AVAILABLE NOW THROUGH IREMOVE.NL
Hitman Pro 3 - the all-in-one tool against malicious software
Hitman Pro 3 is a fast all-in-one tool to locate, identify and remove viruses, spyware, trojans, rootkits and other malware. Hitman Pro 3 will quickly show if your PC is infected with malicious software.
Research shows that many computers are infected, even if they have an up-to-date security suite installed, and that a combination of different anti malware programs would be required to prevent infection.
Hitman Pro 3 uses innovative cloud computing techniques to detect and remove potential malware threats with minimal impact on system performance.
Testimonials
"Part of Hitman Pro's sweep for suspicious behavior involves detecting processes that hide their components using rootkit technology, so I wasn't surprise to find that it detected 100 percent of my rootkit-related samples."
"Yes this is a very impressive application that's being actively improved all the time. Leveraging all that AM technology with practically zero resource usage, great stuff."
Advantages of Hitman Pro 3
* Recognizes and removes viruses, trojans, rootkits, spyware and other malware.
* Revolutionary innovation in scanning technique to distinguish between malicious and safe software without signatures.
* Short scan time - searches the system within a few minutes.
* No extra system load.
* Impossible to make false positives on important systems files thanks to "profiling" and whitelisting.
* Multi-vendor identification of malware in our real-time "Scan Cloud".
* Automatically restores common system alterations made by malicious software.
* Creates a check point in System Restore before removing malicious software.
* Removes resistant threats using native NT boot-time deleter.
* Removes references to malicious software (like shortcuts and registry entries).
* Free malware scan.
* Free online support in English, German and Dutch.
How does Hitman Pro 3 work?
The Hitman Pro 3 executable can be downloaded and run straight from a USB Flash Drive, CD/DVD, local or network attached hard drive and will quickly reveal the presence of any malware.
It will scan your PC in a few minutes and detect files that are potentially malware using a Behavioral Scan.
The actual identification of these potential malware files is then done on the Hitman Pro servers - the "Scan Cloud".
To understand how Hitman Pro 3 works we first need to describe a few fundamental characteristics of malicious software and your Windows PC.
Like everything else, malicious software always has a purpose. The malware writer only wants one thing: money. The traditional virus that cripples or destroys your PC is now quite rare. To make money the virus needs to be run and stay resident on the PC. This way the malicious software can steal your personal data, show pop-ups, or install fake software programs. The software can even turn your PC into a zombie as part of a botnet, using your PC to send spam or be part of a cyber attack. Of course, all this is going on without you noticing anything. To keep doing this, the malicious software needs to start automatically and protect itself from being removed by security software.
On a single Windows PC there are thousands of files with a limited number of these files being "executables" and "associated data files", which have file extensions like EXE, DLL, SYS, etc. They belong to for example a word processor, a spreadsheet program or a photo editing program.
To work properly, the malicious program must be an executable file.
Hitman Pro 3 looks for executables like drivers and other automatically starting software programs. These are active in memory, communicate with the internet and potentially try to make themselves invisible. From an average of 400,000 files on your PC typically only 2000 are interesting enough for Hitman Pro 3 to classify. Hitman tries to determine:
* where a file comes from
* how it got on your PC
* which publisher created it
* what purpose it has
* whether it can be uninstalled appropriately
* if it is visible for the user and through Windows API's
* if it's communicating with unreliable computers on the internet
* if it's compressed or encrypted
* if it has anomalies commonly found in malicious software
* what people say about the file on security related websites
These are just a few of the details that Hitman Pro 3 collects, understands and associates. This method is what we call the Behavioral Scan.
History
Hitman Pro versions 1 and 2 were immensely popular in 2006-2008 with millions of users.
The software installed anti-malware software from various vendors to detect and remove malicious software. These software programs were automatically managed on the PC of the end user by Hitman Pro version 1 and 2.
This approach had some disadvantages: A very long scan process, high system load, and errors made by the used anti-spyware software could cause an unstable system.
All these issues are solved in Hitman Pro 3, that was re-developed completely from scratch, using our own technologies.
Hitman Pro 3 uses as many characteristics of safe and malicious software as possible. After classifying only a handful remain interesting enough for further investigation. Each file is fingerprinted and sent to our Scan Cloud. This cloud determines if a file is safe, unsafe or unknown.
Unknown files on your PC are physically sent to the Scan Cloud where the files are scanned, in just seconds, by trusted anti-malware software from our trusted partners.
Purpose
Hitman Pro 3 does not leave a program running in the background that continuously checks incoming e-mail and downloaded files for malware. Therefore you need to scan your PC regularly to ensure your PC is not infected.
Hitman Pro 3 can be used in combination with any other security suite. Scanning your PC for malware with Hitman Pro 3 will always be free so if you already have a security suite on your PC, it is an ideal program to make sure your security suite has not missed anything.
Behavioral Scan
The Behavioral Scan in Hitman Pro 3 does not need to monitor your system constantly to discover suspicious behavior. Most behavioral blocking programs need to monitor continuously. Hitman Pro 3 uses the knowledge from multiple anti-malware partners to identify the files on your system, which makes it exceptionally usable for non-technical computer users, who cannot answer incoherent questions about for example new system services or registry entries. In addition, Hitman Pro 3 knows upfront which files are not interesting and which belong to the operating system. This is done by checking the (valid) digital signatures on executable files and a white list containing signatures of known safe files. Hitman Pro 3 has signatures of all important files from Windows 2000 to Windows 7 (RC). After a quick check, these files are automatically detected as safe.
Screenshots
Welcome
Settings
Price: €17.95
Wednesday 25 November 2009
New Antivirus Technology Prevx 3.0 & Safe Online Via iRemove.nl
AVAILABLE NOW VIA IREMOVE.NL
Prevx 3.0 Anti-malware is a powerful security application with exceptional ability to protect, detect
and remove rootkits and ‘early life’ malicious software including Viruses, Trojans, Worms, Spyware,
and Bots.
Prevx 3.0 Anti-malware can be used as a stand-alone security application or as part of a ‘defense in
depth’ approach alongside other antivirus, antispyware or internet security suites. It is compatible
with Windows 98, NT4, 2000, 2003, 2008, XP, Vista and even Windows 7. Both 32 bit and 64 bit
versions are available. It is also designed to be interoperable with most leading security products
including those from Symantec, McAfee, Trend Micro, CA, Sophos, Kaspersky, Panda, Bit Defender,
ESET, AVIRA, AVAST, AVG, Norman and F-Secure and many others.
Prevx 3.0 Anti-malware has the following key features:
- Comprehensive support for all Windows environments (32 and 64 bit)
- Ultra fast, class leading scan speed
- Powerful, signature-less rootkit detection and removal
- Strong ‘early life’ malware detection and removal
- Powerful, generic clean up of even advanced rootkit and malicious software
- Tiny, class leading, agent size
- Light, class leading, low system resource utilization
- Powerful anti-phishing
- Support for Prevx SafeOnline a powerful layered defense module which protects against phishing , Trojans, DNS poisoning and man-in-the –browser attacks
- Real-time, always up to date connection to the World’s largest online threat database
- Class leading interoperability with other security applications
- Supports scheduled, rapid on-demand and right click scan options
- Supports full cleanup roll back
- Simple, easy to use interface
- Powerful but simple user controls allow the user to choose the level of heuristic protection
- Unique age and spread detection controls allow the user to defeat low volume and targeted attack malware by prohibiting execution of ‘early life’ and/or ‘low usage’ programs
The Prevx 3.0 Anti-malware agent download is just 900 kilobytes. It installs in seconds and will scan
an average PC in around 2-4 minutes on install. Once installed scan times reduce dramatically with
typical PCs being scanned in around 30 to 60 seconds.
There are 4 key elements of the Prevx 3.0 product set the Ultrafast Scan engine, the rootkit and
malicious software detection and removal engine, the real time protection agent and Prevx
SafeOnline. Collectively, these provide a powerful level of protection against today’s advanced
malicious software and web based threats.
Prevx 3.0 Ultrafast Scan Engine
We believe that security products must have minimal impact on the normal use and enjoyment of
your PC and web browsing. The scan engine of Prevx 3.0 sets new standards in scan speed and in
detection rates of advanced rootkit and early life malware. The scan engine incorporates ‘raw’ disk
and registry access technology. This has the simultaneous benefits of dramatically reducing scan
times and allowing much more effective detection of rootkits and stealth malware. A key
differentiator in detecting powerful banking and information stealing Trojans and targeted malware.
Prevx 3.0 will scan an average PC in around 2 to 4 minutes immediately on installation. Thereafter,
scan times reduce even more due the caching techniques used by the scan engine. After the very
first scan a typical PC scan will take around 30 to 60 seconds.
Prevx 3.0 SafeOnline
Every year hundreds of millions of dollars are stolen from individuals, businesses and banks. In
almost all cases the victims of these crimes are totally unaware their information has been stolen
until it is too late. In many cases victims assumed they were safe because they had an antivirus or
internet security product running when the theft occurred and no alert was raised.
Online fraud, information or identity theft is the major concern of most PC users. More than 70% of
online theft, is caused by Trojans that go undetected by antivirus and internet security products.
SafeOnline is an optional component of Prevx 3.0 that provides a powerful and much needed
defense against threats that target web based activity such as online banking and Internet shopping.
Prevx SafeOnline significantly reduces your exposure to online fraud, information, or identity theft. It
does this without any impact on your normal Internet surfing. While you surf, shop and bank online
Prevx SafeOnline is watching to make sure that:
- you don’t mistake a phishing web site as your bank’s web site
- your PC really is connected to the web site you think it is
- your keystrokes are not being copied, recorded or stolen
- the contents of your web page are not being copied, recorded or stolen
- stored information in your internet cache is not being copied, recorded or stolen
- the web page being displayed has not been injected with fields to steal your information
- the contents of your clipboard are not being copied, record or stolen
- your DNS is not poisoned connecting you to a criminal’s fake banking or shopping web site
- your browser is not subject to a ‘man-in-the-browser’ attack
Prevx SafeOnline can be easily configured to protect your information on any web site you choose to
visit. It is completely browser independent and provides its protection with minimum fuss, alerting
you only if a threat is detected. In the case that your PC is infected with an undetected threat such as
a Trojan then Prevx SafeOnline hides your personal information allowing you to complete your
transactions safely.
Antivirus, antimalware and internet security products are no longer enough to give you maximum
protection. Prevx SafeOnline significantly improves your safety by protecting against the threats
which otherwise would go unchecked.
Price: €29.95
Prevx 3.0 Anti-malware is a powerful security application with exceptional ability to protect, detect
and remove rootkits and ‘early life’ malicious software including Viruses, Trojans, Worms, Spyware,
and Bots.
Prevx 3.0 Anti-malware can be used as a stand-alone security application or as part of a ‘defense in
depth’ approach alongside other antivirus, antispyware or internet security suites. It is compatible
with Windows 98, NT4, 2000, 2003, 2008, XP, Vista and even Windows 7. Both 32 bit and 64 bit
versions are available. It is also designed to be interoperable with most leading security products
including those from Symantec, McAfee, Trend Micro, CA, Sophos, Kaspersky, Panda, Bit Defender,
ESET, AVIRA, AVAST, AVG, Norman and F-Secure and many others.
Prevx 3.0 Anti-malware has the following key features:
- Comprehensive support for all Windows environments (32 and 64 bit)
- Ultra fast, class leading scan speed
- Powerful, signature-less rootkit detection and removal
- Strong ‘early life’ malware detection and removal
- Powerful, generic clean up of even advanced rootkit and malicious software
- Tiny, class leading, agent size
- Light, class leading, low system resource utilization
- Powerful anti-phishing
- Support for Prevx SafeOnline a powerful layered defense module which protects against phishing , Trojans, DNS poisoning and man-in-the –browser attacks
- Real-time, always up to date connection to the World’s largest online threat database
- Class leading interoperability with other security applications
- Supports scheduled, rapid on-demand and right click scan options
- Supports full cleanup roll back
- Simple, easy to use interface
- Powerful but simple user controls allow the user to choose the level of heuristic protection
- Unique age and spread detection controls allow the user to defeat low volume and targeted attack malware by prohibiting execution of ‘early life’ and/or ‘low usage’ programs
The Prevx 3.0 Anti-malware agent download is just 900 kilobytes. It installs in seconds and will scan
an average PC in around 2-4 minutes on install. Once installed scan times reduce dramatically with
typical PCs being scanned in around 30 to 60 seconds.
There are 4 key elements of the Prevx 3.0 product set the Ultrafast Scan engine, the rootkit and
malicious software detection and removal engine, the real time protection agent and Prevx
SafeOnline. Collectively, these provide a powerful level of protection against today’s advanced
malicious software and web based threats.
Prevx 3.0 Ultrafast Scan Engine
We believe that security products must have minimal impact on the normal use and enjoyment of
your PC and web browsing. The scan engine of Prevx 3.0 sets new standards in scan speed and in
detection rates of advanced rootkit and early life malware. The scan engine incorporates ‘raw’ disk
and registry access technology. This has the simultaneous benefits of dramatically reducing scan
times and allowing much more effective detection of rootkits and stealth malware. A key
differentiator in detecting powerful banking and information stealing Trojans and targeted malware.
Prevx 3.0 will scan an average PC in around 2 to 4 minutes immediately on installation. Thereafter,
scan times reduce even more due the caching techniques used by the scan engine. After the very
first scan a typical PC scan will take around 30 to 60 seconds.
Prevx 3.0 SafeOnline
Every year hundreds of millions of dollars are stolen from individuals, businesses and banks. In
almost all cases the victims of these crimes are totally unaware their information has been stolen
until it is too late. In many cases victims assumed they were safe because they had an antivirus or
internet security product running when the theft occurred and no alert was raised.
Online fraud, information or identity theft is the major concern of most PC users. More than 70% of
online theft, is caused by Trojans that go undetected by antivirus and internet security products.
SafeOnline is an optional component of Prevx 3.0 that provides a powerful and much needed
defense against threats that target web based activity such as online banking and Internet shopping.
Prevx SafeOnline significantly reduces your exposure to online fraud, information, or identity theft. It
does this without any impact on your normal Internet surfing. While you surf, shop and bank online
Prevx SafeOnline is watching to make sure that:
- you don’t mistake a phishing web site as your bank’s web site
- your PC really is connected to the web site you think it is
- your keystrokes are not being copied, recorded or stolen
- the contents of your web page are not being copied, recorded or stolen
- stored information in your internet cache is not being copied, recorded or stolen
- the web page being displayed has not been injected with fields to steal your information
- the contents of your clipboard are not being copied, record or stolen
- your DNS is not poisoned connecting you to a criminal’s fake banking or shopping web site
- your browser is not subject to a ‘man-in-the-browser’ attack
Prevx SafeOnline can be easily configured to protect your information on any web site you choose to
visit. It is completely browser independent and provides its protection with minimum fuss, alerting
you only if a threat is detected. In the case that your PC is infected with an undetected threat such as
a Trojan then Prevx SafeOnline hides your personal information allowing you to complete your
transactions safely.
Antivirus, antimalware and internet security products are no longer enough to give you maximum
protection. Prevx SafeOnline significantly improves your safety by protecting against the threats
which otherwise would go unchecked.
Price: €29.95
MS unleashes legal attack dogs to lick up COFEE spill
Microsoft unleashed its legal attack dogs to remove its leaked forensics tool from a respected security site, it has emerged.
Cryptome.org was issued with a take-down notice shortly after Microsoft's point-and-click "computer forensics for cops" tool leaked onto the web earlier this month. Redmond's lawyers acted over allegations that Cryptome was offering copies of its COFEE computer forensics utility via its website and days after acknowledging the utility was at least briefly available via BitTorrent.
COFEE (Computer Online Forensic Evidence Extractor) is a package of forensics utilities bundled onto a specially adapted USB stick, and is designed to allow police officers to collect digital evidence from a suspect's PC at a scene of crime or during a raid. The technology can be used to recover internet activity, scan files and obtain a list of processes running on an active computer at the scene of an investigation without interfering with the machine.
Redmond makes the utility (actually a bundle of 150 applications) available at no charge to law enforcement agencies via Interpol. The leak of the tool earlier this month created fears that the software might fall into the hands of miscreants and spur the development of countermeasures.
Microsoft responded to these fears by stressing that the utility was a bundle of commercially available applications and that no secret data was leaked. A statement issued on behalf of Richard Boscovich, senior attorney of Microsoft's Internet Safety Enforcement Team, also acknowledged the software had been made available through BitTorrent, a development that meant anyone might have been able to download the software.
We have confirmed that unauthorised and modified versions of Microsoft’s COFEE tool have been improperly posted to bit torrent networks for public download. We strongly recommend against downloading any technology purporting to be COFEE outside of authorised channels – both because any unauthorised technology may not be what it claims to be and because Microsoft has only granted legal usage rights for our COFEE technology for law enforcement purposes for which the tool was designed. Note that contrary to reports, we do not anticipate the possible availability of COFEE for cybercriminals to download and find ways to ‘build around’ to be a significant concern. COFEE was designed and provided for use by law enforcement with proper legal authority, but is essentially a collection of digital forensic tools already commonly used around the world. Its value for law enforcement is not in secret functionality unknown to cybercriminals; its value is in the way COFEE brings those tools together in a simple and customisable format for law enforcement use in the field.
In cooperation with our partners, we will continue to work to mitigate unauthorised distribution of our technology beyond the means for which it’s been legally provided and, again, would strongly discourage people from downloading unauthorised versions of the tool. As always, law enforcement wishing to use COFEE can safely get the latest released version of the tool free of charge through the established channels with both NW3C and INTERPOL by contacting NW3C at www.nw3c.org or INTERPOL.
Microsoft supplied this statement of 11 November two days before firing off its legal nastygram to Cryptome.org on 13 November. Since COFEE was already available via BitTorrent the legal action might seem slightly overboard, though consistent with Redmond's promise to chase unauthorised distribution of the code.
Security experts we quizzed on this point, however, said Microsoft was well within is rights to ask sites to stop offering copies of the tool for download. In any case, Cryptome.org complied with Microsoft's order. Copies of correspondence pertaining to the COFEE take-down order have been posted by Cryptome here. ®
Cryptome.org was issued with a take-down notice shortly after Microsoft's point-and-click "computer forensics for cops" tool leaked onto the web earlier this month. Redmond's lawyers acted over allegations that Cryptome was offering copies of its COFEE computer forensics utility via its website and days after acknowledging the utility was at least briefly available via BitTorrent.
COFEE (Computer Online Forensic Evidence Extractor) is a package of forensics utilities bundled onto a specially adapted USB stick, and is designed to allow police officers to collect digital evidence from a suspect's PC at a scene of crime or during a raid. The technology can be used to recover internet activity, scan files and obtain a list of processes running on an active computer at the scene of an investigation without interfering with the machine.
Redmond makes the utility (actually a bundle of 150 applications) available at no charge to law enforcement agencies via Interpol. The leak of the tool earlier this month created fears that the software might fall into the hands of miscreants and spur the development of countermeasures.
Microsoft responded to these fears by stressing that the utility was a bundle of commercially available applications and that no secret data was leaked. A statement issued on behalf of Richard Boscovich, senior attorney of Microsoft's Internet Safety Enforcement Team, also acknowledged the software had been made available through BitTorrent, a development that meant anyone might have been able to download the software.
We have confirmed that unauthorised and modified versions of Microsoft’s COFEE tool have been improperly posted to bit torrent networks for public download. We strongly recommend against downloading any technology purporting to be COFEE outside of authorised channels – both because any unauthorised technology may not be what it claims to be and because Microsoft has only granted legal usage rights for our COFEE technology for law enforcement purposes for which the tool was designed. Note that contrary to reports, we do not anticipate the possible availability of COFEE for cybercriminals to download and find ways to ‘build around’ to be a significant concern. COFEE was designed and provided for use by law enforcement with proper legal authority, but is essentially a collection of digital forensic tools already commonly used around the world. Its value for law enforcement is not in secret functionality unknown to cybercriminals; its value is in the way COFEE brings those tools together in a simple and customisable format for law enforcement use in the field.
In cooperation with our partners, we will continue to work to mitigate unauthorised distribution of our technology beyond the means for which it’s been legally provided and, again, would strongly discourage people from downloading unauthorised versions of the tool. As always, law enforcement wishing to use COFEE can safely get the latest released version of the tool free of charge through the established channels with both NW3C and INTERPOL by contacting NW3C at www.nw3c.org or INTERPOL.
Microsoft supplied this statement of 11 November two days before firing off its legal nastygram to Cryptome.org on 13 November. Since COFEE was already available via BitTorrent the legal action might seem slightly overboard, though consistent with Redmond's promise to chase unauthorised distribution of the code.
Security experts we quizzed on this point, however, said Microsoft was well within is rights to ask sites to stop offering copies of the tool for download. In any case, Cryptome.org complied with Microsoft's order. Copies of correspondence pertaining to the COFEE take-down order have been posted by Cryptome here. ®
The rise of targeted attacks
Webcast Earlier this month Paul Wood of MessageLabs joined Freeform Dynamics’ Jon Collins in the Reg studio to discuss targeted attacks and their affect on the modern business.
This thirty minute audio webcast with accompanying slides is now available to watch free of charge from the Reg Archives.
Volumes of targeted attacks are on the rise, but what does this mean for the business and what should we all be looking out for? Tune into Jon and Paul's conversation as they dish out opinion and help shed some light on now we can all make sure we're better protected.
Squeezing in a whole host of the latest facts and figures, Paul kicks proceedings off by giving an overview of targeted attacks, highlighting the industries and document types most under threat, the reasons for targeted attacks becoming popular and some real-world examples.
Jon wraps things up with his take on why businesses have the most to lose and the solutions and processes that will help in combating this type of attack.
Help keep your organisation safe. Tune into the conversation here. Feedback via the tab on the media player is welcome, as always. ®
This thirty minute audio webcast with accompanying slides is now available to watch free of charge from the Reg Archives.
Volumes of targeted attacks are on the rise, but what does this mean for the business and what should we all be looking out for? Tune into Jon and Paul's conversation as they dish out opinion and help shed some light on now we can all make sure we're better protected.
Squeezing in a whole host of the latest facts and figures, Paul kicks proceedings off by giving an overview of targeted attacks, highlighting the industries and document types most under threat, the reasons for targeted attacks becoming popular and some real-world examples.
Jon wraps things up with his take on why businesses have the most to lose and the solutions and processes that will help in combating this type of attack.
Help keep your organisation safe. Tune into the conversation here. Feedback via the tab on the media player is welcome, as always. ®
iPhone anti-malware stuck in state of denial
The blaze of publicity that accompanied the release of the first iPhone worms this month has sparked interest in selling anti-malware products for the device. However no such security products currently exist and Apple shows little inclination in licensing any that do get developed.
Antivirus products for Symbian smartphones have been available for years, but not one antivirus product is available for the iPhone, from any vendor. Releasing such tools would require the help of Apple, which tightly controls what applications are licensed to run on the devices via its successful AppStore marketplace.
But since both the ikee (Rickrolling) and Duh worms affect only jailbroken iPhones (with SSH open and default passwords) the line from Apple is that there's no need for anti-malware for iPhones.
Intego, which has carved out a successful niche marketing anti-malware software for Mac machines, is yet to produce any security software for the iPhone. As well as getting approval from Apple to develop such software, developing security software for the devices poses technical challenges.
"Apple does not allow applications to run in the background on the iPhone, which makes any antivirus or anti-malware software less than optimal," Peter James, an Intego spokesman explained. "To be effective anti-malware needs to run all the time. The same is true of personal firewall software."
James explains that iPhones use a stripped down version of Mac OS X. Although Apple restricts third-party developers from running background processes, not unreasonably because the processing power of the chips on iPhones is limited, Apple system processes including DNS name resolution and clock functions do run in the background, so the restriction isn't absolute.
The practical upshot of Apple's third-party restrictions is that any anti-malware product for an iPhone could not be designed to run constantly in the background, warning about incoming threats. Instead the software could only be used to do either scheduled or on-demand scans.
Graham Cluley, a senior security consultant at Sophos, which offers antivirus products for corporate Macs, explained that the hands of security firms looking to provide protection against the Duh worm and future iPhone malware threats are caught in a bind. Only Apple can untangle this confusion, however it has little incentive to shift its line.
"It's feasible for Sophos to write an application that scans an iPhone for the Duh worm (we detect it as Iph/Duh on other platforms) however the app would obviously have to be approved by Apple to enter their AppStore. I'm not sure how long that process would take, or if it would be approved."
"The only alternative - ironically - would be for us to make it available as an unauthorised app, meaning that iPhone users would have to jailbreak their iPhones to scan them for security problems. This is obviously not ideal," he added.
Mikko Hypponen, chief research officer at F-Secure, criticised Apple for failing to tackle the nascent mobile malware problem more proactively. He contrasts Apple's stance with the more go-ahead attitude of other smartphone manufacturers that rely on the Symbian platform - such as Sony Ericsson - in a blog posting here. ®
Bootnote
Trend Micro has a browser add-on called SmartSurf, available via Apple's AppStore, to protect iPhone users from malicious websites. Cisco has a security dashboard product targeted at iPhone users, tasked with looking after corporate security on enterprise networks. However nether of these are anti-malware products for the iPhone, which remain a glint in the eye of anti-virus developers and (doubtless) the marketing departments of security firms.
Antivirus products for Symbian smartphones have been available for years, but not one antivirus product is available for the iPhone, from any vendor. Releasing such tools would require the help of Apple, which tightly controls what applications are licensed to run on the devices via its successful AppStore marketplace.
But since both the ikee (Rickrolling) and Duh worms affect only jailbroken iPhones (with SSH open and default passwords) the line from Apple is that there's no need for anti-malware for iPhones.
Intego, which has carved out a successful niche marketing anti-malware software for Mac machines, is yet to produce any security software for the iPhone. As well as getting approval from Apple to develop such software, developing security software for the devices poses technical challenges.
"Apple does not allow applications to run in the background on the iPhone, which makes any antivirus or anti-malware software less than optimal," Peter James, an Intego spokesman explained. "To be effective anti-malware needs to run all the time. The same is true of personal firewall software."
James explains that iPhones use a stripped down version of Mac OS X. Although Apple restricts third-party developers from running background processes, not unreasonably because the processing power of the chips on iPhones is limited, Apple system processes including DNS name resolution and clock functions do run in the background, so the restriction isn't absolute.
The practical upshot of Apple's third-party restrictions is that any anti-malware product for an iPhone could not be designed to run constantly in the background, warning about incoming threats. Instead the software could only be used to do either scheduled or on-demand scans.
Graham Cluley, a senior security consultant at Sophos, which offers antivirus products for corporate Macs, explained that the hands of security firms looking to provide protection against the Duh worm and future iPhone malware threats are caught in a bind. Only Apple can untangle this confusion, however it has little incentive to shift its line.
"It's feasible for Sophos to write an application that scans an iPhone for the Duh worm (we detect it as Iph/Duh on other platforms) however the app would obviously have to be approved by Apple to enter their AppStore. I'm not sure how long that process would take, or if it would be approved."
"The only alternative - ironically - would be for us to make it available as an unauthorised app, meaning that iPhone users would have to jailbreak their iPhones to scan them for security problems. This is obviously not ideal," he added.
Mikko Hypponen, chief research officer at F-Secure, criticised Apple for failing to tackle the nascent mobile malware problem more proactively. He contrasts Apple's stance with the more go-ahead attitude of other smartphone manufacturers that rely on the Symbian platform - such as Sony Ericsson - in a blog posting here. ®
Bootnote
Trend Micro has a browser add-on called SmartSurf, available via Apple's AppStore, to protect iPhone users from malicious websites. Cisco has a security dashboard product targeted at iPhone users, tasked with looking after corporate security on enterprise networks. However nether of these are anti-malware products for the iPhone, which remain a glint in the eye of anti-virus developers and (doubtless) the marketing departments of security firms.
Symantec Japan website bamboozled by hacker
By John Leyden
The Register
23rd November 2009
A Symantec-run website was vulnerable to Blind SQL Injection problems that reportedly exposes a wealth of potentially sensitive information.
Romanian hacker Unu used off-the-shelf tools (Pangolin and sqlmap) to steal a glimpse at the database behind Symantec's Japanese website. A peek at the Symantec store revealed by the hack appears to show clear-text passwords associated with customer records. Product keys held on a Symantec server in Japan were also exposed by the hack.
Unu has previously exposed similar problems involving the websites of the UK's parliament and Kaspersky, among many others. The grey-hat hacker has published screenshots to back up his latest claims which, if verified, run deeper than shortcomings on the websites of Kaspersky, F-secure and other security firms previously reported by Unu.
Symantec said it was investigating the reported breach, which Unu claims gave him full disk and database access. The security giant said the vulnerability only affected a website used by consumer customers in the Far East. Symantec admitted there was a problem without commenting on how serious the snafu might be, pending the result of an investigation.
The offending site - pcd.symantec.com - has been taken offline pending the addition of extra security defences.
The Register
23rd November 2009
A Symantec-run website was vulnerable to Blind SQL Injection problems that reportedly exposes a wealth of potentially sensitive information.
Romanian hacker Unu used off-the-shelf tools (Pangolin and sqlmap) to steal a glimpse at the database behind Symantec's Japanese website. A peek at the Symantec store revealed by the hack appears to show clear-text passwords associated with customer records. Product keys held on a Symantec server in Japan were also exposed by the hack.
Unu has previously exposed similar problems involving the websites of the UK's parliament and Kaspersky, among many others. The grey-hat hacker has published screenshots to back up his latest claims which, if verified, run deeper than shortcomings on the websites of Kaspersky, F-secure and other security firms previously reported by Unu.
Symantec said it was investigating the reported breach, which Unu claims gave him full disk and database access. The security giant said the vulnerability only affected a website used by consumer customers in the Far East. Symantec admitted there was a problem without commenting on how serious the snafu might be, pending the result of an investigation.
The offending site - pcd.symantec.com - has been taken offline pending the addition of extra security defences.
Inside the Ring - Chinese, Russian cyberwarfare
By Bill Gertz
INSIDE THE RING
November 19, 2009
[...]
Chinese, Russian cyberwarfare
The Pentagon's National Defense University recently published a groundbreaking book that is one of the few U.S. government documents to highlight the cyberwarfare capabilities of both China and Russia.
The book "Cyberpower and National Security" contains a chapter on the issue revealing that China's computer attack capabilities have become "more visible and troubling" in recent years. "China has launched an unknown number of cyber reconnaissance and offensive events with unknown intent against a variety of countries," the chapter said.
Among the most important attacks were the 2005 cyber espionage attacks against Pentagon computer networks that federal investigators code-named Titan Rain. Another Chinese-origin attack involved computer operations against the U.S. Naval War College in 2006 that shut down systems.
According to the chapter, China's military strategists regard cyberwarfare as an important element of "pre-emptive" warfare capabilities.
Chinese military analysts Peng Guangqian and Yao Youzhi are quoted as saying China plans to use several types of pre-emptive attacks in a future conflict, including "striking the enemy's information center of gravity and weakening combat efficiency of his information systems and cyberized weapons" with the goal of weakening information superiority and reducing combat efficiency.
INSIDE THE RING
November 19, 2009
[...]
Chinese, Russian cyberwarfare
The Pentagon's National Defense University recently published a groundbreaking book that is one of the few U.S. government documents to highlight the cyberwarfare capabilities of both China and Russia.
The book "Cyberpower and National Security" contains a chapter on the issue revealing that China's computer attack capabilities have become "more visible and troubling" in recent years. "China has launched an unknown number of cyber reconnaissance and offensive events with unknown intent against a variety of countries," the chapter said.
Among the most important attacks were the 2005 cyber espionage attacks against Pentagon computer networks that federal investigators code-named Titan Rain. Another Chinese-origin attack involved computer operations against the U.S. Naval War College in 2006 that shut down systems.
According to the chapter, China's military strategists regard cyberwarfare as an important element of "pre-emptive" warfare capabilities.
Chinese military analysts Peng Guangqian and Yao Youzhi are quoted as saying China plans to use several types of pre-emptive attacks in a future conflict, including "striking the enemy's information center of gravity and weakening combat efficiency of his information systems and cyberized weapons" with the goal of weakening information superiority and reducing combat efficiency.
Microsoft warns of IE exploit code in the wild
By Elinor Mills
InSecurity Complex
CNet News
November 23, 2009
Microsoft on Monday said it is investigating a possible vulnerability in Internet Explorer after exploit code that allegedly can be used to take control of computers, if they visit a Web site hosting the code, was posted to a security mailing list.
Microsoft confirmed that the exploit code affects IE 6 and IE 7, but not IE 8, and it said it is "currently unaware of any attacks trying to use the claimed vulnerability or of customer impact," according to a statement.
The exploit code was published to the BugTraq mailing list on Friday with no explanation.
"The exploit targets a vulnerability in the way Internet Explorer uses Cascading Style Sheet (CSS) information. CSS is used in many Web pages to define the presentation of the sites' content," Symantec wrote in a blog post this weekend.
[...]
InSecurity Complex
CNet News
November 23, 2009
Microsoft on Monday said it is investigating a possible vulnerability in Internet Explorer after exploit code that allegedly can be used to take control of computers, if they visit a Web site hosting the code, was posted to a security mailing list.
Microsoft confirmed that the exploit code affects IE 6 and IE 7, but not IE 8, and it said it is "currently unaware of any attacks trying to use the claimed vulnerability or of customer impact," according to a statement.
The exploit code was published to the BugTraq mailing list on Friday with no explanation.
"The exploit targets a vulnerability in the way Internet Explorer uses Cascading Style Sheet (CSS) information. CSS is used in many Web pages to define the presentation of the sites' content," Symantec wrote in a blog post this weekend.
[...]
Subscribe to:
Posts (Atom)
