Security

AVG Free 9--photos

Most of what's new in AVG Free 9 is under the hood, with the security vendor talking up speedier scan times. There's also a new identity protection feature that's free to people in the United States.

Also in this slideshow, I show an easy way to keep the AVG security toolbar from repurposing your default new tab page.

Updated 1:45am PST Tuesday with pricing information.

McAfee has released a new security suite designed to help businesses better handle security for their growing segment of Macintosh computers.

Targeting small to large companies, McAfee Endpoint Protection for Mac provides antivirus and antispyware features, and both an inbound and outbound firewall, McAfee said Tuesday.

The company is positioning the tool as a plus for IT administrators and for users. Administrators can use the same console to manage McAfee security on both Mac and Windows machines, said the company. The software lets administrators deny or control which applications can run on supported Macs. The suite's ePolicy Orchestrator tool can also generate reports of malicious activity for review.

Some have debated whether the Mac needs security software since it has traditionally been a less visible target than Windows for attack. But with Internet threats continually on the rise, few computer environments are completely immune. Even Apple has advised Mac users to protect themselves with security software.

Antivirus software for the Mac has been sold for a long time by companies such as Symantec and McAfee. But most products have been geared to the individual user.

McAfee sees its Endpoint Protection suite as filling a growing need at schools, companies, and government agencies that have adopted more Macs in recent years.

"The demand for Macintosh in the enterprise is steadily growing, yet organizations are either not using any security technology for these endpoints, or they are using a standalone, non-manageable anti-virus protection solution," Peter Lincoln, IT director at Aquent, said in a statement provided by McAfee. "The use of McAfee Endpoint Protection for Mac enables us to have complete protection on all our endpoints. Using the same integrated management console also allows us to lower our operational cost and ensure security and compliance."

A survey conducted last year by ITIC showed that a greater number of companies were planning to allow Macs into their workforce.

McAfee Endpoint Protection for Mac is compatible with the latest release of Apple's Snow Leopard as well as existing Leopard and Tiger environments. A McAfee spokesperson said the product's retail price would be $55.08 per computer for a network of 500 - 1000 computers. The pricing includes one year of Gold technical support.

The feature-rich versions of popular security program AVG have been updated, with AVG Technologies claiming faster scan times, faster boot times, and other under-the-hood improvements. While version 8 introduced a consolidated product line, making those features work better together takes the attention of AVG Internet Security 9 and AVG Anti-Virus 9.

AVG 9--photos

AVG is making some bold claims for these updates. The company is touting scan times that are "up to 50 percent" faster, based on marking files safe until their file structure changes, and boot times that are "10 to 15 percent" faster. Memory usage is also expected to be "10 to 15 percent" better, as well. The built-in firewall, available only in the Internet Security version, uses a new database for automatically determining if certain programs are safe to access the Internet without user input. This trusted database, called TrustedDB by AVG, should be less intrusive by querying for user input 50 percent less often than in the previous version, says AVG. Also, the installation process has been shortened from 22 screens to 11.

There are few wholly new features available in version 9, but an interesting one is the Identity Theft Recovery Unit. Included in AVG Anti-Virus and AVG Free, but only for users in the United States, ITRU is a business partnership with Identity Guard which provides "consumer identity theft solutions." Accessible only from the browser toolbar, which only works in Firefox or Internet Explorer, the service provides "a dedicated identity theft recovery unit with fraud experts," to assist handling, getting and analysing a credit report, enrolling in credit file monitoring, and offering report-filing support.

In hands-on testing last week, I found AVG to be relatively easy to navigate around, although the interface could be simpler. When you click on one of the items in the main window, you must double-click on one of the features to access more information on it. A single click, or even a mouse-over pop-up, would make the experience faster. Before I even ran my first scan, AVG detected icons associated with Pidgin as threats.

AVG 9 looks very similar to AVG 8. Most of the changes are under the hood.

(Credit: Screenshot by Seth Rosenblatt/CNET)

Double-checking them against Avira and McAfee revealed those detections as false positives, and when I finally ran the Fast Scan it took longer than 20 minutes. That doesn't compare favorably to competitors, some of which can complete a first Fast Scan in around 60 seconds. I was also surprised to find that Mozilla Thunderbird was not automatically approved to go through the firewall, despite the new firewall trusted database. While the installation process offers to install the browser toolbar for you, it doesn't seem possible to opt out during the installation and then install it later from the AVG interface, a strange oversight.

AVG Internet Security 9 is available for $49.99, and AVG Anti-Virus costs $34.99. Both come with a one-year license and a 30-day trial, although AVG Anti-Virus lacks the firewall, identity protection, antispam, and system tools that come in AVG Internet Security. Fans of the free version of AVG 9 will have to wait a bit longer, as AVG always delays the release of Free until after the full suites have been made public.

Microsoft 's new Security Essentials software has passed at least one exam so far--a review by security testing firm AV-Test.org.

Using the latest version and definition updates of Microsoft Security Essentials (MSSE) downloaded from the Web, AV-Test ran the product through a series of tests on Sept. 29 and 30 to judge its effectiveness at fighting malware.

(Credit: AV-Test.org)

To check static known malware, AV-Test pitted Security Essentials against the most recent WildList, a sampling of 3,732 viruses and other threats compiled by the WildList Organization. Microsoft's product successfully detected and blocked all of the samples in both manual and active scanning.

AV-Test also threw its current set of 545,034 viruses, worms, Trojans, and other threats at Security Essentials. MSSE successfully caught 536,535 samples for an overall good detection score of 98.44 percent.

In AV-Test's battle against adware and spyware, Security Essentials stopped 12,935 out of 14,222 samples, earning a detection grade of 90.95 percent. No false positives came up in a scan of over 600,000 clean files from Windows, MS Office, and other commonly used programs.

To check dynamic malware, which is based on its behavior rather than static lists, AV-Test found that MSSE had no "dynamic detection" in place as the software failed to find any of the recently released malware used in the test. AV-Test noted that other standalone antivirus products don't include behavior-based detection either, although that feature is typically found in full security suites.

MSSE also found and eliminated all 25 rootkits that AV-Test threw at it.

Security Essentials did only a fair job of cleaning up infections. Facing 25 different malware samples, the product removed all active components as part of its repair process. But in many cases, some remnants of the malware were left behind, as inactive executable files or empty Registry keys.

Finally, AV-Test found that the speed of Security Essentials scanning was about average compared with that of other security products.

AV-Test's review of Security Essentials was run on Windows XP with SP3, Windows Vista with SP2, and Windows 7 RTM, both the U.S. English and German 32-bit editions. A series of papers on the methodology used by AV-Test in its testing process are at the company's Web site.

CNET's Seth Rosenblatt also looked at Security Essentials this week, while CNET News reporter Ina Fried has said the beta version of the product recently saved her from a Koobface attack.

Norton Internet Security 2010

Symantec is betting heavily that program behavior is the future battlefront of security and is making a big push in its 2010 security program lineup with a behavioral engine called Quorum.

Take a tour of Norton Internet Security 2010 in this slideshow, and keep in mind that the look is very similar to Norton AntiVirus 2010. The biggest differences between the two include ancillary features, price, and the number of computers supported by one license.

Symantec is betting heavily that program behavior is the future battlefront of security and is making a big push in its 2010 security program lineup with a behavioral engine called Quorum.

Debuting Wednesday, both the basic Norton AntiVirus 2010 and the more robust Norton Internet Security 2010 will use Quorum, which Symantec is calling an advanced security network based both on traditional malware signatures and on reputation for both files and software.

This screenshot is from the Norton Internet Security 2010 beta, though it's not expected to change drastically in the final version. This shows the Norton Insight screen.

(Credit: Screenshot by Seth Rosenblatt/CNET)

The Quorum system uses the uniqueness of mutating malware against the threat itself, said Dan Nadir, director of product management for Norton AntiVirus and Norton Internet Security. Multiple variations of a single threat have become a potential risk to the efficacy of definition-based antivirus, so a system like Quorum--in which the unfamiliarity of a new threat becomes the tool by which the threat is neutralized--could drastically improve security programs.

Symantec noted that it hasn't abandoned last year's pledge to improve Norton's performance, and it is keeping the quick scan to about one minute. An in-progress scan conducted with the beta version used about 70MB of RAM, while the program used about 15.5 MB when idle. Symantec also exposes how much memory the program is using in the main pane. Symantec says that in the final version, Norton users should expect to see working memory usage at less than 10 MB, and that the "quick scan" should be completed in 64 seconds.

Norton Internet Security 2010 beta--photos

The Quorum technology is designed to expose system and threat-detection data, so users who want more than just "set-it-and-forget-it" information can customize Norton's responses. The Insight Network incorporates Quorum and uses statistical analysis of file attributes to judge the trustworthiness of a file. Norton Threat Insight provides information on detected threats, such as the URL of a threat. Norton System Insight uncovers system information and can be used to detect system slowdowns. Norton Download Insight uses Symantec's cloud data to determine the safety of a downloaded file before it runs.

The more robust Norton Internet Security includes new enterprise-level antispam algorithms, which Symantec says shouldn't require any "training" from users. These have been incorporated from Brightmail, a company that Symantec bought more than five years ago. Norton Internet Security also includes OnlineFamily.Norton, Symantec's new parental control system, and Norton SafeWeb, which is a search results and e-commerce rating component.

Norton Internet Security 2010 costs $69.99 for a three-PC license, and Norton AntiVirus 2010 is $39.99 for one computer.

Researchers said on Tuesday that they are seeing something unusual in the malware world--a virus that targets a development environment.

The virus, dubbed Win32.Induc, was written to infect applications built with Delphi, according to Nick Bilogorskiy, manager of antivirus researcher at Sonicwall. Delphi is used to write Windows programs, including database applications.

When an infected program is run on a machine running Delphi, the virus infects any software that gets compiled on that machine. The virus spreads the executable file of itself as well as the source code. It looks for a compiler on the infected system and re-compiles the source code, inserting its code into any programs compiled on the system.

"This malware just spreads; it doesn't delete files or do anything malicious," he said. "But if you create software and you have this code in it, the software will be blocked by antivirus (technology)."

Developers whose systems are infected will pass the infection on to the programs they are creating, Bilogorskiy said.

Already, two free tools that are included in certain magazine CDs and are among the top 100 downloads on some portals--Any TV Free 2.41 and Tidy Favorites 4.1--have been infected, he said. "As many as 30 percent of developers who use Delphi have this," he added.

Sonicwall and a number of antivirus vendors have updated their software to block the virus.

Sophos has more details on its SophosLabs blog.

A Twitter account can be used as the command center for harnessing a "botnet" of virus-infected computers, security firms Arbor Networks and Symantec reported. In a blog post Friday, Symantec analyst Peter Coogan wrote that researchers found an account, @upd4t3, which was tweeting out links to download a piece malware called Downloader.Sninfs. The account has since been suspended by Twitter.

Downloader.Sninfs, also known as Infostealer.Bancos, is a Trojan that uses the guise of a Brazilian banking site to collects passwords and related personal information from infected computers.

Security on Twitter is front and center right now, as the microblogging site was completely downed by a distributed denial-of-service attack last week that was targeting a Georgian political blogger. While other services like Facebook and the Google-owned Blogger were also hit by the attack, Twitter was the only one to suffer a full-out, hours-long outage, and it called into question just how secure the service really is.

But in this case, the Twittering botnet doesn't necessarily highlight a vulnerability that would be unique to Twitter.

"Although Twitter.com has been used in this instance, there are plenty of alternative sites on the Internet that could also be used as a similar medium of communication," Coogan wrote.

This post was updated at 1:05 p.m. PDT to note that Arbor Networks also reported the Twitter-based botnet.

Spam and botnets have hit their highest levels ever, according to McAfee's second-quarter Threats Report, released Wednesday. McAfee's Avert Labs says spam recorded in the second quarter shot up 80 percent compared with the first quarter of the year.

This follows a brief reprieve from spam following last year's shutdown of the McColo ISP. June alone saw the largest amount of spam recorded by McAfee, surpassing the previous monthly high in October by more than 20 percent. McAfee now estimates that spam accounts for 92 percent of all e-mail.

(Credit: McAfee Avert Labs)

By country, the amount of worldwide spam originating from the United States has dropped steadily over the past three quarters, but the U.S. still leads in spam production at 25.5 percent of the global market. Brazil, Turkey, India, and Poland have also seen sizable increases at producing spam.

(Credit: McAfee Avert Labs)

Zombies and botnets are on the rise, said the report, indicating that more computers are being hijacked to send spam and malware. McAfee recorded almost 14 million new zombies in action over the second quarter, a rise of more than 150,000 new zombies each day, another record.

Zombies and botnets can thank all the unprotected home computers, notes McAfee. More home users are setting up their PCs as remote access machines and as Web hosts, leaving those PCs increasingly vulnerable.

Another major threat reported by McAfee is AutoRun malware, which is triggered automatically when a person plugs in a USB stick, memory card, or other external device. The Trojans PWS-OnlineGames and PWS-Gamania and two viruses named W32/Sality and W32/Virut have propagated through removable cards and drives.

McAfee said it uncovered AutoRun malware in more than 27 million infected files during one 30-day period alone this past quarter, earning it the No. 1 spot of all malware detected worldwide.

(Credit: McAfee Avert Labs)

"The jump in bot and spam activity we saw in the last three months is alarming, and the threat from AutoRun malware continues to grow," said Mike Gallagher, senior vice president and chief technology officer of McAfee Avert Labs.

Social-networking sites are another popular target for cybercriminals, noted the report. The openness of social networks often puts them at risk.

On Facebook, people freely access different applications that require a username and password, so those apps can easily tap into their accounts. McAfee also saw an increase this past quarter in the "popular" Facebook malware Koobface.

Twitter too has seen its share of threats. In April, the site was hit by a JavaScript worm that exploited a hole to infect user profiles. The same month, a French hacker was able to gain access to the account of a Twitter product director.

The use of sites like TinyURL by tweeters to shorten a lengthy URL can also pose a problem, said McAfee. Users have no idea what Web site the TinyURL redirects to until it actually opens.

McAfee releases its Threats Report each quarter. The first-quarter report was published in May.