It’s being alleged that malware writers are alive and well in a number of antivirus security firms.

And much of these antivirus security allegations are centred on activities in China. The centre of many alleged fraud scandals, China has its fair share of cases involving malware writers using their talents to bring down competing antivirus software companies.

The latest outrage is focused around a former official at Beijing Municipal Public Security Bureau, who has been given a ‘suspended death sentence’ after being found guilty of corruption.

The long-running rivalry between Rising and Micropoint (Micropoint being founded by former employees of Rising) is at the centre of this conviction. Yu Bing, the security official, was partly convicted for mass embezzlement and corruption because of his alleged crimes against Micropoint. The government accused Yu Bing of denying Micropoint access to official testing, and of actions that led many Micropoint employees to be accused and convicted of creating malware to advance their position. Rising have been quick to distance themselves from the case.

The ‘Epoch Times’, a Chinese anti-establishment news source, threw the accusations at Rising, but do believe that Rising is one of many companies in the security industry that creates malware for their own benefits. They call it ‘an open secret’, and claim that the industry is rife with this sort of corruption and fraud.

Other antivirus and security companies across the world are, however, not so quick to believe the allegations. John Hawes, a Technical Consultant at Virus Bulletin: "It seems pretty unlikely that anyone working in a serious security firm would consider creating their own malware. This is an industry which relies heavily on trust and respect between competitors; there’s a very strong moral code which totally forbids anything like that. Many outside the industry seem to find it amusing to suggest such theories, but most researchers will have heard the same thing many, many times. Those in the know are well aware that creating new malware is not only unethical but pointless…’

This latest row over allegations of corruption in the industry are only one in a long, convoluted series of events and stories coming out of China. The author of the Fujacks virus (also known as the ‘panda-burning-Joss-sticks’ virus, due to the cartoon icon that appeared in the place of the file it had infected), Li Jun, is believed to have been hired by the Spanish firm Panda. The reports suggested that the convicted malware writer was hired by Panda to advance their own name at the detriment of their competitors, but it was quickly denied by Panda, who claim it was a misunderstanding arising from some Chinese software marketing.

With the allegations that malware writers are helping companies to beat their rivals, one can only hope that the effectiveness of these antivirus security firms are not impeded, and that they can continue to keep users’ computers safe from internet threats.

Guest Article by Neil Camp 

Whilst many computer users are rightly obsessed with protecting their systems with the best antivirus programmes they can find, the Virus Bulletin has reported that the latest monthly ‘Patch Tuesday’ from Microsoft contained a whopping 17 alerts.

And these 17 alerts covered 40 separate vulnerabilities which make it a hard job for anyone trying to maintain best antivirus status a tricky job. Only two of these were categorised as ‘critical’, but that does not mean that the others aren’t dangerous enough to wreak havoc in innocent users’ systems. The two critical alerts also included fixes and patches for the Internet Explorer browser; a standard in most rounds of security patches.

So, what is a patch exactly, and how does it benefit users? A security patch is released to fix problems with all aspects of a computer, such as programmes and browsers. It is a nifty piece of software that is a saviour for many users and their concurrent computer problems. These can range from vulnerabilities in a computer or programmes’ security, to improving the usability and effectiveness of a particular programme.

When it comes to even bigger problems, ‘patches’ are given a different name. Large fixes of big problems, or to solve difficult issues, are often called ‘service packs’ or ‘software updates’. This kind of terminology is commonly used by Microsoft and its various Windows services.

A ‘patch’ can, therefore, be a blessing to users as it solves many niggling issues as well as large and debilitating problems. The alerts are therefore an important part of a users responsibility to keep their computer safe and well. Microsoft urges users to apply the patches as soon as they can. It is particularly important in a year beset with problems; Symantec claims that this large batch of patches takes the total for the year over 100, the first time that this has ever happened.

Patches are therefore part of the important fight to keep computers healthy and effective for their users. This particularly large batch of patches highlights the need for up to date and consistent updating of products to provide the best antivirus care to computers.

Guest Article by Neil Camp 

Antivirus software users are a restless bunch says top security company Avira.

The company, which is based in Germany, says that new research has revealed a number of antivirus software user habits. These include their attitudes and behaviour with regards to their internet security software. The consumer security survey, with 9091 participants, was sent to Avira’s 100 plus million customers across the globe, giving an international outlook to the results.

Some of the trends in the survey, however, have given Avira cause for concern, and suggest a global restlessness when it comes to internet security packages, as well as bad habits that could potentially put users in danger.

For example, 62.84 per cent have tried a number of different security products in the space of 12 months, all on the same computer. Users appear to be willing to try out a variety of internet security packages before settling with their favourite, suggesting a clear knowledge of what they want on their own computers. Sorin Mustaca, a data security advisor at Avira, says: “It’s not surprising that consumers try multiple products each year since everyone is trying to find the right security product which can effectively balance protection and a computer’s resource usage.”

The survey data will give the internet security software companies much to consider. For example, 25.15 per cent of respondents to the survey saying that they turn off the anti-virus software because they thought it was slowing down their computer. This, suggests that internet security software companies need to understand the users’ demand for a piece of software that does not act as a drag on their computer’s resources. They want to keep their computers safe, but do not want to sacrifice their enjoyment and the effectiveness of their computer.

Mustaca at Avira agrees that this survey should tell the sellers of internet security software a thing or two: “It is a clear sign for the vendors that even more care has to be taken in order not to overload the security software with features which may have a great impact on system performance. In the end, when it comes to security, it is better to have minimal protection which goes unnoticed than protection with all whistles and bells which the user deactivates in order to be able to use his computer.”

If software vendors don’t want to lose their customers, this data, plus the 12.01 per cent of the survey who thought about not using their internet at all because of security reasons, should hopefully give them some idea as to what they can do to make their products that much more effective for their global users. Antivirus software needs to suit the demands and needs of users, and that hopefully should stop the restless, dangerous habits that let many cyber-criminals into people’s lives.

Guest Article by Neil Camp 

Despite many internet shoppers getting the best internet security software they can afford, a new study from Norton – developer of one of the most extensively used range of antivirus solutions – concludes that consumers are not taking even the simplest measures to protect themselves against cybercrime, particularly on their mobile phone devices.

What’s more – in this age of the best internet security software being readily available – the study also shows that over 50% of people under 35 are updating their social networking status on a real-time basis, revealing their identity along with quite personal details.

Despite the wide-spread warnings that internet users are risking their online identity and personal details, the “Connected but Careless” study (conducted by Javelin Strategy & Research) suggested that security was particularly lapse in three key areas: mobile phone based transactions, online passwords, and location-based services.

This is particularly worrying, as the suggestion that internet users are dangerously unprepared for keeping their details safe comes at a busy time of the year. Between Thanksgiving and New Year’s, around 47% of those surveyed expect an increase in online purchases. This, combined with 18-34s indicating that their social network activity will increase during the holidays, is a worry for internet security experts.

Jean Chatzky, who helped Norton with the development and analysis of the study, “We’re seeing huge gains in people shopping and banking online, especially around the holidays. The survey shows that people are still unaware of how their online activity can pose a ‘real world’ threat to their finances. It’s like an invitation to cybercrooks.”

Compounding the problem is the new popularity of applications and technology that allow you to tell your social network where you are, through the use of your mobile phone device. The dangers of ‘geo-location’ for the user are widely unknown. 22 per cent admitted that they readily gave applications on their mobile phones permission to know their location. 56 per cent under the age of 35 admitted to updating their location via their social networking status. This means that criminals in the real-world, not just the cyber-world, are being given an opening to commit crimes against users.

On the subject of geo-location, Chatzky adds: “Giving away your location is a potential ‘gateway’ that people should be aware of and think about. The only people who need to know that you’re out-of-town, or not where you usually are, are your family, close friends and maybe a trusted neighbor. Technology is changing so fast, that many people may not even be aware of the various ways they’re opening themselves up to potential financial losses.”
This lack of knowledge reveals a more general trend, whereby those who use mobile phones as a means of accessing the internet are unaware that the same protection is needed as on their home or work laptops/computers. This only adds to the worries that despite the warnings, many users are still not keeping their personal details safe. To reverse this dangerous attitude, security companies such as Norton are hoping to encourage people to buy the best internet security software, and keep themselves safe over the holidays.

Guest Article by Neil Camp 

A great many fathers and uncles will be pretending to be someone else during this festive season, but just because it’s the time of year to don new clothes and become Father Christmas, it doesn’t mean you have to accept anyone else masquerading as someone they are not.

The internet has brought an unbelievable freedom to shoppers and people searching out the best retail bargains. And more than ever great numbers of shoppers will be using the internet this Christmas to buy their presents.

But, this is the time when surfers should be at their most cautious. Identity theft via the internet is becoming common and unless you are protected by strong anti-virus, you run the risk of someone literally digitally cloning you and using your electronic profile to get you into all sorts of trouble.

Hackers pinch personal identities for two main reasons. Firstly, they can steal from the identity they’ve just discovered and secondly, they do action things in the name of the identity they have just discovered.

It works like this. People are naturally careless creatures and what might seem like innocent information – a name, and perhaps a date of birth, linked to an address, and maybe the name of their bank – can all be linked together to form a profile of a person. Then, with a little ingenuity, maybe usernames and passwords can be guessed at. And it might not even be guessing, because there are viruses – known as Trojans – which act as key loggers, or stroke replicators, which match the used keys when say accessing an online bank account. These viruses sit on a person’s computer, without them knowing, and pass back the information to the hacker. The hacker then matches a website url – say your bank – with the keys you use when entering your online account. And hey presto, with the other things they know about you, this then represents a profile which can be ‘attacked.’

And usually the hacker won’t use that profile themselves. They prepare the data and sell it on a website where criminals pay for the information, in an auction, and then do with it as they see fit. Not a particularly nice state of affairs, but worth billions to the organised crime gangs who can now steal via computers, and not get their hands dirty.

It can also work in another way. Rather than drain your accounts of your precious money, the hacker decides its more profitable to pose as you and apply for credit, or buy products. Applying for credit, as well as other goods and services, is becoming more popular than just attacking a bank account. Buying goods on credit, or arranging loans, can yield the criminal a far bigger return and it can be some time before the thefts are discovered.

There was a recent scam where East European scammers had created a simple money making machine. They bought personal identities off the criminal websites, then ordered contract mobile phones on their behalf, to be delivered to the homes of chosen accomplices. Once the phones were in the possession of the accomplices, they set about telephoning premium numbers which the gang leaders had set up in Eastern Europe. And because the premium numbers (about £1.50 a minute) were overseas, the mobile phone providers were obliged to pay the call rates before passing the bill onto the unsuspecting people whose identity the phones had been registered. A shock for all parties concerned.

So, yes, Father Christmas is used to being copied by millions across the world. It’s part of the festive fun. But just make sure your identity doesn’t get copied as well and that nice iPhone they’ve ordered for you – which you never got – has been happily ringing a strange Eastern European number. You’ve been warned.

Guest Article by Neil Camp