Kaspersky Tops Antivirus Shootout, Windows Defender Worst of the Lot

Anti-virus software is no longer a catch-all solution for your security due to the multitude of new vectors. However, it still makes sense to have an effective anti-virus software installed on your system. Renowned security testing lab Av-Test put 25 consumer antivirus-solutions through the wringer to determine how well they perform in real-world scenarios on Windows 8.1.

All the security apps were graded on three criteria – Protection, Performance, and Usability. The first criterion is an indication of the detection rate. Each security software was tested on a system with 20,646 known (malware that have been widespread and prevalent in the last four weeks) and 138 unknown samples. The Performance score is based on the amount of impact the security software had on the system performance, while usability is determined by the amount of false positives.

The good news is that most of the antivirus suites performed pretty well, with only three tools ending up with a detection rate below 94% on unknown malware. The average detection rate for known malware was 98%. The bad news is that Microsoft Windows Defender, which ships with Windows 8.1 performed abysmally. It was the worse of the lot scoring 0 points in protection. The other two poor performers in the heuristics test were the Tencent PC Manager and AhnLab V3 Internet Security. Even popular third-party freeware products like AVG and Avast performed relatively poorly. Panda Cloud Antivirus and Qihoo 360 Internet Security were the top performing free antivirus software.

Windows-Defender-Detection-Rate
Windows Defender Protection Results

The overall top performer was Kaspersky Internet Security 2014, which obtained a perfect score of 18. Qihoo, McAfee, Bitdefender and Avira scored 17.5 points. As many as nine antimalware apps got a perfect score in the detection tests. The high score were undoubtedly influenced by Av-Test’s decision to use only widespread and prevalent malware for the known samples test, but it also makes Windows Defender’s mere 79% detection rate look even worse.

Antivirus-Shootout-Result
Av-Test Antivirus Shootout Results

Kaspersky Lab is Creating a Secure Operating System for Use in Industrial Control Systems

Recently, there have been rumor of Kaspersky Lab building an operating system for industrial machinery. Yesterday, Eugene Kaspersky finally confirmed the rumors, saying that Kaspersky Laps is indeed working on an operating system for Industrial Control Systems (ICS). Eugene Kaspersky writes on the Kaspersky blog, saying,

Today I’d like to talk about the future. About a not-so-glamorous future of mass cyber-attacks on things like nuclear power stations, energy supply and transportation control facilities, financial and telecommunications systems, and all the other installations deemed “critically important”.

kaspersky-labs

The biggest problems with ICS is that these systems are required to maintain a high availability, and in case of attacks and hacks, it becomes extremely difficult to shut down an infected component without bringing down the whole system. These systems are so cohesive, that it is nearly impossible to isolate an infected node, as they were never designed considering such sophisticated attacks. Kaspersky Lab is working on a secure operating system that will be effective against nation-state funded cyber-attacks, like the ones we have seen over the last few months.

The operating system from Kaspersky Lab has security as its top priority, but it will also address issues of availability by providing hot reboot-less patches. Nonetheless, it will also proactively be checked for security exploits to stay one-step ahead of hackers. This is one operating system designed from the ground up keeping one thing in mind — security. Read more about the Kaspersky Operating System here.

Flame Command & Control Server Password Cracked

Flame was arguably the next big thing in the state sponsored malware section after Stuxnet. If you are not aware, Flame is a malware that was used to infect computers in the Middle East for espionage purposes.

Flame was investigated by a joint effort of Kaspersky, Symantec, ITU-IMPACT and CERT-Bund/BSI. Symantec had earlier failed to crack the password of Flame’s Control Centre and had put out a blog post asking for help in cracking the hash, 27934e96d90d06818674b98bec7230fa. Dmitry Bestuzhev of Kaspersky cracked the hash to find the clear text password as 900gage!@#. We are not yet aware of the method he used to crack the hash.

The decoding of the hash led to the researchers being able to see the Command-and-Control servers for the Flame malware. Kaspersky has posted a detailed blog post analyzing the C&C. All of the servers were running a 64-bit version of Linux called Debian. The programming languages used where PHP, Python and bash and virtualization was run under OpenVZ.

An initial look at the C&C revealed that the attackers had used a minimal interface with no terms such as bot or botnet, possibly to avoid suspicion of hosting company. There was no way to send commands to the C&C as well.

To send a command or set of commands to a victim, the attacker uploaded a specially crafted tar.gz archive, which was processed on the server. A special server script extracted the archive contents and looked for *.news and *.ad files. These files were put into corresponding directories “news” and “ads”. The C&C allows an attacker to push an update to a specific victim, or all victims at a time. It is possible to prioritize a command which allows to organize an order of commands (i.e. collect all data and only after self-removal). The priority and target client ID was transferred in an unconventional way. They were stored in the filename that the attacker uploaded to a C&C.

The researchers also discovered three protocols – SP, SPE, FL and IP which were used to communicate with different clients of which, Flame was identified as FL. This suggests that there are three more Flame like malware in the wild which have not been discovered yet.

The analysis of the C&C shows that servers were first setup on 03 December, 2006 which suggests that Flame was operational for much longer than what we had first thought. The scripts used by the operators also contained other valuable information, the nick name of the developers. Kaspersky hasn’t published their names and has only identified them as D, H, O and R in the blog post.

You can read more about the Kaspersky’s analysis of Flame’s C&C here and a whitepaper by Symantec on Flame here [PDF].

Redditor Uncovers the Mystery Behind the DuQu Trojan

Although a large part of the DuQu trojan was confirmed to have been written in C++, Kaspersky could not reach a conclusion about a particular section of the code. This section deals with the communication with the command and control servers, and is contained inside the payload.dll file. This section of code is expected to have been written in an object-oriented language and Kaspersky Lab engineer, Igor Soumenkov, says

The mysterious programming language is definitively NOT C++, Objective C, Java, Python, Ada, Lua and many other languages we have checked.

This mysterious section of code receives instructions and returns stolen data. The Kaspersky Labs turned to enthusiastic programmers and asked for help on deciphering the doubtful section of code. Reddit, being the awesome community that it is, offered some timely help, nonetheless.

It is interesting to note that the mystery man why demystified DuQu is none other than Igor Skochinsky, who reverse-engineered the Kindle in early 2008. You can always visit his blog to refresh your memory. He goes by the handle igor_sk on Reddit and his exact comment on DuQu was,

I can say with some certainty that the code in the snippets comes from the MSVC compiler, since its register allocator tends to use esi first. “pop ecx” instead of “add esp, 4″ is another MSVC trait. Have a look at this presentation for a more formalized approach to compiler detection.

When confronted with the fact that Kaspersky had debunked the possibility of the code being compiled with MSVC compiler, he boldly claimed that the guys at Kaspersky were wrong. Redditors never fail to amaze me. This vital piece of information will be useful when dealing with the DuQu trojan and stopping its communications with the command center.

Disappointed with SOPA, Kaspersky Lab Decides to Withdraw from BSA

In a decisive move, Kaspersky Lab has decided to withdraw from the BSA, over the  insidious Stop Online Piracy Act (SOPA) bill. SOPA has already been talked about abundantly, and if you were not following SOPA, you can go through  these earlier posts. SOPA is being pushed aggressively by big brands from the software, music and movie industry, and it is a threat to the freedom of the Internet. Kaspersky Labs is a part of  BSA, which represents a trade group of the software industry, in favor of SOPA.
kaspersky-labs

The  Business Software Alliance  is the voice of the world’s commercial software industry and its hardware partners before governments and in the international marketplace. BSA programs foster technology innovation through education and  policy initiatives that promote copyright protection, cyber security, trade, and e-commerce.

The primary source of income for the BSA is the revenue of its member companies. Although BSA counts software giants like Microsoft, Apple and Adobe as its members, the withdrawal of Kaspersky will come as a big blow to BSA.  Kaspersky is the world’s leading Antivirus vendor with 14 years of experience in this specific niche, and revenue worth over half a billion dollars.

If things do not change by 1st January next year, Kaspersky Lab will no longer be a part of BSA. Kaspersky Lab has taken this move because it believes that SOPA will hurt innovation as well as consumers. The statement made by BSA (on Kaspersky’s withdrawal) reads,

Kaspersky has not participated in drafting the bill, nor participated in the debate on SOPA, and does not support this initiative.

News of this withdrawal was expected to weaken BSA’s stand on SOPA, but they have given a neutral statement saying,

We are very disappointed to learn that Kaspersky Labs may not renew their membership in BSA; especially given we share many of their concerns over SOPA. Kaspersky has been a valued member of BSA over the past two years, and we look forward to working with them again in the future.

Another reason for Kaspersky’s decision of withdrawal from BSA and SOPA seems to be the way this law puts the Internet in control of American censorship. This is something that concerns Eugene Kaspersky  (the CEO of Kaspersky) and many others across the world.

Microsoft Products Steer Clear of Vulnerability Leaderboard

In its latest quarterly malware report, Kaspersky Labs has released key trends after analysing vast numbers of IT threats during the second quarter of 2011.

Software Makers

The top 10 rating of vulnerabilities includes products from just two companies: Adobe and Oracle (by virtue of Java vulnerabilities). With great improvements in the Windows updates mechanism and several Windows XP users moving to a more secure Windows 7 experience, Microsoft is no more featured in the list. Incidentally, seven of the top 10 vulnerabilities were found in Adobe Flash Player alone!

Web-surfing

Navigating the web remains the riskiest activity on the Internet. 87 per cent of the websites used to spread malicious programs were concentrated in just 10 countries, with the US based websites leading the pack.

Local infection

The number of fake antivirus programs detected globally by Kaspersky Lab has increased and also the number of users whose computers blocked attempts to install counterfeit software increased 300 per cent in just three months of the last quarter.

India was among the top 10 countries with highest risk of local infection on computers. Every second computer in the country was at risk of local infection at least once in the past three months.

Botnet controllers see India as a place with millions of unprotected and un-patched computers which can remain active on zombie networks for extended periods of time.

– Yury Namestnikov, Senior Virus Analyst at Kaspersky Lab

Hacking

Interestingly, 2011 can go down in the technology history as the year of hacking  since  services from several major organizations like Sony, Honda, Fox News, Epsilon, and Citibank were hacked and disrupted

Mobile

The number of mobile threats targeting different mobile platforms has increased exponentially. In the second quarter of 2011, the detected threats running on J2ME doubled while those on Android nearly tripled. Malicious programs continue to be detected in the official Android Market.

Kaspersky Antivirus 2012 and Internet Security 2012 Released

Kaspersky-2012Kaspersky Lab has released the 2012 editions of its reputed anti-malware products – Kaspersky Antivirus and Kaspersky Internet Security. Kaspersky Antivirus is the base offering which offers file antivirus, web antivirus, cloud scanning and proactive defense. Kaspersky Internet Security offers a more complete protection and has several additional features like firewall, sandboxing, and parental control.

To be honest the biggest change in the new version is the new user interface, which is nothing short of stunning. There isn’t a lot of new stuff, mostly because Kaspersky products are already packed to the brim with features. However, there are several improvements.

Kaspersky-Antivirus-2012-Dashboard

The focus of this release is on offering hybrid protection that harnesses the power of the cloud along with the local database and heuristics based security technologies to reduce the average protection delivery time. Kaspersky’s cloud protection relies on the Kaspersky Security Network (KSN), which has been a part of Kaspersky’s offerings for quite some time now. However, in the latest editions of its products, Kaspersky has done a better job at highlighting the cloud integration. KSN currently has more than 30 million voluntary members from 213 countries, and is capable of tackling advanced threats like zero-day exploits, phishing and spam. It also includes a File Advisor and a URL Advisor, which provides ratings on the trustworthiness of files and websites respectively.

Kaspersky-Antivirus-2012

The proactive defense module has also been improved. System Watcher module should be more efficient than before at analyzing activities performed by various processes and detecting malicious intent. Kaspersky is also promising better performance and improved compatibility with its latest release.

Kaspersky-Antivirus-2012-Scan

As I mentioned earlier, the changelog is pretty short and mostly unimpressive. However, Kaspersky is continuing its tradition of offering free upgrades to existing license holders. Just key in your existing activation code into the trial version, and your license will be automatically upgraded. You can download the free 30 day trial versions of Kaspersky Antivirus and Kapsersky Internet Security from here.

Kaspersky Antivirus 2011 3 User License for $13.99 [Cyber Monday Deals]

Kaspersky is one the best Anti Virus I have used. It has some really good protection and is also pretty lightweight and does not hog on CPU resources as many other AV do.

Kaspersky Antivirus 2011 Deal

If you want to get your hands on a Kaspersky Antivirus 2011, now is the right time. Buy.com is selling Kaspersky 2011 3 user license or only $13.99, that is a $46 markdown from the original $60 price. The deal is limited for today only so go ahead and get a really cool Antivirus protection for your PC this Cyber Monday.

Purchase Kaspersky 2011 for $13.99

Kaspersky: Stuxnet Worm Has Nation-State Support

The Stuxnet worm, which we covered in two previous articles, is continuing to make headlines. Sophisticated malwares are nothing new. Just last year, we saw the Conflicker, which used exceptionally smart techniques to avoid disinfection. However, Stuxnet is a different beast all together.

“I think that this is the turning point, this is the time when we got to a really new world, because in the past there were just cyber-criminals, now I am afraid it is the time of cyber-terrorism, cyber-weapons and cyber-wars,” said Eugene Kaspersky, co-founder and chief executive officer of Kaspersky Lab.

The worm has been confirmed to have caused extensive damage to Iran’s nuclear facilities, and is being currently analyzed by US security organisations. It has also been found in Siemens systems in India, Indonesia, Pakistan and elsewhere. Stuxnet is unique because of its ability to identify a facility’s control network and wreck it. “This malicious program was not designed to steal money, send spam, grab personal data, no, this piece of malware was designed to sabotage plants, to damage industrial systems”, stated Eugene Kaspersky.

The origin and exact purpose of Stuxnet is still a mystery. “One of our hardest jobs is attribution and intent,” said Sean McGurk, director of the National Cybersecurity and Communications Integration Center (NCCIC). The worm, which exploits four separate 0-day (previously unknown) vulnerabilities, is being dubbed as a working and fearsome prototype of a cyber-weapon.

Free Kaspersky 2010 Internet Security License for 6 Months [Software Deals]

Kaspersky is giving away a free license for 6 months of Kaspersky 2010 Internet Security in partnership with MSN China. To get your free license, visit this page and click on the Orange button and sign in with your Windows Live mail id.

free_kaspersky_msn_license_key

Sorry, but my Chinese is a bit weak, so I won’t be able to translate whatever is written on the page :-). And yes this will only work with the Chinese version of Kapsersky, which you can download here. Now don’t forget to brush up on your Chinese, if you want to use this for free :-). Also, don’t forget to copy the license key from the confirmation screen, as this will not be emailed out to you. Thanks Pranjal.