Three of the six bulletins were marked as ‘Critical’, with vulnerabilities in Microsoft Project and Internet Authentication Services fixed alongside the now customary cumulative patch covering a selection of problems recently spotted with IE. All could lead to remote execution of code.

Less serious, but still labelled ‘Important’, were fixes for the Local Security Authority Subsystem Service (LSASS), Active Directory and text conversion features in WordPad and Office applications.

Once again Adobe has followed Micorosoft‘s lead by releasing its own set of updates on the same date – a serious flaw in the Flash player software, again described as ‘critical’, has been patched, and further alerts have been issued about Illustrator products.

The official Microsoft bulletins are available here, with a summary from SANS here and some commentary in The Register here. Adobe‘s alerts are here. As always, VB advises readers to ensure all systems are fully patched and up-to-date as soon as possible.

Testing will run throughout November, with the results due for publication in the December issue of Virus Bulletin. The deadline set for product submissions is October 28th, with test sets and test platforms to be frozen on October 24th – the latest WildList available from the WildList Organization on this date will be used for the test. Those products which prove capable of detecting the full contents of the WildList, both on access and on demand, without raising any false positives on a set of known-clean files, will be awarded VB100 certification.

An overview of the VB100 testing process can be found here, with more in-depth details of the testing procedures here. Submission is free of charge, and any software vendors interested in submitting a product for the test should contact John Hawes for further information. The schedule for future comparatives is here.

The latest test features a total of 16 products, which were measured for detection performance against a massive collection of malicious samples, split into two sets with one containing sample representing the last 7 months, and the other the twelve months before that. Detection rates are balanced against false positives to produce an overall grading on a four stage scale. Of the 16 included, 7 achieved the highest ranking of ‘Advanced+’.

The top achievers were Alwil’s avast!, BitDefender, ESET’s NOD32, F-Secure, G DATA, MicroWorld’s eScan and Symantec’s Norton. Also doing well at the ‘Advanced’ level were products from AVG, Avira, Kaspersky, McAfee and Trustport, with Avira, McAfee and Trustport marked down thanks to false alarms despite high detection rates. McAfee’s product was tested with their Artemis in-the-cloud technology active.

Lower down the table came Microsoft’s solution, rated ‘Standard’, while offerings from Kingsoft, Norman and Sophos ranked only ‘Tested’ – with Sophos’ score again counterbalanced by a relatively high false positive rate.

Most products were tested with ‘best possible’ detection settings. The test will be completed with a round of retrospective testing of the same products, due out in a few months’ time. Full details of the test and the methodology used can be found on the AV-Comparatives website, here.

The new release is designed as a pared-down, free-for-all replacement for the now defunct OneCare, and is intended to mitigate the global malware epidemic by providing protection to those least likely to have a solution in place. Users on lower incomes and in developing nations are hoped to be among those taking advantage of the free product, and its introduction should, its makers claim, reduce the number of infected systems pumping out spam and malicious attacks around the world. It is also hoped that the release will reduce the danger of ‘rogue AV’ scareware, which targets unprotected users in its attempts to con victims into installing its paid-for software, a threat currently rife on the internet.

While many have suggested that the appearance of Security Essentials on the scene may herald the demise of existing free-for-home-use solutions from the likes of AVG, Alwil (avast!), and Avira (AntiVir), and indeed the rest of the AV industry, others have pointed out the likelihood of healthy competition in the free AV market bringing increasing sophistication to these free products, while also encouraging those who have tried out free solutions to move up to more complete, full-featured products.

The suggestion that it will provide protection for the downtrodden masses has been countered with the argument that those with the urge to install free security have had plenty of options for some time, while those in less developed states, who are likely to be a major part of the botnet problem, are also likely to be running unofficial, unvalidated copies of Windows, which are not supported by the new Microsoft protection offering.

Initial reviews of the product have been generally favourable, with praise for its simple, pared-down design and usability, unobtrusive system impact and decent detection levels. The fact that the product shares a core engine and detection with Microsoft’s corporate Forefront product – which has shown steady improvement in independent tests in recent years as Microsoft continues to invest in its security lines – bodes well for the product’s static detection abilities.

However, some commentators have criticised the apparent absence of advanced features such as dynamic detection, with one Symantec representative describing the solution as ‘behind the times’ after a set of test results showed Norton providing superior protection. Microsoft responded by insisting the product does include some sophisticated behavioural monitoring and reputation-based technology, and suggested that the solution is only intended as a component in an in-depth, multi-layer security regime.

“It seems unlikely that this release will revolutionise the security world the way some people have been suggesting,” said John Hawes, Technical Consultant at Virus Bulletin. “People aren’t going to stop investing in quality security suites with firewalls, intrusion prevention, spam filters and parental controls just because there’s another free bare-bones product available. However, with Microsoft’s marketing weight behind it, it should hopefully find its way onto some of those untold millions of unprotected systems out there – it should provide decent protection for them and stop their systems spamming and attacking the rest of us. If Microsoft change their mind about not letting it run on pirated copies of Windows, it would make an even bigger difference.”

VB will be providing an in-depth review of Microsoft Security Essentials in the November issue. Those interested in trying it out for themselves can find out more and download it from a Microsoft microsite here. Initial views and screenshots can be found in The Register here, with summaries of an early test by AV-Test.org here at The Register, at ComputerWorld here and in the Washington Post here.

More coverage is at ZDNet here. Symantec‘s blog entry attacking MSE, including a link to the full test report from Dennis Labs, is here, with news coverage here and a response from Microsoft here.

The company has posted updated versions of its ZoneAlarm Internet Security Suite, Pro, Antivirus, Anti-Spyware and Basic Firewall offerings.

The updates correct an error caused by the latest Microsoft security update. One of the four bulletins addressed a flaw in the Windows DNS component, but also resulted in an error which prevented ZoneAlarm users from accessing the internet.

Many ZoneAlarm customers, were left unable to connect to the internet and were forced to either uninstall the security update or temporarily lower the security level on their ZoneAlarm applications.

By Thursday UK time, the company promised that a patch would be in the works, advising users to keep an eye on the site for the updates. By Thursday evening, updated versions of all five applications had been posted, along with a list of recommended actions for those who do not wish to install the updates.

All five of the updated applications can be downloaded directly from Check Point’s support site.

Source: vnunet.com

The time is right for mobile antivirus. At least, that’s what Dan Clark, vice president of marketing at Eset thinks. “It has to do with the number of phones in the market – 35 million of them shipped in the fourth quarter of 2007, which is up 72 percent from the same time period in 2006,” he said.

Clark claims the market for smartphones is close to150 million. “It’s increased to the point that malware developers will target Smartphones more heavily to generate financial gain,” he said. “Attacks follow volume, and we wanted to get our product out a bit before it’s really needed.”

The Eset products designed for computer desktops are known for having very little impact on system performance, and Clark says this holds true with Eset Mobile Antivirus. “The mobile product uses a very small client and has minimal memory, minimal bandwidth and minimal CPU requirements,” said Clark. “It’s been optimized especially for the mobile phone platform.”

The Eset Mobile Antivirus features include:

* Heuristic Threat Detection – Based on ESET’s heuristic engine, ThreatSense, which identifies threats based on their behavior.
* On-demand Scanning – Scans and cleans both integrated and removable memory media (i.e., smart cards), performs a full memory/running processes scan; specific folder scanning capability with results displayed on screen.
* Advanced On-access Scanning – Scans created/used files. Scans incoming files via wireless connections (Bluetooth, Wi-Fi, Infrared).
* Activity Log – Stores scan statistics and database status in a user-friendly format. Includes scan results-history.
* Variable In-depth Scanning of Cab Files – Lets you set cab file scanning to the level you want.
* Automatic/On-demand Updates – Providesup-to-date protection against all threat types. Schedule updates on a daily, weekly or monthly basis.
* Intuitive User Interface – Easy-to-set dialogs and intuitive menu.
* Compact Updates – ESET’s update files consume less bandwidth to the mobile device.

ESET Mobile Antivirus currently supports PDAs and smartphones running Microsoft Windows Mobile 5 and Windows Mobile 6.

If you’re interested in testing the beta software for free, you can download it here. The company said it expects the final version of the software to be generally available later this year.

The solution comes complete with firewall and anti-spam for SMS as well as Norton’s antivirus technology. The solution draws on the same core technologies that can be found within Norton’s PC products. These technologies are then applied in the context of the Windows or Symbian operating systems together with the smartphone’s specific usage.

Similar to Norton antivirus, it features auto-protect as well as scan after card insertion. According to the company, this functionality protects phones against viruses, worms and mobile spyware. The firewall provides real time intrusion prevention and controls both in and out bound network traffic on the mobile device. This blocks hackers, other intrusions and denial of service attacks. The product also blocks short text and multimedia messages from unwanted senders by automatically filtering these spam messages to a separate spam folder.

Source: itp.net

Speaking with channelnews, McKee says, “Browser security, run in addition to your current antivirus or security suite, provides an essential level of critical web protection you would not have otherwise. It does not replace traditional layers of protection such as antivirus, anti-spyware, firewall and a security suite, but works in conjunction with these solutions to provide an additional layer of security to ensure a user has complete protection against the emerging classes of browser-based “super attacks”.

Furthermore says McKee, the company has seen that Australian consumers are becoming increasingly savvy about the threats they face online and the good news is that they are also becoming more educated on how to protect themselves.

Check Point markets ZoneAlarm ForceField, which says MckKee, “virtualises parts of the user’s operating system that interact with the Internet, making it the first emulation system that adapts to how users surf rather than asking users to understand and adapt to the duplicate file systems and associated maintenance required of a traditional virtual machine”. IT Security Needs To Be Virtual Says Check Point

By Branko Miletic | Wednesday | 2008-06-11
Furthermore he notes that this “virtualisation technology forms a ‘bubble of security’ around the Web browser so that all unknown or unwanted changes from these silent installs, or drive-by downloads, are made to a virtualised file system and disappear completely once the user is finished surfing”.

By virtualising the browser, and adding active security layers, McKee notes that ZoneAlarm “provides the highest level of technology needed to stop Web attacks, without interfering with users’ browsing experience”.

And as the company notes, “The browsing experience is sacrosanct”.

Source: smartofficenews.com.au

The Norton Antivirus vendor also revealed that more than half of its revenue now comes from outside the US, as it ended its fiscal year on a high note.

Symantec posted earnings of $309m, or $0.36 per share, for the fourth quarter of fiscal 2008, which ended March 28. That was up 50 percent from last year’s results and better than analyst expectations. In a poll of 27 estimates by Thomson Financial, financial analysts forecast earnings to be $0.34 per share, on average.

Analysts expected revenue of $1.53bn; Symantec reported $1.54bn.

After struggling to manage its 2005 acquisition of storage giant Veritas software, Symantec performed well during its 2008 fiscal year. A weakening US currency and strong growth outside of the US have helped the company’s bottom line.

Symantec said that 53 percent of its revenue now comes from outside of the US, where the company saw a 15 percent growth rate, year-over-year. Asia is the fastest-growing region, with revenue growing at 19 percent. In Europe, the Middle East and Africa, the growth rate was 17 percent.

The company didn’t do as well in the US, Latin America and Canada, where revenue was up 10 percent over the same period.

The media player is in fact Backdoor.Edunet.A, a piece of malware which uses victims’ computers as a channel for sending commands to a series of mail servers. The mail servers, which are used to spread spam, are mostly in the .edu and .mil domains.

The list of servers is retrieved by the trojan from a series of web servers which are either compromised themselves or part of the attackers’ own network. The list of web servers is continuously changing, but that of the targets has, so far, remained constant.

The trojan sends the commands in the hopes of finding an open relay – a mis-configured mail server that allows anyone to send e-mails – basically making it appear that any mail originating from the trojan is actually one that has been sent from the open relay.

BitDefender researchers have determined that, at least currently, none of the servers in the current target list are actually vulnerable.

"It’s not every day that you stumble on the workings of an honest-to-God hacking ring, let alone one that has a predilection for using military and university-run mail servers as spam relays,” declared Sorin Dudea, BitDefender’s head of AV Research. “It would be interesting to identify what, if anything, the institutions that own the targeted servers have in common.”

For further details on the new celebrity spam botnet, please visit BitDefender’s Defense Portal site.

About BitDefender®
BitDefender is the creator of one of the industry’s fastest and most effective lines of internationally certified security software. Since our inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention. Every day, BitDefender protects tens of millions of home and corporate users across the globe—giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information is available at www.bitdefender.co.uk