BitDefender, announced that BitDefender Total Security 2010 is available for beta testing. Users who wish to test BitDefender Total Security 2010 beta can subscribe at http://beta.bitdefender.com.

BitDefender will offer prizes to the most thorough beta testers, including an Asus Eee PC to the most active beta tester on http://beta.bitdefender.com. Other prizes include a Nintendo Wii, an Apple iPod Touch and free licenses for BitDefender Total Security 2010.

"BitDefender uses beta testing as the last in a series of steps to ensure our customers receive the best possible protection against all types of malware and e-threats,” said Carmen Maierean, BitDefender’s senior desktop product manager. “We are counting on great interest from the BitDefender user community for a successful beta test of Total Security 2010 and we are certain that the finished product will meet their most exacting demands."

Back to Top

Back to Top

F-Secure has covered targeted attacks many times in the past and they also covered PDF and vulnerabilities in Adobe Acrobat Reader being used to install malware. F-Secure looked at targeted attacks and did a comparison by looking at which file types were the most popular during 2008 and if that has changed at all during 2009. Please find below the statistics:

In 2008 F-Secure identified about 1968 targeted attack files. The most popular file type was DOC, i.e. Microsoft Word representing 34.55%. So far in 2009 F-Secure have found 663 targeted attack files and the most popular file type is now PDF. Why has it changed? Primarily because there has been more vulnerabilities in Adobe Acrobat Reader than in the Microsoft Office applications. Like the two vulnerabilities we mentioned a week ago. These are scheduled to be fixed by Adobe on May 12.

Back to Top

CERT India and Microsoft India today launched 'secureyourpc.in'—a website aimed at disseminating information on online safety and security to diverse audiences. The website aims to create awareness and provide people with exhaustive information on how to be secure online and ensure that they are both cognizant of, and ready to combat threats that could lurk online.

In today's environment, where more than 97 percent of e-mail messages sent over the Internet are unwanted - they have malicious attachments, are phishing attacks, or are spam; - and there is an increased prevalence of rogue security software (according to Microsoft Security Intelligence Report volume 6) or where security issues are a reason of worry even for the most sophisticated and ardent of online users, 'secureyourpc.in' is an effort to address these issues, deliver suggestions and prescriptive guidance on safeguarding security. The website creates, collates and disseminates information on security and privacy issues. Regular updates on matters of safety and security, downloads, good-to-use tips and suggestions, will be some of the features that the website provides.

Back to Top

Microsoft Corp. has reached a significant milestone with the Release Candidate (RC) of the highly anticipated Windows 7 operating system, now available for download to MSDN and TechNet subscribers at http://technet.microsoft.com. Broader public availability will begin May 5 on the Microsoft Download Center at http://microsoft.com/downloads. The RC milestone is a result of feedback from millions of customers and partners around the world. It indicates the operating system is entering the final phases of development and is ready for partners to develop new applications, device drivers and services, and ready for IT pros to evaluate Windows 7 and examine how it will operate in their environment.

With Windows 7, customers will have access to the broadest array of software and hardware options the industry has to offer, and Microsoft is committed to delivering tools and support that enhance software compatibility as well as ease deployment and migration concerns for businesses and consumers alike. Customers also will benefit from the strong industry and partner support of Windows 7.

Back to Top

ESET has been included in leading analyst firm Gartner's "Magic Quadrant for Endpoint Protection Platforms," published May 4, 2009. According to Gartner, "Malware is increasingly Web-based (that is, it uses the Web as a distribution method and a command-and-control channel) and multistage—meaning there are multiple components that can be installed after the initial infection, depending on the motivation of the attacker and the victim's profile. In addition, the exploits of socially engineered trojans, which trick end users into downloading and executing malicious files, are on the rise and will continue to cause havoc in 2009 and beyond."

Powered by ThreatSense technology, an advanced heuristics engine that enables proactive detection of malware not covered by even the most frequently updated signature-based products, ESET NOD32 Antivirus and ESET Smart Security deliver the fastest malware protection available to combat viruses, spyware and rootkits.

Back to Top

BitDefender has uncovered new “malware-spreading vectors”—methods that are being used to infect small and medium-sized businesses, allowing dangerous malware to enter a business’ network and compromise its security.

The most recent example was the Conficker worm, which spread to millions of computers by using multiple infection vectors, including Microsoft Windows RPC Service exploit, bruteforcing weak administrator passwords, and copying itself to removable drives.

Through these vectors, cyber-criminals can harvest sensitive data quickly and easily. Once a network has been infiltrated, Trojans and adware listen to all the traffic carefully, filtering out online banking accounts, credit card details or computer-related data like OS version, hardware details, or software licenses. All this information is either sold or used for monitoring purposes in order to prepare for more targeted attacks. Examples for such e-threats are WhenU, SaveNow and Trojan.Banker.LCG. Another vector currently being used to infect networks is the online scam. Phishers set up online scam websites, websites that impersonate legitimate entities, and steal the user’s login credentials or trick the user into downloading applications on to their computers.

Back to Top

Cisco announced Collaboration in Motion to bring together the power of collaboration with the ubiquity and performance of the Cisco Unified Wireless Network. Collaboration in Motion integrates products and services from the Cisco WebEx, Cisco Unified Communications, Cisco Unified Wireless Network and Cisco Advanced Services product lines to bring the collaborative experience to the mobile workspace.

As part of Collaboration in Motion, Cisco has focused on new products and services in five critical investment areas: the workspace experience, the wireless network platform, third-party applications, technology partners and professional services. The goal of this strategic approach is to bridge the gaps between an on-premises wired network, off-premises cellular network and a high performance Wi-Fi network, thereby enabling collaboration from any workspace.

Back to Top

Kaspersky Lab announces the successful patenting of a cutting-edge heuristic analysis technology in the US. The technology enables a security rating to be assigned to software based on its behavior during emulation. The heuristic analysis method is very important when detecting new malicious programs that are as yet unknown to the specialists at antivirus companies. Current methods do not guarantee 100% detection of new malicious programs as this would require the incorporation of new technologies to detect and block these potential threats.

Kaspersky Lab's new heuristic analysis technology, developed by Nikolay Grebennikov, Oleg Zaitsev, Alexey Monastyrsky and Mikhail Pavlyushik, is based on a system of rules that is used to assign a security rating to different processes (Security Rating technology). The technology was granted Patent No. 7 530 106 by the US Patent and Trademark Office on 5 May, 2009.

Back to Top

Kaspersky Lab has taken out a US patent for an advanced technology that detects unauthorized modifications of data. Unsanctioned modification of data, regardless of whether it is intentional or accidental, results in data distortion and loss. Unauthorized modification of software code can lead to program execution errors. It is a well-known fact that most malicious programs inject their code into executable files, leading to the execution of malicious code when the infected files are run. Ensuring data integrity is therefore a major IT security issue.

The technology is based on the interception of application requests to change timestamps for one or more files. Such requests are tracked for each file and stored in a database. This information is then provided to a special module (usually a component of the antivirus program) which compares the timestamp update counter with the relevant timestamp. Changes to the timestamp update counter which are not accompanied by the relevant changes to the timestamp indicate file modification and possible infection. The antivirus program can then scan the file for malicious code or display an alert.

Back to Top

Workers around the world access critical business information on Microsoft SharePoint and Outlook Web Access applications. IT managers can better control requests to see or modify business data, announced Comodo. By adding another form of identification besides passwords to user logins, IT departments can manage who accesses corporate information over the Internet and in cloud-based applications.

To help secure small companies and promote security best-practices, Comodo has released a free version of its Two-factor Authentication for Microsoft SharePoint and Outlook Web Access. Two-factor authentication seamlessly "double-checks" the identity of users logging on to SharePoint and Outlook Web Access. Two factor solutions are the industry standard for verifying online financial users: they protect assets by requiring another form of identification besides the user's password.

In addition to passwords, Comodo's free version of its Two-Factor Authentication solution can be configured to use cookies, security questions, or one-time passwords using an alternate communication such as email or SMS. The enterprise version offers customers the option of replacing cookies with client certificates. Both the free and the enterprise versions rely on information stored on the user's computers. After installation, there is no change to the user's login procedure, making Comodo Two-Factor Authentication easy to deploy and manage.

Back to Top

Cyberoam announced the Q1 2009 email threat report, in collaboration with partner Commtouch. While Conficker worm took the limelight, a key highlight is that attackers have reached new levels of sophistication in their social engineering techniques, using fear, emotion and security loopholes to perpetuate attacks.

Back to Top

F-Secure has spotted a vulnerability in Windows Explorer of the latest Windows 7 RC. "In Windows NT, 2000, XP and Vista, Explorer used to hide extensions for known file types. And virus writers used this ‘feature’ to be mistaken on executables for stuff such as document files,” said Mikko Hyppönen, Chief Research Officer of F-Secure.

The trick was to rename a horrible_malware.exe to horrible_malware.txt.exe, and Windows would hide the .EXE part of the filename. He then run the file in MS-DOS and the system found that it was an executable file.

Back to Top

ESET has released a major refresh of ESET Online Scanner – its next-generation free utility packed with new functionality. The ESET Online Scanner is used to detect malicious software (malware) other antivirus companies have missed, or to serve as a "second opinion" to verify a detected piece of malware. The browser-based software is always current with the latest signature database and is easy to launch.

ESET Online Scanner has widened its global appeal with enhanced browser support, now supporting Firefox, Chrome, Opera and Safari in addition to Internet Explorer. The current release adds the same anti-stealth technology used in ESET Smart Security and ESET NOD32 Antivirus to protect against threats such as rootkits. It also detects and identifies previously-installed antivirus software, and warns against potential conflicts. If a threat is detected, it is quarantined to give experienced users the option to review and restore if necessary. File scanning now has more options, like the flexibility to select scan targets including memory objects, files and folders on the local or network drives. Users will appreciate the newly designed intuitive graphical user interface and a simple one-click option to delete the Online Scanner components from the system at the end of a scan.

Back to Top

AVG Technologies, developers of the world’s leading free anti-virus software, is today launching AVG LinkScanner as a free standalone product to protect users against random, invisible online threats. On any given day, some two million web pages are poisoned by hidden threats. And every day, 60 percent of those threats shut down or move to a different destination on the web – which makes real-time link scanning crucial. Any type of site can be affected, from a small business to a government department to a major brand-name company. If a user simply visits one of these poisoned web pages they don’t even need to click on anything to get into real trouble, to lose their credit card details, their ID or other valuable information or files. Regular anti-virus software alone cannot protect against this type of threat.

AVG LinkScanner gives users an additional real-time layer of protection on top of their existing security software. It works by looking at the web page behind a link or a web address typed into a browser and analyzing whether it harbors a threat. If it does, then AVG LinkScanner stops the user from downloading that page. This means that, for the first time, Windows XP and Vista users can truly know whether it is safe to click on a link at the only time that matters – when they click on it.

Back to Top