 'trust nobody' point of view, which is pretty much where we've ended up with email," Mr Ferguson said.

Users of social media networks should treat security on those sites with the same attitude towards safeguarding their email accounts, according to Rik Ferguson, senior security advisor at internet content security company Trend Micro.

"Hopefully people are moving more towards that 'trust nobody' point of view, which is pretty much where we've ended up with email," Mr Ferguson said.

His views followed a report by networking provider Cisco, which said social networks remain a target for cybercriminals, with an increasing number of attacks initiated via the medium.

Mr Ferguson recognised, however, that social network users' attitudes are starting to change with many now only making friends with those they already know and limiting access to their profiles.

Users are also becoming more aware of their online identity being "worth money to criminals," Mr Ferguson explained. The expert added that hackers would often steal someone's identity on a networking site and scam money out of their friends without them being aware they are being conned.

http://www.computeach.co.uk/IT-news/IT-Computer-Technology-News/IT-industry-news-Social-media-users-should-be-more-careful/19914137

Back to top


Pharma Spammers Abuse Legit Websites

"We're currently seeing a wave of fake pharma spam emails which do not directly advertise the URL of the fake pharma website in the spam email. Instead, the spam emails advertise URLs which points to HTML pages that are hosted in compromised sites," threat researchers from antivirus vendor Trend Micro, warn.

Security researchers warn that Canadian Pharmacy spammers are abusing legit websites in their latest campaigns. The junk emails link to simple HTML redirect scripts hosted in the root directory of sites that have been compromised.

"We're currently seeing a wave of fake pharma spam emails which do not directly advertise the URL of the fake pharma website in the spam email. Instead, the spam emails advertise URLs which points to HTML pages that are hosted in compromised sites," threat researchers from antivirus vendor Trend Micro, warn.

These rogue pages hosted on legit websites have the purpose of redirecting victims to the final spam landing sites. Two different type of redirectors have been observed so far. One is a META refresh and the other a JavaScript-based redirect.
 
It seems the attackers also upload JPEG images advertising various pills in the root directory of the compromised websites. These images are included and displayed in the junk emails sent to users.

The Trend Micro experts point out that as much as 1,000 new hosts are abused by this new spam campaign on a daily basis. However, since the affected sites don't appear to be using the same type of software, there is probably no common vulnerability being exploited.

The most likely explanation for the compromises are stolen FTP credentials, especially since these are not in short supply on the black market. There are various information stealing trojans that particularly target FTP accounts and Trend Micro reports that such credentials are sold in bulk on underground forums for relatively cheap prices. For example, a set of 300,000 stolen FTP logins can be acquired for as little as $250.

Of course, the same credentials are sold to more than one hackers and that is why the compromised websites usually show signs of multiple infections. In this latest case, the campaign has been tracked back to the notorious Rustock spam botnet.

Webmasters who find this kind of rogue HTML redirect scripts or JPEG images on their webhosting accounts should immediately deleted them and change the password to their FTP accounts. Performing a full system scan with a capable and up-to-date antivirus program on the computers they use regularly, is also strongly encouraged.

http://news.softpedia.com/news/Pharma-Spammers-Abuse-Legit-Websites-149433.shtml

Back to top


Turkish pranksters load Facebook Translate with swears

"Perhaps it is fortunate that the hole has been exposed through a prank in the first instance and not something more nefarious," Ferguson said.

Facebook's attempts to crowdsource translations have gone awry in Turkey.

A group of Turkish pranksters banded together to submit bogus translations so that a Facebook IM error message was rendered in Turkish as "Your message could not be sent because of your tiny penis". The correct version should say the message could not be delivered because the intended recipient was offline.

Miscreants abused the official Facebook Translate interface, a crowdsourcing method for improving the linguistic accuracy of the social network site, to vote up alternative and erroneous translation. The same process was used to subvert the Turkish translation for "like" into "fuck".

The linguistic larks were devised on the Inci Sözlük discussion forum, which sounds like Turkey's answer to 4chan.

Rik Ferguson, a security consultant at Trend Micro, reports that Facebook rolled back the unwanted translations on Wednesday. The Facebook Translate application was offline at around the same time for many languages, although it's unclear if this is related to the hijinks down by the Bosphorus.

It seems that the replacement translations were automatically applied without any human double checking. Ferguson concludes that there are lessons to be learned from Facebook's gaffe for other online services.

"Perhaps it is fortunate that the hole has been exposed through a prank in the first instance and not something more nefarious," Ferguson said.

"Any online service, whether it's translation or reputation services, which solicits user generated content would be well advised to quality check that content before going live with it."

http://www.theregister.co.uk/2010/07/29/facebook_translation_turkey_prank/

Back to top


How to Protect Remote Employees' PCs from Security Threats

 "Unfortunately, a remote staff poses different risks from employees who spend the majority of their time in the office, and compromised data can end up costing business owners a lot more than they would be saving by allowing their employees to work remotely." -- Dal Gemmell, senior global product marketing manager in the Trend Micro Small Business solutions team

No matter the size of your business, technology has blurred the boundaries of the traditional work space location and has made remote working a reality for many employees.

The attitude toward employees working "away from the office" has changed dramatically. A lot of businesses are recognizing the productivity, cost savings and morale benefits to giving their employees more location flexibility. Unfortunately, a remote staff poses different risks from employees who spend the majority of their time in the office, and compromised data can end up costing business owners a lot more than they would be saving by allowing their employees to work remotely.

Security-conscious companies typically invest in protection at their gateway or entrance to their network. Usually it's an appliance or software, which provides not only firewall protection, but also web and e-mail filtering. This is can be the right decision for companies wanting to prevent threats before they can reach the internal networks, but for businesses with employees working remotely it can get a bit trickier. This is because once employees are outside of the company's network, they fall outside the gateway security perimeter and are on their own.

Here are some of the issues that can occur with employees working remotely--and what do to about them:

Less protection equals more vulnerability
Gateway security technologies are not able to provide protection if a computer is not connected to the network. Once out of the network (at a home, coffee shop or library), a computer is essentially relying on whatever software security installed on the PC to protect itself.

Solution: Be sure the employees' notebooks are updated with the most recent software updates. If there is no VPN (a private, secured network that will allow employees to connect to the office from anywhere) connection, then confirm that updates can download directly from the internet. Also, check whether your security solution includes a location-awareness feature. This feature will automatically increase security levels based on the location of the device. The better ones will automatically increase security levels when the PC is out off the office and away from the internal network.

Employees surfing the web
Unless the URL filtering solution is operating on each client PC, employees are free to connect to any website they want. Because more than 90 percent of threats now come from the web and more than half of all employees will view websites unrelated to their work during office hours, this is a concern both for security and productivity reasons.

Solution: When possible, connect the employee back to the office using the VPN. This will allow the PC to benefit from gateway security technologies. If VPN is not available, URL filtering on the employees' PC provides an added layer of security outside the office.

Carelessly connecting to wireless networks
Sometimes the urge to connect to the internet surpasses security concerns. A fake access point, also known as an "Evil Twin," is a rogue Wi-Fi access point that appears to be legitimate. However, it is actually set up by cybercriminals to eavesdrop on wireless communications.

Solution: You can avoid Evil Twins, by staying away from unconfirmed wireless hotspots, and by sticking to secure sites that are verified by companies such as TRUSTe.If this is too difficult to control, consider installing a security solution that checks the safety of wireless networks. This way you don't have to think twice when you're relocating your office to the newest tea house in town.

As a small-business owner, the world is your office, especially with all the technology available to you. That technology is also a great way to save money and increase productivity, but without the proper precautions in place, it can also cost you dearly. A little security goes a long way, so make sure your data doesn't fall into the wrong hands when you--or your employees--take your business on the road.

For more information and to stay updated on the latest threats, check out sites like Wired Safety, Connect Safely or Center for Internet Security.

Dal Gemmell is a senior global product marketing manager in the Trend Micro Small Business solutions team. As a global product marketing manager, he works in partnership with regional leaders to drive sales and marketing efforts. Contact Dal atDal_Gemmell@trendmicro.com.

http://www.entrepreneur.com/microsites/securityresourcecenter/article207650.html

Back to top


Microsoft sets emergency Windows patch for Monday

On Tuesday, Trend Micro reported that the shortcut vector was being used not only by Sality, but also by other malware clans, such as the Zeus botnet-building Trojan.

Microsoft today said it will issue an emergency patch for the critical Windows shortcut bug on Monday, August 2.

The company said it is satisfied with the quality of the "out-of-band" update -- Microsoft's term for a patch that falls outside the usual monthly delivery schedule -- but also acknowledged that it has tracked an upswing in attacks.

"In the past few days, we've seen an increase in attempts to exploit the vulnerability," Christopher Budd, a spokesman for the Microsoft Security Response Center (MSRC), said in a entry to the team's blog. "We firmly believe that releasing the update out of band is the best thing to do to help protect our customers."

Budd said that Microsoft would release the patch on Monday at approximately 1 p.m. ET, 10 a.m. PT.

Two weeks ago, Microsoft confirmed a flaw in how Windows parses shortcut files, the small files displayed by icons on the desktop, on the toolbar and in the Start menu that launch applications and documents when clicked. By crafting malicious shortcuts, hackers could automatically execute malware whenever a user viewed the shortcut or the contents of a folder containing the malevolent shortcut.

The bug was first described in mid-June by VirusBlokAda, a little-known security firm based in Belarus, but attracted widespread attention only after security blogger Brian Krebs reported on it July 15. A day later, Microsoft admitted that attackers were already exploiting the flaw using the "Stuxnet" worm, which targeted Windows PCs that manage large-scale industrial control systems in manufacturing and utility firms.

Exploit code has been widely distributed on the Internet, and Microsoft and others have spotted several attack campaigns based on the bug.

One of those campaigns apparently tipped the scales toward an early patch.

The Microsoft group responsible for crafting malware signatures to defend customers using the company's antivirus products, including the free Security Essentials, said that an especially nasty malware family had added exploits of the unpatched shortcut flaw to its arsenal.

"Sality is a highly virulent strain ... known to infect other files, making full removal after infection challenging, copy itself to removable media, disable security, and then download other malware," wrote Holly Stewart of the Microsoft Malware Protection Center, on the group's blog Friday. "It is also a very large family -- one of the most prevalent families this year. "

Sality's inclusion of the shortcut exploit quickly drove up the number of PCs that have faced attack. "After the inclusion of the [shortcut] vector, the numbers of machines seeing attack attempts combining malicious [shortcuts] and Sality.AT soon surpassed the numbers we saw with Stuxnet," said Stewart.

"We know that it is only a matter of time before more families pick up the technique," she added.

Other security researchers had spotted Sality exploiting the shortcut bug earlier this week. On Tuesday, Trend Micro reported that the shortcut vector was being used not only by Sality, but also by other malware clans, such as the Zeus botnet-building Trojan.

Last week, security researchers had argued over Microsoft's ability to quickly patch the vulnerability, with HD Moore, the chief security officer of Rapid7 and the creator of the well-known Metasploit hacking toolkit, betting that Microsoft would fix the flaw within two weeks. Moore's prediction was nearly on the dot.

All versions of Windows contain the shortcut vulnerability, including the preview of Windows 7 Service Pack 1 (SP1), and the recently retired-from-support Windows XP SP2 and Windows 2000.

http://www.computerworld.com/s/article/9179900/Microsoft_sets_emergency_Windows_patch_for_Monday?taxonomyId=125

Back to top


Movie files run in QuickTime Player trigger malware download

Specifically crafted .mov files trigger the download of malware masquerading as a codec update and an installation file for another player when run in the latest (7.6.6) version of QuickTime Player, TrendLabs reports.

Specifically crafted .mov files trigger the download of malware masquerading as a codec update and an installation file for another player when run in the latest (7.6.6) version of QuickTime Player, TrendLabs reports.

Researcher Marco Dela Vega says that both files pretend containing Salt, the latest Angelina Jolie movie, but that his suspicion was aroused by the unusually small size of the files - small when compared to regular movie files, that is.

Upon running the movie files in QuickTime, the "movie" does not start and the download windows for the malware pop up, asking you to save/run the codec update or the installation file.

Trend Micro is still investigating the matter and it's not yet known if this attack is possible due to a vulnerability or feature of QuickTime. Apple has, of course, been notified of the occurrence.

http://www.net-security.org/malware_news.php?id=1416

Back to top


Best Antivirus 2010 Buyers Guide

ESET and Panda both received an extra point because their installer files were less than 50MB; all others were 75MB+, with Trend Micro the largest at 108MB.

For 2010 we reviewed ten paid antivirus solutions -- today we break the reviews down and show you which one is the best.

Antivirus Software Solutions

The following antivirus products are participating in this review; all are paid-for applications. For free antivirus products, check out our 2010 Free Antivirus Buyers Guide.

McAfee AntiVirus Plus 2010
Webroot Antivirus 2010 With Spy Sweeper
Bitdefender Antivirus 2010
Panda Antivirus Pro 2010
ESET NOD32 Antivirus 4.2
Trend Micro AntiVirus + AntiSpyware 2010
Symantec Norton Antivirus 2010
Kaspersky Anti-Virus 2010
CA Anti-Virus Plus Anti-Spyware 2010
PCTools Spyware Doctor with AntiVirus 2010
How We Test

The antivirus solutions will be objectively and subjectively rated over three categories:

Pro-activeness and Protection
Ease of Use and Install
Performance Impact and Scan Time
Antivirus solutions will be given a rating for each category; higher numbers are better.

Pro-activeness and Protection

This section is the most heavily weighted and focuses on two things:

1. (20 points) How proactive was the antivirus software at detecting the virus files?
2. (7 points) Did the antivirus software successfully protect the system from the virus files?
Solution
 Pro-activeness
 Virus Removal
 TOTAL
 
McAfee AntiVirus Plus 2010
 15
 7
 22
 
Webroot Antivirus 2010 With Spy Sweeper
 20
 7
 27
 
Bitdefender Antivirus 2010
 20
 7
 27
 
Panda Antivirus Pro 2010
 18
 7
 25
 
ESET NOD32 Antivirus 4.2
 20
 7
 27
 
Trend Micro AntiVirus + AntiSpyware 2010
 10
 7
 17
 
Symantec Norton Antivirus 2010
 17
 7
 24
 
Kaspersky AntiVirus 2010
 20
 7
 27
 
CA Anti-Virus Plus Anti-Spyware 2010
 16
 7
 23
 
PCTools Spyware Doctor with AntiVirus
 10
 7
 17
 
Pro-activeness: Webroot, Bitdefender, Kaspersky, and ESET are the stand-outs in Pro-activeness; they successfully detected and blocked the virus files before I initiated the download. Panda and Norton also detected all of the files as threats immediately but did allow them to be downloaded. The files were quarantined and thus inaccessible but should have been removed automatically. Trend Micro and PCTools let all of the files through without warnings; they were only detected after a full system scan.

Virus Removal: All of the antivirus solutions received a full score in the Virus Removal section since they were all able to remove the virus files.

Ease of Install and Use

This section has three parts:

1. (4 points) How streamlined and foolproof was the install process?
2. (6 points) Is the interface user-friendly?
Solution
 Install Process
 Interface
 TOTAL
 
McAfee AntiVirus Plus 2010
 3
 4
 7
 
Webroot Antivirus 2010 With Spy Sweeper
 3
 4
 7
 
Bitdefender Antivirus 2010
 3
 6
 9
 
Panda Antivirus Pro 2010
 4
 4
 8
 
ESET NOD32 Antivirus 4.2
 4
 5
 9
 
Trend Micro AntiVirus + AntiSpyware 2010
 3
 4
 7
 
Symantec Norton Antivirus 2010
 4
 5
 9
 
Kaspersky AntiVirus 2010
 3
 5
 8
 
CA Anti-Virus Plus Anti-Spyware 2010
 3
 3
 6
 
PCTools Spyware Doctor with AntiVirus
 2
 4
 6
 
Install Process: Norton is the only product in this roundup that advertises a quick install and it delivers; the install takes one click and less than one minute. All of the other solutions more or less required the same number of clicks to install.

The install process rating also takes into account the size of the installer file. ESET and Panda both received an extra point because their installer files were less than 50MB; all others were 75MB+, with Trend Micro the largest at 108MB. Not everyone has a fast Internet and the size of the installer file can make a difference.

PCTools received an additional point off since it wanted to install a third-party toolbar with the software.

Interface: All of the interfaces were generally pleasing and I would describe none as hard to use.  ESET, Kaspersky, and Norton received an extra point for having the simplest interfaces. However, Bitdefender takes top honors; it has hands-down the best approach to user interfaces I have seen. The interface can be dynamically switched between beginner, intermediate, and advanced types; all fit the user type extremely well. Clearly a lot of development work went into the interface.

I docked a point from CA Anti-Virus since its interface is a blatant upsell to the more expensive Internet Security suite; only some of the functions are enabled on the basic antivirus suite.

Performance Impact and Scan Time

There are two parts to this section:

1. (6 points) System performance impact measured with Futuremark's PCMark benchmark suite
2. (4 points) Time it took to complete a full scan of our test system's hard drive
Solution
 Performance Impact
 Scan Time
 TOTAL
 
McAfee AntiVirus Plus 2010
 5
 4
 9
 
Webroot Antivirus 2010 With Spy Sweeper
 4
 4
 9
 
Bitdefender Antivirus 2010
 4
 4
 8
 
Panda Antivirus Pro 2010
 6
 3
 9
 
ESET NOD32 Antivirus 4.2
 6
 4
 10
 
Trend Micro AntiVirus + AntiSpyware 2010
 6
 3
 9
 
Symantec Norton Antivirus 2010
 6
 4
 10
 
Kaspersky AntiVirus 2010
 6
 3
 9
 
CA Anti-Virus Plus Anti-Spyware 2010
 6
 1
 7
 
PCTools Spyware Doctor with AntiVirus
 4
 4
 8
 
Performance Impact: Antivirus suites that had a five percent or less impact on our system's performance received full credit and one point was taken off for every five percent over that. The majority of suites did well; Trend Micro actually had the smallest performance impact followed by ESET, Kaspersky, and CA Anti-Virus.

Webroot received an additional point off because the test system actually felt a bit slower with it installed, which I did not see from other antivirus suites. Bitdefender and PCTools showed the largest performance decreases to the tune of 12 and 15 percent, respectively.

Scan Time: Most suites received four points for scanning the test system in under an hour; Panda and Trend Micro came in just over an hour at 1:20 and 1:05, respectively. CA Anti-Virus took over five hours to scan so it only receives one point; and yes, I ran the test several times.

Conclusion

Solution
 Pro-activeness and Protection
 Ease of Install and Use
 Performance Impact and Scan Time
 GRAND TOTAL
 
McAfee AntiVirus Plus 2010
 22
 7
 9
 38
 
Webroot Antivirus 2010 With Spy Sweeper
 27
 7
 9
 43
 
Bitdefender Antivirus 2010
 27
 9
 8
 44
 
Panda Antivirus Pro 2010
 25
 8
 9
 42
 
ESET NOD32 Antivirus 4.2
 27
 9
 10
 46
 
Trend Micro AntiVirus + AntiSpyware 2010
 17
 7
 9
 33
 
Symantec Norton Antivirus 2010
 24
 9
 10
 43
 
Kaspersky AntiVirus 2010
 27
 8
 9
 44
 
CA Anti-Virus Plus Anti-Spyware 2010
 23
 6
 7
 36
 
PCTools Spyware Doctor with AntiVirus
 17
 6
 8
 31
 
And the best antivirus software we review in 2010 was: ESET NOD32 Antivirus

ESET took our top spot for several reasons. Highlights include a polished and simple interface, a high level of pro-activeness, and a very small impact on system performance. It also had the fastest scan time and the smallest installer file.

Bitdefender and Kaspersky tie for second. Bitdefender had the best-designed interface and was proactive but lost points for a higher-than-average performance impact. Kaspersky is a fantastic all-around suite and just missed beating ESET because of its slightly longer scan time and larger installer file.

Finally, Webroot and Norton were just one point off of second place and tied for third.

While some of the products rated higher than others, remember that all ten individually received my recommendation and passed the testing process.

http://www.notebookreview.com/default.asp?newsID=5775&review=Best+Antivirus+2010+Buyers+Guide

Back to top


Can Google Solve the Cloud Security Problem for Enterprises?

Other companies, such as Trend Micro, are working on creating ways for enterprises to encrypt data before places it in cloud service providers hands - but it's not clear that a solution like that would work well in conjunction with Google Apps.

Last week we wrote about Google's long term strategy to win over enterprise customers. But MarketWatch reported Friday on a short-term setback for Google enterprise ambitions: the company missed the deadline to deploy Google Apps to Los Angeles municipal employees. The delay revolves around security, that ever-present cloud computing concern. In response, Google announced Google Apps for Government today. Will Google be able to assuage enterprise concerns over cloud security?

Google's trouble in LA began when the Los Angles Police Department complained that Google had not demonstrated compliance with security requirements such as segregation of City of Los Angles data from other data maintained by Google and background checks for Google employees with access to city data. Google and its implementation partner Computer Sciences Corp agreed to pay the costs of the delay, which could be up to $415,000. But the greater concern for both Google, and the cloud computing business writ large, is the damage the delays could do to government and enterprise adoption of cloud computing services. Hence: Google Apps for Government.

Google has acquired Federal Information Security Management Act certification will segregate government data on servers located in the US. Google Apps also rolled out a couple additional security features recently: user policy management and mobile security policies. The new security features could be connected to Google's ongoing difficulties in LA.

Google seems confident that its new service will win over government contracts, and satisfy the City of Los Angles's requirements. CNET reports Google's enterprise president Dave Girouard as saying "We'd love to rolled out to [sic] 50 smaller cities ahead of LA...but in the end, LA will be a great success for the city, and for Google." But first Los Angles Police Department will have to sign off on Google Apps for Government.

The real test, however, for Google Apps for Government, is whether it can win the contract to provide cloud based e-mail for the General Services Administration - the same agency that issued Google its FISMA certification. The Wall Street Journal reported today that Microsoft and Google are locked in a bidding war for the contract. According to the Wall Street Journal, over 90% of federal government uses Microsoft Exchange, so landing the GSA would be a big win for Google.

There's no word yet on whether Google will offer data segregation services to private enterprises as well, but those types of assurances would probably go a long way towards improving trust in cloud computing. Other companies, such as Trend Micro, are working on creating ways for enterprises to encrypt data before places it in cloud service providers hands - but it's not clear that a solution like that would work well in conjunction with Google Apps.

Many enterprises wanting to take advantage of virtualization and web-based productivity applications have opted for on-premise "private cloud" solutions. That's the approach Google and Microsoft's lesser known rival Zoho has offered for some large clients such as GE. However, Zoho's Raju Vegesnatold told us by e-mail:

We believe cloud applications will go bottom up - this means, smaller companies will adopt cloud apps first and eventually move to the enterprise. This is going to be an evolution/transition and is going to take some time. While this happens, the applications, security, confidence etc will evolve and improve. Note that Salesforce.com has been selling CRM for 10 years now (started with SMBs too), but only recently it is being adopted at the enterprise level.

Vegesnatold may be right: according to report released last week by SPI Research, 46% of professional services providers now prefer SaaS solutions to on-premise solutions - up six percent from a survey conducted just six months before. For the time being, SMBs will lead the way for cloud computing. But as security assurances improves, or fiscal realities necessitate, the enterprise will follow into the cloud.

http://www.readwriteweb.com/enterprise/2010/07/google-apps-cloud-security.php

Back to top


Good security practices for online banking

Third, get the best security software available. Currently the agreement seems to be about Kapersky and Trend Micro. The best security software will have automatic updates.

Once a customer starts in with online banking, it seems to become a necessity. The convenience of being able to check balances, transfer funds, or to pay bills from home and at any time of day or night is just too compelling a reason to continue with banking from the home computer.

Many are using their mobile devices to do their banking while away from home and this is adding a new element to convenience. There is a battle between those who think that no one will be hacking into the wirelessoperating systems or de-encrypting transmissions, and those who anticipate hacking happening at some time in the future. It is important then to know and to use the security, disabling and other features of the device in order to gain the maximum protection of any banking passwords, history and accessibility.

But convenience in any mobile or on line banking comes with risks and with responsibilities if the bank accounts are to remain secure and less vulnerable to looting!

The first tip is to create the most difficult and unique passwords for each of the online banking and finance accounts. This means that at least 9 characters, with a combination of letters and numbers is called for. Also, the letters should be a combination of upper and lower case.  Also, the passwords should be changed from time to time. Of course, this means keeping a handwritten record of these complicated passwords somewhere, especially if there are multiple accounts, but it is worth it to keep the hackers from figuring out how to gain access to your bank and financial accounts.

The second tip is to be extremely careful not to use public computers anywhere for banking transactions. These computers can easily contain software that will capture your keystrokes and allow thieves to reconstruct your password and other transactions.

Third, get the best security software available. Currently the agreement seems to be about Kapersky and Trend Micro. The best security software will have automatic updates. Do not ignore or cancel the updates! They have arrived for a reason, that reason being the determination, persistence and creativity of those who are after an easy payday of looting through your computer for your identity information and helping themselves to your cash!

It  helps to clear cookies, spyware, adware and the cache before and after you do banking from the home computer or mobile device. All of those sites that you visited do not have the right to know where it is that you do your online banking! This information, once sold to anyone who can afford it, may be the key to the targeted spoof and other fake e-mails that appear to be from your bank, but which really direct you to a hack site that prompts you to give up a password and other information.

While none of the tips and tricks available provide total assurance that your computer will not be hacked or that you will not be prey to the most determined of campaigns, but they will help to develop unique disciplines and randomized controls that are hard to get past.

In summary, as we expect to not have the rest of the customers crowding in and peeking over our shoulders during our real world bank visits, it is important to keep the web people, businesses and criminals from doing the same. Patience, caution and even a bit of paranoia is the best way to approach the practice of banking online and via our wireless devices.

http://www.helium.com/items/1901211-good-security-practices-for-online-banking

Back to top


LNK Vulnerability Exploited by More Families of Malware

Now, Trend Micro and F-Secure both warn that hackers behind Sality, a family of file infectors, have adopted the LNK exploit and are using it to spread a variant of the notorious polymorphic viruses.

Antivirus companies are warning that virus writers are slowly adopting the exploit targeting the currently unpatched Windows LNK vulnerability in their creations. New families of malware to leverage this flaw in order to propagate and infect systems are Chmine, Vobfus, Sality and ZeuS.

The new Windows shortcut processing bug, which allows attackers to execute potentially malicious code by tricking users into simply opening a folder containing malformed LNK files, is one of the most serious vulnerabilities to be discovered this year. Since it is more of a design flaw than an actual bug, which has been around since as far back as Windows 2000, if not longer, Microsoft is expected to have quite a bit of trouble in coming up with a patch that doesn't hinder important functionality.

Given the flaw's broad attack surface, security researchers and antivirus vendors predicted that it won't be long until malware writers integrate the exploit into the threats they develop – and they were right. ESET started by reporting last Thursday that a new keylogger, which has since been dubbed Chymine is exploting the LNK flaw to infect computers.

Just a day later, Microsoft announced that another malware family called Vobfus, which has historically been abusing shortcut files to perform social engineering attacks, is now leveraging the LNK vulnerability to execute automatically. Now, Trend Micro and F-Secure both warn that hackers behind Sality, a family of file infectors, have adopted the LNK exploit and are using it to spread a variant of the notorious polymorphic viruses.

And finally there's ZeuS, otherwise known as Zbot, a information stealing computer trojans commonly used by fraudsters to steal money from their victims' compromised accounts. Zbot usually spreads through email spam and this latest variant is not different in that respect.

"Zeus is a challenging threat to combat, and not many vendors detected this variant yet. We're adding detection now. Fortunately, the exploit used is detected by many and the entire thing relies on socially engineering its victim into opening a password protected zip file and copying the lol.dll to the root of the C: since the path must be known in order for the exploit to work. We don't really expect great success for this particular variant of Zeus," F-Secure security researchers, note.

http://news.softpedia.com/news/LNK-Vulnerability-Exploited-by-More-Families-of-Malware-149331.shtml

Back to top


Peer-to-Peer Security

Several vendors including Blue Coat, Cisco, and Trend Micro already have hybrid cloud offerings that could serve as the foundation for my peer-to-peer model.

Traditional security solutions are sort of like client/server computing. Security vendors take the role of the server, hosting the master software, adding new anti-malware signatures, and distributing them to all of the clients.

This model was adequate in the past but it is no longer good enough. Why? Malware volume stresses the system and all too common zero-day attacks have free and clear access to sitting duck systems.

Coping with the new threat landscape means embracing a new security model. First, we have to assume that an unknown file, URL, or IP address is malicious. That said, we can't simply deny access, rather we need to analyze the suspicious content in real-time and then make the appropriate access decision (i.e. allow access, deny access, quarantine, send content to a honeypot, etc.).

This new model depends upon a community of users and security devinces/software acting as a neighborhood watch and sharing information with security vendors in real-time. Some people call this a "hybrid cloud" model to capitalize on the buzz around cloud computing.

Hybrid clouds are fine for now, but I foresee a future evolution to a peer-to-peer security model. With hybrid clouds, security devices/software still engage in a conversation with only one entity -- the security vendor's cloud infrastructure. In peer-to-peer security, security devices/software will engage in conversations with other security devices/software from multiple entities -- security vendors, ISACs, government sources, academic institutions, etc. These conversations will issue warnings, blacklist threats, analyze content, compare notes, exchange data, etc.

Several vendors including Blue Coat, Cisco, and Trend Micro already have hybrid cloud offerings that could serve as the foundation for my peer-to-peer model. A bit of vendor cooperation, government incentives, or user demand could lead to further developments in APIs, secure protocols, data standards, etc.

Cybercriminals constantly exploit our security weaknesses and lack of coordination. This has been a winning formula thus far to the tune of $ billions of dollars in identity theft and data breaches. To overcome these tactics we need to use our technology assets more effectively. This is precisely what peer-to-peer security can do.

The Network Effect (or Metcalf's Law) states that the value of a network is proportional to the number of connections. In my opinion, peer-to-peer security leverages the power of the Network Effect for the good guys. 

http://www.networkworld.com/community/node/64183

Back to top


Power 100: The Most Powerful Women Of The Channel (Part 2)

Lozano oversaw the alignment between marketing and sales and highlights the launch of Worry-Free Business Security Services. She will recruit new partners, support existing ones.

Jean Lozano

Senior Director of U.S. Marketing, Trend Micro
Years At Current Position: 5
Years In Channel: 11


Lozano oversaw the alignment between marketing and sales and highlights the launch of Worry-Free Business Security Services. She will recruit new partners, support existing ones. 

http://www.crn.com/it-channel/226100094;jsessionid=LF4I5KCON42PFQE1GHPSKH4ATMY32JVN?pgno=19

Back to top


Removing Virus Could Harm Power Grid Operations Firm Warns

The firm is distributing Sysclean, a product made by Trend Micro.

Siemens, a German-based engineering company, has made a program available to its customers that can detect and remove malware infecting its software which is used to control power grids, factories and oil refineries. However, the firm warned that disinfecting the system could interfere with sensitive operations.

The firm is distributing Sysclean, a product made by Trend Micro.

"As each plant is individually configured, we cannot rule out the possibility that removing the virus may affect your plant in some way," Siemens warned.

The company also advised clients to keep all anti-virus software updated because "There are currently some new derivative versions of the original virus around."

The virus appears to spread through infected USB drives.

http://www.thenewnewinternet.com/2010/07/23/removing-virus-could-harm-power-grid-operations-firm-warns/

Back to top


VMware previews new vShield security features

Currently, Trend Micro is the only partner that supports the near-agentless approach.

VMware recently previewed three new security features that may prove especially compelling for large shops with complex security requirements.

Two of the features, vShield Edge and vShield App, strive to reduce "firewall choke points" and "VLAN sprawl" and to identify mobile virtual machines' level of security, according to Rob Randell, a VMware security specialist systems engineer. The goal of these features is to eliminate the burdens associated with identifying and addressing security concerns in a dispersed virtual environment.

The first two features went into public beta on July 15 and were previewed at the New England regional VMware User Group (VMUG) meeting in Brunswick, Maine last week. A third feature, the concept for "near-agentless antivirus" protection of virtual machines, was also demoed. (More information on the beta program is available on the VMware website.)

vShield Edge 1.0
The new vShield Edge feature is designed to augment the existing capabilities of VMware's vShield Zones, which introduced the concept of a virtual firewall.

But vShield Zones are intended to serve as firewalls on internal networks rather than at the "edge" of a virtual data center. While not intended to replace firewall hardware at the physical edge, vShield Edge 1.0 -- by supporting routing and leveraging VMsafe's application programming interfaces (APIs) -- will introduce the routing virtual firewall, Randall said.

This means vShield Edge could be used to more securely containerize virtual data centers among business units in a large enterprise, or among customers of a cloud service provider. The changes in vShield Edge are also part of ongoing work to extend the Layer 2 domain for workload federation and portability to the cloud. Meanwhile, the support for VMsafe APIs will allow logical zoning down to the virtual network interface card (vNIC) level, according to Randall's presentation.

The vShield Edge approach could help avoid "VLAN sprawl" while retaining isolation of applications, and VMUG attendees said that they could envision eliminating physically separate clusters for apps that fall under regulatory audits using this feature. But that remains a possibility rather than a certainty. When questioned by attendees about how such an approach would go over with auditors, Randell said VMware should have "more specific guidance" later this year.

vShield App 1.0
VShield App offers cross-host isolation and container-based rules at the application level according to user-defined security zones (e.g., applications contained in the group "Web Servers"). It could then be specified that Web Servers can't communicate with certain other machines, such as those regulated by PCI or that they have to go through a certain port to access more sensitive applications.

This would also be an alternative to creating a separate "Web Server" VLAN, further alleviating VLAN sprawl. REST-based client APIs will also be available for third-party enforcement tools. Rules follow migrating virtual machines, through the use of flow monitoring that analyzes inter-VM traffic, according to the beta website.

Near-agentless antivirus
Another feature that drew attendees' attention was a preview of a "near-agentless antivirus" feature, which is also due out in the second half of this year. Randell said that VMware partner Trend Micro had already demoed its version of the approach to antivirus scanning at the RSA Security conference this year, and that more demos will be available at VMworld 2010.

Currently, many antivirus programs running on virtual machines require an application agent within each guest, a holdover from the physical world. The presence of these agents can slow performance, particularly when scheduled activities kick off on several guests simultaneously, which is known as an "AV storm."

With the near-agentless approach, VMware would introduce a VMware Consolidated Backup-like proxy virtual appliance to centralize antivirus services, including on-access and on-demand file scanning, away from production clusters. Antivirus programs also typically scan only portions of files for virus activity, and VMware has developed a method for sending only portions of these files over the wire to the virtual appliance to cut down on network bottlenecks. What had been a separate software agent running in each guest will now become a lighter-weight driver within the VMware kernel.

Currently, Trend Micro is the only partner that supports the near-agentless approach. Several attendees asked Randell whether McAfee had a near-agentless integration in the works. Randell indicated that VMware is in talks with both McAfee Inc. and Symantec Corp. but advised users, "If you're a McAfee or Symantec customer, hammer them [to support this]."

Users ponder vShield App, vShield Edge
For some users, the most exciting security feature is this approach to antivirus. "Not to have to pay for a license for every single one of my servers and to get rid of the additional overhead would be pretty impressive," said Brad Blake, Boston Medical Center's CTO.

Blake said he hadn't yet looked into the new vShield products but was intrigued, given the large number of security policies and regulations his organization has to follow, and the difficulty of balancing ease of access with security requirements. "We don't have the ability today, for example, to really segment off systems because our users need access to our data center VLANs in order to run some applications. It seems like this would potentially allow us to put up those security gates, but not doing it in the traditional manner of having to separate out VLANs and firewalls and all of the overhead that has to be managed with that."

VMUG attendee Eric Wallace, systems administrator at a 75-employee financial services firm in the Northeast, noted that the features require an Enterprise Plus license, which is too rich for his organization's blood. But Wallace said that previously he'd worked for larger organizations, including L.L. Bean, where "it was a real challenge figuring out how to tear up the network. I can see how in a big environment it would be very helpful to look at all the security settings in one place."

http://searchservervirtualization.techtarget.com/news/article/0,289142,sid94_gci1517269,00.html

Back to top


9 security suites: maximum protection, minimum fuss

Trend Micro has an interesting and useful product. The Wi-Fi adviser can be a handy feature for people who work in unsecured locations such as Internet cafes, and the ability to control device access such as USB connectivity is a good feature to prevent unauthorized individuals from copying information from an unattended PC.

Back to top


ANALYSIS: Head in the clouds – how secure is the new IT?

Current intrusion detection and prevention systems can't track malicious activity in communications between virtual machines; Trend Micro has a product to address this concern.

Bring up the subject of cloud computing at any boardroom discussion and you can be sure the topic of security follows quickly behind. The reasons are understandable; to many people, giving a company's IT infrastructure to a cloud provider puts data physically out of sight and, some believe, out of control, too.

No doubt there's an element of perception at work here, but the fires of this particular debate seldom need much stoking. To pick the most recent example, the City of Los Angeles has delayed the adoption of Google's cloud-based email and productivity tools. The US$7.25m project would have involved migrating more than 30,000 city employees to the new infrastructure. Now it's nine months behind schedule and security concerns are being given as the reason.

In particular, the LAPD's stringent data protection requirements have helped to stall the move, as it's not convinced Google's security controls are sufficient.

This is not an isolated incident. A recent survey of 500 IT decision makers, conducted for Mimecast, found 74pc saying a trade-off between cost and security exists, while 62pc said storing data on servers located outside the company always carries a risk.

Mimecast CEO Peter Bauer called cloud security issues "myths". At the same time, there is no shortage of people ready to declare the future lies in the clouds. Another survey, this time by Savvis, polled 600 IT and business executives and it found 96pc of people are confident that cloud computing is ready for business use. What's more, 68pc said this 'elastic IT' would help their businesses recover from the recession.

Security issue at cloud computing conference
A cloud computing conference organised by Calyx earlier this summer saw the subject taken apart in great depth and security issues were never far from the agenda.

Conor Flynn, technical director of the information security firm Rits, acknowledged the perceived loss of control. "You can't see the servers and someone else can," he said. "Security, privacy and compliance are preventing widespread adoption. People have all these questions and service providers are still coming up with the answers."

John Ryan, general manager of Calyx Security, summed up the issue around cloud computing as a move from infrastructure security – that is, protecting the hardware – to data security.

Taking virtualisation as a first step on the road to cloud computing, Check Point's channel manager Andy Clark said security remains a concern even at that stage. "Security isn't the reason you virtualise but we do need to consider it," he said.

Clark acknowledged the "visibility gap" – the fact that servers don't physically exist can mean it's hard to keep track of them and server sprawl is a possible outcome. "That's a potential risk if you don't patch virtualised servers they could be compromised and could lead to a vulnerability across your virtualised network," he said.

"Without security, information can pass from one virtualised server to another with no check on them." One option is to implement controls where packets are inspected before passing from one virtualised machine to another, he suggested.

Service providers, vendors address security concerns
Service providers as well as vendors are upping their game in the face of security concerns. Google has worked to overcome the risk raised by LA by formally releasing a version of its applications specifically for the government sector. It was the result of a year's work behind the scenes, reviewing some 200 security controls.

Now, according to the company's blog, Google Apps is "the first suite of cloud computing applications to receive Federal Information Security Management Act (FISMA) certification and accreditation from the US government."

Other providers like Salesforce.com seek to reassure customers by regularly publishing performance statistics on their websites. Senior company figures point out that several leading banks have extensively vetted the company's controls to satisfy themselves that the security comes up to scratch.

Just like low-cost airlines stand or fall by their safety record, cloud providers have to invest heavily in security because their business model relies on eliminating the risk of data breaches. "In one respect, the cloud is more secure because companies investing in cloud infrastructure are putting more into security than any one enterprise could. In essence, a cloud provider's business is dependent on keeping your information secure," said Ryan.

However, he cautioned that transparency is not yet industry-wide and the openness differs from one provider to another. Some vendors don't disclose where their data centres are located and while some will allow internal audits under certain circumstances, others will only reveal what region a customer's data is stored in. "You might have part of your data in a European data centre and another part in an Asian data centre," said Ryan.

"In some perverse way, that's actually more secure in many respects, because if the data centre is hacked, they won't get all of your data, but from the point of view of compliance and data protection, and knowing where your data is and what regulations it comes under, you're completely stumped," he said.

"As the cloud becomes more pervasive, there's going to have to be a lot of work done by the service providers to assure you as a user that your data is secure, is held in the right locations and is coming under the appropriate data protection laws."

Regulatory requirements and moving to the cloud
A white paper from Enisa, the European Network and Information Security Agency, has also raised the problem of possibly failing to meet regulatory requirements by moving to the cloud. Being unable to audit the provider would probably breach compliance rules, the agency said.

Ryan urged businesses to familiarise themselves with the risks before moving to the cloud, to create compliance plans and to look closely at service level agreements and contracts with providers. "It means you have to become more of an auditor than a technologist," said Ryan, who added: "It's best to get security in early rather than trying to retrofit it later."

Software vendors are also chipping in with offerings. Current intrusion detection and prevention systems can't track malicious activity in communications between virtual machines; Trend Micro has a product to address this concern.

The conference didn't succumb to the kind of hard sell that often accompanies these kinds of events. There was a healthy scepticism among many of the speakers about the extent of security threats and whether some virtualistion and cloud security products are, in the words of one delegate, "a solution for a problem that doesn't exist".

Some concerns may be real and others perceived, but many are sure to recede over time. All speakers at the event challenged the IT sector's conventional wisdom that cloud adoption is close to a tipping point on the way to going mainstream. Jimmy Kehoe, then of VMware, now of reseller Datapac, summed up the sentiments neatly: "You're not just going to take everything and shift it to the cloud. It's going to be gradual." At least that should give security professionals plenty of time to prepare.

http://www.siliconrepublic.com/news/item/17202-analysis-head-in-the/

Back to top


BitDefender Offers Partners 100% Margins on Antivirus

Kaspersky Lab is dueling with Trend Micro to assume third place in the market leadership triad. Companies such as Panda Security, ESET, AVG and Sunbelt are looking to the channel to increase their market share and sales.

There's no shortage of antivirus vendors nowadays, but that's not stopping BitDefender from trying to expand its tiny slice of the North America market with a new channel program. To entice existing partners and attract new resellers to its ranks, the Romanian company is offering solution providers 100 percent margin on the first sale of their antivirus platform.

BitDefender, widely regarded as a good security technology, has sold its products in the North American market for the better part of the last decade. Like other tertiary security vendors coming out of Europe, it's hasn't had much success breaking into the U.S. against entrenched market leaders Symantec and McAfee.

The new channel program announced July 26 promises solution providers the best margins, technical support and sales incentives in the security industry. The total package is nothing less than an attempt to get solution providers to build dedicated practices around BitDefender.

"We're excited to offer a complete program to partners that will aggressively reward them as they help us grow. As BitDefender matures, we're moving from direct sales to working with channel partners, expanding our customer base and entering new markets. We're excited to work with the channel community and new partners to offer the best security software to their customers," said Keith Alston, BitDefender's North America channel sales director, in a statement.

Frankly, the BitDefender program has just about everything you'd expect on the channel-program checklist--a three-tier rating system (gold, silver and bronze); partner sales and technical training programs; pre- and post-sales support; marketing materials and sales planning; and an aggressive lead-generation program. No real surprises there.

Margins are what make the BitDefender program different. The company doesn't get specific in what margins are (no vendor really does), but it does make the claim that solution providers selling BitDefender make $10,000 more per $100,000 of software sold than they can with competitive vendors. It's an interesting claim, considering that the average sale price of BitDefender software is lower than that of competitive offerings. That means solution providers have to sell more units to get to that $100,000 mark. That's not a knock, just a reality. The math still works in BitDefender's favor, since even with lower ASPs, solution providers likely attain a better margin than with larger competitors.

Another, albeit minor, differentiator for BitDefender is the "5 to 1 lead generation program." How this program is a benefit is a bit of a mystery. The company provided this statement to explain how it works: ""BitDefender works closely with partners to provide them with leads generated through various marketing programs such as online advertising, e-mail marketing, [search engine marketing], [search engine optimization] and others. As we provide leads, our partners also work in generating demand for our products. Partners in the BitDefender program self-generate at least one lead per every five leads BitDefender provides."

BitDefender joins a large chorus of antivirus and security software vendors looking to undercut Symantec and McAfee's dominant market share. Analysts' reports show Symantec's antivirus market share is slipping, as competitors--particularly McAfee--are winning over customers in competitive engagements. Kaspersky Lab is dueling with Trend Micro to assume third place in the market leadership triad. Companies such as Panda Security, ESET, AVG and Sunbelt are looking to the channel to increase their market share and sales. And not to be left out of the party, Microsoft released its new version of its Security Essentials application, which has 22 million consumer users and an increasing number of small business installations.

Many of the smaller security companies are winning partners and customers, and growing revenue. However, they report that growth isn't as robust as they'd like and that they're not growing fast enough to make a difference in market presence. BitDefender may have built a world-class channel program; the question is whether it will find a seam to break through the market share barriers where others have stalled.

http://blogs.channelinsider.com/secure_channel/content/security_business/bitdefender_offers_partners_100_margins_on_antivirus.html

Back to top


Japanese Stocks Rise, Buoying Topix for Fourth Day; Canon Gains

Trend Micro Inc., a software developer that earns about 60 percent of its revenue overseas, climbed 3.4 percent.

Japanese stocks rose, sending the Topix index higher for the fourth consecutive day, after Canon Inc. reported increased profit and the yen traded near a two- month low against the euro.

Canon, the world's largest camera maker, surged 4 percent. Sony Corp., an electronics maker that gets about 70 percent of sales abroad, jumped 2.6 percent after JPMorgan Chase & Co. boosted its investment rating. Trend Micro Inc., a software developer that earns about 60 percent of its revenue overseas, climbed 3.4 percent.

The Nikkei 225 Stock Average rose 1.5 percent to 9,637.83 as of 9:12 a.m. in Tokyo. The broader Topix advanced 1.3 percent to 856.98.

"Overall, corporate earnings are improving and expectations for strong earnings will likely increase," said Hiroichi Nishi, an equities manager in Tokyo at Nikko Cordial Securities Inc.

Futures on the Standard & Poor's 500 Index dropped 0.1 percent. In New York yesterday, the index slipped less than 0.1 percent as retailers such as Amazon.com Inc. and Lowe's Cos. Inc. slid after consumer confidence retreated to a five-month low.

The Topix has declined 5.6 percent in 2010, compared with a 0.1 percent drop by the S&P 500 and a 1.7 percent gain by the Stoxx Europe 600 Index. Stocks in the Japanese benchmark are valued at 16.6 times estimated earnings, compared with 13.5 times for the S&P and 12 times for the Stoxx.

The yen depreciated to as low as 87.98 against the dollar today in Tokyo compared with 86.98 at the close of stock trading yesterday. Against the euro, it weakened to 114.42 from 113.17. A weaker yen boosts the value of overseas income at Japanese companies when repatriated.

http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2010/07/28/bloomberg1376-L68RCB0UQVI901-67A5EO4MA43AVSLLNPCF562ON1.DTL

Back to top


VMware shows off vShield security enhancements

Currently, Trend Micro is the only partner that supports the near-agentless approach.

VMware recently previewed three new security features that may prove especially compelling for large shops with complex security requirements.

Two of the features, vShield Edge and vShield App, strive to reduce "firewall choke points" and "VLAN sprawl" and to identify mobile virtual machines' level of security, according to Rob Randell, a VMware security specialist systems engineer. The goal of these features is to eliminate the burdens associated with identifying and addressing security concerns in a dispersed virtual environment.

The first two features went into public beta on July 15 and were previewed at the New England regional VMware User Group (VMUG) meeting in Brunswick, Maine last week. A third feature, the concept for "near-agentless antivirus" protection of virtual machines, was also demoed. (More information on the beta program is available on the VMware website.)

vShield Edge 1.0
The new vShield Edge feature is designed to augment the existing capabilities of VMware's vShield Zones, which introduced the concept of a virtual firewall.

But vShield Zones are intended to serve as firewalls on internal networks rather than at the "edge" of a virtual data center. While not intended to replace firewall hardware at the physical edge, vShield Edge 1.0 -- by supporting routing and leveraging VMsafe's application programming interfaces (APIs) -- will introduce the routing virtual firewall, Randall said.

This means vShield Edge could be used to more securely containerize virtual data centers among business units in a large enterprise, or among customers of a cloud service provider. The changes in vShield Edge are also part of ongoing work to extend the Layer 2 domain for workload federation and portability to the cloud. Meanwhile, the support for VMsafe APIs will allow logical zoning down to the virtual network interface card (vNIC) level, according to Randall's presentation.

The vShield Edge approach could help avoid "VLAN sprawl" while retaining isolation of applications, and VMUG attendees said that they could envision eliminating physically separate clusters for apps that fall under regulatory audits using this feature. But that remains a possibility rather than a certainty. When questioned by attendees about how such an approach would go over with auditors, Randell said VMware should have "more specific guidance" later this year.

vShield App 1.0
VShield App offers cross-host isolation and container-based rules at the application level according to user-defined security zones (e.g., applications contained in the group "Web Servers"). It could then be specified that Web Servers can't communicate with certain other machines, such as those regulated by PCI or that they have to go through a certain port to access more sensitive applications.

This would also be an alternative to creating a separate "Web Server" VLAN, further alleviating VLAN sprawl. REST-based client APIs will also be available for third-party enforcement tools. Rules follow migrating virtual machines, through the use of flow monitoring that analyzes inter-VM traffic, according to the beta website.

Near-agentless antivirus
Another feature that drew attendees' attention was a preview of a "near-agentless antivirus" feature, which is also due out in the second half of this year. Randell said that VMware partner Trend Micro had already demoed its version of the approach to antivirus scanning at the RSA Security conference this year, and that more demos will be available at VMworld 2010.

Currently, many antivirus programs running on virtual machines require an application agent within each guest, a holdover from the physical world. The presence of these agents can slow performance, particularly when scheduled activities kick off on several guests simultaneously, which is known as an "AV storm."

With the near-agentless approach, VMware would introduce a VMware Consolidated Backup-like proxy virtual appliance to centralize antivirus services, including on-access and on-demand file scanning, away from production clusters. Antivirus programs also typically scan only portions of files for virus activity, and VMware has developed a method for sending only portions of these files over the wire to the virtual appliance to cut down on network bottlenecks. What had been a separate software agent running in each guest will now become a lighter-weight driver within the VMware kernel.

Currently, Trend Micro is the only partner that supports the near-agentless approach. Several attendees asked Randell whether McAfee had a near-agentless integration in the works. Randell indicated that VMware is in talks with both McAfee Inc. and Symantec Corp. but advised users, "If you're a McAfee or Symantec customer, hammer them [to support this]."

Users ponder vShield App, vShield Edge
For some users, the most exciting security feature is this approach to antivirus. "Not to have to pay for a license for every single one of my servers and to get rid of the additional overhead would be pretty impressive," said Brad Blake, Boston Medical Center's CTO.

Blake said he hadn't yet looked into the new vShield products but was intrigued, given the large number of security policies and regulations his organization has to follow, and the difficulty of balancing ease of access with security requirements. "We don't have the ability today, for example, to really segment off systems because our users need access to our data center VLANs in order to run some applications. It seems like this would potentially allow us to put up those security gates, but not doing it in the traditional manner of having to separate out VLANs and firewalls and all of the overhead that has to be managed with that."

VMUG attendee Eric Wallace, systems administrator at a 75-employee financial services firm in the Northeast, noted that the features require an Enterprise Plus license, which is too rich for his organization's blood. But Wallace said that previously he'd worked for larger organizations, including L.L. Bean, where "it was a real challenge figuring out how to tear up the network. I can see how in a big environment it would be very helpful to look at all the security settings in one place."

http://searchsecurity.techtarget.com.au/articles/42355-VMware-shows-off-vShield-security-enhancements

Back to top


Ultimate security software guide - choose the suite that's right for you

Trend Micro Internet Security Pro is one of the most comprehensive Internet security suites available. It features full protection, including antivirus, antispyware and antispam tools, a firewall, parental controls and rootkit detection capability. What's more, Trend Micro throws in a behavioral engine, which improves protection, and a security toolbar for use with your browser.

Norton Internet Security 2010
Symantec's Norton Internet Security 2010 is the 800-pound gorilla in the room, simply because Norton-branded security products have been the ones to beat for several years.

Of course, name recognition doesn't always mean a product is the best. Symantec strives to keep competitors at bay and is constantly improving its offerings. Norton Internet Security 2010 is no exception.

Internet protection
Norton's firewall is very easy to set up and controls Internet access for known good programs. In other words, if a program needs to access the Internet to function and is on the "good" list, the firewall will allow that access without any user intervention. Examples include programs that check for version updates, patches or need to retrieve data to function. The product also deletes known malware, such as rootkits, adware and any application that has been blacklisted. What's more, the firewall keeps an eye on the behavior of unknowns, all without pestering the user with cryptic security questions.

One interesting feature is Symantec's Quorum reputation index. Here all known files are assigned a reputation level, which is based upon continually updated data from Symantec's customers. Files that have given no one any problems have a high reputation, while files that have been easily infected or compromised have a low reputation. If a program being downloaded has a low reputation, the user is informed and can abort the download or decide not to execute the application.

Related Slideshow: Inside Symantec's Security Operations Center

Norton also utilizes its SONAR2 engine, which, according to Symantec, uses all sources of information, including the reputation index, to judge whether a file should be classified as suspicious and subjected to more in-depth testing.

Parents will like how easy it is to set up parental controls and keep a tab on what little Billy and Janie can access. The product integrates with an online offering called OnlineFamily.Norton, a Web service that is free for Norton customers.

Norton Internet Security 2010 uses technology from Symantec's enterprise-level spam protection system. The product filters all POP3 e-mail for spam and viruses and integrates with Outlook and Outlook Express. IMAP integration is missing and would be welcome.

Usability
The last time I looked at Norton Internet Security, in 2008, the suite was a resource hog -- it protected systems very well, but noticeably impacted performance. Symantec has redesigned the product to improve performance and limit its use of system resources. This latest version shows those efforts were worthwhile.

Product specs
Norton Internet Security 2010
Company: Symantec Corp.
Price: $69.99 for up to three PCs (includes one year of updates and support)
Operating systems: Windows XP/Vista/7, Mac OS X 10.4.11 or higher, Symbian 9.2 or higher, Windows Mobile 5.0 or higher, Android 2.0 or higher, netbook version
I found Norton Internet Security 2010 to be one of the easiest packages to install. The installation is wizard-driven, all of the prompts are in plain English, and the default settings do an excellent job of protecting the system.

One thing to be aware of is the time it takes to install the package -- although the hands-on portion of the installation is rather quick, you will have to wait through an update process that can take as long as 20 minutes. Immediately after the installation completes, the product "phones home" to download all of the latest updates, and that can take some time. In my testing, almost every other security product went through the same process in a few minutes, but Norton took 20 minutes.

Using Norton Internet Security 2010 is straightforward. The interface is laid out in a logical fashion using an index-card-style layout. All of the major capabilities are accessed from a central menu that has controls that look like index cards and are populated with pertinent information. One click delivers additional information and other options.

As a testament to the product's performance increases, the interface offers a summary screen showing CPU utilization and resource use in real time. I watched it while Norton Internet Security 2010 went through its chores, and found that it kept to a very low percentage of CPU utilization (as low as 5% for some scans).

Symantec backs the product with 24/7 tech support, an online help community, real-time chat and comprehensive context-sensitive help.

Coming soon
Symantec released a public beta of Norton Internet Security 2011 in early April. The beta sports many enhancements, especially when it comes to speed. While there is no official release date for the final product, availability before the fourth quarter of 2010 is expected.

Symantec claims that the new version will improve or maintain key performance benchmarks in installation times, scan times and memory usage. In addition, the product will include System Insight 2.0, which goes beyond security and alerts users when applications are significantly impacting their system resources. Other enhancements include improved reputation filters, support for social networking sights and better browser integration.

Conclusion
Norton Internet Security 2010 is an excellent security product and still remains the one to beat. Symantec has done a good job of improving it over time to keep it one step ahead of the competition. Perhaps the only downside is Norton Internet Security's price, which is higher than those of many competing offerings.

Panda Internet Security 2010
Panda Security, although not as well known as the big names like Symantec and Trend Micro, offers several security products, ranging from simple antivirus tools to hosted enterprise systems. Internet Security 2010 offers protection from viruses, spyware, rootkits, hackers, online fraud, identity theft and other Internet threats. Panda Internet Security 2010 also offers antispam features, parental controls and full anti-malware capabilities.

Internet protection
Panda incorporates a technology it calls "cloud scanning," which centralizes virus data from across all Panda customers to keep its database up to date. According to the company, the underlying collective intelligence used by the cloud technology helps to make sure that all signatures are up to date and allows Panda to get a head start on how to deal with a virus or exploit that represents a zero-day threat.

The firewall has a set-and-forget design. Basically, you pick a profile and assign that to the firewall, and the firewall then protects the PC based upon the canned settings in the profile. However, I found the firewall settings particularly difficult to change, making it a bit hard to customize the protection offered. Some of the settings were buried under different menus, while other settings were not well defined. For example, to change ports being blocked, I had to go through several menu levels to locate the feature.

The firewall automatically handles known good and bad programs and monitors system behavior for any unknown programs. An extensive database helps to keep notifications to a minimum, only bothering the user when an unknown application is first run.

Parental controls allow you to set up a Web filter and give each user a specific setting. The product offers the following preset filters: Kid, Employee, Teen or Default. You can also adjust the filter to block or allow specific content. Setting up the parental controls requires that you assign each user a log-on name and password -- the other suites here don't require the creation of separate accounts for each user.

Panda's spam filtering was easy to set up and needs minimal user intervention. It automatically filters incoming POP3 e-mail; however, it doesn't support IMAP e-mail. More control over spam would be nice -- the product offers limited custom filtering, only looking for keywords or attachments.

Usability
Panda Internet Security 2010 was simple to install and set up -- the installation wizard only asks a few questions and only one reboot is required.

The product does make a lot of assumptions on its default settings, turning on all security features, such as spam protection, as part of the installation. That's actually an advantage, especially since changing the defaults can be a tedious process, with some configuration elements hard to locate and/or understand. I found that to change some simple rules, I had to traverse a multitude of menus, especially for firewall settings.

The product offers a combo dashboard/main screen that shows the status of system security and features menu items that launch the various configuration and information screens. It combines antivirus and antispyware systems into a single choice on the dashboard. The firewall is controlled using a dedicated tab on the dashboard, which brings up the various submenus.

Product specs
Panda Internet Security 2010
Company: Panda Security
Price: $81.95 for up to three PCs (includes one year of updates and support)
Operating systems: Windows XP/Vista/7, netbook version
Panda could use better help screens and clearer descriptions of its various functions, although those familiar with PC security should have no problems. However, neophytes may be put off by the terminology.

The product performs well and was relatively unobtrusive on my test PC. Warning screens were kept to a minimum and updates were automated, meaning that users are not asked before an update is processed. Whether that's a good way to handle things comes down to whether a user prefers an install-and-forget security product or wants to be intimately involved with his PC's security status.

 

Coming soon
Panda has some big changes planned for the next version of its suite, which is expected by the third quarter of 2010. According to the company, the package will sport a redesigned interface that's crafted to address user concerns about things such as difficult-to-find settings and less-than-useful help screens.

The product will also incorporate improved Web site filtering, offering better protection from the growing spate of phishing and attack sites. The product's "cloud scanning" technology is poised to become faster, more efficient and more frequently updated, helping to reduce the threat of zero-day attacks. Other planned improvements include new data-encryption technology to protect personal information, enhanced privacy controls and an information shredder that's supposed to wipe out all traces of personal data before a system is handed over to a new user.

Conclusion
Panda Internet Security 2010 works well and is a polished product that should appeal to newbie users. It's a bit more expensive than most of its competitors; in addition, power users who like to have full control over their software might find that Panda Internet Security 2010 comes up a little short.

Security Shield 2010
Security Shield 2010 combines products from two vendors to create an Internet security suite. The suite incorporates antivirus, antispam and antispyware tools, a firewall, parental controls and rootkit detection capability into a single product that features an intuitive management console.

Internet protection
Security Shield uses technology from BitDefender for its antivirus, antiphishing, antispyware and antikeylogger engines; it uses its own Spam Shield product to provide antispam capabilities.

The firewall monitors all inbound and outbound traffic to protect the system from external attacks or to prevent malicious software running on the PC from transmitting information.

Most of the product's capabilities are fairly basic. For example, Spam Shield 4.0, the antispam component from Security Shield, works only on POP3 e-mail services and integrates only with Outlook and Outlook Express. The antispam capabilities are also somewhat limited, relying on user rules and settings to work effectively. For example, if you want spam to be sent to a folder for examination, instead of just deleted, you will need to define a rule that identifies the spam mail and then saves it to a junk (or other) folder.

All in all, the product offers basic protection but lacks the bells and whistles that power users desire, such as the ability to fully customize the firewall to create exceptions for particular applications or to install antispam on e-mail clients that use IMAP.

Usability
I found it very easy to work with the basic settings and the product's dashboard, which is designed for simplicity, offering very basic descriptions of each feature and simple green check marks to indicate that something is turned on and functioning properly. The buttons across the top of the dashboard are limited to simple descriptions, such as Dashboard (the home screen), Security, Parental and Network (which leads to firewall controls).

However, if you like to tinker with settings, enable advanced features or play security detective, Security Shield 2010 may not be the product for you. I found it difficult to find many of the custom security settings on the product and had to traverse multiple menus that followed little rhyme or reason in order to locate some settings such as scan scheduling or quarantine capabilities.

The product used little in the form of resources, barely affecting system performance and using hardly any memory. That small memory footprint and low CPU usage are great advantages for users who are concurrently using their PCs during scans, but it comes at a price -- I found that full disk scans and other manually executed tasks took an inordinate amount of time. For example, a full system virus scan on roughly 8GB of data and system files took almost an hour.

Product specs
Security Shield 2010
Company: PCSecurityShield
Price: $49.99 ($59.99 minus a $10 rebate) or $59.99 ($69.99 minus a $10 rebate) for up to three PCs (includes one year of updates and support)
Operating systems: Windows XP/Vista/7
Living with the product was another story. With all of the security features enabled, I was constantly bombarded with warnings and suggestions while accessing the Web with Internet Explorer. I found that I had to turn off or reduce the aggressiveness of some of the protection features, such as antiphishing and content-filtering tools, to avoid the numerous messages. The warning messages may not be overly intrusive to experienced users, since they will understand the implications of the text, but inexperienced users could find the messages so annoying that they could wind up turning security features off to avoid them.

Coming soon
Representatives wouldn't say whether the company is set to deliver an updated version of the product.

Conclusion
Overall, Security Shield 2010 is a serviceable product; however, users may want to consider some of the other suites on the market before committing to this product.

Security Shield's real strength is it antivirus engine -- however, since that comes from BitDefender, all things being equal, BitDefender's security suite is probably a better choice -- unless you're looking for an extremely simple product for a family member's or friend's computer. In that case, Security Shield 2010 should do fine.

Trend Micro Internet Security Pro
As one of the more expensive suites on the market, Trend Micro Internet Security Pro has to meet some high expectations.

And in many ways it does: Trend Micro Internet Security Pro is one of the most comprehensive Internet security suites available. It features full protection, including antivirus, antispyware and antispam tools, a firewall, parental controls and rootkit detection capability. What's more, Trend Micro throws in a behavioral engine, which improves protection, and a security toolbar for use with your browser.

Internet protection
Trend Micro offers all of the expected capabilities, including antimalware and antispam tools, a firewall and other security features. One unusual addition is Trend Micro's Wi-Fi Advisor, which checks wireless networks for security problems. Also included is a gaming mode, which opens ports in the firewall for access to Internet games, while still retaining its antivirus and antimalware capabilities. That allows users to play games over the Internet without fear of getting viruses or spyware. There are also device access controls that prevent unauthorized USB devices from being used on a PC.

The firewall is simple to deploy. Neophytes can just choose a setting that fits their environment; options include Home Network, Office Network, Direct Connection or Wireless Connection. These all change the firewall rules to different levels and settings depending on the danger associated with each type of connection.

The product's content-filtering parental controls offer predefined settings for teens, pre-teens and adults; each of the predefined settings can be customized further for users who need to limit or allow access to more sites based upon the profile in use.

Trend Micro offers an integrated browser toolbar that makes searches simpler and offers advice when visiting new Web sites, such as whether or not the site is safe or has any security problems.

The product's spam filtering capability works with incoming POP3 e-mail and integrates with Microsoft Outlook and Outlook Express. As with other product functions, spam filtering is based upon a simple choice of how aggressive you want the antispam component to be. You can set the filtering level to high, medium or low. The high setting will eliminate the most spam but might also block legitimate e-mail, while the low setting might let some spam get through. You can further fine-tune the spam filtering by using a whitelist or a blacklist.

Usability


Trend Micro Internet Security Pro has one of the cleanest installation processes; installation was a breeze and did not require a reboot of the PC. The installer also seeks out previously installed antivirus products and can automatically remove them, which helps to prevent conflicts between incompatible applications.

Product specs
Trend Micro Internet Security Pro
Company: Trend Micro Inc.
Price: $69.95 for up to three PCs (includes one year of updates and support)
Operating systems: Windows XP/Vista/7, Mac OS X 10.4 or later, iOS 2.1 or later, Symbian S60, Windows Mobile 5.0 or later, netbook version
The application tries to keep things as simple as possible and offers a great deal of guidance. Trend Micro is also "state aware," so if you're running a presentation, watching a movie, playing a game or doing some other activity where security warnings and pop-ups are not desired, the product will suppress warnings to prevent interruptions.

Operationally, I found the product offered adequate performance, memory usage was low and the product had little impact on processor utilization, less than 5% in most cases. However, manual scans did tend to be more processor-intensive and did put a noticeable dent in overall system performance; they would frequently peak at 90% processor utilization for very short periods of time -- never more than two seconds. This suggests that the application might not be appropriate for lower-powered systems such as netbooks.

Coming soon
Trend Micro hasn't publicly announced what is planned for the next version of its product, and no public beta is available. That said, development and testing is going on behind the scenes for the next version of Internet Security Pro, according to company sources.

Conclusion
Trend Micro has an interesting and useful product. The Wi-Fi adviser can be a handy feature for people who work in unsecured locations such as Internet cafes, and the ability to control device access such as USB connectivity is a good feature to prevent unauthorized individuals from copying information from an unattended PC.

However, I was not impressed with its performance during manual scans, and would think twice before using it on less powerful notebooks or netbooks.

ZoneAlarm Security Suite 2010
ZoneAlarm, which has been around since the late 1990s, is well known for its free firewall; more recently, it has been marketing a full security suite. With ZoneAlarm Security Suite 2010, Check Point Software (which purchased the product from Zone Labs in 2004) has integrated its firewall and spyware-prevention products into a suite that incorporates Kaspersky's virus-scanning engine to create a full array of anti-malware, anti-intrusion capabilities.

Internet protection
Since ZoneAlarm Security Suite 2010 uses Kaspersky's virus-scanning engine, the anti-malware capabilities are very similar to those of Kaspersky's product. However, the company has done a good job of integrating the virus-scanning technology into the suite, providing a near seamless experience from the program's menus.

The firewall is a good fit for advanced users, since it offers granular control of ports, programs and access. The firewall manages incoming and outgoing Internet traffic, while separately managing local network traffic. That allowed me to define different access policies based upon whether or not I was talking to a local network machine or a remote, Internet-based machine.

Blocking malicious programs is easy, thanks to ZoneAlarm's SmartDefense Advisor technology, which preconfigures settings for millions of known programs and sets a trust level for each.

Unknown malware is handled by an "Auto-learn" mode, which starts by treating every unknown program as valid, allowing that program to be executed and then monitoring the activity of that program to see if it exhibits suspicious activity. Initially, all unknown applications have a rule assigned that allows continued network access. That leaves it up to ZoneAlarm to detect if the program is a problem, based upon behavior.

The goal of Auto-learn mode is to limit confusing firewall pop-up messages, making security less intrusive -- but with that comes the possibility of reduced security. If you turn off Auto-learn, then unknown programs are blocked until the user acknowledges that they are OK -- which may be more irritating, but is also more secure.

The product integrates with popular browsers and prevents malware by blocking dangerous sites. If the site is not blocked, the product allows the requested file to be downloaded. If it can't guarantee the file is good, ZoneAlarm initiates a more intense scan that analyzes the file's execution in a digital sandbox. The advanced scan starts after the download finishes and can take a few minutes.

ZoneAlarm offers integrated spam filtering, thanks to the inclusion of the SonicWall antispam component, which filters POP3 and IMAP e-mail in Outlook, Outlook Express and Windows Mail. The product also works with Microsoft Exchange. Filtering uses a combination of whitelists and blacklists, and it can protect mailing lists based on the recipient address. One nifty feature is its ability to make every new correspondent respond to an e-mail challenge the first time.

The suite features all of the expected bells and whistles, as well as a few extra capabilities such as data-leakage protection, credit report monitoring and zero-hour rootkit prevention.

Usability
ZoneAlarm has done a fine job of rolling the separate security components together into a unified suite. I found it very easy to install. Dialog boxes were kept to a minimum, requiring very little user interaction -- while that does simplify the installation, it would have been nice to be presented with a little more information, such as percentage complete and what part of the installation process was occurring.

Product specs
ZoneAlarm Security Suite 2010
Company: Check Point Software Technologies Inc.
Price: $34.95 per PC (includes one year of updates and support)
Operating systems: Windows XP/Vista/7
The support documentation and integrated help screens for ZoneAlarm Security Suite 2010 provide all the information a user could need to solve most problems or activate most features. For technically challenging situations, users can turn to e-mail support, online help, online chat and user forums. The company does offer paid phone support, but that costs $49.95 per incident.

The interface offers pull-down menus and tabs to access primary features. Choices include Firewall, Program Control, Antivirus/Antispyware, Email Protection, Privacy, Identity Protection, Parental Control and Alerts & Logs. The opening window starts with an overview screen that gives the highlights of what has been recently blocked, scanned or detected. Navigation is pretty straightforward, but some of the menus could be combined to simplify things. For example, privacy and identity protection could be combined into a single element.

Scans proved to be very fast, and the application used a minimum of CPU cycles and resources, making it effective even on older systems with low-powered CPUs and on netbooks. In most cases, test scans only increased CPU utilization by 10% or less. However, more in-depth scans of executables, which execute the applications in a digital sandbox, spiked CPU usage as high as 90% for a few seconds.

Decent reporting capabilities and pop-up notifications round out the security suite, while automated updates help to keep everything secure.

Coming soon
According to ZoneAlarm's PR representative, the company has not released any information about the next version of its product or about its plans for an updated version of ZoneAlarm Security Suite 2010.

Conclusion
All things considered, ZoneAlarm Security Suite 2010 covers the basics very well. Its integrated firewall proves to be an excellent security tool for power users who want to control and monitor all traffic in and out of a PC. I do have an issue with its Auto-learn mode -- but as long as you ignore that feature, the firewall is very good. You should also expect performance hits during in-depth scans.

Thanks to the incorporation of Kaspersky's security tools, ZoneAlarm Security Suite 2010 will protect PCs from the common ills found on the Internet, which helps to round out the product and put it into the Internet Security Suite category. The product could be a top contender with the addition of free phone support, which is the norm among the vendors in this market, and a slimmed-down interface that better hides complexity from neophyte users. 

http://www.itbusiness.ca/it/client/en/home/News.asp?id=58576&cid=7

Back to top


Workplace Social Networking Use On The Rise

Social networking activity in the workplace has increased to 24% of workers, according to a Trend Micro survey of 1,600 people.

Social networking activity in the workplace has increased to 24% of workers, according to a Trend Micro survey of 1,600 people. Respondents from Germany, Japan, the United Kingdom, and the United States were polled. Since the last time the poll was taken, social networking use at work is up 10% in Germany and 6% in the UK. The survey also showed that laptop users who can connect to the Internet outside of the company network are more inclined to share confidential data through email, messaging services, and social media apps. To protect against data leakage, the report suggests companies create detailed security policies rather than completely blocking social media sites. 

http://www.processor.com/editorial/article.asp?article=articles%2Fp3216%2F05p16%2Flayout1.asp&guid=&searchType=&WordList=&bJumpto=True

Back to top