Imagine this. Manufacture a car and make plenty of holes in it so that all sorts of nasties and indescribable can get in whilst your driving alone. And once your car has been infiltrated by these ‘outsiders’, they can disrupt the controls, or grab your wallet and nick your money.

Ridiculous? Yes, but when it comes to software applications, that’s what happens every minute of the day.

Indeed, if that happened in modern day cars, there would be a consumer outcry. But in the software industry, it’s the norm.

Software applications are complex lines of computer code. And the problem is, that they are so complex (just lines of 0 and 1s), that it’s easy for a programmer (most modern day code is written in C++), to make a mistake.

Now it might be a minor mistake, but that’s all that a modern hacker (or cyber criminal as they are known as these days) needs to exploit the application. Because certain mistakes, or holes in the code (which are known in the trade as ‘bugs’), can be exploited. And the holes are in effect open portals through which hackers can insert new code which are known as viruses. Basically, a virus is a line of command code which serves a purpose designed by the hacker.

It might be as innocent as a joke which can appear on the user’s screen at a given time; or, it might be as dangerous as monitoring the user’s internet surfing and eventually learning how to drain their bank account.

But the point is, that the code, complete with ‘bugs’, is sold by the computer companies as finished products.

Now, to be fair to them, if they were to produce a totally bug free product, it would take years longer to finish and to market. And, arguably, a bug free state would be almost impossible to achieve, because the hackers tend to evolve their strategies over time.

For example, take Windows XP (the Microsoft operating system) which is one of the most complex and sizable applications you can buy, with millions of lines of code. Only now, after a huge number of service packs and patches (literally shoring up the defences and closing the holes), is Windows XP almost watertight. It has taken years to reach this stage and since then, two further incarnations have been launched: Windows Vista and Windows Seven.

And although software developers are getting better, it’s still a sad fact that most complex software applications you can buy, will have bugs and will be vulnerable to hackers.

The only way to cope with this is by using tools from quality antivirus software developers. It is these companies which have inherited the role which many believe should have been taken seriously by the developers.

The downside is, that you have to spend extra to protect products that arguably shouldn’t have been sold until they were watertight. But if you wanted 100% security, then you might have to wait years for products.

So, a flawed industry, yes, but is there a way out, yes again: buy good antivirus software and when it comes to surfing, always be a cynic.

Guest Article by Neil Camp 

Users of personal computing devices, and that includes smartphones, buy antivirus software to keep themselves safe from viruses, so it must have been a little galling for them to learn that some nasties are being delivered by the official route.

But even those who religiously use antivirus software to keep themselves safe, were shocked to learn that some Apps purchased from the official Android Marketplace have been discovered to be ridden with viruses.

And whereas the cyber criminals used to focus their activities on desktop and laptop computers, as smartphones get ever more sophisticated, and used for many more things (including banking), they are becoming very popular targets.

So when news broke that 50 applications which could be downloaded from the Android Marketplace contained a virus, people were naturally shocked.

They are known as booby-trapped apps and are downloaded by mobile device users in good faith. One such application was said to have been downloaded over 200,000 times.

The cyber criminals are very clever though, which makes the work of detection that much easier. They copy existing, best selling apps and then re-package them as their own work. And within the copy they embed the malicious malware. And malware is the word used to describe a virus; it’s basically code that is there with malicious intent (to get the host system to do something for the hacker).

Perhaps disappointingly, the viruses were not discovered by the operator of the Android Marketplace, but by an eagle eyed user of the website Reddit.

They realised that one app was listed under the name of a publisher that they know had not developed, or marketed the product. On investigation, he discovered that the app in question – which let people play a guitar on their mobile device – had the same appearance of the original app, but was being listed under another name. What’s more, this copy app contained malicious code. The person who discovered it realised that it had been downloaded up to 200,000 times whilst it had been on the apps store.

On further investigation, the person also discovered another 20 odd apps that included the same string of code. Indeed, further parties discovered the code was included in more than 50 individual apps.

The virus line of code – known as a DroidDream – has a number of malicious tasks to perform once it has infected it’s new host. Firstly, it sends data (including the phone’s unique identification number) to a remote server. Secondly, it uses exploits to bypass the phone’s security controls and effectively allows the hacker to gain control. In short, the phone becomes a zombie which can be used at whim by the hacker.

Google, which operates the Android Marketplace, says it has brought down the offending apps and suspended accounts where necessary. It also points out that the latest Android operating system, which goes by the name of Gingerbread, cannot be infected by DroidDream, although this does rely to some extent on a remote revival facility.

Rik Ferguson, who wrote about the incident on the Trend Security blog, said, when discussing the remote removal facility:
“This remote kill switch will not remove any other code that may have been dropped onto the device as a result of the initial infection. This greater openness of the developer environment has been argued to foster an atmosphere of creativity, but as Facebook have already discovered it is also a very attractive criminal playground.”

The moral of the tale, buy antivirus software for your smartphone, as well as your desktop and laptop?

Guest Article by Neil Camp 

When it comes to getting the best antivirus software deals for your computer equipment, it might surprise many that when it comes to smartphones, most users, say computer security giant AVG, are not aware of the significant risks involved.

Best antivirus stratagems appear to be focused on desktops and laptops, and smartphones are being overlooked by their owners as just not as vulnerable to cyber hackers.

But AVG reckons that owners of some of the most popular brands of mobile phones – such as BlackBerry and iPhone, and some major operating systems including Android – are in danger of being mugged.

A new survey has just been produced by AVG Technologies and the Ponemon Institute which has shown that over a third of smartphone users just do not realise how much at risk they might be. And the research also revealed that only just under 30% have considered using the best antivirus mobile applications for their personal devices.

A spokesman for AVG Technologies said:
“AVG and Ponemon Institute found that an alarmingly low percentage of smartphone users are aware of the security threats that exist today on many of the world’s most popular devices including Android handsets and the iPhone.

“A clear opportunity exists to better educate consumers on the steps they can take to minimize their risk and exposure, such as downloading low cost and even free anti-virus products specifically geared to protect their mobile lifestyle and investment.”

The research document revealed some very interesting facts, including that 13% of smartphone users said that location data had been unknowingly embedded on their device. This allows others to track a person’s location via their phone. Furthermore, 6% said that mobile applications on their smartphone had actually transmitted such things as credit card details without their consent. And that 8% of users admitted that their handsets had been infected by diallerware, a form of malware. This allows hackers to make a handset dial premium numbers, from which they get a cut.

Dr Larry Ponemon, chairman and founder of the Ponemon Institute, said:
“Our research suggests that smartphone users lack the awareness and knowledge to protect themselves from a rash of security vulnerabilities.”

So the message is quite clear, smartphones need the best antivirus applications, in the same way as desktops and laptops.

Guest Article by Neil Camp 

Anyone reading antivirus reviews might be pleased to know which are the best and worst European nations when it comes to being protected online. And who will have clear consciences, and who will have red faces.

For most antivirus reviews it’s the Dutch who are the most protected Europeans online. As to the worst, it appears that Latvians lose most money when it comes to financial losses and Bulgarians are the most likely to have their computers infected with malware.

On this occasion, the antivirus review was published by the European Commission’s statistical office known as Eurostat. This published, on Safer Internet Day which was 8th February, a report on various Internet security statistics as collected from across Europe.

A key finding of the report involved the use of IT security software (which included both antivirus software and firewall applications) and the figures show that use of such protection was the most common in the Netherlands. Here it was shown that around 96% of all surfing computer users in Netherlands are protected by such computer security. In second place were a number of countries: Finland, Luxembourg and Malta.

Lagging at the bottom are Estonia, Latvia and Romania. Here it’s reckoned that only two-thirds of surfing computer users avail themselves of computer security programs.

The report also revealed that in the last 12 months, over 30% of Europeans had fallen victim to an attack from a computer virus.

When it comes to losing money, Latvians (8%) led the way, but, perhaps surprisingly to many, is the fact that Britain comes a close second (7%).

This should ring alarm bells even for those that seek out the best antivirus products, as Britain has a very sophisticated antivirus software industry. And education to use such products, are readily available.

It will be very embarrassing for the British IT security industry to learn that amongst their fellow Europeans, they are regarded as an easy target, despite all the applications that are available to buy from computer goods shops, or download from the internet.

Guest Article by Neil Camp 

It’s likely that the antivirus software at one of America’s top stock markets has been beefed up in the past few weeks to stop attempts by hackers to penetrate the system.

Antivirus firewall software works by protecting the gateway computers which communicate with external systems.

And latest reports reveal that Nasdaq, the top New York exchange, has been under attack by hackers who apparently are making repeated attempts to break into the system.

The Wall Street Journal has reported that the FBI has been called in to investigate the alledged breach of security and the White House presidential team has been informed. Nasdaq itself has declined to comment on the stories and rumours.

Their reticence to comment is not unsurprising, given that stock exchanges are rife with rumours and gossip anyway, and just the mere suggestion of a successful cyber attack on one of the country’s largest and most active stock exchanges.

Nasdaq tends to deal in technology stocks, IPOs and younger companies. The New York Stock Exchange focuses on the larger concerns, listing most of the Fortune 500 companies.

The worry for the authorities is that stock price manipulation via a cyber attack could not only net the criminals a fortune, but it could also be a great terrorist victory. Terrorists have widened their net to include cyber attacks and Nasdaq, along with the other exchanges, represent an ideal target.

One financial security specialist said:
“The implications of cyber criminals being able to penetrate such a sensitive computer network are thinkable. It would also have worldwide ramifications. Nasdaq makes an ideal target both for the cyber criminal and cyber terrorist alike. Such an attack would shake the confidence of the major worldwide economies.”

The exchanges’ antivirus firewall software is the first line of defense against the attackers. It is there to keep the Barbarian hordes at bay, but also requires the necessary support of a good antivirus campaign plan. Viruses, Trojans and malware can be introduced so easily into systems, that users of the network have to be extremely careful as to how much the system is exposed to risk though the ‘back-door.’

Guest Article by Neil Camp