Symantec has just published one of its regular major security software reviews.

Symantec, developers of the Norton antivirus product range, publishes monthly security software reviews under the title of MessageLabs Intelligence Reports. One of the highlights of the report relates to botnets; the report suggests that almost 95% of spam is sent from a botnet, compared to 84% in April this year. More specifically, the report reveals that Rustock has kept its number one spot as the most common spam-sending botnet, responsible for 41% of botnet spam (up from 32% in April this year).

One reason behind Rustock’s increase in spam presence is that it no longer uses TLS encryption to send out spam; this speeds up connections and increases the amount able to be sent by the botnet. The figures for the use of TLS have dropped considerably; in March this encrypted spam was attributed to 30% of spam sent from all different kinds of sources, and 70% of spam sent from Rustock; this has dropped to 0.5% today.

Paul Wood, the MessageLabs Intelligence Senior Analyst, Symantec Hosted Services, explains: “It is likely that because TLS slow connections due to the additional encryption processing required to send a spam email, the botnet controllers realized that this tactic impeded their spam-sending capabilities,” Wood said. “As a result, Rustock’s dominance has never looked better as its spam-per-bot-per-minute rate more than doubled from 96 spam emails to 192.”

The report also highlights global variations in spam; the UK, it claims, is responsible for 4.5% of all the world’s spam, a percentage that has more than doubled since the month of April. Four of the top 10 spam sending countries (the UK, Germany, France and Italy) can now be found in Western Europe, showing a global shift in the sources of the most troublesome and high-volume spamming.

The MessageLabs Intelligence Report was not just focused on spam; it highlighted a number of other changes and developments in internet dangers. For example, viruses. They noted that the ratio of email-borne viruses in people’s day-to-day email traffic from new dangerous sources was down from July by 0.02%, at 327.6 emails in August. Phishing was also covered in the report, which revealed that 1 in 363.1 emails, which was a 0.10 percentage increase since July.

Geographical trends were also discussed extensively in the report; rises in levels in spam in countries such as Hungary, Hong Kong, Japan and China; the percentages of spam in emails in the US, Canada and the UK; and the sudden targeting of Oman with phishing attacks in the month of August. Vertical trends, such as the automotive sector being the most the spammed sector in industry (at 94.8%), and the Education sector being at a spamming level of 92.9%, were also discussed.

With its security software reviews, Symantec hopes to keep the using public in the know as to the various changes in threats and dangers in all sorts of areas, from spam to viruses.

Guest Article by Neil Camp

All computer security companies are keen to offer the best antivirus products and GFI Software, which makes the VIPRE range of products, has just announced some new accolades.

GFI’s security business has picked up a best antivirus award in the shape of a completed certification from the OESIS OK programme, a programme created by OPSWAT which provides development tools that run and power software application manageability. The purpose of the certification is simple: to offer independent verification that the products given the award are effective, safe, and efficient enough to be of excellent value to the buyer. It is no wonder, then, that GFI VIPRE is proud of its new award.

Like the Oscars, the OESIS OK award has its categories in which products compete for the title: VIPRE were awarded Certification in the Antivirus Category, and a Gold Certification in the Antiphishing Category. This award extends throughout VIPRE’s array of products, from their consumer packages – such as VIPRE Antivirus and VIPRE Antivirus Premium – to their business and enterprise versions, such as VIPRE Enterprise and VIPRE Enterprise Premium.

OESIS OK certification brands VIPRE as having the OESIS Framework incorporated into their features; this means that they are run and detected by the OESIS Framework and ensure seamless connectivity and interoperability.

Jeremy Sheldon, OESIS OK Program Manager at OPSWAT, says: “We are pleased that the VIPRE product line continues to demonstrate its commitment to application manageability by participating in the OESIS OK Program. Certification assures the more than 50 million endpoint users of the OESIS Framework that an application has passed rigorous tests to ensure immediate and ongoing interoperability.”

VIPRE will no doubt be keen to stress the addition of this new certification, which they believe will help to encourage the image that VIRPE is up there with the best antivirus products on the market.

Guest Article by Neil Camp

Following on from the massive Intel and McAfee deal, another deal involving a software antivirus company has been announced, albeit on a far smaller scale.

Czech software antivirus company Avast has been given a $100 million shot-in-the-arm following the purchase of a minority stake by equity investor Summit Partners. After being formed in 1991, the security company was once Alvil Software, but is now more memorably known as Avast, sharing its name with the security products it produces.

Unlike many other security software companies, Avast’s focus is on providing a quality free-of-charge security product for the everyday home user, as well as premium products that can be purchased alongside. Avast has always believed that it’s company will do its marketing for them; satisfied customers of the free product will recommend the premium safety product to their friends, family and colleagues. This ‘freemium’ strategy does appear to have worked, at least for Avast, with their product installed on one in five machines globally.

“For 26 years, Summit Partners has been investing in profitable, innovative leaders in the security software industry, and it is rare to find a company such as Avast that redefines how an industry does business. We are very excited about the growth prospects of this exceptional company,” says Han Sikkens, a Principal in Summit Partners’ London office.

Summit’s new investment in the Avast company will be hoped to improve growth and development at Avast, a company that have already proved to be good at thinking outside the box in providing their customers with a unique and safe computer experience through their products. Although not quite as lucrative as the recent deal with Intel and McAfee, this deal between Avast and Summit Partners demonstrates the room for growth that lies within the software antivirus market.

Guest Article by Neil Camp

Panda antivirus software has been given a top award by the German testing laboratory AV-Test.org.

The award was given in the Q2 Product Review and Certification Report and a product from Panda antivirus software, the Panda Internet 2010 Security Solution, grabbed top spot. Its score in the protection test, and the cleaning and repairing infected computers test, was an impressive 5.5 out of 6. For usability, it scored a high 5 out of 6.

The product detected all of the ‘in the wild’ pieces of malware, as well as 100 per cent of the other malware infections it was bombarded with in the test. These are both essential for a product to give vital protection to the user against the kinds of dangers that circulate continuously.

Panda Security managed to detect 82, 89 and 74 per cent of zero-day malware attacks from the internet including e-mail. 81 per cent of the samples used were detected in the dynamic detection test; this stands much higher than the industry average of 63 per cent.
Identifying and dealing with rootkits was another area where the Panda Internet Security 2010 did well, scoring 100 per cent for this and other kinds of hidden malware detection.

Panda’s Collective Intelligence technology is believed to be the reasons for such high scores; this technology can detect known or unknown malware, and then send them to the cloud to be checked and then, if necessary, eliminated.

The reasons behind Panda’s 5 out of 6 score in usability are clear: the industry uses an average of 251 seconds as a guide for the impact of the product on a computer; Panda Internet Security 2010’s performance was 101 seconds, less than half of this average.

Pedro Bustamante, senior research advisor at Panda Security, "These results illustrate the incredible capability of Panda’s Collective Intelligence detection system. More significantly, this detection power has no impact on users’ computers, since the scanning and the classification of malware takes place entirely in the cloud.

Andreas Marx, CEO of AV-Test.org, describes the demands AV-Test.org have for the products they test: “At AV-Test.org, we have tested all products with all update functionality and ‘in the cloud’ protection enabled, so no product updates were frozen.

This way, the products had to demonstrate their real world capabilities using all components and protection layers in realistic test scenarios."

Panda Antivirus software has come out on top throughout all tests that were thrown at it by AV-Test.org, suggesting a strong capability in keeping user’s computers safe, and justifying its leading position in the Q2 Product Review and Certification Report.

Guest Article by Neil Camp

IT giant IBM has been selected to provide internet security software plus other threat solutions for Rive Gauche, a Russian chain of perfume and cosmetic stores.

The IBM package, which includes internet security software, is called Security Solutions by US based IBM. Rive Gauche has decided to overhaul its IT system to try to stay ahead of the internet threats that are looking to become more and more dangerous to businesses in the future. At their headquarters and branches in St Petersburg, Rive Gauche will be introducing the IBM Security Solutions software to help with keeping their business safe.

Alexey Smolin, head of Information Security Department at Rive Gauche, said: “As we’ve expanded our network of retail stores, a key concern for Rive Gauche has been to safeguard our customers’ personal identifiable information data and protect the IT systems in our headquarters, local offices, stores and warehouses from all manner of threats. With IBM, we found a proactive approach that helps us not only remediate based on specific attacks, but gives us a clear view into suspicious activity well before it becomes a problem.”

With the IBM software, Rive Gauche can block and detect any illegal and dangerous threats made towards the company, either through its servers, desktops or gateways, and allow them to see all that is happening in a single control network.

IBM also has the capabilities to make vitally important emails be delivered with urgency if there is a serious problem, or to make other, less dangerous events, de-emphasised. Rive Gauche has reported an improvement in the detection and management of security issues that have come their way.

The general manager of IBM Security Solutions agrees that this internet security software will be more than just for simple viruses and malware: “Rive Gauche is tapping IBM Security Solutions for more than just viruses and attacks- it’s building a system that is secure by design. At its core, Rive Gauche is setting a proactive security policy with IBM solutions to better safeguard its clients and corporate information.”

Guest Article by Neil Camp

In the latest antivirus software review from Virus Bulletin, the computer security company ESET, which operates out of Bratislava, has been awarded its 63rd VB100 award.

The Virus Bulletin report is regarded as one of the industry’s top antivirus software reviews. Virus Bulletin subjects the products it is testing to a number of rigorous examinations. Two essential criteria must be achieved to gain for a product the VB100 logo; one, the product must detect 100% of the viruses known to be ‘in the wild’ and two, the product must not flag up any files as dangerous when they are not, also known as generating false positives.

John Hawes, of Virus Bullet, said: "Memory usage was among the lowest in this month’s comparative, with CPU drain not breaking the bank either. Detection rates were as excellent as ever, with some superb RAP scores; no issues emerged in the WildList or clean sets, and ESET continues its monster unbroken run of VB100 passes.”

ThreatSense® technology is what drives the ESET antivirus capabilities; as an advanced heuristics engine, it means that the product is proactive in its rooting out of malware on a user’s computer. ESET deals with problems that may occur in real-time, and use a secure virtual world to analyse and deal with the danger. This means that even the most well-disguised pieces of malware are picked up and sorted out safely.

Ján Vrabec, security technology analyst at ESET, says: “ESET’s top priority is to protect the users at a maximum possible level, while minimizing false alerts system impact. All of these facts greatly contribute to our long-term success in Virus Bulletin testing.”

Whilst other products that have come through the Virus Bulletin tests have around a 50-70% success rate, ESET boasts an impressive 97% since 1998 when the VB100 awards were first created by the antivirus software review system Virus Bulletin review.

Guest Article by Neil Camp

The security antivirus sector has undergone a major shake-up with the news that Intel, the world’s largest computer chip manufacturer, has bought McAfee for $7.68 billion (£5 billion).

The logic behind the deal, which has come as a surprise to most investment analysts and also to many within the security antivirus sector, is to take a new approach to fighting cybercrime. Intel plans to build security features within the microprocessors that are used to power computers and smaller devices such as mobile phones.

Intel have deep pockets and have offered $48 cash per share for McAfee stock which represents a 60% premium on the McAfee pre-deal share price. Not surprisingly McAfee shares jumped 58% on the news of the bid and the price being offered.

And even though the two companies had been working together for over a year, the deal still caught many unawares. Although both company Boards approved the deal, the takeover will have to be passed by shareholders of both companies and the US regulatory authorities.

Should the deal go ahead – and few see any major problems – the first few products of the amalgamation will be introduced early in 2011.

As the bidder and the ones coughing up the cash, Intel’s shares off 4% to 18.84 US cents.

The BBC was one of many media organisations to run the story and the editor of PC Pro Magazine was one of many who were surprised at the news:

“Intel does buy a lot of companies and it does have a lot of more cash than anyone else out there. So it making a big acquisition isn’t a surprise, but you may have thought it more likely to buy another hardware firm. No doubt Intel is looking ahead and seeing that the laptop and desktop market are probably past their heyday and the big growth area is mobile.

“For a company like Intel, it’s nowhere near as strong in the mobile area as it is in the laptop and desktop areas, so it’s probably looking for new ways to get streams and revenues in the future. Perhaps that is Intel’s point of view but not everybody else’s. The reaction from investors has been quite negative.”

Experts now say that the deal will be a major re-arrangement of the computer antivirus sector, with some firms now feeling on the back foot as McAfee gets access to the sharp end of the industry.

Guest Article by Neil Camp

Software antivirus company Kaspersky Lab has spotted the first Trojan that is targeted towards Smartphones running the Google Android operating system.

Kaspersky Lab is one of the largest software antivirus companies operating in the computer security sector and has named the Trojan SMS.AndroidOS.FakePlayer.a. This particular Trojan has played havoc with a number of mobile phone devices, and the efforts of Kaspersky Lab is in the hope that fewer users will be affected in the future.

The Trojan runs under the disguise as a media player application; for users this seems harmless and so once they are prompted to download it, the file is installed with what is known as the standard Android extension: .APK. However, harmless it is now. Once it is on the phone, the Trojan starts to send SMSs to premium rate numbers. This all done without the user’s knowledge, and this means money is passed from their account to the account of a cybercriminal.

With Smartphones becoming more and more popular, this kind of SMS category of Trojan has become more and more prolific. This specific Trojan is the first to target the Android platform, however, and spyware has also been detected in some devices that run Android in the past.

Denis Maslennikov, Mobile Research Group Manager at Kaspersky Lab, says “The IT market research and analysis organisation IDC has noted that those selling devices running Android are experiencing the highest growth in sales among smartphone manufacturers. As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform.

“Kaspersky Lab is actively developing technologies and solutions to protect this operating system and plans to release Kaspersky Mobile Security for Android in early 2011.”

As with any computer, users have been encouraged by software antivirus company Kaspersky Lab to check out any download that an application may request.

Guest Article by Neil Camp

Sunbelt Software’s VIPRE flagship product has achieved another accolade following an antivirus review from Virus Bulletin.

The Virus Bulletin antivirus review, which places acceptable products on its VB100 list, has included VIPRE in its August 2010 issue. Virus Bulletin subjected VIPRE to a number of stringent tests; the software was loaded onto a system that ran Windows Vista Professional Service Pack 2, upon which it bombarded VIPRE with over 100,000 threats.

The threats ranged from those found on social networking sites, to those that can be picked up by gambling or gaming online; the variety tested to make sure that users of all interests would be secured against the threats on the internet. On top of these, VIPRE was tested with three new strains of W32/Vinut. Many products in the last couple of years have struggled to deal with this pesky threat.

False positives are also tested by Virus Bulletin; this is to ensure that the products don’t flag documents or webpages as being infected when they are in fact clean. In the results of the test, it was found that VIPRE detected 97.83% of worms and bots, with all viruses known to be circulating in the wild were caught without throwing up any false positives.

The viruses categorised as being ‘in the wild’ are those that cause mayhem on a daily basis, and attack normal every day operations on user’s computers. Detecting these is therefore vital for a product that users trust to install, and therefore entrusting them with making banking details secure, keeping personal information personal and ensuring computer safety.

VIPRE was applauded for having one of the highest average proactive detections rates of the products Virus bulletin tested. It was also appreciated as being streamlined on a user’s computer, therefore not taking up too much of the computer’s resources.

John Hawes, who coordinates the testing at Virus Bulletin, says: “Sunbelt’s marketing campaigns regularly boast of VIPRE’s lightness of weight and lack of bloat, and these assertions are certainly supported by the product’s wafer-thin 16MB installer, supplemented by a mere 66MB of updates, available to download as a standalone package from the company’s websites. The set-up process is short and sweet too, taking only a few seconds to complete – with no reboot needed, the process was over in less than half a minute.”

To be able to display the prestigious VB100 logo bestowed by Virus Bulletin, antivirus products like VIPRE must pass all the extensive tests.
Alex Eckelberry, CEO of Sunbelt Software, commented: “Inclusion of the VB100 is a true testament of VIPRE’s capabilities as it is pitted against other leading antivirus products. Our focus has always been on our customer satisfaction, ease of use and high level of threat detection. The tests from Virus Bulletin show that VIPRE is a reliable antivirus solution that is easy to set up and use.”

The latest antivirus review by Virus Bulletin has assured VIPRE as one of the leading providers of antivirus products.

Guest Article by Neil Camp

Antivirus reviews operation Virus Bulletin has announced that during a recent test of 54 anti-malware products on Windows Vista Business Edition SP2, 19 of the products did not reach the required standard for VB100 certification.

Virus Bulletin publishes some of the industry’s top antivirus reviews and it has found that many products are failing in their bid to protect internet users against potential malware dangers.

These products failed in a number of areas, and in areas that anyone would consider basic if they were to buy the product for the protection of their computers. The products failed to detect a number of viruses that were well known to be circulating, meaning that viruses that are entirely preventable are slipping through the rather patchy net. Other problems included false alarms appearing on files that are in fact clean; these were not from private users but from some of the top software houses, such as Roxio and Adobe.

Design and stability were also an issue. John Hawes, Virus Bulletin’s Anti-Malware Test Director, says “Most notable this month….has been the remarkable level of instability under pressure noted in many of the products – while our tests do not put unusual strain on the products, it is clearly important that security software should continue to function under pressure, and should not crumble in the face of heavy attack.”

The tests are stringent, with each of the products being tested against the WildList; this list is publicly available and shows up-to-date information on the malware that is known to be circulating at this current time, or has circulated in the past. To earn their VB100 certification, the products must detect 100% of these.

Unlike many of the products in this round of testing, a VB100 certified product would not generate false alarms when it scans a set of files the testers know to be clean. This kind of behaviour would not endear the products to the user: “Flaky behaviour will certainly not instil a sense of security in users, and developers need to ensure their quality control is thorough and comprehensive, to keep their users properly protected at all times,” continues John Hawes.

The antivirus reviews and tests give an insight in to what products are at the cutting edge of antivirus security, and take information from their tests and users’ experience to gather detailed analysis on every product. See BUYability’s antivirus reviews here.

Guest Article by Neil Camp