Latest

Microsoft vs. McAfee: How free antivirus outperformed paid

Microsoft vs. McAfee: How free antivirus outperformed paid 



How effective is free antivirus software? I had a chance to see a real, in-the-wild example just this month, and the results were, to put it mildly, unexpected. The bottom line? Microsoft’s free antivirus solution found and removed a threat that two well-known paid products missed. Here are the details. [Update: After I publlished this post, a second example appeared, courtesy of a rogue commenter in the Talkback section. See the results at the end of this post.]

I’ve had Microsoft Security Essentials (MSE) installed on my main working PC for most of the past year. Mostly, I use it for real-time protection. I typically disable the scheduled virus scans on my PCs and instead occasionally do a manual scan just to confirm that nothing out of the ordinary has snuck through. Last month I decided to perform a scan using the Full option. Because I have 2.5 terabytes of hard disk space, with roughly 40% of it in use, I knew the scan would take a long time. So I scheduled it to run while I was out running errands.

When I came back, here’s a snippet of what I found:



MSE had detected several files files that it considered malicious. One was a rigged PDF file (not shown here). The other was a single file in the Java cache folder on this system that contained three separate exploits. Using the information in the MSE history pane, I found the file and uploaded it to Virustotal.com, which is a free service that allows you to scan a suspicious file using 43 separate antivirus engines. The file, identified by a unique hash, had already been analyzed, so I got the results immediately:



Only 17 of 43 antivirus products detected this as a threat. The full results page showed the identification, if any, for each product on the list. Microsoft, Symantec, Avast, and F-Secure were among the engines that flagged the file. But the majority didn’t. That means one of two things. Either the file was a false positive, and I was about to delete something harmless and perhaps even necessary. Or it was real, and most AV programs were missing it.

To get to the bottom of the issue, I sent e-mail messages to contacts at three companies. I asked Microsoft to reanalyze the file and confirm that it was indeed malicious. I also asked McAfee and Sunbelt to look at the file; both of them had reported the file as clean, according to VirusTotal.

Microsoft had two analysts review the file. Here’s a portion of their response:

We have confirmed that the threat detection you received from Microsoft Security Essentials is indeed valid. There were more than 3.5 million reported CVE-2008-5353 attacks in Q3 2010, and Java vulnerability exploitations like these, while once a rare occurrence, have spiked this year. … [T]his exact file is something we have seen in the wild more than 40,000 times in the past six months.

This October 18 post by Holly Stewart on the Microsoft Malware Protection Center blog provides useful additional detail on why these types of attacks can be challenging for IDS/IPS vendors, as well as the steps customers should take to ensure that they are protected.

According to the scan results, this threat was first identified in definition 1.85.1774.0, which was released by Microsoft on July 9, 2010.

McAfee responded quickly to my e-mail as well. A spokesperson sent this reply:

Our Labs team took a look at the file you referenced and it is malicious. We are in the process of developing new heuristics to combat the effects from a stream of recent malicious JAR files more proactively, the file corresponding with the hash you mentioned is in the queue.

Sunbelt’s Malware Response Manager, Dodi Glenn, reported that this file was in the company’s repository and submitted it for detailed analysis. Here are the results:

This file contains a malicious java.class … that exploits the CVE-2008-5353 vulnerability. … We are currently testing our updated detection for this exploit and expect to release it shortly.

The good news is that my system wasn’t compromised in any way. The exploit in question was blocked by a Java update that I had installed last year. Likewise, the booby-trapped PDF file (which all of the antivirus programs detected) relied on the user having a very outdated version of Adobe Reader installed, and mine was fully up-to-date.

Last week, when I wrote about Microsoft’s decision to expand its distribution of Microsoft Security Essentials via Microsoft Update, McAfee complained that free software simply isn’t as good as its paid protection. Here’s what a spokesperson told me:

McAfee wants consumers to be safe online. Options that provide an elementary level of security are free products including Microsoft Security Essentials, however these mostly rely on traditional protection mechanisms. McAfee products offer not only more features but most importantly, McAfee products offer real-time protection using cloud-based Global Threat Intelligence to combat even the most sophisticated threats thus ensuring complete protection and peace of mind.

In this case, at least, that protection wasn’t as complete as the free Microsoft product it was comparing itself to.

As an aside, it’s worth noting that criticizing Microsoft Security Essentials because it’s free misses an important point. MSE uses the same scanning engine and definitions as its enterprise-grade Forefront product, which is most assuredly not free.

One certainly shouldn’t draw definitive conclusions from a single anecdotal example, but as this case shows, the gap between antivirus products isn’t as simple as free versus paid, and even the best and brightest researchers can miss a threat.




Source

Windows 7 SP1, All You Need To Know, And Do

The first service pack for Microsoft’s operating system Windows 7, known as Windows 7 SP1 or Windows 7 Service Pack 1, is just around the corner for all users of the operating system. Microsoft shipped the service pack first to its OEM partners before making it available to subscribers of its MSDN or Technet service and business customers with Volume License agreements.

The service pack will be released on February 22 to the public. Microsoft will make it available via Windows Update and the Microsoft Download Center. Microsoft employee Brandon LeBlanc recommends that single PC or home PC users should be “Windows Update instead of downloading the standalone installer (or Network Installation Package) from the Microsoft Download Center” because of the better “installation experience”. Check the disk space requirements chapter to find out why it is indeed better to use Windows Update to install the service pack.

Users who work with multiple computers may consider downloading the service pack update from Microsoft Download for distribution purposes.

Things that you should do before installing the operating system update:

* Scan the computer for malware and viruses. Make sure your antivirus software is up to date before doing so.
* Update device drivers if available to make sure the devices are compatible with the service pack
* Backup your important data and files prior to updating to service pack 1.
* Connect a mobile computer, laptop, netbook or notebook to a power outlet before you start the installation of the service pack.
* Make sure you have enough free disk space available for the service pack (see requirements for additional information).
* Microsoft recommends to disable antivirus software during installation as it can interfere with the installation.
* Possible file corruptions can be checked with the sfc /scannow command on an elevated command prompt. Users need to have the Windows installation files or DVD at hand in case corrupted files need to be replaced.

Windows 7 Service Pack 1 System Requirements

If Windows 7 is running on the computer then it is very likely that the service pack 1 will install and run on it as well without problems. The only issue that could arise is that you are running out of disk space.

Service Pack 1 has disk space requirements that differ highly depending on the installation method.

Windows users who update the operating system via Windows Update need an additional 750 Megabytes for 32-bit systems and 1050 Megabytes for 64-bit systems. A stand alone installation, for instance by downloading the service pack via Microsoft’s Download Center, requires 4.1 Gigabytes of date for 32-bit systems and a whooping 7.4 Gigabytes for a 64-bit system.



Language Packs

The best sequence is to install the service pack first, and then the available language pack updates.
How To Block the Installation of Windows 7 SP1

Microsoft has released the Windows 7 Service Pack 1 Blocker Tool which can be used for that purpose. The toolkit blocks the deployment for a period of 12 months after release of the service pack.



Source

10 Reasons Why SSDs Are Better Than Mechanical Disks

Have you ever heard the terms, head crash or stiction? Better yet, have you ever experienced either of them? These terms are just two of the unhappy occurrences associated with mechanical disks. What if disks didn't spin? What if there were a way to create rewriteable storage in such a way that there were no platters, no spindles and no heads? You'd have a solid state disk with no moving parts. Solid state disks (SSDs) are all the rage for server vendors, SAN vendors, and appliance manufacturers. Why? Not because they're cheap -- they're not. SSDs have several advantages over traditional mechanical (spinning) disks. Here are 10 of the most frequently quoted advantages of SSDs over mechanical disks.

1. Life Expectancy

Mechanical drives have an average life expectancy of three to five years. Many fail long before the lower end of the average, and few last beyond the upper end of the average. At three years, you should seriously consider a refresh. At five years, you're skating on ice so thin it's really just very cold water. Alternatively, SSDs have life expectancies reaching into decades, although trusting the 1 million to 2 million hour SSD expectancy claims seems as ridiculous as the 500,000-hour claims of mechanical drive manufacturers. Expect your SSDs to last two to three times longer than mechanical drives.


2. Performance 

Since SSDs have no moving parts, their access and seek times are many times faster than those of their mechanical counterparts. Mechanical drives have high-burst speeds, but their sustained speeds are unimpressive by SSD standards. However, write performance is not significantly different between the two technologies*. Therefore, read and access performance-heavy workloads will benefit from SSDs, while workloads that are write-intensive would do as well with the less-expensive standard disks.


3. Physical Size

You usually see standard disks in 3.5 inch or 2.5 inch formats, but SSDs take small form factor two steps further with 1.0 inch and 1.8 inch disks. These smaller sizes allow manufacturers to build smaller appliances, mobile systems and blades that occupy very little space. With rack space at a premium, that's a very good thing.


4. Shock Resistance

SSDs are a good choice for mobile systems due to their resistance to drops, bumps and g-forces. Such forces don't often act on standard concrete and steel data centers, but what about mobile ones -- mobile data centers such as those used by ground military forces, aboard ships, on aircraft or at trade shows? Movement can have devastating effects on mechanical drives, especially during write events. SSDs, again having no moving parts, aren't affected by mobility and are well-suited to such physical abuse. SSDs can withstand up to 1,500 g during operation or 25 times that of a standard drive.


5. Failure Rate

Any mechanical or electrical device can, and will, fail, but your chances are greater for failure when those parts are in motion. Mechanical disks are not particularly robust and can fail at any time, as one manufacturer's representative once stated, "Any time between 15 seconds and 10 years." While SSDs haven't reached the adoption level of mechanical drives, manufacturers estimate very low failure rates compared to standard technology.


6. Power Loss Protection

Enterprise-class SSDs rely on power failure circuitry to monitor voltage changes. If the voltage drops below the threshold, a secondary voltage hold-up circuit ensures that the drive has sufficient power to save any pending writes to disk. A supercapacitor, a discrete bank of capacitors or a battery acts as this secondary voltage hold-up circuit.


7. Power Consumption

SSDs draw very little power. Even at a full sprint, SSDs consume approximately three Watts or less compared to six or more Watts by standard disks. However, most impressive is the power consumption of quiescent drives. SSDs sip from 0.05 Watts to 1.3 Watts, while their gluttonous counterparts gobble at a rate of 4 Watts or more. You will pay more for an SSD, but the long-term cost reduction might offset the initial sticker shock.


8. Heat Dissipation

Everyone knows heat kills electronic performance. That's why data centers have to stay at those chilly temperatures. SSDs reduce heat dissipation significantly compared to their spinning cousins. Less heat loss means lower cooling requirements, which in turn means reduced costs. Less heat to move away from sensitive electronics also means that system fan sizes can shrink along with your power consumption. Mechanical drives are responsible for more than 70 percent of the heat generated from a system. Without them, you could realize sizable savings and longer lasting hardware.


9. Hot Plug/Unplug Ability

It might not surprise you to know that SSDs have hot plug and unplug capability. However, it might surprise you to know that since SSDs don't have to "spin up," their capacity is available immediately upon plug-in. Although it might take several seconds for your operating system to recognize the drive, you will not have to wait through a lengthy discovery process or an even lengthier reboot.


10. Noise

If you've ever stood in a data center, you probably noticed the very high noise level. Imagine a data center filled with SSDs instead of standard drives. Other than the sound of system fans, cabinet fans and the central air conditioning system, the data center becomes significantly quieter. As noted in the Heat Dissipation entry, fans would likely experience a 'downsizing' as well and further reduce the ambient noise level.

* Some independent tests conclude that SSDs write two to three times faster than standard hard disks. However, there are studies that suggest the differences are not so marked.

Source

Hacker writes easy-to-use Mac Trojan

In a sign that hackers, like everyone else, are taking an interest in everything Apple, researchers at Sophos say they've spotted a new Trojan horse program written for the Mac.

It's called the BlackHole RAT (the RAT part is for "remote access Trojan") and it's pretty easy to find online in hacking forums, according to Chet Wisniewski a researcher with antivirus vendor Sophos. There's even a YouTube video demonstration of the program that shows you what it can do.

Sophos hasn't seen the Trojan used in any online attacks -- it's more a bare-bones, proof-of-concept beta program right now -- but the software is pretty easy to use, and if a criminal could find a way to get a Mac user to install it, or write attack code that would silently install it on the Mac, it would give him remote control of the hacked machine.

BlackHole is a variant of a Windows Trojan called darkComet, but it appears to have been written by a different developer. The darkComet source code is freely available, so it looks like BlackHole's author simply took that code and tweaked it so it would run on the Mac, Wisniewski said.

Mac OS X has been gaining market share on Windows lately, and that's starting to make it a more interesting platform for criminals. Wisniewski said that while Mac malware is still very rare, he has seen another Trojan, called HellRTS, circulating on file-sharing sites for pirated Mac software.


Source