More midsize companies are being attacked by cybercriminals at the same time they're spending less on security, says a McAfee report released Wednesday.
Across the world, more than half of the 900 midsize businesses (51 to 1,000 employees) surveyed by McAfee for its report, The Security Paradox, said they've seen an increase in security breaches over the past year. Despite the threat, the recession has caused most of these companies to freeze their IT security budgets.
(Credit:
McAfee)
McAfee found that the costs of dealing with a security attack can be high. Over the last year, one of five midsize companies surveyed lost $41,000 in sales on average as a result of a breach. In China alone, 38 percent of the businesses questioned lost an average of $85,000 due to an attack. And more than 70 percent believe a serious data breach could put them out of business, noted the report.
(Credit:
McAfee)
But as the recession has grown, IT budgets have dropped. Almost 40 percent of the companies trimming their IT security budget plan to limit the purchase of new security products. And more than a third are switching to cheaper security software to cut expenses, even though they realize that may put them at greater risk.
"An organization's level of worry and awareness about increasing threats has not overcome the downward pressure on budgets and resources," said Darrell Rodenbaugh, senior vice president of global midmarket for McAfee, in a statement. "But this creates a vicious cycle of breach and repair that costs far more than prevention."
Midsize companies also may underestimate their risk, according to McAfee. Among companies with fewer than 500 employees, more than 90 percent believe they're protected from cybercriminals and feel they don't face the same threats that larger firms do.
But McAfee discovered that businesses with 101 to 500 people had on average 24 security breaches over the past three years, compared to 15 breaches for those with 501 to 1,000 employees.
In the long run, dealing with the aftermath of a security attack eats up a company's time and expenses. The study found that 65 percent of firms spend less than four hours a week on IT security, but around the same percentage have spent more than a day recovering from security breaches.
"Our research shows that organizations that put more effort on preventing attacks can end up spending less than a third as much as those that allow themselves to be at risk," said Rodenbaugh.
The study was conducted by research firm MSI International, which surveyed 100 midsize businesses in each of the following countries: U.S., U.K., Australia, Canada, China, France, Germany, India, and Spain. The results were compared with prior studies done in North America and Europe.
The creator of PhoneSnoop shows how the free spyware app works in a video on his blog.
(Credit: Chirashi Security)The U.S. Computer Emergency Readiness Team warned BlackBerry users on Tuesday about a new program called PhoneSnoop that allows someone to remotely eavesdrop on phone conversations.
The PhoneSnoop application must be installed on the phone by someone who has physical access to it or by tricking the user into downloading it, the CERT advisory said.
The author of the app, Sheran Gunasekera, director of security for Hermis Consulting in Jakarta, Indonesia, says it wasn't written to do any actual harm, but rather to warn of the dangers that still exist with the BlackBerry.
The application can be used by anyone to spy on any BlackBerry user's phone. However, Gunasekera says it is not hidden on the device after it's installed, so users should be able to easily see it.
"My intention was to raise awareness that even though the BlackBerry is one of the more secure platforms, there are still means where its users can be spied upon," Gunasekera wrote in an e-mail on Tuesday. "I wanted to highlight that even with such technical security controls, the human element can be exploited through social engineering."
To aid BlackBerry users who asked him how they could protect themselves from being snooped on, he said he released on Tuesday another free tool called "Kisses" that will detect and display hidden programs on the device.
On his blog, Gunasekera explains how PhoneSnoop works.
"PhoneSnoop sets up a PhoneListener and waits for an incoming call from a specific number. Once it detects a call from that specific number, it automatically answers the victims' phone and puts the phone into SpeakerPhone mode," he writes.
US-CERT said BlackBerry users should only download applications from trusted sources and password protect and lock the devices to prevent someone from installing unwanted software.
The issue of BlackBerry snooping made headlines this summer when Etisalat, a carrier in the United Arab Emirates, sent SMS messages to BlackBerry subscribers encouraging them to download a patch that security experts said was spyware.
SMobile Systems did a technical analysis of the software and concluded that the "true nature of the spyware is to intercept BlackBerry users' email messages and forward the messages to a monitoring agent inside the Etisalat network," according to the BlackBerry Cool blog.
Updated 1:45am PST Tuesday with pricing information.
McAfee has released a new security suite designed to help businesses better handle security for their growing segment of Macintosh computers.
Targeting small to large companies, McAfee Endpoint Protection for Mac provides antivirus and antispyware features, and both an inbound and outbound firewall, McAfee said Tuesday.
The company is positioning the tool as a plus for IT administrators and for users. Administrators can use the same console to manage McAfee security on both Mac and Windows machines, said the company. The software lets administrators deny or control which applications can run on supported Macs. The suite's ePolicy Orchestrator tool can also generate reports of malicious activity for review.
Some have debated whether the Mac needs security software since it has traditionally been a less visible target than Windows for attack. But with Internet threats continually on the rise, few computer environments are completely immune. Even Apple has advised Mac users to protect themselves with security software.
Antivirus software for the Mac has been sold for a long time by companies such as Symantec and McAfee. But most products have been geared to the individual user.
McAfee sees its Endpoint Protection suite as filling a growing need at schools, companies, and government agencies that have adopted more Macs in recent years.
"The demand for Macintosh in the enterprise is steadily growing, yet organizations are either not using any security technology for these endpoints, or they are using a standalone, non-manageable anti-virus protection solution," Peter Lincoln, IT director at Aquent, said in a statement provided by McAfee. "The use of McAfee Endpoint Protection for Mac enables us to have complete protection on all our endpoints. Using the same integrated management console also allows us to lower our operational cost and ensure security and compliance."
A survey conducted last year by ITIC showed that a greater number of companies were planning to allow Macs into their workforce.
McAfee Endpoint Protection for Mac is compatible with the latest release of Apple's Snow Leopard as well as existing Leopard and Tiger environments. A McAfee spokesperson said the product's retail price would be $55.08 per computer for a network of 500 - 1000 computers. The pricing includes one year of Gold technical support.
Lavasoft has updated its popular malware and spyware detection and removal tool Ad-Aware. Rather than a dramatic redo, version 8.1 builds on the improvements made in the previous version. The new version is faster, has better removal abilities, and introduces a behavioral detection engine.
Called Genotype, Ad-Aware's heuristic-based behavioral detection engine isn't explicitly called out in the interface. However, I noticed that files that had been flagged falsely as threats in earlier versions were no longer called out as such, and the Quick Scan was able to complete in about three minutes, as opposed to 10 minutes in the previous version. These are empirical observations, of course, but this version's improvements should be easy to see for longtime users of Ad-Aware.
Removal techniques have also been improved. Lavasoft is calling the new system Neutralizer, although it's not called out as such in the program interface. What users will see is a "family" of grouped similar threats, such as cookies, the category of the threat, and the action taken. The program defaults to the Recommended action, which means you need to click on the drop-down menu to the right of the listing to see what action will be taken on a per-threat basis. The big action buttons introduced in version 8 still reside at the bottom of the window, which feels further than necessary--it'd be better to have the action button closer to where the mouse already is, at the top of the window.
There is one big change to the interface in v8.1. At the bottom left corner of the window, there's a toggle to switch between Simple mode and Advanced mode. Simple mode is for users who are set-it-and-forget-it types, with fewer options displayed. Advanced mode allows for deeper settings customization. There's also a gaming mode, so that full protection continues to run while you play games or watch videos, but detected threats won't interrupt your entertainment until you're done.
Ad-Aware's new Advanced mode, presenting more options by default.
(Credit: Screenshot by Seth Rosenblatt/CNET)Fans of personalization get more skin action in this version, too. In addition to the included skins, the community support offered at MyLavaSoft now includes community-sourced translations and skins.
However, fans of the free version do not get all the features available in the paid upgrades. Antivirus is only for paying customers, and while rootkit detection is present, behavior-based heuristics and real-time registry protection are not. Ad-Aware Free cannot scan networked drives, and even a basic feature like the scheduler remains off-limits in the free version. The Ad-Aware toolbox for system tweaks is only available in the Pro version. I encountered a pop-up for the upgrade, although Lavasoft told me that this was an infrequent occurrence. Ad-Aware Plus is available for $26.95, and Ad-Aware Pro is $39.95, and both have a 30-day trial.
Microsoft 's new Security Essentials software has passed at least one exam so far--a review by security testing firm AV-Test.org.
Using the latest version and definition updates of Microsoft Security Essentials (MSSE) downloaded from the Web, AV-Test ran the product through a series of tests on Sept. 29 and 30 to judge its effectiveness at fighting malware.
(Credit:
AV-Test.org)
To check static known malware, AV-Test pitted Security Essentials against the most recent WildList, a sampling of 3,732 viruses and other threats compiled by the WildList Organization. Microsoft's product successfully detected and blocked all of the samples in both manual and active scanning.
AV-Test also threw its current set of 545,034 viruses, worms, Trojans, and other threats at Security Essentials. MSSE successfully caught 536,535 samples for an overall good detection score of 98.44 percent.
In AV-Test's battle against adware and spyware, Security Essentials stopped 12,935 out of 14,222 samples, earning a detection grade of 90.95 percent. No false positives came up in a scan of over 600,000 clean files from Windows, MS Office, and other commonly used programs.
To check dynamic malware, which is based on its behavior rather than static lists, AV-Test found that MSSE had no "dynamic detection" in place as the software failed to find any of the recently released malware used in the test. AV-Test noted that other standalone antivirus products don't include behavior-based detection either, although that feature is typically found in full security suites.
MSSE also found and eliminated all 25 rootkits that AV-Test threw at it.
Security Essentials did only a fair job of cleaning up infections. Facing 25 different malware samples, the product removed all active components as part of its repair process. But in many cases, some remnants of the malware were left behind, as inactive executable files or empty Registry keys.
Finally, AV-Test found that the speed of Security Essentials scanning was about average compared with that of other security products.
AV-Test's review of Security Essentials was run on Windows XP with SP3, Windows Vista with SP2, and Windows 7 RTM, both the U.S. English and German 32-bit editions. A series of papers on the methodology used by AV-Test in its testing process are at the company's Web site.
CNET's Seth Rosenblatt also looked at Security Essentials this week, while CNET News reporter Ina Fried has said the beta version of the product recently saved her from a Koobface attack.
Microsoft has released version 1.0 of Security Essentials, the successor to Live OneCare. Originally known as Morro, Security Essentials retains the core features of OneCare, but abandons the additional heft of a firewall, performance tuning, and backup and restore options in exchange for making the program free. Rather than taking aim at full-featured security suites made by Symantec or Eset, the features available in Security Essentials indicate that Microsoft is aiming to compete with basic-but-free security apps.
For the select 75,000 public beta testers who got their hands on the program when the limited public beta was offered in June, there will be few appreciable differences between the beta and the final version. For the rest of the planet, Security Essentials features key defenses that are boilerplate for any respectable security program.
Features
It uses both definition file and real-time defenses against viruses and spyware, and also offers rootkit protection. The program's reputation-based detection and software signature-based detection seem to rely heavily on Microsoft SpyNet, the unfortunately named cloud-based service that compares file behavior across computers running various Microsoft operating systems.
The official version 1.0 of Microsoft Security Essentials looks identical to the popular limited beta version from June 2009.
(Credit: Screenshot by Seth Rosenblatt/CNET)SpyNet was introduced in Windows Vista and extended to Windows 7, but Microsoft Security Essentials is the only way to access the network on Windows XP. Unlike other security vendors that allow customers to take advantage of the benefits of their behavioral detection engines while opting out of submitting information, there's no way to do that with SpyNet.
You can choose between two SpyNet memberships. Basic submits to Microsoft the detected software's origins, your response to it, and whether that action was successful, while the Advanced membership submits all that plus the location on your hard drive of the software in question, how it operates, and how it has impacted your computer. Both basic and advanced warn users that personal data might be "accidentally" sent to Microsoft, although they promise to neither identify nor contact you. Opting out of SpyNet, however, is not an option in Security Essentials.
Security Essentials benefits greatly from having a simple, streamlined interface. There are four tabs, each with a concise and understandable label: Home, Update, History, and Settings. The program also uses easy-to-grasp labels, imported from OneCare: green for all good, yellow for warning, and red for an at-risk situation.
From the Home window, you can run a Quick Scan, Full Scan, or Custom Scan, and a link at the bottom of the pane lets you change the scheduled scan. The Custom Scan lets users select specific folders or drives to scan, but it doesn't allow for customizing the type of scan used. For example, you're not going to be able to choose to scan only for rootkits or heuristics, as you can with other security programs. The program installs a context-menu option for on-the-fly scanning in Windows Explorer, too.
The Update pane manages the definition file updates, with a large action button, and History provides access to a spreadsheet-style list of All detection items, your Quarantine, and items you've Allowed to run. Although it's a basic layout, this no-frills approach to security could prove appealing to computer users who are overwhelmed by more detailed security choices.
Users can choose between two options for SpyNet, but no way to not contribute to it.
(Credit: Screenshot by Seth Rosenblatt/CNET)The Settings window allows users to further customize the program by scheduling scans, toggling default actions to take against threats, adjusting real-time protection settings, creating whitelists of excluded files, file types, and processes, and the aforementioned SpyNet options. There's also an Advanced option which is still fairly basic: here you can set Security Essentials to scan archives, removable drives, create a system restore point, or allow all users to view the History tab.
Security Essentials comes pre-configured to run a scan weekly at two in the morning, when your Microsoft thinks your system is likely to be idle. New malware signatures are downloaded once per day by default, although you can manually instigate a definition file update through the update tab. Attachments and downloaded files will be automatically scanned by Security Essentials.
Help is only available in the form of the standard offline Help manual that comes with all Microsoft programs. There's nothing fancy here.
Performance
I found that it installed in less than one minute, and completed its first Quick Scan in less than 30 seconds. The Full Scan took more than an hour to reach the halfway point, and this was borne out by tests performed by CNET Labs' benchmarks. Microsoft Security Essentials actually sped up the boot time of our test computer by more than two seconds, and it sped up the shut-down time by more than two and a half seconds. However, compared to major security vendors it was significantly slower at scanning--Security Essentials took 2,340 seconds to scan, whereas most scans would clock in between 1,000 and 1,100 seconds.
The program comes with a few options for customization, but not many.
(Credit: Screenshot by Seth Rosenblatt/CNET)In our iTunes decoding test it scored similarly to its competition, about 7 seconds slower than an unsecured computer. In our MS Office test and media multitasking tests it was faster than some--503 seconds versus 552 seconds for Norton AntiVirus 2010 in the Office test, and 844 seconds versus 876 seconds for Trend Micro Internet Security Pro in the media test.
While running the Full Scan, I noticed that it took up about 86 MB of RAM. However, it felt far lighter, and I was able to perform resource-intensive tasks like uploading photos without any noticeable freezes.
Third-party virus detection efficacy scores were not available at the time of writing, and it's not currently clear whether Security Essentials shares the same detection engine as Live OneCare. However, CNET reporter Ina Fried mentioned that Security Essentials stopped her from accidentally coming down with a case of Koobface.
Conclusion
Microsoft Security Essentials is a lightweight security app that people might turn to for a number of key reasons. It's easy on the system resources, it's easy to figure out how to use, and it comes pre-configured. It only works on legally licensed Microsoft computers, which is understandable but potentially leaves a large segment of the unprotected population still unprotected. You can't opt out of contributing to SpyNet, which isn't understandable at all. Overall, it's recommended for those who want something to set and ignore, but users who want more robust configuration choices or don't want to contribute to the cloud should look elsewhere.
Norton Internet Security 2010 won't be available for a few more months, but the beta version is available now. In it, Symantec continues to build on the rejiggering it did last year. Built upon the dramatic performance improvements are deeper integration with other security tools like OnlineFamily. Norton, and the new Norton Insight for judging threats by community behavior as well as file definitions.
The public beta for Microsoft Security Essentials, the free replacement for Live OneCare, is now closed, but that doesn't mean you've missed your chance to see what it's like.
In this First Look video, we look at the new interface, the new features, and the new limitations of the latest free antivirus to enter the market. Should AVG and Avira be scared? Watch and find out.
Updated June 25 at 12:50 p.m. PDT: Several commenters pointed out a secondary scanning process that runs while a scan is running. While Microsoft Security Essentials uses little memory when not scanning, during a second round of tests it used 60MB to 70MB of RAM, while consuming around 200MB of Virtual Memory.
Updated June 24 at 11:30 a.m. PDT: The 75,000 available slots for testing Security Essentials have been taken. There is no word at the moment whether Microsoft will allow more testers to download the public beta in the future.
Microsoft on Tuesday released its latest foray into security software as a limited beta. Microsoft Security Essentials, known in development as Morro, is limited to 75,000 downloads in four countries: the United States, Israel, Brazil, and China.
Security Essentials contains all the basic features that users have come to expect from free security software: multiple built-in and customizable scan options, a scheduler, automatic definition file updates, a real-time defense shield, and rootkit protection.
It's been a bit hard to gauge user interest at this point. Despite the download limitations, I was able to download the installer onto one computer at 10:15 a.m. PDT, and another at 10:45 a.m. Microsoft has also said that the download cap might be lifted at a later date.
This hands-on will be limited to testing the on-board features since CNET doesn't maintain a virus zoo for security reasons. Also, users should note that Security Essentials will run a Windows Genuine Advantage check before installing. If you're running an illegal copy of XP or Vista, you're out of luck here. The program will run on Windows 7 RC, and there's a separate installer for users with 64-bit operating systems. The 32-bit installer for Windows Vista and Windows 7 was small, weighing in at 4.73MB.
The main interface of Microsoft Security Essentials is streamlined and uncluttered.
(Credit: Screenshot by Seth Rosenblatt/CNET)If you're familiar with other free antivirus solutions such as AVG or Antivir, Security Essentials will probably strike you as an incredibly similar experience. The program opens with four tabs: Home, Update, History, and Settings. When you first start the program, it will ask you to update the definition files. This was a surprisingly fast process, taking about a minute when tested on two different Windows 7 computers.
After updating the definition files, it will ask you if you want to run a Quick Scan. On both of those Windows 7 machines, the Quick Scan worked true to its name and completed in less than 10 minutes. Quick Scans are good tools if you're worried about major infections, but deep scans are recommended regularly to maintain a higher level of protection.
The Home landing page summarizes your security status, indicating whether your system has been scanned successfully, whether real-time protection is on, and if your virus and spyware definitions are up to date. A pane on the right contains scanning controls, and a pane at the bottom tells you when your next scheduled scan is. There's a link to the scheduler, as well.
Security Essentials' Full Scan took nearly an hour and a half to finish, but only used 4MB of RAM while running.
(Credit: Screenshot by Seth Rosenblatt/CNET)The Full Scan took about 86 minutes, which is a bit long for a deep scan on fairly new, regularly-scanned computers. I didn't think that the program would turn up any risks, but somewhat notably Security Essentials didn't turn up any false positives, either. The Custom Scan lets users select specific folders or drives to scan, but it doesn't allow for customizing the type of scan used. For example, you're not going to be able to choose to scan only for rootkits or heuristics, as you can with other security programs.
The program installs a context-menu option for on-the-fly scanning in Windows Explorer, too.
What did impress me was the shockingly small memory footprint. During the most resource-intensive action you can take with the program, the full system scan, it worked itself up to using only 4.6MB of RAM. More often than not, it hung around a few bytes lower, at 3.9MB.
The Update tab tells you your definition file version numbers, when your last update was, and has an Update button so you can force an update check. The History tab shows only files detected as potentially harmful. You can sort files it's detected according to All Detected Items, Quarantined Items, or Allowed Items.
User can customize some, but not all, aspects of the program.
(Credit: Screenshot by Seth Rosenblatt/CNET)The last tab, Settings, is where most of the customization features reside. A left sidebar list contains options for Scheduling your scans, adjusting Default actions, tweaking Real-time protection, Excluding files, folders, file types, and processes from scans, Advanced controls, and managing your Microsoft SpyNet enrollment.
Yeah, Microsoft actually called something "SpyNet."
SpyNet, apparently, is a telemetry system Microsoft uses to quality-control definition-file updates after they've been sent out. According to the Microsoft news release, SpyNet reports back on the efficacy of old definition file removal and the implementation of new definitions, as well as how detection rates on false positives.
Security Essentials users must participate in SpyNet. The default option, Basic, reports to Microsoft on where a potentially infected file came from, what your action was, what the recommended action was, and whether the action taken was successful.
Security Essentials' SpyNet malware reporting feature.
(Credit: Screenshot by Seth Rosenblatt/CNET)The Advanced membership in SpyNet will send even more information to Microsoft, including the location on disk of your potential infection, how it has affected your computer, and how it operates. For both Basic and Advanced SpyNet membership, Microsoft warns that, "personal information might unintentionally be sent to Microsoft," but that the company "will not use this information to identify or you or contact you."
On the surface of it, this sounds like a standard security software reporting process on malware behavior, although I don't know how deep other programs go into your system behavior. However, it's definitely odd that Microsoft has chosen to call it out in this way.
It's hard to gauge any antivirus program without reliable data on its detection and removal rates. Microsoft Live's OneCare security program has a reputation for low false positives and strong "new" detection rates, but it's not clear how much of Security Essentials is built on or from OneCare. At this point, I'd advise users who are curious about Microsoft Security Essentials to try it out, but I wouldn't recommend it yet as a primary security solution without more field testing.
Avira AntiVir started making waves a few years ago, scoring high on well-respected third-party antivirus detection and removal tests. Released today exclusively on Download.com, AntiVir 9 doesn't appear to have changed much--but that's only because the interface sports the slightest of what's new.
Avira AntiVir 9 introduces one-click infection removal with multiple options for customization.
(Credit: Avira)A refreshed banner logo tops the list of UI changes, but it's the long-awaited features in the free version of AntiVir that should pique most users' interest. Anti-spyware detection and removal is now available for the free version of AntiVir as well as the paid upgrades. There's new scanning tech that can crack open "locked" files and verify that they're not malicious, along with improved internal security to prevent AntiVir's files from being maliciously altered. AntiVir 9 also offers a rebuilt heuristic detection engine, and according to Tony Anscombe, director of consumer products for Avira, Download.com reader comments have been the impetus for the new one-click threat removal option--no more baby-sitting the scans.
The one-click threat removal is a nifty quarantining feature that logs and sets aside all detected threats so you can deal with them individually or as a group at the end of the scan. It's simple, but means that you can run a scan at night and not worry about the scan pausing and waiting for user input before it continues.
Click on the Configuration button on the right-side of the central pane, and check off Expert Mode on the upper left-side of the box that opens. In the options tree below it, go to Scanner, then Scan, then Action for Concerning Files. From there, you can choose an Automatic or Interactive reaction. Under Automatic, you can choose a primary and secondary action, as well as copying the file to the quarantine before taking any other action. Interactive offers you a round-up at the end of a scan, and Combined or Individual notification mode for users who want to deal with infections all at once or one at a time.
Except for the banner, AntiVir 9 looks exactly like AntiVir 8.
(Credit: Avira)The other new features, from the anti-spyware to the rebuilt heuristic engine, are not as easy to demonstrate since we don't maintain a virus or spyware zoo at CNET for security reasons. However, it's worth mentioning that Avira has expanded the AntiVir free version to include their anti-spyware and anti-adware detections. In previous years, the premium version of AntiVir earned very high marks from both independent testers Andreas Marx (results) and Andreas Clemente.
As program upgrades go, AntiVir is worth some of the hoops that users must jump through to get on board. The upgrade is a time-intensive process, requiring some minor user input and rebooting your computer. Also, users will have to go to the Download.com product page and actively download the new installer. Version 9 won't be pushed to existing users for another month.
Savvy users will notice the removal of the on-demand e-mail scan, and AntiVir is still challenging--and by challenging, I mean a massive headache of pain--to fully uninstall. Despite these hang-ups and the nag screen that follows the multiple definition file updates that occur daily, AntiVir offers such effective protection and a well-rounded set of features that as long as the updates keep coming, it should remain on the top of any free antivirus users' list.
