-------------------------------------------
From: Andrea Mueller (MKT-US)
Sent: Saturday, July 31, 2010 6:08:00 AM
To: Newsbank; All of Trend Corporate Marketing Department;
All of Trend Global PR; All of US Sales; All of US Marcom Dept.
Cc: Steve Quane (Seg GM-SMB); Thomas Miller (SAL-US); 'Mark Vangel';
Darren Blank (SAL-US); Alan Wallace (MKT-US); Tobias Lee (MKT-US);
Natalie Severino (MKT-US); Dan Conlon (MKT-UK); Mark Beyer (MKT-DE);
Colin Richardson (MKT-UK); Steve Mungall (SAL-US)
Subject: NABU Trend Micro Weekly News Summary 07.30.10
Auto forwarded by a Rule
NABU Trend Micro Weekly News Summary | |
Fri, 30 Jul 2010 | |
View mobile version. | |
RSS. |
BHSEO Attacks Exploit Fake YouTube Pages & Flash Player Updates | |
Usage of Social Networking at Workplace Pose Risk | |
Citigroup Upgrades Careless iPhone Banking App | |
Microsoft IE8 stops one billion malware attacks | |
Attackers Abuse Facebook's Translation Application | |
Botnet hacker caught in Slovenia | |
Citigroup Upgrades Careless iPhone Banking App | |
FBI Sting Nabs Botnet Kingpin Who Infected 12M+ Machines | |
Is Your Virtual Machine Invisible To the Security Eye? | |
IT industry news: 'Social media users should be more careful' | |
Pharma Spammers Abuse Legit Websites | |
Turkish pranksters load Facebook Translate with swears | |
How to Protect Remote Employees' PCs from Security Threats | |
Microsoft sets emergency Windows patch for Monday | |
Movie files run in QuickTime Player trigger malware download | |
Best Antivirus 2010 Buyers Guide | |
Can Google Solve the Cloud Security Problem for Enterprises? | |
Good security practices for online banking | |
LNK Vulnerability Exploited by More Families of Malware | |
Peer-to-Peer Security | |
Power 100: The Most Powerful Women Of The Channel (Part 2) | |
Removing Virus Could Harm Power Grid Operations Firm Warns | |
VMware previews new vShield security features | |
9 security suites: maximum protection, minimum fuss | |
ANALYSIS: Head in the clouds – how secure is the new IT? | |
BitDefender Offers Partners 100% Margins on Antivirus | |
Japanese Stocks Rise, Buoying Topix for Fourth Day; Canon Gains | |
VMware shows off vShield security enhancements | |
Ultimate security software guide - choose the suite that's right for you | |
Workplace Social Networking Use On The Rise | |
Full Text |
BHSEO Attacks Exploit Fake YouTube Pages & Flash Player Updates |
After the detailed investigation of this threat, Marco Dela Vega (Threat Response Engineer, Trend Micro) states that the cyber criminals behind his attack know every detail as they used a trustable interface regarding the bogus Adobe installer and a convincing strong URL suggesting that this is an actual Adobe-based site, as reported by trendmicro on July 14, 2010. The Trend Micro security experts have released a warning about the growing black hat search optimization (BHSEO) campaigns, which take advantage of the fake YouTube pages and Flash Player updates to make the users install malware on their systems. It should be noted that BHSEO has been a commonly used process to spread malware on the Internet in recent times. In this process, a malicious website PageRank is falsely inflated to make them appear on the first pages of search results for keywords matched to recent news events. Trend Micro has stated that in the latest attacks, the company noticed that the enquiries for links like videos of "Teresa Guidice,"(a reality TV celebrity) "Holly Davidson,"(British actress) and the oil spill of BP initially led to pages like YouTube even before appearing to the fake malware threat warnings. These results are mainly compromised sites which will entice the users to open these infected sites. The Trend Micro security experts have also noticed a change, where blackhat SEO combines with another famous malware system. In this case, the search results to the thread "Mel Gibson Tapes" get directly connected to the installer of Adobe Flash Player instead of going to pages having malware infection instructions. Such pages can fool users by making them believe that link attached with the video needs an Adobe Flash Player installation to see it. After the detailed investigation of this threat, Marco Dela Vega (Threat Response Engineer, Trend Micro) states that the cyber criminals behind his attack know every detail as they used a trustable interface regarding the bogus Adobe installer and a convincing strong URL suggesting that this is an actual Adobe-based site, as reported by trendmicro on July 14, 2010. Norman Ingal, Threat Response Engineer at Trend Micro, states that with the continuous increase in SEO blackhat attacks, users are recommended that they should be extremely cautious when conducting searches. He further advices that the users should use a full-proof and up-to-date antivirus program on the system. |
|
Usage of Social Networking at Workplace Pose Risk |
David Perty, Global Director of Education, Trend Micro, states that social networking is a significant tool to establish both professional and personal links. While most of the companies' are concerned over the negative impact of social networking sites on employee output, they forget that many social networking websites are designed on interactive technologies. Trend Micro researchers have warned that the popular social networking websites like Facebook and Twitter have scattered all over the workplace which results into extreme security hazards. According to a study conducted by the IT security firm on corporate end users released on 12th July, 2010, the usage of social networking websites at workplace has increased from 19% in 2008 to 24% in 2010. Around 1600 end users were surveyed in countries like the United States, United Kingdom, Germany and Japan. It should be taken into account that the maximum amount of social networking usage on the corporate network happened in the United Kingdom and Germany. These countries have seen a surge of 6% and 10% respectively. David Perty, Global Director of Education, Trend Micro, states that social networking is a significant tool to establish both professional and personal links. While most of the companies' are concerned over the negative impact of social networking sites on employee output, they forget that many social networking websites are designed on interactive technologies. These technologies enable cyber criminals to steal users' personal or business information and corrupt the professional networks with malicious codes, as reported by eWeek SECURITY WATCH on 12th July, 2010. A similar survey was conducted by the security firm Sophos in the first half of 2010 where they had supported the McAfees's report on the hazards of increasing usage of social networking at workplaces resulting into more malware and spamming. Sophos has mentioned in its report that the company CEOs are getting worried day-by-day about their company's security because of the increasing usage of social networking by their employees. More than 500 companies were surveyed by Sophos and found that around 72% thought social networking was a threat to their companies. 60% said that Facebook posed the maximum security threat and after it there was My Space, Twitter and LinkedIn. If the companies (who allow their employees use these sites) follow the required security solutions and social networking guidelines, they will not face any kind of risk from social networking. |
|
Citigroup Upgrades Careless iPhone Banking App |
First, turn on the device lock. "That's why it's there," admonished Jamz Yaneza, threat research manager at Trend Micro. Second, recognize what content is in your device, and "treat that content as if you were carrying it in your wallet instead of your mobile device. If it's important, don't leave it lying around." Citigroup (NYSE: C) customers who do mobile banking on an iPhone should head to the Apple (Nasdaq: AAPL) App Store immediately for an upgrade. A flaw in the Citigroup mobile banking iPhone app released in March 2009 causes personal information to be saved in a hidden file on the mobile device, the banking giant revealed in a letter to customers dated July 20, a day after it released an upgraded application. Without the upgrade, customers' personal data -- including account numbers, bill payment information and access codes -- is saved on the iPhone. This data also may be saved on customers' computers when synched with their iPhones using iTunes, Citigroup said. 'No Data Breach' "We have no reason to believe that our customers' personal information has been accessed or used inappropriately by anyone," Natalie Riper, a Citigroup spokesperson, told MacNewsWorld. "In other words, there has been no data breach." Even if no Citigroup customers suffered financial harm, this incident highlights the growing need for security around mobile devices as more users rely on smartphones to do everything from managing email to organizing their finances. Secure Your Devices If that type of information were saved on an iPhone -- or any other mobile device -- it would be easily accessible to anyone who picked up the device, according to Jamz Yaneza, threat research manager at Trend Micro (Nasdaq: TMIC). "Any device is a potential target [for people looking to steal personal data] when you consider how much data people store on them these days," Yaneza told MacNewsWorld. "You have banking apps, browsing history, office documents, emails, pictures and notes being stored on mobile devices. That's a treasure trove in the wrong hands." Read the Fine Print "There are many things users can do to protect their mobile devices, and most of them are common sense," he said. First, turn on the device lock. "That's why it's there," he admonished. Second, recognize what content is in your device, and "treat that content as if you were carrying it in your wallet instead of your mobile device. If it's important, don't leave it lying around." Finally, be careful about the applications you install, even if they come from trusted sources like your bank, Yaneza advised. "Before running a banking application, make sure your financial institution guarantees privacy and the same loss protection that comes with traditional online or teller transactions," he said. "Read the application's fine print." |
|
Microsoft IE8 stops one billion malware attacks |
"Out technology works in a similar fashion to the SmartScreen blacklists," Rik Ferguson, senior security advisor for Trend Micro. "But it works across emails, URLs and other malware files because all threats operate on multiple vectors." Microsoft has revealed its web browser spam filter technology has stopped its one-billionth piece of malware from being downloaded. Internet Explorer 8's (IE8's) SmartScreen Filter uses URL reputation-based anti-malware technology to warn users if they are visiting web sites hosted by servers known to distribute unsafe content. James Pratt, Internet Explorer business and marketing senior product manager, said the milestone was evidence of continued investment in the browser's back-end service since IE8 was released in March 2009. "Your browser needs to continually enhance and improve its service," noted Pratt in a blog posting. "We have got better and better at blocking malware through the SmartScreen Filter." Pratt was also quick to point to figures from Net Applications released last week that gave IE8 a total browser market share of nearly 26 per cent. The last milestone for SmartScreen Filter was announced in August 2009, when Microsoft said 80 million malicious downloads had been blocked. Rik Ferguson, senior security advisor for Trend Micro, told V3.co.uk that, by comparison, his firm's Smart Protection Network received 45 billion daily requests and blocked 4.3 billion queries a day. "Out technology works in a similar fashion to the SmartScreen blacklists," he said. "But it works across emails, URLs and other malware files because all threats operate on multiple vectors." Like Ferguson, senior technology consultant for Sophos Graham Cluley conceded that it was good to see browser software developers like Microsoft and Mozilla add more malware protection in at the back end for users. "More and more malicious software is distributed via the web," Cluley said. "Technology like the SmartScreen Filter is a good thing because many users don't keep their anti-virus software up-to-date." But he added it was no substitute for full anti-virus software protection. |
|
Attackers Abuse Facebook's Translation Application |
Perhaps there were possibilities here for criminals to take advantage of by substituting obfuscated URLs for the popular words. Perhaps it is fortunate that the hole has been exposed through a prank in the first instance and not something more nefarious. Any online service, whether it's transaltion or reputation services, which solicits user generated content would be well advised to quality check that content before going live with it," Rik Ferguson, writes. Pranksters have managed to replace popular Facebook system messages in Turkish with offensive language yesterday. The attack leveraged the power of crowdsourcing to vote the automatic approval of rogue changes. Facebook provides an application called "Translations" for people to translate the thousands of system messages and alerts into their native language. Through a submission voting system the app also allows the community to improve on the existent translations. Unfortunately, a group of Turkish pranksters realized that if they could get enough votes to back up a proposed translation, the change would be accepted automatically. Therefore, they asked all members of a forum to help poison popular Facebook messages in Turkish with offensive terms for fun. "The word 'Like' for example was substituted for another word that rhymes with Luck but begins with an F," Rik Ferguson, a senior security advisor at Trend Micro, who tracked the attack as it was happening, reports. Clearly this change affected a lot of people, including children, since the the "Like" feature is an extremely popular one. Another frequently-encountered system message reading "Your message could not be sent because the user is offline" was modified to include insulting references to the male anatomical parts. The vote flooding and translation poisoning went on for a while, until Facebook staff caught on to it and reverted all rogue changes. The translation application was also disabled temporarily for multiple languages. It's not yet clear if this decision was prompted by similar attacks performed by other groups who wanted to imitate the Turkish pranksters. "Perhaps there were possibilities here for criminals to take advantage of by substituting obfuscated URLs for the popular words. Perhaps it is fortunate that the hole has been exposed through a prank in the first instance and not something more nefarious. Any online service, whether it's transaltion or reputation services, which solicits user generated content would be well advised to quality check that content before going live with it," Rik Ferguson, writes. |
|
Botnet hacker caught in Slovenia |
"The thing with the underground economy is that it's full of niche vendors and players, it mirrors legitimate business. There's a lot of competition - it's not unusual to see malware designed to remove other malware, just so that it can take over." -- Rik Ferguson The FBI described the capture of Iserdo as a "huge break" in the ongoing Mariposa investigation. A computer hacker known as Iserdo has been arrested in Slovenia. The 23-year-old is believed to have written the program behind the mariposa virus, also known as butterfly. The botnet, one of the world's largest, was dismantled earlier this year after infecting 12.7 million computers. It was designed to steal personal financial details and was also found in the PCs of banks and major companies. In December 2009, three people believed to have been running it were arrested in Spain. "To use an analogy here, as opposed to arresting the guy who broke into your home, we've arrested the guy that gave him the crowbar, the map and the best houses in the neighbourhood," Jeffrey Troy, deputy assistant director for the FBI cyber division told Associated Press. Botnet background They can be set to send spam e-mail from the host's machine or to search for information such as credit card details and send them back to their creator. They also send replica programmes to other computers, sometimes via the e-mail of the host. Security expert Rik Ferguson told the BBC that the mariposa botnet had got out of control. "They guys behind it said it was more successful than they had intended to be," he said. "As is the case with most botnets, the more widespread they are the more likely they are to be discovered. They were a victim of their own success." Mr Ferguson, senior security adviser at Trend Micro, added that while it was not unusual for a botnet to infect hundreds of thousands of computers, one infecting several million was rare. Nobody has yet been arrested in connection with the Conficker worm, a similar virus which is currently running on 6 million Windows PCs and is believed to peaked at up to 12 million, he said. While the core group behind a particular botnet is generally quite small, there is a whole industry of people offering "cyber crime services" such as tool kit building and program writing, he added. "The thing with the underground economy is that it's full of niche vendors and players, it mirrors legitimate business. There's a lot of competition - it's not unusual to see malware designed to remove other malware, just so that it can take over." |
|
Citigroup Upgrades Careless iPhone Banking App |
"That's why it's there," admonished Jamz Yaneza, threat research manager at Trend Micro . Second, recognize what content is in your device, and "treat that content as if you were carrying it in your wallet instead of your mobile device. If it's important, don't leave it lying around." Citigroup (NYSE: C) customers who do mobile banking on an iPhone should head to the Apple (Nasdaq: AAPL) App Store immediately for an upgrade. A flaw in the Citigroup mobile banking iPhone app released in March 2009 causes personal information to be saved in a hidden file on the mobile device, the banking giant revealed in a letter to customers dated July 20, a day after it released an upgraded application. Without the upgrade, customers' personal data -- including account numbers, bill payment information and access codes -- is saved on the iPhone. This data also may be saved on customers' computers when synched with their iPhones using iTunes, Citigroup said. 'No Data Breach' "We have no reason to believe that our customers' personal information has been accessed or used inappropriately by anyone," Natalie Riper, a Citigroup spokesperson, told MacNewsWorld. "In other words, there has been no data breach." Even if no Citigroup customers suffered financial harm, this incident highlights the growing need for security around mobile devices as more users rely on smartphones to do everything from managing email to organizing their finances. Secure Your Devices If that type of information were saved on an iPhone -- or any other mobile device -- it would be easily accessible to anyone who picked up the device, according to Jamz Yaneza, threat research manager at Trend Micro (Nasdaq: TMIC). "Any device is a potential target [for people looking to steal personal data] when you consider how much data people store on them these days," Yaneza told MacNewsWorld. "You have banking apps, browsing history, office documents, emails, pictures and notes being stored on mobile devices. That's a treasure trove in the wrong hands." Read the Fine Print "There are many things users can do to protect their mobile devices, and most of them are common sense," he said. First, turn on the device lock. "That's why it's there," he admonished. Second, recognize what content is in your device, and "treat that content as if you were carrying it in your wallet instead of your mobile device. If it's important, don't leave it lying around." Finally, be careful about the applications you install, even if they come from trusted sources like your bank, Yaneza advised. "Before running a banking application, make sure your financial institution guarantees privacy and the same loss protection that comes with traditional online or teller transactions," he said. "Read the application's fine print." |
|
FBI Sting Nabs Botnet Kingpin Who Infected 12M+ Machines |
Trend Micro security advisor Rik Ferguson comments, "The guys behind it said it was more successful than they had intended to be. As is the case with most botnets, the more widespread they are the more likely they are to be discovered. They were a victim of their own success." For malicious users, botnets represent one of the most lucrative get rich schemes. The premise is relatively straightforward -- craft a virus that exploits vulnerabilities in the most used operating systems and infect numerous machines. Once you have a mass of infected computers communicating with your command servers, they can be used as a for-hire army to perform such insidious tasks as mass spam mailing, mass theft of financial information, and denial of service attacks. The key problem with the scheme is that its easy to spot and frequently is run by just a couple of individuals. Take down those individuals and you can take down the botnet. That's exactly the kind of breakthrough the FBI just made in the case of the botnet formed from the mariposa virus, also known as butterfly. The mariposa virus first was launched in December 2008. The virus quickly infected computers on half of the Fortune 1,000 companies and at least 40 major banks. Back in 2009, the FBI and Spanish authorities arrested three individuals in Spain who had been maintaining the virus's botnet, which consisted of 12.7 million infected computers. Now the FBI have nabbed a hacker in Maribor, Slovenia, named Iserdo, who allegedly wrote the virus. States Jeffrey Troy, deputy assistant director for the FBI cyber division, "To use an analogy here, as opposed to arresting the guy who broke into your home, we've arrested the guy that gave him the crowbar, the map and the best houses in the neighborhood." The mariposa botnet was primarily used to steal financial information from the infected victims. It may have actually been designed for a smaller infection, but inadvertently infected many more machines. Trend Micro security advisor Rik Ferguson comments, "The guys behind it said it was more successful than they had intended to be. As is the case with most botnets, the more widespread they are the more likely they are to be discovered. They were a victim of their own success." Ferguson says that takedown of Mariposa leaves the Conficker botnet as likely the world's largest. There's an estimated 6M Conficker-infected machines, down from a peak of 12M machines. While there's many smaller botnets, Conficker may be the last remaining huge botnet whose operators remain at large. Despite the FBI's success in taking down botnets, Ferguson says the industry supporting botnets is still thriving. He states, "The thing with the underground economy is that it's full of niche vendors and players, it mirrors legitimate business. There's a lot of competition - it's not unusual to see malware designed to remove other malware, just so that it can take over." |
|
Is Your Virtual Machine Invisible To the Security Eye? |
As Richard Sheng, regional director for Trend Micro's Asia Pacific business, states, "treat your VDI desktop on the same platform as you would your physical laptop." Virtualization has become a key ingredient in the IT recipe of most companies today. Data centers and enterprises are increasingly turning to some form of virtualization to meet their requirements of scale and operational efficiency. Desktop or client virtualization lets a company or user segregate physical machines from the desktop ecosystem, and it allows access to the resultant virtualized desktop even from a remote location. Using a virtualized desktop, the user's business is not limited by geographical boundaries. Any device equipped to operate in a virtualized infrastructure can give the user access to all his data and applications, regardless of location. Although this approach has advantages like remote access, flexibility of operations, and minimal downtime, concern is increasing regarding the security software for a virtualized infrastructure. A hosted virtual desktop system is not automatically immune from viruses simply because its original ("real") system has protection. The VDI, or virtual desktop infrastructure, faces a mammoth task in being "detected" by security tools like malware protection and anti-virus software. To put it simply, such software tools have not been programmed to seek, locate, and protect VMs (virtual machines). The software protection is programmed to vie for resources only at the network, storage, and CPU levels. In a virtualized system, a single physical server can support several desktops at one time. So, when the software is vying for "attention," it can put huge pressure on the machine. Performance and operations can thus become lethargic. As Brian Madden of SearchVirtualDesktop.com says, desktop virtualization is more difficult than server virtualization because the user needs to have the same flexibility that a physical machine would provide him. Desktop virtualization also cannot be done with half measures and cannot have restrictions on the types of devices that can support them or even on the amount of work that can be done offline. The security risks can be exacerbated if the network is improperly managed. Consider a scenario in which a VDI system goes through a previously scheduled scan. By placing an extra load on the CPU, such a scan can slow down the entire network. A client in need of swift operations at that time may be tempted to remove the security systems from their VDI ecosystem. Such a disastrous move will leave that client's desktops vulnerable to all kinds of attacks. A company also needs to be wise to the different options available for protecting its VDIs. Depending on whether it is operating at the enterprise level or smaller-size-business level, the company can choose virtual-machine-based security software or agent-based desktop virtualization security software. A pertinent question is where exactly the security software would run in a virtualized network. For instance, would it run on the primary operating system, the guest operating system, or some combination of both? Each of the three solutions has a downside A company can resort to one simple way of addressing this concern. As Richard Sheng, regional director for Trend Micro's Asia Pacific business, states, "treat your VDI desktop on the same platform as you would your physical laptop." This means that the same security measures and steps, like data backup and management, need to apply to the virtualized desktop, too. Trend Micro offers wide-ranging desktop virtualization protection technology. The company's latest product is Trend Micro OfficeScan 10.5, which is a "virtual desktop aware" package. This software can also work in association with a virtual desktop infrastructure put into place by Citrix or VMware. It offers management of up to 20,000 physical and virtual desktop endpoints from one console. As the company's product marketing manager, Joerg Schneider-Simon, states, with the VDI-aware anti-virus package, a company can even "double the number of desktop hosts with no lowering of performance." Companies like VMware and Citrix are working on security software for virtualized networks as well. Citrix has been working with McAfee on the latter's MOVE-AV which is an anti-virus package built specifically for virtualized surroundings. VMware is confident that the future belongs more to the virtualized desktop rather than the virtualized server, and the company states that a virtualized desktop is even more secure than the conventional personal computer. |
|
IT industry news: 'Social media users should be more careful' |
"Hopefully people are moving more towards that 'trust nobody' point of view, which is pretty much where we've ended up with email," Mr Ferguson said. Users of social media networks should treat security on those sites with the same attitude towards safeguarding their email accounts, according to Rik Ferguson, senior security advisor at internet content security company Trend Micro. "Hopefully people are moving more towards that 'trust nobody' point of view, which is pretty much where we've ended up with email," Mr Ferguson said. His views followed a report by networking provider Cisco, which said social networks remain a target for cybercriminals, with an increasing number of attacks initiated via the medium. Mr Ferguson recognised, however, that social network users' attitudes are starting to change with many now only making friends with those they already know and limiting access to their profiles. Users are also becoming more aware of their online identity being "worth money to criminals," Mr Ferguson explained. The expert added that hackers would often steal someone's identity on a networking site and scam money out of their friends without them being aware they are being conned. |
|
Pharma Spammers Abuse Legit Websites |
"We're currently seeing a wave of fake pharma spam emails which do not directly advertise the URL of the fake pharma website in the spam email. Instead, the spam emails advertise URLs which points to HTML pages that are hosted in compromised sites," threat researchers from antivirus vendor Trend Micro, warn. Security researchers warn that Canadian Pharmacy spammers are abusing legit websites in their latest campaigns. The junk emails link to simple HTML redirect scripts hosted in the root directory of sites that have been compromised. "We're currently seeing a wave of fake pharma spam emails which do not directly advertise the URL of the fake pharma website in the spam email. Instead, the spam emails advertise URLs which points to HTML pages that are hosted in compromised sites," threat researchers from antivirus vendor Trend Micro, warn. These rogue pages hosted on legit websites have the purpose of redirecting victims to the final spam landing sites. Two different type of redirectors have been observed so far. One is a META refresh and the other a JavaScript-based redirect. The Trend Micro experts point out that as much as 1,000 new hosts are abused by this new spam campaign on a daily basis. However, since the affected sites don't appear to be using the same type of software, there is probably no common vulnerability being exploited. The most likely explanation for the compromises are stolen FTP credentials, especially since these are not in short supply on the black market. There are various information stealing trojans that particularly target FTP accounts and Trend Micro reports that such credentials are sold in bulk on underground forums for relatively cheap prices. For example, a set of 300,000 stolen FTP logins can be acquired for as little as $250. Of course, the same credentials are sold to more than one hackers and that is why the compromised websites usually show signs of multiple infections. In this latest case, the campaign has been tracked back to the notorious Rustock spam botnet. Webmasters who find this kind of rogue HTML redirect scripts or JPEG images on their webhosting accounts should immediately deleted them and change the password to their FTP accounts. Performing a full system scan with a capable and up-to-date antivirus program on the computers they use regularly, is also strongly encouraged. |
|
Turkish pranksters load Facebook Translate with swears |
"Perhaps it is fortunate that the hole has been exposed through a prank in the first instance and not something more nefarious," Ferguson said. Facebook's attempts to crowdsource translations have gone awry in Turkey. A group of Turkish pranksters banded together to submit bogus translations so that a Facebook IM error message was rendered in Turkish as "Your message could not be sent because of your tiny penis". The correct version should say the message could not be delivered because the intended recipient was offline. Miscreants abused the official Facebook Translate interface, a crowdsourcing method for improving the linguistic accuracy of the social network site, to vote up alternative and erroneous translation. The same process was used to subvert the Turkish translation for "like" into "fuck". The linguistic larks were devised on the Inci Sözlük discussion forum, which sounds like Turkey's answer to 4chan. Rik Ferguson, a security consultant at Trend Micro, reports that Facebook rolled back the unwanted translations on Wednesday. The Facebook Translate application was offline at around the same time for many languages, although it's unclear if this is related to the hijinks down by the Bosphorus. It seems that the replacement translations were automatically applied without any human double checking. Ferguson concludes that there are lessons to be learned from Facebook's gaffe for other online services. "Perhaps it is fortunate that the hole has been exposed through a prank in the first instance and not something more nefarious," Ferguson said. "Any online service, whether it's translation or reputation services, which solicits user generated content would be well advised to quality check that content before going live with it." |
|
How to Protect Remote Employees' PCs from Security Threats |
"Unfortunately, a remote staff poses different risks from employees who spend the majority of their time in the office, and compromised data can end up costing business owners a lot more than they would be saving by allowing their employees to work remotely." -- Dal Gemmell, senior global product marketing manager in the Trend Micro Small Business solutions team No matter the size of your business, technology has blurred the boundaries of the traditional work space location and has made remote working a reality for many employees. The attitude toward employees working "away from the office" has changed dramatically. A lot of businesses are recognizing the productivity, cost savings and morale benefits to giving their employees more location flexibility. Unfortunately, a remote staff poses different risks from employees who spend the majority of their time in the office, and compromised data can end up costing business owners a lot more than they would be saving by allowing their employees to work remotely. Security-conscious companies typically invest in protection at their gateway or entrance to their network. Usually it's an appliance or software, which provides not only firewall protection, but also web and e-mail filtering. This is can be the right decision for companies wanting to prevent threats before they can reach the internal networks, but for businesses with employees working remotely it can get a bit trickier. This is because once employees are outside of the company's network, they fall outside the gateway security perimeter and are on their own. Here are some of the issues that can occur with employees working remotely--and what do to about them: Less protection equals more vulnerability Solution: Be sure the employees' notebooks are updated with the most recent software updates. If there is no VPN (a private, secured network that will allow employees to connect to the office from anywhere) connection, then confirm that updates can download directly from the internet. Also, check whether your security solution includes a location-awareness feature. This feature will automatically increase security levels based on the location of the device. The better ones will automatically increase security levels when the PC is out off the office and away from the internal network. Employees surfing the web Solution: When possible, connect the employee back to the office using the VPN. This will allow the PC to benefit from gateway security technologies. If VPN is not available, URL filtering on the employees' PC provides an added layer of security outside the office. Carelessly connecting to wireless networks Solution: You can avoid Evil Twins, by staying away from unconfirmed wireless hotspots, and by sticking to secure sites that are verified by companies such as TRUSTe.If this is too difficult to control, consider installing a security solution that checks the safety of wireless networks. This way you don't have to think twice when you're relocating your office to the newest tea house in town. As a small-business owner, the world is your office, especially with all the technology available to you. That technology is also a great way to save money and increase productivity, but without the proper precautions in place, it can also cost you dearly. A little security goes a long way, so make sure your data doesn't fall into the wrong hands when you--or your employees--take your business on the road. For more information and to stay updated on the latest threats, check out sites like Wired Safety, Connect Safely or Center for Internet Security. Dal Gemmell is a senior global product marketing manager in the Trend Micro Small Business solutions team. As a global product marketing manager, he works in partnership with regional leaders to drive sales and marketing efforts. Contact Dal atDal_Gemmell@trendmicro.com. |
|
Microsoft sets emergency Windows patch for Monday |
On Tuesday, Trend Micro reported that the shortcut vector was being used not only by Sality, but also by other malware clans, such as the Zeus botnet-building Trojan. Microsoft today said it will issue an emergency patch for the critical Windows shortcut bug on Monday, August 2. The company said it is satisfied with the quality of the "out-of-band" update -- Microsoft's term for a patch that falls outside the usual monthly delivery schedule -- but also acknowledged that it has tracked an upswing in attacks. "In the past few days, we've seen an increase in attempts to exploit the vulnerability," Christopher Budd, a spokesman for the Microsoft Security Response Center (MSRC), said in a entry to the team's blog. "We firmly believe that releasing the update out of band is the best thing to do to help protect our customers." Budd said that Microsoft would release the patch on Monday at approximately 1 p.m. ET, 10 a.m. PT. Two weeks ago, Microsoft confirmed a flaw in how Windows parses shortcut files, the small files displayed by icons on the desktop, on the toolbar and in the Start menu that launch applications and documents when clicked. By crafting malicious shortcuts, hackers could automatically execute malware whenever a user viewed the shortcut or the contents of a folder containing the malevolent shortcut. The bug was first described in mid-June by VirusBlokAda, a little-known security firm based in Belarus, but attracted widespread attention only after security blogger Brian Krebs reported on it July 15. A day later, Microsoft admitted that attackers were already exploiting the flaw using the "Stuxnet" worm, which targeted Windows PCs that manage large-scale industrial control systems in manufacturing and utility firms. Exploit code has been widely distributed on the Internet, and Microsoft and others have spotted several attack campaigns based on the bug. One of those campaigns apparently tipped the scales toward an early patch. The Microsoft group responsible for crafting malware signatures to defend customers using the company's antivirus products, including the free Security Essentials, said that an especially nasty malware family had added exploits of the unpatched shortcut flaw to its arsenal. "Sality is a highly virulent strain ... known to infect other files, making full removal after infection challenging, copy itself to removable media, disable security, and then download other malware," wrote Holly Stewart of the Microsoft Malware Protection Center, on the group's blog Friday. "It is also a very large family -- one of the most prevalent families this year. " Sality's inclusion of the shortcut exploit quickly drove up the number of PCs that have faced attack. "After the inclusion of the [shortcut] vector, the numbers of machines seeing attack attempts combining malicious [shortcuts] and Sality.AT soon surpassed the numbers we saw with Stuxnet," said Stewart. "We know that it is only a matter of time before more families pick up the technique," she added. Other security researchers had spotted Sality exploiting the shortcut bug earlier this week. On Tuesday, Trend Micro reported that the shortcut vector was being used not only by Sality, but also by other malware clans, such as the Zeus botnet-building Trojan. Last week, security researchers had argued over Microsoft's ability to quickly patch the vulnerability, with HD Moore, the chief security officer of Rapid7 and the creator of the well-known Metasploit hacking toolkit, betting that Microsoft would fix the flaw within two weeks. Moore's prediction was nearly on the dot. All versions of Windows contain the shortcut vulnerability, including the preview of Windows 7 Service Pack 1 (SP1), and the recently retired-from-support Windows XP SP2 and Windows 2000. |
|
Movie files run in QuickTime Player trigger malware download |
Specifically crafted .mov files trigger the download of malware masquerading as a codec update and an installation file for another player when run in the latest (7.6.6) version of QuickTime Player, TrendLabs reports. Specifically crafted .mov files trigger the download of malware masquerading as a codec update and an installation file for another player when run in the latest (7.6.6) version of QuickTime Player, TrendLabs reports. Researcher Marco Dela Vega says that both files pretend containing Salt, the latest Angelina Jolie movie, but that his suspicion was aroused by the unusually small size of the files - small when compared to regular movie files, that is. Upon running the movie files in QuickTime, the "movie" does not start and the download windows for the malware pop up, asking you to save/run the codec update or the installation file. Trend Micro is still investigating the matter and it's not yet known if this attack is possible due to a vulnerability or feature of QuickTime. Apple has, of course, been notified of the occurrence. |
|
Best Antivirus 2010 Buyers Guide |
ESET and Panda both received an extra point because their installer files were less than 50MB; all others were 75MB+, with Trend Micro the largest at 108MB. For 2010 we reviewed ten paid antivirus solutions -- today we break the reviews down and show you which one is the best. Antivirus Software Solutions The following antivirus products are participating in this review; all are paid-for applications. For free antivirus products, check out our 2010 Free Antivirus Buyers Guide. McAfee AntiVirus Plus 2010 The antivirus solutions will be objectively and subjectively rated over three categories: Pro-activeness and Protection Pro-activeness and Protection This section is the most heavily weighted and focuses on two things: 1. (20 points) How proactive was the antivirus software at detecting the virus files? Virus Removal: All of the antivirus solutions received a full score in the Virus Removal section since they were all able to remove the virus files. Ease of Install and Use This section has three parts: 1. (4 points) How streamlined and foolproof was the install process? The install process rating also takes into account the size of the installer file. ESET and Panda both received an extra point because their installer files were less than 50MB; all others were 75MB+, with Trend Micro the largest at 108MB. Not everyone has a fast Internet and the size of the installer file can make a difference. PCTools received an additional point off since it wanted to install a third-party toolbar with the software. Interface: All of the interfaces were generally pleasing and I would describe none as hard to use. ESET, Kaspersky, and Norton received an extra point for having the simplest interfaces. However, Bitdefender takes top honors; it has hands-down the best approach to user interfaces I have seen. The interface can be dynamically switched between beginner, intermediate, and advanced types; all fit the user type extremely well. Clearly a lot of development work went into the interface. I docked a point from CA Anti-Virus since its interface is a blatant upsell to the more expensive Internet Security suite; only some of the functions are enabled on the basic antivirus suite. Performance Impact and Scan Time There are two parts to this section: 1. (6 points) System performance impact measured with Futuremark's PCMark benchmark suite Webroot received an additional point off because the test system actually felt a bit slower with it installed, which I did not see from other antivirus suites. Bitdefender and PCTools showed the largest performance decreases to the tune of 12 and 15 percent, respectively. Scan Time: Most suites received four points for scanning the test system in under an hour; Panda and Trend Micro came in just over an hour at 1:20 and 1:05, respectively. CA Anti-Virus took over five hours to scan so it only receives one point; and yes, I ran the test several times. Conclusion Solution ESET took our top spot for several reasons. Highlights include a polished and simple interface, a high level of pro-activeness, and a very small impact on system performance. It also had the fastest scan time and the smallest installer file. Bitdefender and Kaspersky tie for second. Bitdefender had the best-designed interface and was proactive but lost points for a higher-than-average performance impact. Kaspersky is a fantastic all-around suite and just missed beating ESET because of its slightly longer scan time and larger installer file. Finally, Webroot and Norton were just one point off of second place and tied for third. While some of the products rated higher than others, remember that all ten individually received my recommendation and passed the testing process. |
|
Can Google Solve the Cloud Security Problem for Enterprises? |
Other companies, such as Trend Micro, are working on creating ways for enterprises to encrypt data before places it in cloud service providers hands - but it's not clear that a solution like that would work well in conjunction with Google Apps. Last week we wrote about Google's long term strategy to win over enterprise customers. But MarketWatch reported Friday on a short-term setback for Google enterprise ambitions: the company missed the deadline to deploy Google Apps to Los Angeles municipal employees. The delay revolves around security, that ever-present cloud computing concern. In response, Google announced Google Apps for Government today. Will Google be able to assuage enterprise concerns over cloud security? Google's trouble in LA began when the Los Angles Police Department complained that Google had not demonstrated compliance with security requirements such as segregation of City of Los Angles data from other data maintained by Google and background checks for Google employees with access to city data. Google and its implementation partner Computer Sciences Corp agreed to pay the costs of the delay, which could be up to $415,000. But the greater concern for both Google, and the cloud computing business writ large, is the damage the delays could do to government and enterprise adoption of cloud computing services. Hence: Google Apps for Government. Google has acquired Federal Information Security Management Act certification will segregate government data on servers located in the US. Google Apps also rolled out a couple additional security features recently: user policy management and mobile security policies. The new security features could be connected to Google's ongoing difficulties in LA. Google seems confident that its new service will win over government contracts, and satisfy the City of Los Angles's requirements. CNET reports Google's enterprise president Dave Girouard as saying "We'd love to rolled out to [sic] 50 smaller cities ahead of LA...but in the end, LA will be a great success for the city, and for Google." But first Los Angles Police Department will have to sign off on Google Apps for Government. The real test, however, for Google Apps for Government, is whether it can win the contract to provide cloud based e-mail for the General Services Administration - the same agency that issued Google its FISMA certification. The Wall Street Journal reported today that Microsoft and Google are locked in a bidding war for the contract. According to the Wall Street Journal, over 90% of federal government uses Microsoft Exchange, so landing the GSA would be a big win for Google. There's no word yet on whether Google will offer data segregation services to private enterprises as well, but those types of assurances would probably go a long way towards improving trust in cloud computing. Other companies, such as Trend Micro, are working on creating ways for enterprises to encrypt data before places it in cloud service providers hands - but it's not clear that a solution like that would work well in conjunction with Google Apps. Many enterprises wanting to take advantage of virtualization and web-based productivity applications have opted for on-premise "private cloud" solutions. That's the approach Google and Microsoft's lesser known rival Zoho has offered for some large clients such as GE. However, Zoho's Raju Vegesnatold told us by e-mail: We believe cloud applications will go bottom up - this means, smaller companies will adopt cloud apps first and eventually move to the enterprise. This is going to be an evolution/transition and is going to take some time. While this happens, the applications, security, confidence etc will evolve and improve. Note that Salesforce.com has been selling CRM for 10 years now (started with SMBs too), but only recently it is being adopted at the enterprise level. Vegesnatold may be right: according to report released last week by SPI Research, 46% of professional services providers now prefer SaaS solutions to on-premise solutions - up six percent from a survey conducted just six months before. For the time being, SMBs will lead the way for cloud computing. But as security assurances improves, or fiscal realities necessitate, the enterprise will follow into the cloud. |
|
Good security practices for online banking |
Third, get the best security software available. Currently the agreement seems to be about Kapersky and Trend Micro. The best security software will have automatic updates. Once a customer starts in with online banking, it seems to become a necessity. The convenience of being able to check balances, transfer funds, or to pay bills from home and at any time of day or night is just too compelling a reason to continue with banking from the home computer. Many are using their mobile devices to do their banking while away from home and this is adding a new element to convenience. There is a battle between those who think that no one will be hacking into the wirelessoperating systems or de-encrypting transmissions, and those who anticipate hacking happening at some time in the future. It is important then to know and to use the security, disabling and other features of the device in order to gain the maximum protection of any banking passwords, history and accessibility. But convenience in any mobile or on line banking comes with risks and with responsibilities if the bank accounts are to remain secure and less vulnerable to looting! The first tip is to create the most difficult and unique passwords for each of the online banking and finance accounts. This means that at least 9 characters, with a combination of letters and numbers is called for. Also, the letters should be a combination of upper and lower case. Also, the passwords should be changed from time to time. Of course, this means keeping a handwritten record of these complicated passwords somewhere, especially if there are multiple accounts, but it is worth it to keep the hackers from figuring out how to gain access to your bank and financial accounts. The second tip is to be extremely careful not to use public computers anywhere for banking transactions. These computers can easily contain software that will capture your keystrokes and allow thieves to reconstruct your password and other transactions. Third, get the best security software available. Currently the agreement seems to be about Kapersky and Trend Micro. The best security software will have automatic updates. Do not ignore or cancel the updates! They have arrived for a reason, that reason being the determination, persistence and creativity of those who are after an easy payday of looting through your computer for your identity information and helping themselves to your cash! It helps to clear cookies, spyware, adware and the cache before and after you do banking from the home computer or mobile device. All of those sites that you visited do not have the right to know where it is that you do your online banking! This information, once sold to anyone who can afford it, may be the key to the targeted spoof and other fake e-mails that appear to be from your bank, but which really direct you to a hack site that prompts you to give up a password and other information. While none of the tips and tricks available provide total assurance that your computer will not be hacked or that you will not be prey to the most determined of campaigns, but they will help to develop unique disciplines and randomized controls that are hard to get past. In summary, as we expect to not have the rest of the customers crowding in and peeking over our shoulders during our real world bank visits, it is important to keep the web people, businesses and criminals from doing the same. Patience, caution and even a bit of paranoia is the best way to approach the practice of banking online and via our wireless devices. |
|
LNK Vulnerability Exploited by More Families of Malware |
Now, Trend Micro and F-Secure both warn that hackers behind Sality, a family of file infectors, have adopted the LNK exploit and are using it to spread a variant of the notorious polymorphic viruses. Antivirus companies are warning that virus writers are slowly adopting the exploit targeting the currently unpatched Windows LNK vulnerability in their creations. New families of malware to leverage this flaw in order to propagate and infect systems are Chmine, Vobfus, Sality and ZeuS. The new Windows shortcut processing bug, which allows attackers to execute potentially malicious code by tricking users into simply opening a folder containing malformed LNK files, is one of the most serious vulnerabilities to be discovered this year. Since it is more of a design flaw than an actual bug, which has been around since as far back as Windows 2000, if not longer, Microsoft is expected to have quite a bit of trouble in coming up with a patch that doesn't hinder important functionality. Given the flaw's broad attack surface, security researchers and antivirus vendors predicted that it won't be long until malware writers integrate the exploit into the threats they develop – and they were right. ESET started by reporting last Thursday that a new keylogger, which has since been dubbed Chymine is exploting the LNK flaw to infect computers. Just a day later, Microsoft announced that another malware family called Vobfus, which has historically been abusing shortcut files to perform social engineering attacks, is now leveraging the LNK vulnerability to execute automatically. Now, Trend Micro and F-Secure both warn that hackers behind Sality, a family of file infectors, have adopted the LNK exploit and are using it to spread a variant of the notorious polymorphic viruses. And finally there's ZeuS, otherwise known as Zbot, a information stealing computer trojans commonly used by fraudsters to steal money from their victims' compromised accounts. Zbot usually spreads through email spam and this latest variant is not different in that respect. "Zeus is a challenging threat to combat, and not many vendors detected this variant yet. We're adding detection now. Fortunately, the exploit used is detected by many and the entire thing relies on socially engineering its victim into opening a password protected zip file and copying the lol.dll to the root of the C: since the path must be known in order for the exploit to work. We don't really expect great success for this particular variant of Zeus," F-Secure security researchers, note. |
|
Peer-to-Peer Security |
Several vendors including Blue Coat, Cisco, and Trend Micro already have hybrid cloud offerings that could serve as the foundation for my peer-to-peer model. Traditional security solutions are sort of like client/server computing. Security vendors take the role of the server, hosting the master software, adding new anti-malware signatures, and distributing them to all of the clients. This model was adequate in the past but it is no longer good enough. Why? Malware volume stresses the system and all too common zero-day attacks have free and clear access to sitting duck systems. Coping with the new threat landscape means embracing a new security model. First, we have to assume that an unknown file, URL, or IP address is malicious. That said, we can't simply deny access, rather we need to analyze the suspicious content in real-time and then make the appropriate access decision (i.e. allow access, deny access, quarantine, send content to a honeypot, etc.). This new model depends upon a community of users and security devinces/software acting as a neighborhood watch and sharing information with security vendors in real-time. Some people call this a "hybrid cloud" model to capitalize on the buzz around cloud computing. Hybrid clouds are fine for now, but I foresee a future evolution to a peer-to-peer security model. With hybrid clouds, security devices/software still engage in a conversation with only one entity -- the security vendor's cloud infrastructure. In peer-to-peer security, security devices/software will engage in conversations with other security devices/software from multiple entities -- security vendors, ISACs, government sources, academic institutions, etc. These conversations will issue warnings, blacklist threats, analyze content, compare notes, exchange data, etc. Several vendors including Blue Coat, Cisco, and Trend Micro already have hybrid cloud offerings that could serve as the foundation for my peer-to-peer model. A bit of vendor cooperation, government incentives, or user demand could lead to further developments in APIs, secure protocols, data standards, etc. Cybercriminals constantly exploit our security weaknesses and lack of coordination. This has been a winning formula thus far to the tune of $ billions of dollars in identity theft and data breaches. To overcome these tactics we need to use our technology assets more effectively. This is precisely what peer-to-peer security can do. The Network Effect (or Metcalf's Law) states that the value of a network is proportional to the number of connections. In my opinion, peer-to-peer security leverages the power of the Network Effect for the good guys. |
|
Power 100: The Most Powerful Women Of The Channel (Part 2) |
Lozano oversaw the alignment between marketing and sales and highlights the launch of Worry-Free Business Security Services. She will recruit new partners, support existing ones. Jean Lozano Senior Director of U.S. Marketing, Trend Micro
|
|
Removing Virus Could Harm Power Grid Operations Firm Warns |
The firm is distributing Sysclean, a product made by Trend Micro. Siemens, a German-based engineering company, has made a program available to its customers that can detect and remove malware infecting its software which is used to control power grids, factories and oil refineries. However, the firm warned that disinfecting the system could interfere with sensitive operations. The firm is distributing Sysclean, a product made by Trend Micro. "As each plant is individually configured, we cannot rule out the possibility that removing the virus may affect your plant in some way," Siemens warned. The company also advised clients to keep all anti-virus software updated because "There are currently some new derivative versions of the original virus around." The virus appears to spread through infected USB drives. |
|
VMware previews new vShield security features |
Currently, Trend Micro is the only partner that supports the near-agentless approach. VMware recently previewed three new security features that may prove especially compelling for large shops with complex security requirements. Two of the features, vShield Edge and vShield App, strive to reduce "firewall choke points" and "VLAN sprawl" and to identify mobile virtual machines' level of security, according to Rob Randell, a VMware security specialist systems engineer. The goal of these features is to eliminate the burdens associated with identifying and addressing security concerns in a dispersed virtual environment. The first two features went into public beta on July 15 and were previewed at the New England regional VMware User Group (VMUG) meeting in Brunswick, Maine last week. A third feature, the concept for "near-agentless antivirus" protection of virtual machines, was also demoed. (More information on the beta program is available on the VMware website.) vShield Edge 1.0 But vShield Zones are intended to serve as firewalls on internal networks rather than at the "edge" of a virtual data center. While not intended to replace firewall hardware at the physical edge, vShield Edge 1.0 -- by supporting routing and leveraging VMsafe's application programming interfaces (APIs) -- will introduce the routing virtual firewall, Randall said. This means vShield Edge could be used to more securely containerize virtual data centers among business units in a large enterprise, or among customers of a cloud service provider. The changes in vShield Edge are also part of ongoing work to extend the Layer 2 domain for workload federation and portability to the cloud. Meanwhile, the support for VMsafe APIs will allow logical zoning down to the virtual network interface card (vNIC) level, according to Randall's presentation. The vShield Edge approach could help avoid "VLAN sprawl" while retaining isolation of applications, and VMUG attendees said that they could envision eliminating physically separate clusters for apps that fall under regulatory audits using this feature. But that remains a possibility rather than a certainty. When questioned by attendees about how such an approach would go over with auditors, Randell said VMware should have "more specific guidance" later this year. vShield App 1.0 This would also be an alternative to creating a separate "Web Server" VLAN, further alleviating VLAN sprawl. REST-based client APIs will also be available for third-party enforcement tools. Rules follow migrating virtual machines, through the use of flow monitoring that analyzes inter-VM traffic, according to the beta website. Near-agentless antivirus Currently, many antivirus programs running on virtual machines require an application agent within each guest, a holdover from the physical world. The presence of these agents can slow performance, particularly when scheduled activities kick off on several guests simultaneously, which is known as an "AV storm." With the near-agentless approach, VMware would introduce a VMware Consolidated Backup-like proxy virtual appliance to centralize antivirus services, including on-access and on-demand file scanning, away from production clusters. Antivirus programs also typically scan only portions of files for virus activity, and VMware has developed a method for sending only portions of these files over the wire to the virtual appliance to cut down on network bottlenecks. What had been a separate software agent running in each guest will now become a lighter-weight driver within the VMware kernel. Currently, Trend Micro is the only partner that supports the near-agentless approach. Several attendees asked Randell whether McAfee had a near-agentless integration in the works. Randell indicated that VMware is in talks with both McAfee Inc. and Symantec Corp. but advised users, "If you're a McAfee or Symantec customer, hammer them [to support this]." Users ponder vShield App, vShield Edge Blake said he hadn't yet looked into the new vShield products but was intrigued, given the large number of security policies and regulations his organization has to follow, and the difficulty of balancing ease of access with security requirements. "We don't have the ability today, for example, to really segment off systems because our users need access to our data center VLANs in order to run some applications. It seems like this would potentially allow us to put up those security gates, but not doing it in the traditional manner of having to separate out VLANs and firewalls and all of the overhead that has to be managed with that." VMUG attendee Eric Wallace, systems administrator at a 75-employee financial services firm in the Northeast, noted that the features require an Enterprise Plus license, which is too rich for his organization's blood. But Wallace said that previously he'd worked for larger organizations, including L.L. Bean, where "it was a real challenge figuring out how to tear up the network. I can see how in a big environment it would be very helpful to look at all the security settings in one place." |
|
9 security suites: maximum protection, minimum fuss |
Trend Micro has an interesting and useful product. The Wi-Fi adviser can be a handy feature for people who work in unsecured locations such as Internet cafes, and the ability to control device access such as USB connectivity is a good feature to prevent unauthorized individuals from copying information from an unattended PC. Just a few short years ago, all a PC needed for protection was a basic antivirus program to guard against any malware that arrived via an e-mail attachment, embedded in a shareware application or piggy-backed on a floppy disk. These days, however, the threat landscape has changed drastically. Now PC users have to cope not only with viruses, but also with spyware, spam, infected Web sites, adware, key loggers, phishing schemes and much, much more. It's enough to make your head spin. As a result, properly securing a PC now requires a layered approach that incorporates many security technologies. Although some are still sold in separate packages, most security products are currently gathered in suites, available from a multitude of security software vendors. The crowded market makes picking a suite a bit of a dilemma for most users. Narrowing down which product to use requires a closer look at what type of protection is available. Security suites can include some, or all, of the following: antivirus, antispyware, antispam, anti-malware (rootkits, bots, zombies, etc.) and antiphishing tools, plus a link scanner, privacy controls, parental controls, content filtering, registry protection, data filtering and password protection. In this roundup, I look at nine security suites that include all of the features mentioned above. The suites are BitDefender Internet Security, Kaspersky Internet Security, McAfee Internet Security, Norman Internet Security Suite, Norton Internet Security 2010, Panda Internet Security, Security Shield 2010, Trend Micro Internet Security Pro and ZoneAlarm Internet Security. How we tested New viruses and threats arrive every day --and on any given day, one vendor may be a little quicker on the draw to prevent a virus than others. That makes evaluating the strength of a particular anti-malware or antispam product very difficult -- there is never a level playing field. With that in mind, I tested each security suite based upon factors that affect the user directly. I evaluated each for ease of installation, ease of use, notification capabilities, updating and quality of the interface. For testing purposes, I used a Toshiba Tecra A11-S3450 notebook computer configured with 4GB of RAM, an Intel Core i7-620M CPU and a 320GB 7,200-rpm hard drive that was running the 64-bit version of Windows 7 Professional. (Some of these products also have versions for other operating systems, such as Mac OS X, iOS and Android, and other devices, such as netbooks. These are noted in the spec boxes that are included with each review.) Increase in seconds of boot time after installation of security suites. During testing, I installed each product on the Toshiba notebook and timed how long the machine took to boot up, then I compared that figure to the time it had taken the machine to boot up without a security suite installed (see table). After each test, I restored the notebook back to its pretesting condition using Paragon's Backup & Recovery 10 Suite. That way, each product was installed under the exact same conditions, with the same software configuration. During testing, I looked for telltale signs of poor performance, such as high processor utilization and slow system boots. I also noted the overall responsiveness of the interface. And I took a look at what suites proved to be overly intrusive, getting in the way of effectively using your PC by, for example, bombarding you with messages and warnings. It's important to note the evolution of the products tested here, each of which has changed significantly with each new version. As malware has become more sophisticated, so have security suites. One interesting trend is the inclusion of digital sandboxes, which work by executing unknown applications in protected memory to detect any malicious behavior before allowing the application to access the system. Another innovation is application-stamping, where known good applications are whitelisted, allowing the anti-malware software/firewall to skip rescanning the applications whenever they are launched. That helps to speed up application launches and minimize the CPU cycles needed by the security software. What's more, security software vendors are becoming more proactive about protecting your PC, especially when it comes to updating signatures. Many of the products here check for new signatures several times a day, which is helpful for combating zero-day threats from new exploits. All in all, today's Internet security suites are becoming more sophisticated and are blazing new trails in protection technologies. BitDefender Internet Security 2010 Romania-based BitDefender SRL only has a fraction of the U.S. security market, which is dominated by industry giants Symantec Corp. and McAfee Inc. But BitDefender has a solid following in Europe. BitDefender Internet Security 2010 comes at a bargain price of $49.95 for three PCs, which is $10 to $20 cheaper than the prices of most other Internet security suites. Internet Security 2010 comes with all of the expected bells and whistles; it's a complete suite that includes everything typical desktop users need to secure their systems, from firewall protection to antispam features. Internet protection BitDefender's firewall is easy to set up. The product seems to understand what ports and protocols are normally used by a PC, as well as the standard communications performed by common applications. That helps to prevent annoying pop-ups and warnings. Like most anti-malware products, BitDefender relies on signature files to identify problems. However, the product's B-Have module also runs unknown files in a sandbox to detect malicious behavior. In addition, the company has added another layer of protection called Active Virus Control, which further analyzes programs and blocks them if they misbehave. The product offers a few nifty features. For example, the integrated Wi-Fi monitor offers a way to see if anyone is trying to connect to your Wi-Fi network or to your PC using a Wi-Fi connection. The firewall's Game Mode is another plus. Most online games work best when a firewall is disabled; however, users can easily forget to turn the firewall back on once they're done playing. The Game Mode acts like a switch that allows games to function and then returns the firewall to full functionality once a game is over. Parental controls support multiple users, multiple policies and multiple exceptions, allowing you to set up custom access for each minor that might use your PC. BitDefender's antispam capabilities work with Outlook, Outlook Express, Windows Mail and Thunderbird; it will analyze e-mail messages and send spam into a "Deleted Items" folder. If you use a different e-mail client, you can use message rules to route obvious spam into a junk folder. Usability BitDefender Internet Security 2010 includes some major enhancements to improve the ease of installation and ease of use. Product specs BitDefender Internet Security 2010 Company: BitDefender SRL Installation and initial configuration use templates to speed and simplify the process. During the install, you choose from four user types (typical, parent, gamer or custom) and three interface levels (novice, intermediate or expert). It basically comes down to what type of user you are -- do you want the product to just do its job behind the scenes, or do you want an active hand in what is happening? I installed BitDefender using the "typical" and "expert" choices and found the custom interface straightforward to work with. You can change your user type and/or interface level later if you wish. The interface is laid out clearly and most functions are easy to locate and find -- although it does not offer the same level of polish and integrated help as some other products on the market. For example, BitDefender does not offer context-sensitive help that can drill down farther into definitions of the problem and recommended actions. The interface has features buried under menus and has some elements hidden under submenus. But on the whole, BitDefender Internet Security 2010 should not be difficult to master. If you do run into problems, the company offers excellent tech support resources. If you need personal assistance, you can call support 24/7 or send an e-mail or instantly connect via live chat with a support specialist. The company also offers a wealth of resources on its Web site, ranging from searchable documents to a user forum. Performance-wise, BitDefender worked well, although some initial scans were both CPU-intensive (sometimes CPU utilization hit 99%, at other times it was as low as 5%) and time-intensive, taking some 30 minutes to perform a complete scan on my Toshiba notebook. Luckily, the product builds a list of all the "scanned good" files on the system and can skip rescanning those files in the future. Coming soon The company is expecting to release a beta of BitDefender Internet Security 2011 sometime around August. Although details are sketchy, users can expect faster scan speeds and improvements in spyware detection that minimize false positives, as well as an antispam component that supports more e-mail clients out of the box. Conclusion BitDefender Internet Security 2010 comes in at a lower price than its competitors and offers all of the needed security features for the typical desktop user. However, it lacks the polish of some of the other products on the market. Kaspersky Internet Security 2010 Moscow-based Kaspersky Labs is well known to the IT community: The company has been making security products since 1997, it reported revenue of $480 million in 2009, and it claims to have a user base of more than 300 million. Its premium PC product is Kaspersky Internet Security 2010, which offers a comprehensive suite of security features that should meet any PC user's needs. Internet protection Most users will like how Kaspersky's firewall works. It's easy to define simple firewall policies, yet you can delve deeper down into the firewall functions and block individual ports, requests or other types of traffic. Like BitDefender, Kaspersky has a digital sandbox -- it's called Safe Run -- that allows you to run new applications and browser sessions in a sandbox. I found that the firewall was less intrusive than others on the market, thanks mostly to its efficient use of its whitelist of approved programs. The product also offers antispam capabilities which, unlike some other antispam tools, work with IMAP-based e-mail accounts as well as common POP3 accounts. Users in households with underage humans will appreciate the parental controls, which are easy to set up and are capable of blocking access to the Web by categories or even by a schedule -- making sure that innocent eyes don't glance upon the seamy side of the Web. And an integrated link scanner warns users of suspect Web sites and other browser-related issues before an actual problem arises. Usability Of the suites reviewed here, Kaspersky Internet Security 2010 was one of the easiest to install. A wizard steps you through the process, and only one reboot is required. The default settings and policies will prove quite adequate for most users. The software proved to be relatively easy to work with as well -- most of the typical technobabble has been eliminated and plain English explanations abound, making it easy for even people who are new to PC security to effectively configure the software. For those who need help, Kaspersky offers several options for support: phone, e-mail or online chat sessions. Users also have the option of accessing a community of users, where they can get advice from Kaspersky staffers. The interface contains several submenus and is divided up cleanly by task. The scanning options are easy to locate and are split up in a logical fashion, making it easy to find a particular scan and execute it quickly. Product specs Kaspersky Internet Security 2010 Company: Kaspersky Lab ZAO Scanning runs as a background process, allowing you to continue to work while a comprehensive scan takes place. On my test system, scanning went unnoticed; it had little impact on my ability to perform other tasks. A glance at the Windows Task Manager showed processor utilization increased less than 10% during an active scan. I found that the active notifications kept me well informed of potential problems without hounding me constantly. I was able to run the full suite on a netbook with no problems. Coming soon Kaspersky Internet Security 2011 is currently in private beta and should be available sometime in August. New features will include a desktop gadget that will offer customizable buttons for quick access to product features and will display the current security status using red, yellow, or green indicators. In addition, new tools will allow installation of the product on systems that have active infections. A new feature called "Safe Surf" will assess the reputation of an IP address and assign it a "trusted," "suspicious" or "banned" status. Enhancements will also be made to rescue disk, parental controls and rootkit detection. Conclusion Kaspersky Internet Security 2010 is a good value and covers all the bases well for users of Windows 7, Vista or XP PCs. Purchasers will be happy with the fast performance and the ability to limit the barrage of security messages that most competing products unleash. The next version of the product promises important improvements that could make the Kaspersky Internet Security one of the best security suites on the market. McAfee Internet Security 2010 McAfee software has undergone quite a few enhancements since the company started offering security products in 1987. The latest incarnation, McAfee Internet Security 2010, has a completely new interface, feel and installation process. That's a good thing, since many neophyte users complained about all of those elements in previous versions, leaving only advanced users enamored with the product's capabilities. Internet protection McAfee Internet Security 2010 offers a variety of malware scanning options, including on-demand, real-time or according to a schedule. As with most Internet security products, McAfee Internet Security 2010 offers a firewall, parental controls, antispam tools and filters. The firewall monitors all data that enters or leaves your PC and keeps an eye on your computer's ports, as a firewall should. Basic setup was easy; McAfee uses predefined settings to get your PC secured quickly. On the other hand, manually setting up firewall rules and policies was complicated, definitely more so than with competing products. The process lacks effective help and choices, and it assumes that users have advanced knowledge of how a firewall should work. In addition, users will want to make sure to set the firewall to standard mode, because the default, out-of-the-box settings don't block all critical ports on the firewall, leaving some open, such as FTP and POP3. McAfee should consider making the firewall's standard mode the default mode -- currently, the product leaves too many things unprotected in its default configuration, probably to suit the needs of gamers and those that have fewer concerns about security when accessing the Web. On the other hand, you can block all network traffic between your computer and the Internet with a single click. That's a handy way to keep your computer secure when you're not actively using the Internet. Out of the box, the integrated antispam application works with Outlook and Thunderbird, with no need for additional integration steps. Since the antispam application supports both IMAP and POP3, it is easily configured to work with other e-mail products that are not predefined in the product. Parental control options are limited and only offer basic protection. I was able to block Web sites, limit time on the Internet and filter keywords, but not much more. The keyword filter lets you assign an age group to any keyword you choose. If a site has the keyword, parental controls will block it. McAfee's SiteAdvisor component installs into your browser and warns you about dangerous sites. SiteAdvisor uses McAfee's Global Threat Intelligence network to identify phishing or hacked sites and warns the user before any damage can occur. Usability Installation was easy and the configuration wizard did a decent job of stepping me through the options. However, many of the help screens, notifications and warnings were somewhat cryptic and felt like they had been thrown together quickly -- or translated from another language. Product specs McAfee Internet Security 2010 Company:McAfee Inc. McAfee has put a great deal of work into improving the user experience, and those efforts do show in the product's new interface. The GUI is divvied up into logical sections; with only a quick glance, I could tell the status of the system thanks to the color-coded status screens and bold messages that said either "No Action Required" or, if there was a problem, "Action Required." Each primary menu choice launches a submenu that features options that allow you to configure the product. You choose each option simply by clicking on a dialog box, which offers a green circle when enabled. However, if you are looking to set up a custom rule or setting, figuring out how to do that is a challenge -- after something of a hunt, I found that I had to drill down through several menu levels to locate the custom settings. Performance-wise, the product was fairly effective -- most of the scans on the test system only increased CPU utilization a few percentage points. However, utilization spiked to almost a 100% when doing a manual scan of compressed files. Overall, most users should not experience any slowdowns that affect day-to-day activities, with the exception of the system boot which, as was the case with most of the other suites in this roundup, increased after the product was installed. Those looking for help with McAfee's software will be disappointed that the company charges for technical phone support, with prices ranging from $9.95 to $59.95. The company does offer online support, user groups and the usual bevy of free support options, but if you want a human being on the phone, you have to pay. Coming soon Like most vendors of Internet security software, McAfee frequently upgrades its products. However, the company has not released any information on what's in store for McAfee Internet Security 2011. Conclusion McAfee Internet Security 2010 covers the basics well, offers an interface that's easy to use and comes at an affordable price. However, the lack of free technical support and the inability to easily set up custom rules and policies makes McAfee Internet Security 2010 a product to avoid for most power users. Norman Security Suite Oslo, Norway-based Norman ASA is well known in Europe for its security products and has started to get recognition in the U.S. with its straightforward, easy-to-use software. Case in point is Norman Security Suite, a comprehensive Internet protection offering. While it doesn't stand out against its competition, it is a competent product that adequately does what it's supposed to do -- protect PCs from Internet-borne threats. Internet protection The product offers real-time, on-demand and scheduled virus scans. During on-demand scans, the product is very informative, displaying a progress graph that offers interesting tidbits of information, such as what has been found and what is being scanned. While most security products offer that capability, Norman's is more descriptive, offering file names and a running status of problems found. Software can be configured to automatically scan and shows a progress report in the form of a graph. The antivirus and antispyware program offers protection from instant-messaging attachments, viruses and other forms of malware. Scheduled scans can be performed in "screen saver" mode, which, during periods of inactivity, launches a screen saver that also executes a scan of the files on the PC. Norman's firewall offers professional-level logging that can be used to identify any activity detected by the firewall, which is useful for tracking down suspicious activity. I found the firewall pretty easy to set up and the management console quite detailed. Although the firewall is geared toward more technically savvy users, most people should be able to figure out how to use it. I found the integrated tools, such as the port monitor and real-time packet logs, a real bonus. Those tools give you a real feel for what is exactly happening on a PC when it's connected to the Internet. However, neophyte users might find a few of the features a little complicated. For example, Norman offers a "digital sandbox" -- questionable code is placed in a sandbox for further testing, and ideally that code (if infected) will activate in the sandbox, before entering the actual operating system. It's an important feature, but Norman's sandbox requires more end-user interaction than those of competing products, such as McAfee, ZoneAlarm and Trend Micro. I found Norman's parental controls easy to set up, thanks to a wizard that guides you through the process. You can set it for multiple users, time limitations and password-protected access. However, users looking for more granular control over parental settings will find Norman's choices more limited; it lets you select only generalized settings such as "child" and "teenager." The same can be said for Norman's antispam tool. It works with both POP3 and IMAP e-mail accounts and supports all of the popular e-mail clients. However, while it is easy to set up and configure, it doesn't stand out among its competitors -- for example, customization is limited to a few "block" or "deny" rules for e-mail messages that fall outside of the normal spam/not spam calculations. The link scanner, Surf-Shield, worked for the most part, blocking access to scam sites and links that were known to be infected. However, the warnings were somewhat vague, offering little information on why a specific site was a problem. The firewall also suffered from a lack of descriptiveness: It was able to block unauthorized programs but did not provide much follow-up information. It would have been nice if the firewall offered a little more guidance than just reporting that an application was trying to access the Internet. In short, Norman lacks some of the bells and whistles found on other products -- features such as extensive reporting and customizable warning screens. Usability Installation of Norman Security Suite is straightforward. During the install process, you will have to enter a key code and reboot your system at least one time (pretty standard fare with a security suite). Product specs Norman Security Suite Company: Norman ASA One interesting thing Norman does during the installation is ask for the user's "experience level." You can choose experienced or inexperienced -- I chose the latter, just to see what would happen. For an inexperienced user, the setup is mostly automated and only asks simple questions, such as what browser you primarily use and whether or not you are on a network. The installation for experienced users was initially more time-consuming; however, having the ability to set defaults during the installation saved time later on, because I didn't have to go back into the configuration settings to make changes to meet my specific needs. Once installed, Norman is fairly simple to use. The main screen, which acts as the main menu interface, offers a view of the various categories or modules that make up Norman, including the status of each (for example, whether any malware has been intercepted). Categories include Virus & Spyware Protection, Personal Firewall, Parental Controls, Install and Update and Support Center. Each selection sports submenus that avoid technobabble, making it simple to make minor changes and understand what is going on with the product. Virus scans were very processor-intensive -- when running a scan, even on my Intel i7-powered Toshiba, there was a noticeable lag in system performance, with processor utilization spiking to near 100%. I wouldn't recommend using this product on a netbook or an older, less-powerful PC. Coming soon There's a lot of room for improvement in this product, and although Norman wouldn't release any details about the next version, the company did tell me that it will address some of these concerns in the near future. Conclusion Norman Security Suite does an adequate job of protecting a PC from the ills of the Internet. The Pro version ($75.95) adds intrusion detection and prevention and may be a better choice for those looking for a more robust firewall. However, potential buyers might want to wait and see what the next version has to offer. Norton Internet Security 2010 Symantec's Norton Internet Security 2010 is the 800-pound gorilla in the room, simply because Norton-branded security products have been the ones to beat for several years. Of course, name recognition doesn't always mean a product is the best. Symantec strives to keep competitors at bay and is constantly improving its offerings. Norton Internet Security 2010 is no exception. Internet protection Norton's firewall is very easy to set up and controls Internet access for known good programs. In other words, if a program needs to access the Internet to function and is on the "good" list, the firewall will allow that access without any user intervention. Examples include programs that check for version updates, patches or need to retrieve data to function. The product also deletes known malware, such as rootkits, adware and any application that has been blacklisted. What's more, the firewall keeps an eye on the behavior of unknowns, all without pestering the user with cryptic security questions. One interesting feature is Symantec's Quorum reputation index. Here all known files are assigned a reputation level, which is based upon continually updated data from Symantec's customers. Files that have given no one any problems have a high reputation, while files that have been easily infected or compromised have a low reputation. If a program being downloaded has a low reputation, the user is informed and can abort the download or decide not to execute the application. Norton also utilizes its SONAR2 engine, which, according to Symantec, uses all sources of information, including the reputation index, to judge whether a file should be classified as suspicious and subjected to more in-depth testing. Parents will like how easy it is to set up parental controls and keep a tab on what little Billy and Janie can access. The product integrates with an online offering called OnlineFamily.Norton, a Web service that is free for Norton customers. Norton Internet Security 2010 uses technology from Symantec's enterprise-level spam protection system. The product filters all POP3 e-mail for spam and viruses and integrates with Outlook and Outlook Express. IMAP integration is missing and would be welcome. Usability The last time I looked at Norton Internet Security, in 2008, the suite was a resource hog -- it protected systems very well, but noticeably impacted performance. Symantec has redesigned the product to improve performance and limit its use of system resources. This latest version shows those efforts were worthwhile. Product specs Norton Internet Security 2010 Company: Symantec Corp. I found Norton Internet Security 2010 to be one of the easiest packages to install. The installation is wizard-driven, all of the prompts are in plain English, and the default settings do an excellent job of protecting the system. One thing to be aware of is the time it takes to install the package -- although the hands-on portion of the installation is rather quick, you will have to wait through an update process that can take as long as 20 minutes. Immediately after the installation completes, the product "phones home" to download all of the latest updates, and that can take some time. In my testing, almost every other security product went through the same process in a few minutes, but Norton took 20 minutes. Using Norton Internet Security 2010 is straightforward. The interface is laid out in a logical fashion using an index-card-style layout. All of the major capabilities are accessed from a central menu that has controls that look like index cards and are populated with pertinent information. One click delivers additional information and other options. As a testament to the product's performance increases, the interface offers a summary screen showing CPU utilization and resource use in real time. I watched it while Norton Internet Security 2010 went through its chores, and found that it kept to a very low percentage of CPU utilization (as low as 5% for some scans). Symantec backs the product with 24/7 tech support, an online help community, real-time chat and comprehensive context-sensitive help. Coming soon Symantec released a public beta of Norton Internet Security 2011 in early April. The beta sports many enhancements, especially when it comes to speed. While there is no official release date for the final product, availability before the fourth quarter of 2010 is expected. Symantec claims that the new version will improve or maintain key performance benchmarks in installation times, scan times and memory usage. In addition, the product will include System Insight 2.0, which goes beyond security and alerts users when applications are significantly impacting their system resources. Other enhancements include improved reputation filters, support for social networking sights and better browser integration. Conclusion Norton Internet Security 2010 is an excellent security product and still remains the one to beat. Symantec has done a good job of improving it over time to keep it one step ahead of the competition. Perhaps the only downside is Norton Internet Security's price, which is higher than those of many competing offerings. Panda Internet Security 2010 Panda Security, although not as well known as the big names like Symantec and Trend Micro, offers several security products, ranging from simple antivirus tools to hosted enterprise systems. Internet Security 2010 offers protection from viruses, spyware, rootkits, hackers, online fraud, identity theft and other Internet threats. Panda Internet Security 2010 also offers antispam features, parental controls and full anti-malware capabilities. Internet protection Panda incorporates a technology it calls "cloud scanning," which centralizes virus data from across all Panda customers to keep its database up to date. According to the company, the underlying collective intelligence used by the cloud technology helps to make sure that all signatures are up to date and allows Panda to get a head start on how to deal with a virus or exploit that represents a zero-day threat. The firewall has a set-and-forget design. Basically, you pick a profile and assign that to the firewall, and the firewall then protects the PC based upon the canned settings in the profile. However, I found the firewall settings particularly difficult to change, making it a bit hard to customize the protection offered. Some of the settings were buried under different menus, while other settings were not well defined. For example, to change ports being blocked, I had to go through several menu levels to locate the feature. The firewall automatically handles known good and bad programs and monitors system behavior for any unknown programs. An extensive database helps to keep notifications to a minimum, only bothering the user when an unknown application is first run. Parental controls allow you to set up a Web filter and give each user a specific setting. The product offers the following preset filters: Kid, Employee, Teen or Default. You can also adjust the filter to block or allow specific content. Setting up the parental controls requires that you assign each user a log-on name and password -- the other suites here don't require the creation of separate accounts for each user. Panda's spam filtering was easy to set up and needs minimal user intervention. It automatically filters incoming POP3 e-mail; however, it doesn't support IMAP e-mail. More control over spam would be nice -- the product offers limited custom filtering, only looking for keywords or attachments. Usability Panda Internet Security 2010 was simple to install and set up -- the installation wizard only asks a few questions and only one reboot is required. The product does make a lot of assumptions on its default settings, turning on all security features, such as spam protection, as part of the installation. That's actually an advantage, especially since changing the defaults can be a tedious process, with some configuration elements hard to locate and/or understand. I found that to change some simple rules, I had to traverse a multitude of menus, especially for firewall settings. The product offers a combo dashboard/main screen that shows the status of system security and features menu items that launch the various configuration and information screens. It combines antivirus and antispyware systems into a single choice on the dashboard. The firewall is controlled using a dedicated tab on the dashboard, which brings up the various submenus. Product specs Panda Internet Security 2010 Company: Panda Security Panda could use better help screens and clearer descriptions of its various functions, although those familiar with PC security should have no problems. However, neophytes may be put off by the terminology. The product performs well and was relatively unobtrusive on my test PC. Warning screens were kept to a minimum and updates were automated, meaning that users are not asked before an update is processed. Whether that's a good way to handle things comes down to whether a user prefers an install-and-forget security product or wants to be intimately involved with his PC's security status. Coming soon Panda has some big changes planned for the next version of its suite, which is expected by the third quarter of 2010. According to the company, the package will sport a redesigned interface that's crafted to address user concerns about things such as difficult-to-find settings and less-than-useful help screens. The product will also incorporate improved Web site filtering, offering better protection from the growing spate of phishing and attack sites. The product's "cloud scanning" technology is poised to become faster, more efficient and more frequently updated, helping to reduce the threat of zero-day attacks. Other planned improvements include new data-encryption technology to protect personal information, enhanced privacy controls and an information shredder that's supposed to wipe out all traces of personal data before a system is handed over to a new user. Conclusion Panda Internet Security 2010 works well and is a polished product that should appeal to newbie users. It's a bit more expensive than most of its competitors; in addition, power users who like to have full control over their software might find that Panda Internet Security 2010 comes up a little short. Security Shield 2010 Security Shield 2010 combines products from two vendors to create an Internet security suite. The suite incorporates antivirus, antispam and antispyware tools, a firewall, parental controls and rootkit detection capability into a single product that features an intuitive management console. Internet protection Security Shield uses technology from BitDefender for its antivirus, antiphishing, antispyware and antikeylogger engines; it uses its own Spam Shield product to provide antispam capabilities. The firewall monitors all inbound and outbound traffic to protect the system from external attacks or to prevent malicious software running on the PC from transmitting information. Most of the product's capabilities are fairly basic. For example, Spam Shield 4.0, the antispam component from Security Shield, works only on POP3 e-mail services and integrates only with Outlook and Outlook Express. The antispam capabilities are also somewhat limited, relying on user rules and settings to work effectively. For example, if you want spam to be sent to a folder for examination, instead of just deleted, you will need to define a rule that identifies the spam mail and then saves it to a junk (or other) folder. All in all, the product offers basic protection but lacks the bells and whistles that power users desire, such as the ability to fully customize the firewall to create exceptions for particular applications or to install antispam on e-mail clients that use IMAP. Usability I found it very easy to work with the basic settings and the product's dashboard, which is designed for simplicity, offering very basic descriptions of each feature and simple green check marks to indicate that something is turned on and functioning properly. The buttons across the top of the dashboard are limited to simple descriptions, such as Dashboard (the home screen), Security, Parental and Network (which leads to firewall controls). However, if you like to tinker with settings, enable advanced features or play security detective, Security Shield 2010 may not be the product for you. I found it difficult to find many of the custom security settings on the product and had to traverse multiple menus that followed little rhyme or reason in order to locate some settings such as scan scheduling or quarantine capabilities. The product used little in the form of resources, barely affecting system performance and using hardly any memory. That small memory footprint and low CPU usage are great advantages for users who are concurrently using their PCs during scans, but it comes at a price -- I found that full disk scans and other manually executed tasks took an inordinate amount of time. For example, a full system virus scan on roughly 8GB of data and system files took almost an hour. Product specs Security Shield 2010 Company: PCSecurityShield Living with the product was another story. With all of the security features enabled, I was constantly bombarded with warnings and suggestions while accessing the Web with Internet Explorer. I found that I had to turn off or reduce the aggressiveness of some of the protection features, such as antiphishing and content-filtering tools, to avoid the numerous messages. The warning messages may not be overly intrusive to experienced users, since they will understand the implications of the text, but inexperienced users could find the messages so annoying that they could wind up turning security features off to avoid them. Coming soon Representatives wouldn't say whether the company is set to deliver an updated version of the product. Conclusion Overall, Security Shield 2010 is a serviceable product; however, users may want to consider some of the other suites on the market before committing to this product. Security Shield's real strength is it antivirus engine -- however, since that comes from BitDefender, all things being equal, BitDefender's security suite is probably a better choice -- unless you're looking for an extremely simple product for a family member's or friend's computer. In that case, Security Shield 2010 should do fine. Trend Micro Internet Security Pro As one of the more expensive suites on the market, Trend Micro Internet Security Pro has to meet some high expectations. And in many ways it does: Trend Micro Internet Security Pro is one of the most comprehensive Internet security suites available. It features full protection, including antivirus, antispyware and antispam tools, a firewall, parental controls and rootkit detection capability. What's more, Trend Micro throws in a behavioral engine, which improves protection, and a security toolbar for use with your browser. Internet protection Trend Micro offers all of the expected capabilities, including antimalware and antispam tools, a firewall and other security features. One unusual addition is Trend Micro's Wi-Fi Advisor, which checks wireless networks for security problems. Also included is a gaming mode, which opens ports in the firewall for access to Internet games, while still retaining its antivirus and antimalware capabilities. That allows users to play games over the Internet without fear of getting viruses or spyware. There are also device access controls that prevent unauthorized USB devices from being used on a PC. The firewall is simple to deploy. Neophytes can just choose a setting that fits their environment; options include Home Network, Office Network, Direct Connection or Wireless Connection. These all change the firewall rules to different levels and settings depending on the danger associated with each type of connection. The product's content-filtering parental controls offer predefined settings for teens, pre-teens and adults; each of the predefined settings can be customized further for users who need to limit or allow access to more sites based upon the profile in use. Trend Micro offers an integrated browser toolbar that makes searches simpler and offers advice when visiting new Web sites, such as whether or not the site is safe or has any security problems. The product's spam filtering capability works with incoming POP3 e-mail and integrates with Microsoft Outlook and Outlook Express. As with other product functions, spam filtering is based upon a simple choice of how aggressive you want the antispam component to be. You can set the filtering level to high, medium or low. The high setting will eliminate the most spam but might also block legitimate e-mail, while the low setting might let some spam get through. You can further fine-tune the spam filtering by using a whitelist or a blacklist. Usability Trend Micro Internet Security Pro has one of the cleanest installation processes; installation was a breeze and did not require a reboot of the PC. The installer also seeks out previously installed antivirus products and can automatically remove them, which helps to prevent conflicts between incompatible applications. Product specs Trend Micro Internet Security Pro Company: Trend Micro Inc. The application tries to keep things as simple as possible and offers a great deal of guidance. Trend Micro is also "state aware," so if you're running a presentation, watching a movie, playing a game or doing some other activity where security warnings and pop-ups are not desired, the product will suppress warnings to prevent interruptions. Operationally, I found the product offered adequate performance, memory usage was low and the product had little impact on processor utilization, less than 5% in most cases. However, manual scans did tend to be more processor-intensive and did put a noticeable dent in overall system performance; they would frequently peak at 90% processor utilization for very short periods of time -- never more than two seconds. This suggests that the application might not be appropriate for lower-powered systems such as netbooks. Coming soon Trend Micro hasn't publicly announced what is planned for the next version of its product, and no public beta is available. That said, development and testing is going on behind the scenes for the next version of Internet Security Pro, according to company sources. Conclusion Trend Micro has an interesting and useful product. The Wi-Fi adviser can be a handy feature for people who work in unsecured locations such as Internet cafes, and the ability to control device access such as USB connectivity is a good feature to prevent unauthorized individuals from copying information from an unattended PC. However, I was not impressed with its performance during manual scans, and would think twice before using it on less powerful notebooks or netbooks. ZoneAlarm Security Suite 2010 ZoneAlarm, which has been around since the late 1990s, is well known for its free firewall; more recently, it has been marketing a full security suite. With ZoneAlarm Security Suite 2010, Check Point Software (which purchased the product from Zone Labs in 2004) has integrated its firewall and spyware-prevention products into a suite that incorporates Kaspersky's virus-scanning engine to create a full array of anti-malware, anti-intrusion capabilities. Internet protection Since ZoneAlarm Security Suite 2010 uses Kaspersky's virus-scanning engine, the anti-malware capabilities are very similar to those of Kaspersky's product. However, the company has done a good job of integrating the virus-scanning technology into the suite, providing a near seamless experience from the program's menus. The firewall is a good fit for advanced users, since it offers granular control of ports, programs and access. The firewall manages incoming and outgoing Internet traffic, while separately managing local network traffic. That allowed me to define different access policies based upon whether or not I was talking to a local network machine or a remote, Internet-based machine. Blocking malicious programs is easy, thanks to ZoneAlarm's SmartDefense Advisor technology, which preconfigures settings for millions of known programs and sets a trust level for each. Unknown malware is handled by an "Auto-learn" mode, which starts by treating every unknown program as valid, allowing that program to be executed and then monitoring the activity of that program to see if it exhibits suspicious activity. Initially, all unknown applications have a rule assigned that allows continued network access. That leaves it up to ZoneAlarm to detect if the program is a problem, based upon behavior. The goal of Auto-learn mode is to limit confusing firewall pop-up messages, making security less intrusive -- but with that comes the possibility of reduced security. If you turn off Auto-learn, then unknown programs are blocked until the user acknowledges that they are OK -- which may be more irritating, but is also more secure. The product integrates with popular browsers and prevents malware by blocking dangerous sites. If the site is not blocked, the product allows the requested file to be downloaded. If it can't guarantee the file is good, ZoneAlarm initiates a more intense scan that analyzes the file's execution in a digital sandbox. The advanced scan starts after the download finishes and can take a few minutes. ZoneAlarm offers integrated spam filtering, thanks to the inclusion of the SonicWall antispam component, which filters POP3 and IMAP e-mail in Outlook, Outlook Express and Windows Mail. The product also works with Microsoft Exchange. Filtering uses a combination of whitelists and blacklists, and it can protect mailing lists based on the recipient address. One nifty feature is its ability to make every new correspondent respond to an e-mail challenge the first time. The suite features all of the expected bells and whistles, as well as a few extra capabilities such as data-leakage protection, credit report monitoring and zero-hour rootkit prevention. Usability ZoneAlarm has done a fine job of rolling the separate security components together into a unified suite. I found it very easy to install. Dialog boxes were kept to a minimum, requiring very little user interaction -- while that does simplify the installation, it would have been nice to be presented with a little more information, such as percentage complete and what part of the installation process was occurring. Product specs ZoneAlarm Security Suite 2010 Company: Check Point Software Technologies Inc. The support documentation and integrated help screens for ZoneAlarm Security Suite 2010 provide all the information a user could need to solve most problems or activate most features. For technically challenging situations, users can turn to e-mail support, online help, online chat and user forums. The company does offer paid phone support, but that costs $49.95 per incident. The interface offers pull-down menus and tabs to access primary features. Choices include Firewall, Program Control, Antivirus/Antispyware, Email Protection, Privacy, Identity Protection, Parental Control and Alerts & Logs. The opening window starts with an overview screen that gives the highlights of what has been recently blocked, scanned or detected. Navigation is pretty straightforward, but some of the menus could be combined to simplify things. For example, privacy and identity protection could be combined into a single element. Scans proved to be very fast, and the application used a minimum of CPU cycles and resources, making it effective even on older systems with low-powered CPUs and on netbooks. In most cases, test scans only increased CPU utilization by 10% or less. However, more in-depth scans of executables, which execute the applications in a digital sandbox, spiked CPU usage as high as 90% for a few seconds. Decent reporting capabilities and pop-up notifications round out the security suite, while automated updates help to keep everything secure. Coming soon According to ZoneAlarm's PR representative, the company has not released any information about the next version of its product or about its plans for an updated version of ZoneAlarm Security Suite 2010. Conclusion All things considered, ZoneAlarm Security Suite 2010 covers the basics very well. Its integrated firewall proves to be an excellent security tool for power users who want to control and monitor all traffic in and out of a PC. I do have an issue with its Auto-learn mode -- but as long as you ignore that feature, the firewall is very good. You should also expect performance hits during in-depth scans. Thanks to the incorporation of Kaspersky's security tools, ZoneAlarm Security Suite 2010 will protect PCs from the common ills found on the Internet, which helps to round out the product and put it into the Internet Security Suite category. The product could be a top contender with the addition of free phone support, which is the norm among the vendors in this market, and a slimmed-down interface that better hides complexity from neophyte users. |
|
ANALYSIS: Head in the clouds – how secure is the new IT? |
Current intrusion detection and prevention systems can't track malicious activity in communications between virtual machines; Trend Micro has a product to address this concern. Bring up the subject of cloud computing at any boardroom discussion and you can be sure the topic of security follows quickly behind. The reasons are understandable; to many people, giving a company's IT infrastructure to a cloud provider puts data physically out of sight and, some believe, out of control, too. No doubt there's an element of perception at work here, but the fires of this particular debate seldom need much stoking. To pick the most recent example, the City of Los Angeles has delayed the adoption of Google's cloud-based email and productivity tools. The US$7.25m project would have involved migrating more than 30,000 city employees to the new infrastructure. Now it's nine months behind schedule and security concerns are being given as the reason. In particular, the LAPD's stringent data protection requirements have helped to stall the move, as it's not convinced Google's security controls are sufficient. This is not an isolated incident. A recent survey of 500 IT decision makers, conducted for Mimecast, found 74pc saying a trade-off between cost and security exists, while 62pc said storing data on servers located outside the company always carries a risk. Mimecast CEO Peter Bauer called cloud security issues "myths". At the same time, there is no shortage of people ready to declare the future lies in the clouds. Another survey, this time by Savvis, polled 600 IT and business executives and it found 96pc of people are confident that cloud computing is ready for business use. What's more, 68pc said this 'elastic IT' would help their businesses recover from the recession. Security issue at cloud computing conference Conor Flynn, technical director of the information security firm Rits, acknowledged the perceived loss of control. "You can't see the servers and someone else can," he said. "Security, privacy and compliance are preventing widespread adoption. People have all these questions and service providers are still coming up with the answers." John Ryan, general manager of Calyx Security, summed up the issue around cloud computing as a move from infrastructure security – that is, protecting the hardware – to data security. Taking virtualisation as a first step on the road to cloud computing, Check Point's channel manager Andy Clark said security remains a concern even at that stage. "Security isn't the reason you virtualise but we do need to consider it," he said. Clark acknowledged the "visibility gap" – the fact that servers don't physically exist can mean it's hard to keep track of them and server sprawl is a possible outcome. "That's a potential risk if you don't patch virtualised servers they could be compromised and could lead to a vulnerability across your virtualised network," he said. "Without security, information can pass from one virtualised server to another with no check on them." One option is to implement controls where packets are inspected before passing from one virtualised machine to another, he suggested. Service providers, vendors address security concerns Now, according to the company's blog, Google Apps is "the first suite of cloud computing applications to receive Federal Information Security Management Act (FISMA) certification and accreditation from the US government." Other providers like Salesforce.com seek to reassure customers by regularly publishing performance statistics on their websites. Senior company figures point out that several leading banks have extensively vetted the company's controls to satisfy themselves that the security comes up to scratch. Just like low-cost airlines stand or fall by their safety record, cloud providers have to invest heavily in security because their business model relies on eliminating the risk of data breaches. "In one respect, the cloud is more secure because companies investing in cloud infrastructure are putting more into security than any one enterprise could. In essence, a cloud provider's business is dependent on keeping your information secure," said Ryan. However, he cautioned that transparency is not yet industry-wide and the openness differs from one provider to another. Some vendors don't disclose where their data centres are located and while some will allow internal audits under certain circumstances, others will only reveal what region a customer's data is stored in. "You might have part of your data in a European data centre and another part in an Asian data centre," said Ryan. "In some perverse way, that's actually more secure in many respects, because if the data centre is hacked, they won't get all of your data, but from the point of view of compliance and data protection, and knowing where your data is and what regulations it comes under, you're completely stumped," he said. "As the cloud becomes more pervasive, there's going to have to be a lot of work done by the service providers to assure you as a user that your data is secure, is held in the right locations and is coming under the appropriate data protection laws." Regulatory requirements and moving to the cloud Ryan urged businesses to familiarise themselves with the risks before moving to the cloud, to create compliance plans and to look closely at service level agreements and contracts with providers. "It means you have to become more of an auditor than a technologist," said Ryan, who added: "It's best to get security in early rather than trying to retrofit it later." Software vendors are also chipping in with offerings. Current intrusion detection and prevention systems can't track malicious activity in communications between virtual machines; Trend Micro has a product to address this concern. The conference didn't succumb to the kind of hard sell that often accompanies these kinds of events. There was a healthy scepticism among many of the speakers about the extent of security threats and whether some virtualistion and cloud security products are, in the words of one delegate, "a solution for a problem that doesn't exist". Some concerns may be real and others perceived, but many are sure to recede over time. All speakers at the event challenged the IT sector's conventional wisdom that cloud adoption is close to a tipping point on the way to going mainstream. Jimmy Kehoe, then of VMware, now of reseller Datapac, summed up the sentiments neatly: "You're not just going to take everything and shift it to the cloud. It's going to be gradual." At least that should give security professionals plenty of time to prepare. |
|
BitDefender Offers Partners 100% Margins on Antivirus |
Kaspersky Lab is dueling with Trend Micro to assume third place in the market leadership triad. Companies such as Panda Security, ESET, AVG and Sunbelt are looking to the channel to increase their market share and sales. There's no shortage of antivirus vendors nowadays, but that's not stopping BitDefender from trying to expand its tiny slice of the North America market with a new channel program. To entice existing partners and attract new resellers to its ranks, the Romanian company is offering solution providers 100 percent margin on the first sale of their antivirus platform. BitDefender, widely regarded as a good security technology, has sold its products in the North American market for the better part of the last decade. Like other tertiary security vendors coming out of Europe, it's hasn't had much success breaking into the U.S. against entrenched market leaders Symantec and McAfee. The new channel program announced July 26 promises solution providers the best margins, technical support and sales incentives in the security industry. The total package is nothing less than an attempt to get solution providers to build dedicated practices around BitDefender. "We're excited to offer a complete program to partners that will aggressively reward them as they help us grow. As BitDefender matures, we're moving from direct sales to working with channel partners, expanding our customer base and entering new markets. We're excited to work with the channel community and new partners to offer the best security software to their customers," said Keith Alston, BitDefender's North America channel sales director, in a statement. Frankly, the BitDefender program has just about everything you'd expect on the channel-program checklist--a three-tier rating system (gold, silver and bronze); partner sales and technical training programs; pre- and post-sales support; marketing materials and sales planning; and an aggressive lead-generation program. No real surprises there. Margins are what make the BitDefender program different. The company doesn't get specific in what margins are (no vendor really does), but it does make the claim that solution providers selling BitDefender make $10,000 more per $100,000 of software sold than they can with competitive vendors. It's an interesting claim, considering that the average sale price of BitDefender software is lower than that of competitive offerings. That means solution providers have to sell more units to get to that $100,000 mark. That's not a knock, just a reality. The math still works in BitDefender's favor, since even with lower ASPs, solution providers likely attain a better margin than with larger competitors. Another, albeit minor, differentiator for BitDefender is the "5 to 1 lead generation program." How this program is a benefit is a bit of a mystery. The company provided this statement to explain how it works: ""BitDefender works closely with partners to provide them with leads generated through various marketing programs such as online advertising, e-mail marketing, [search engine marketing], [search engine optimization] and others. As we provide leads, our partners also work in generating demand for our products. Partners in the BitDefender program self-generate at least one lead per every five leads BitDefender provides." BitDefender joins a large chorus of antivirus and security software vendors looking to undercut Symantec and McAfee's dominant market share. Analysts' reports show Symantec's antivirus market share is slipping, as competitors--particularly McAfee--are winning over customers in competitive engagements. Kaspersky Lab is dueling with Trend Micro to assume third place in the market leadership triad. Companies such as Panda Security, ESET, AVG and Sunbelt are looking to the channel to increase their market share and sales. And not to be left out of the party, Microsoft released its new version of its Security Essentials application, which has 22 million consumer users and an increasing number of small business installations. Many of the smaller security companies are winning partners and customers, and growing revenue. However, they report that growth isn't as robust as they'd like and that they're not growing fast enough to make a difference in market presence. BitDefender may have built a world-class channel program; the question is whether it will find a seam to break through the market share barriers where others have stalled. |
|
Japanese Stocks Rise, Buoying Topix for Fourth Day; Canon Gains |
Trend Micro Inc., a software developer that earns about 60 percent of its revenue overseas, climbed 3.4 percent. Japanese stocks rose, sending the Topix index higher for the fourth consecutive day, after Canon Inc. reported increased profit and the yen traded near a two- month low against the euro. Canon, the world's largest camera maker, surged 4 percent. Sony Corp., an electronics maker that gets about 70 percent of sales abroad, jumped 2.6 percent after JPMorgan Chase & Co. boosted its investment rating. Trend Micro Inc., a software developer that earns about 60 percent of its revenue overseas, climbed 3.4 percent. The Nikkei 225 Stock Average rose 1.5 percent to 9,637.83 as of 9:12 a.m. in Tokyo. The broader Topix advanced 1.3 percent to 856.98. "Overall, corporate earnings are improving and expectations for strong earnings will likely increase," said Hiroichi Nishi, an equities manager in Tokyo at Nikko Cordial Securities Inc. The Topix has declined 5.6 percent in 2010, compared with a 0.1 percent drop by the S&P 500 and a 1.7 percent gain by the Stoxx Europe 600 Index. Stocks in the Japanese benchmark are valued at 16.6 times estimated earnings, compared with 13.5 times for the S&P and 12 times for the Stoxx. The yen depreciated to as low as 87.98 against the dollar today in Tokyo compared with 86.98 at the close of stock trading yesterday. Against the euro, it weakened to 114.42 from 113.17. A weaker yen boosts the value of overseas income at Japanese companies when repatriated. |
|
VMware shows off vShield security enhancements |
Currently, Trend Micro is the only partner that supports the near-agentless approach. VMware recently previewed three new security features that may prove especially compelling for large shops with complex security requirements. Two of the features, vShield Edge and vShield App, strive to reduce "firewall choke points" and "VLAN sprawl" and to identify mobile virtual machines' level of security, according to Rob Randell, a VMware security specialist systems engineer. The goal of these features is to eliminate the burdens associated with identifying and addressing security concerns in a dispersed virtual environment. The first two features went into public beta on July 15 and were previewed at the New England regional VMware User Group (VMUG) meeting in Brunswick, Maine last week. A third feature, the concept for "near-agentless antivirus" protection of virtual machines, was also demoed. (More information on the beta program is available on the VMware website.) vShield Edge 1.0 But vShield Zones are intended to serve as firewalls on internal networks rather than at the "edge" of a virtual data center. While not intended to replace firewall hardware at the physical edge, vShield Edge 1.0 -- by supporting routing and leveraging VMsafe's application programming interfaces (APIs) -- will introduce the routing virtual firewall, Randall said. This means vShield Edge could be used to more securely containerize virtual data centers among business units in a large enterprise, or among customers of a cloud service provider. The changes in vShield Edge are also part of ongoing work to extend the Layer 2 domain for workload federation and portability to the cloud. Meanwhile, the support for VMsafe APIs will allow logical zoning down to the virtual network interface card (vNIC) level, according to Randall's presentation. The vShield Edge approach could help avoid "VLAN sprawl" while retaining isolation of applications, and VMUG attendees said that they could envision eliminating physically separate clusters for apps that fall under regulatory audits using this feature. But that remains a possibility rather than a certainty. When questioned by attendees about how such an approach would go over with auditors, Randell said VMware should have "more specific guidance" later this year. vShield App 1.0 This would also be an alternative to creating a separate "Web Server" VLAN, further alleviating VLAN sprawl. REST-based client APIs will also be available for third-party enforcement tools. Rules follow migrating virtual machines, through the use of flow monitoring that analyzes inter-VM traffic, according to the beta website. Near-agentless antivirus Currently, many antivirus programs running on virtual machines require an application agent within each guest, a holdover from the physical world. The presence of these agents can slow performance, particularly when scheduled activities kick off on several guests simultaneously, which is known as an "AV storm." With the near-agentless approach, VMware would introduce a VMware Consolidated Backup-like proxy virtual appliance to centralize antivirus services, including on-access and on-demand file scanning, away from production clusters. Antivirus programs also typically scan only portions of files for virus activity, and VMware has developed a method for sending only portions of these files over the wire to the virtual appliance to cut down on network bottlenecks. What had been a separate software agent running in each guest will now become a lighter-weight driver within the VMware kernel. Currently, Trend Micro is the only partner that supports the near-agentless approach. Several attendees asked Randell whether McAfee had a near-agentless integration in the works. Randell indicated that VMware is in talks with both McAfee Inc. and Symantec Corp. but advised users, "If you're a McAfee or Symantec customer, hammer them [to support this]." Users ponder vShield App, vShield Edge Blake said he hadn't yet looked into the new vShield products but was intrigued, given the large number of security policies and regulations his organization has to follow, and the difficulty of balancing ease of access with security requirements. "We don't have the ability today, for example, to really segment off systems because our users need access to our data center VLANs in order to run some applications. It seems like this would potentially allow us to put up those security gates, but not doing it in the traditional manner of having to separate out VLANs and firewalls and all of the overhead that has to be managed with that." VMUG attendee Eric Wallace, systems administrator at a 75-employee financial services firm in the Northeast, noted that the features require an Enterprise Plus license, which is too rich for his organization's blood. But Wallace said that previously he'd worked for larger organizations, including L.L. Bean, where "it was a real challenge figuring out how to tear up the network. I can see how in a big environment it would be very helpful to look at all the security settings in one place." |
|
Ultimate security software guide - choose the suite that's right for you |
Trend Micro Internet Security Pro is one of the most comprehensive Internet security suites available. It features full protection, including antivirus, antispyware and antispam tools, a firewall, parental controls and rootkit detection capability. What's more, Trend Micro throws in a behavioral engine, which improves protection, and a security toolbar for use with your browser. Norton Internet Security 2010 Of course, name recognition doesn't always mean a product is the best. Symantec strives to keep competitors at bay and is constantly improving its offerings. Norton Internet Security 2010 is no exception. Internet protection One interesting feature is Symantec's Quorum reputation index. Here all known files are assigned a reputation level, which is based upon continually updated data from Symantec's customers. Files that have given no one any problems have a high reputation, while files that have been easily infected or compromised have a low reputation. If a program being downloaded has a low reputation, the user is informed and can abort the download or decide not to execute the application. Related Slideshow: Inside Symantec's Security Operations Center Norton also utilizes its SONAR2 engine, which, according to Symantec, uses all sources of information, including the reputation index, to judge whether a file should be classified as suspicious and subjected to more in-depth testing. Parents will like how easy it is to set up parental controls and keep a tab on what little Billy and Janie can access. The product integrates with an online offering called OnlineFamily.Norton, a Web service that is free for Norton customers. Norton Internet Security 2010 uses technology from Symantec's enterprise-level spam protection system. The product filters all POP3 e-mail for spam and viruses and integrates with Outlook and Outlook Express. IMAP integration is missing and would be welcome. Usability Product specs One thing to be aware of is the time it takes to install the package -- although the hands-on portion of the installation is rather quick, you will have to wait through an update process that can take as long as 20 minutes. Immediately after the installation completes, the product "phones home" to download all of the latest updates, and that can take some time. In my testing, almost every other security product went through the same process in a few minutes, but Norton took 20 minutes. Using Norton Internet Security 2010 is straightforward. The interface is laid out in a logical fashion using an index-card-style layout. All of the major capabilities are accessed from a central menu that has controls that look like index cards and are populated with pertinent information. One click delivers additional information and other options. As a testament to the product's performance increases, the interface offers a summary screen showing CPU utilization and resource use in real time. I watched it while Norton Internet Security 2010 went through its chores, and found that it kept to a very low percentage of CPU utilization (as low as 5% for some scans). Symantec backs the product with 24/7 tech support, an online help community, real-time chat and comprehensive context-sensitive help. Coming soon Symantec claims that the new version will improve or maintain key performance benchmarks in installation times, scan times and memory usage. In addition, the product will include System Insight 2.0, which goes beyond security and alerts users when applications are significantly impacting their system resources. Other enhancements include improved reputation filters, support for social networking sights and better browser integration. Conclusion Panda Internet Security 2010 Internet protection The firewall has a set-and-forget design. Basically, you pick a profile and assign that to the firewall, and the firewall then protects the PC based upon the canned settings in the profile. However, I found the firewall settings particularly difficult to change, making it a bit hard to customize the protection offered. Some of the settings were buried under different menus, while other settings were not well defined. For example, to change ports being blocked, I had to go through several menu levels to locate the feature. The firewall automatically handles known good and bad programs and monitors system behavior for any unknown programs. An extensive database helps to keep notifications to a minimum, only bothering the user when an unknown application is first run. Parental controls allow you to set up a Web filter and give each user a specific setting. The product offers the following preset filters: Kid, Employee, Teen or Default. You can also adjust the filter to block or allow specific content. Setting up the parental controls requires that you assign each user a log-on name and password -- the other suites here don't require the creation of separate accounts for each user. Panda's spam filtering was easy to set up and needs minimal user intervention. It automatically filters incoming POP3 e-mail; however, it doesn't support IMAP e-mail. More control over spam would be nice -- the product offers limited custom filtering, only looking for keywords or attachments. Usability The product does make a lot of assumptions on its default settings, turning on all security features, such as spam protection, as part of the installation. That's actually an advantage, especially since changing the defaults can be a tedious process, with some configuration elements hard to locate and/or understand. I found that to change some simple rules, I had to traverse a multitude of menus, especially for firewall settings. The product offers a combo dashboard/main screen that shows the status of system security and features menu items that launch the various configuration and information screens. It combines antivirus and antispyware systems into a single choice on the dashboard. The firewall is controlled using a dedicated tab on the dashboard, which brings up the various submenus. Product specs The product performs well and was relatively unobtrusive on my test PC. Warning screens were kept to a minimum and updates were automated, meaning that users are not asked before an update is processed. Whether that's a good way to handle things comes down to whether a user prefers an install-and-forget security product or wants to be intimately involved with his PC's security status. Coming soon The product will also incorporate improved Web site filtering, offering better protection from the growing spate of phishing and attack sites. The product's "cloud scanning" technology is poised to become faster, more efficient and more frequently updated, helping to reduce the threat of zero-day attacks. Other planned improvements include new data-encryption technology to protect personal information, enhanced privacy controls and an information shredder that's supposed to wipe out all traces of personal data before a system is handed over to a new user. Conclusion Security Shield 2010 Internet protection The firewall monitors all inbound and outbound traffic to protect the system from external attacks or to prevent malicious software running on the PC from transmitting information. Most of the product's capabilities are fairly basic. For example, Spam Shield 4.0, the antispam component from Security Shield, works only on POP3 e-mail services and integrates only with Outlook and Outlook Express. The antispam capabilities are also somewhat limited, relying on user rules and settings to work effectively. For example, if you want spam to be sent to a folder for examination, instead of just deleted, you will need to define a rule that identifies the spam mail and then saves it to a junk (or other) folder. All in all, the product offers basic protection but lacks the bells and whistles that power users desire, such as the ability to fully customize the firewall to create exceptions for particular applications or to install antispam on e-mail clients that use IMAP. Usability However, if you like to tinker with settings, enable advanced features or play security detective, Security Shield 2010 may not be the product for you. I found it difficult to find many of the custom security settings on the product and had to traverse multiple menus that followed little rhyme or reason in order to locate some settings such as scan scheduling or quarantine capabilities. The product used little in the form of resources, barely affecting system performance and using hardly any memory. That small memory footprint and low CPU usage are great advantages for users who are concurrently using their PCs during scans, but it comes at a price -- I found that full disk scans and other manually executed tasks took an inordinate amount of time. For example, a full system virus scan on roughly 8GB of data and system files took almost an hour. Product specs Coming soon Conclusion Security Shield's real strength is it antivirus engine -- however, since that comes from BitDefender, all things being equal, BitDefender's security suite is probably a better choice -- unless you're looking for an extremely simple product for a family member's or friend's computer. In that case, Security Shield 2010 should do fine. Trend Micro Internet Security Pro And in many ways it does: Trend Micro Internet Security Pro is one of the most comprehensive Internet security suites available. It features full protection, including antivirus, antispyware and antispam tools, a firewall, parental controls and rootkit detection capability. What's more, Trend Micro throws in a behavioral engine, which improves protection, and a security toolbar for use with your browser. Internet protection The firewall is simple to deploy. Neophytes can just choose a setting that fits their environment; options include Home Network, Office Network, Direct Connection or Wireless Connection. These all change the firewall rules to different levels and settings depending on the danger associated with each type of connection. The product's content-filtering parental controls offer predefined settings for teens, pre-teens and adults; each of the predefined settings can be customized further for users who need to limit or allow access to more sites based upon the profile in use. Trend Micro offers an integrated browser toolbar that makes searches simpler and offers advice when visiting new Web sites, such as whether or not the site is safe or has any security problems. The product's spam filtering capability works with incoming POP3 e-mail and integrates with Microsoft Outlook and Outlook Express. As with other product functions, spam filtering is based upon a simple choice of how aggressive you want the antispam component to be. You can set the filtering level to high, medium or low. The high setting will eliminate the most spam but might also block legitimate e-mail, while the low setting might let some spam get through. You can further fine-tune the spam filtering by using a whitelist or a blacklist. Usability
Product specs Operationally, I found the product offered adequate performance, memory usage was low and the product had little impact on processor utilization, less than 5% in most cases. However, manual scans did tend to be more processor-intensive and did put a noticeable dent in overall system performance; they would frequently peak at 90% processor utilization for very short periods of time -- never more than two seconds. This suggests that the application might not be appropriate for lower-powered systems such as netbooks. Coming soon Conclusion However, I was not impressed with its performance during manual scans, and would think twice before using it on less powerful notebooks or netbooks. ZoneAlarm Security Suite 2010 Internet protection The firewall is a good fit for advanced users, since it offers granular control of ports, programs and access. The firewall manages incoming and outgoing Internet traffic, while separately managing local network traffic. That allowed me to define different access policies based upon whether or not I was talking to a local network machine or a remote, Internet-based machine. Blocking malicious programs is easy, thanks to ZoneAlarm's SmartDefense Advisor technology, which preconfigures settings for millions of known programs and sets a trust level for each. Unknown malware is handled by an "Auto-learn" mode, which starts by treating every unknown program as valid, allowing that program to be executed and then monitoring the activity of that program to see if it exhibits suspicious activity. Initially, all unknown applications have a rule assigned that allows continued network access. That leaves it up to ZoneAlarm to detect if the program is a problem, based upon behavior. The goal of Auto-learn mode is to limit confusing firewall pop-up messages, making security less intrusive -- but with that comes the possibility of reduced security. If you turn off Auto-learn, then unknown programs are blocked until the user acknowledges that they are OK -- which may be more irritating, but is also more secure. The product integrates with popular browsers and prevents malware by blocking dangerous sites. If the site is not blocked, the product allows the requested file to be downloaded. If it can't guarantee the file is good, ZoneAlarm initiates a more intense scan that analyzes the file's execution in a digital sandbox. The advanced scan starts after the download finishes and can take a few minutes. ZoneAlarm offers integrated spam filtering, thanks to the inclusion of the SonicWall antispam component, which filters POP3 and IMAP e-mail in Outlook, Outlook Express and Windows Mail. The product also works with Microsoft Exchange. Filtering uses a combination of whitelists and blacklists, and it can protect mailing lists based on the recipient address. One nifty feature is its ability to make every new correspondent respond to an e-mail challenge the first time. The suite features all of the expected bells and whistles, as well as a few extra capabilities such as data-leakage protection, credit report monitoring and zero-hour rootkit prevention. Usability Product specs The interface offers pull-down menus and tabs to access primary features. Choices include Firewall, Program Control, Antivirus/Antispyware, Email Protection, Privacy, Identity Protection, Parental Control and Alerts & Logs. The opening window starts with an overview screen that gives the highlights of what has been recently blocked, scanned or detected. Navigation is pretty straightforward, but some of the menus could be combined to simplify things. For example, privacy and identity protection could be combined into a single element. Scans proved to be very fast, and the application used a minimum of CPU cycles and resources, making it effective even on older systems with low-powered CPUs and on netbooks. In most cases, test scans only increased CPU utilization by 10% or less. However, more in-depth scans of executables, which execute the applications in a digital sandbox, spiked CPU usage as high as 90% for a few seconds. Decent reporting capabilities and pop-up notifications round out the security suite, while automated updates help to keep everything secure. Coming soon Conclusion Thanks to the incorporation of Kaspersky's security tools, ZoneAlarm Security Suite 2010 will protect PCs from the common ills found on the Internet, which helps to round out the product and put it into the Internet Security Suite category. The product could be a top contender with the addition of free phone support, which is the norm among the vendors in this market, and a slimmed-down interface that better hides complexity from neophyte users. |
|
Workplace Social Networking Use On The Rise |
Social networking activity in the workplace has increased to 24% of workers, according to a Trend Micro survey of 1,600 people. Social networking activity in the workplace has increased to 24% of workers, according to a Trend Micro survey of 1,600 people. Respondents from Germany, Japan, the United Kingdom, and the United States were polled. Since the last time the poll was taken, social networking use at work is up 10% in Germany and 6% in the UK. The survey also showed that laptop users who can connect to the Internet outside of the company network are more inclined to share confidential data through email, messaging services, and social media apps. To protect against data leakage, the report suggests companies create detailed security policies rather than completely blocking social media sites. |
|