Tag Archives | Internet Security

New Video! Kaspersky 2011 Rescue Disk Vs. Malware

I finally got off my lazy game playing butt and got back to making some videos.  This video starts the Kaspersky Internet Security 2011 review and tests.

In this video you will see how the KIS/KAV install disc can double as a bootable anti-virus disc that can detect, remove and disinfect any kind of malware.  Check it out!


Kaspersky Internet Security 2011

Read full story · Comments { 6 }

Twitter Updates for 2010-05-15

  • Be careful on Google Groups. It looks like many groups are spreading malware like crazy. Mods Anyone? #
  • Great deal on ‘Kaspersky Internet Security 2010 3-User’ http://amzn.to/9itAH0 #
Read full story · Comments { 2 }

Twitter Updates for 2010-03-12

Read full story · Comments { 5 }

Comodo 4 Internet Security New Features

Since I’m getting ready to review Comodo 4 Internet Security I thought I’d post what the changes/new features are:

Whats New in COMODO Internet Security 4.0.135239.742?

NEW! Seamless livePCsupport Integration
This version has a built-in Live Support for getting instant help from the experts for any type of problems.
NEW! New User Interface Theme
A new user interface theme has been introduced with this version.
NEW! New Web Based Installer
Now, there is a single setup file which downloads and installs the required products according to operating system the computer has. The product installers are created with Microsoft Windows Installer for native installation/uninstallation support.
NEW! Integrated Sandbox
Proactive Defense i.e. Defense+ now includes a built-in sandbox which combines file system/registry virtualization and least-privileged user account principle in order to combat with unknown malware.
IMPROVED! Default Deny Protection
Defense+ now automatically sandboxes all unknown applications/executables until they are analyzed.
IMPROVED! Significantly fewer number of popup alerts
Defense+, with the help of new sandboxing technologies, has a more powerful default security policy while having significantly fewer number of alerts compared to previous versions.
Also in this version, Defense+ and Firewall, by default, do not create automatic rules for already known safe applications.
IMPROVED! Popup alerts layout
The new popup alerts now include additional options which allow the users to take COMODO Time Machine snapshots or set Windows system restore points, submit suspicious files for immediate analysis.
IMPROVED! Antivirus Engine
Antivirus engine is improved for better detection and cleaning. The new engine now has disinfection support for the infected files.
A new command line virus scanner (cavscan.exe) has been introduced in order to address the need for scanning the computers in windows safe mode or scanning files transferred from MSN etc.

My Comodo 4 Internet Security review and test structure:

  • cover some of the new features (sandbox demo)
  • pit comodo against 10 zero-day threats (non-sandboxed)
Read full story · Comments { 16 }

Internet Security 2010 Rogue, Winlogon2.exe and Other Fun Things for this Week…

I’ve been pretty busy this week with malware appointments and thought I’d share this weeks “note to self stuff”…

  1. A client calls me and says that they have a fake antivirus (internet security 2010 rogue) and now they can’t login to Windows
  2. When I arrive I load my UBCD4WIN and immediately:
    • Replace Atapi.sys.
    • Replace Userinit.exe.
    • Load the host registry and fix the winlogon key so that userinit points to c:\windows\system32\userinit.exe, (not winlogon2.exe).
    • Disconnect the network connection.
    • Reboot.
    • Load Malwarebytes and load the latest updates via usb stick.
    • Quick Scan with MBAM and remove anything found.
    • Reboot.
    • Load new AV (either Microsoft Security Essentials or Kaspersky Internet Security 2010)
  3. Perform misc cleanup stuff and then leave.
Read full story · Comments { 15 }

Removing and Cleaning Up TDSS Guide for 1/2010

Since Jan 1 massive amounts of TDSS rootkits (I should call them packages because it’s more than a rootkit) have been surfacing everywhere and I’ve been swamped with calls.  …good thing for me, bad for them :P

Anyway, here is how I’m removing and cleaning up the latest TDSS infection.

  1. When I get to the clients house I just assume they’ve been infected with a TDSS rootkit.  80% of the time I’m right.
  2. I immediately reboot their PC to my UBCD4Win.  My UBCD4Win contains SAS, Avira (if I need it) and Dr. Web’s CureIT.
  3. In the UBCD4WIN bootable environment I’ll load EZ-PC-Fix, load Hives (basically just loads the host’s registry so I can edit it) and delete all temp files as well as Windows System Restore files.  Next, load Dr Web and scan C:\Windows\System32.
  4. Dr. Web usually finds an infected atapi.sys (the rootkit) and asks me to move it (a.k.a – delete it).
  5. Now it’s time to clean up.
    • I replace the deleted atapi.sys with a clean one from the proper OS.
    • I load EZ-PC-FIX (on the desktop).  Load Hives.
    • Start Regedit.  Expand HKLM on C: (not the bootable cd’s HKLM).  Go to HKLM-Software-Microsoft-Windows NT-CurrentVersion-WinLogon.
    • Inside the WinLogon key you NEED to have string name of Userinit and a value of C:\windows\system32\userinit.exe, (don’t forget to add the comma).  Close regedit.  Close Ez-PC-Fix.
    • Locate a clean copy of userinit.exe, copy it.  Open C:\Windows\System32 and rename the old userinit.exe to userinit.exe.old.  Paste userinit.exe (the clean copy) to c:\windows\system32\userinit.exe.
  6. Run a SAS scan on:
    • C:\Documents and Settings (for XP) or C:\Users (Vista), C:\Windows and the Registry.
    • Run a full Avira scan.
  7. Reboot.
  8. Encourage the client to choose either free anti-virus (Microsoft Security Essentials) or if they have the money for complete protectionKaspersky Internet Security 2010.
  9. Make sure the client is running a current browser (IE8) and that Windows updates are being installed.

If you have your own personal experience with TDSS I’d like to hear about.

Read full story · Comments { 31 }

Norton Internet Security 2010 Review

I reviewed the installation, configuration and protection aspects of Norton Internet Security 2010.  The video is my longest at 43 minutes.


httpvh://www.youtube.com/watch?v=EjWh0AJh58M

Read full story · Comments { 21 }

Norton Internet Security 2010 and Rogue Antivirus = Fail

Since I’ve finally had some down time I decided to work on my next review: Norton Internet Security 2010.

Here’s a tiny sneak peak on one of my “gripes” with NIS 2010 and plenty of other security applications. Rogue Antivius! Internet security suites seem to be helpless when trying to identify rogue security applications. While not exactly malicious to your operating system they are very malicious to your wallet and identity.

Here’s an example.

I installed NIS 2010 and performed all the live updates. Right after that I went on the search for some rogue antivirus. After finding a fake codec site I clicked on the codec download and installed it. NIS immediately says that the file is new and has never been seen in the Norton community, nor does it have a digital signature….but…the file is allowed to install itself on the PC and run!!!

I’m not sure why NIS 2010 allows untrusted files to install and run nor could I find anything on their forums (or help files) that explains why untrusted files are allowed to run.

What NIS 2010 (and other security applications need)

If a file or process is untrusted an average user should have an easy to use applet that allows them to terminate the process or file and then quarantine it.

Let’s take a look at the screen shots below:

The first one shows that a Rogue antivirus called SoftSafeness is untrusted by NIS 2010 yet it’s allowed to run along with all of its scareware components.

The next screen shot shows how easy it is to load the rogues payment site and Norton says it’s a safesite…ouch…someone’s going to lose their identity.

Read full story · Comments { 28 }

Avast 5 Coming Very Soon

Looks like Avast 5 will be released in 3 flavors (and yes, the beta is out)

  • Free Version
  • Pro (paid) Version
  • Internet Security Version (paid)

Upgrades at a glance:

  • pro features virtualization module (for analyzing binaries in a virtual environment)
  • AntiSpam and Firewall Modules
  • big improvements on system speed (especially startup times)
  • the UI has really been overhauled and looks flat out sexy

Get the beta now and try it out for yourself.  Be sure to report any bugs to them though!  Oh yeah, I’m going to do a video on the Avast 5 beta, but I’ll not be passing any judgment since this is just a beta.

Happy Friday, we’re going out for Margaritas :P

Read full story · Comments { 15 }