-
Brave new world
What do you call a world where tens of thousands of people have the ability to take out considerable part of an important infrastructure item. This the world we live in. Tens of thousands of people can create botnets and use them to attack other sites. Most recently the Metasploit site was attacked together with…
-
Wonky security posts
I was reading two security blog posts recently from security vendors which seemed a little “off”: The first one was from Avira talking about a great new feature: as I understand it, in the new version of their product if an application is permitted by the Application rules of the firewall, the port rules are…
-
I had that idea!
Today I stumbled upon the paper Rethinking Antivirus: Executable Analysis in the Network Cloud. It talks about running lightweight processes on the hosts which ship files to be scanned to a network server which scans them and gives the clean/infected verdict. I had the exact same idea around the same time :-). Some benefits of…
-
A portable AntiVirus collection
Over at the GSD blog I found a nice collection of descriptions on how to create portable anti-viruses. VIPRE would fit nicely in the collection, however I wanted to do a quick description on how to do this with BitDefender (I’m doing this from memory, so some details might be wrong!): Get the free edition…
-
Can you test AV using VirusTotal?
Just a little post to bait Kurt 🙂 Many people are up in arms about the idea of submitting a sample to VirusTotal and interpreting the (usually rather poor) detection count. A few links to get you started: virustotal usage FAIL why perform virustotal based av tests? “Only X Out of 32 Antivirus Products Detect…
-
New years resolution for webmasters
Graham Cluley gives some advice on the Sophos blog on how to secure your website. Unfortunately he can’t resist touting the companies horn, rather than suggesting a much more effective solution for this scenario: whitelisting. First of all, files on a webserver need to change very rarely. Executables almost never and it is useful to…
-
Interesting thoughts from the Sophos blog
Niall from SophosLabs UK asks: why does spam work? and gives an interesting answer: In his opinion, although we think that claims made by spam is very “out there” and wonder why people keep falling for it, in fact it is no worse that what we see in other media (like TV commercials). On some…
-
Installing Avira (AntiVir)
After a tutorial on installing Avast and one for AVG 8 I decided to write up a tutorial on installing Avira (the former AntiVir). Download the install kit from their website (warning! there is some upselling going on) Install the software Done! Unfortunately there aren’t any options to make the program more silent or transparent…
-
Does AV more harm than good?
This article is one of the best description of the current situation that I’ve seen out there. Some of juicy bits: This comfort and confidence is the problem – if this user had learned the basics about how malware works and is spread, and been educated on the simple day-to-day activities which put them at…
-
What is a perimeter weakening malware?
I’ve seen this idea floating around the Internet for some time and I thought I document it for future reference: A perimeter weakening malware is a program (script, macro, etc) which “lowers the defenses” of a computer (stops AV software, disables the firewall, creates an Administrator account with a certain password, etc) after which it…