In recent years, AVG has branched out a bit from its antivirus and security suiteorigins. The company now offers PC cleanup, top-notch parental control, and online backup. AVG designers also continue to tune and improve their core security technology, the latest example of which is AVG Internet Security 2012 ($54.99, direct; $68.99 for three licenses). Not all of the suite's components come up to the high standard of the antivirus component, however.
View Slideshow See all (20) slides
AVG Internet Security 2012 : Main Window
AVG Internet Security 2012 : Desktop Gadget
AVG Internet Security 2012 : Instant Messaging Protection
AVG Internet Security 2012 : LinkScanner
More
The main window of last year's AVG suite bulged with 14 security component icons. This year's redesign managed to represent all the same features with 8 icons. Three additional icons allow integration with AVG Family Safety ($19.95 direct for three licenses, 4.5 stars), AVG PC Tuneup 2011 ($29.99/year direct, 4 stars), and AVG LiveKive online backup.
Specifications
Type
Business, Personal, Professional
OS Compatibility
Windows Vista, Windows XP, Windows 7
Tech Support
FAQ, forum, videos, email; free phone support in US, UK, Canada.
More
Under the Hood
Some of the 2012 improvements aren't visible. The new AVG Accelerator promises to significantly speed up downloads from YouTube and Download.com, with other sites to be added. YouTube videos did seem to load faster, though it's hard to measure for sure.
AVG Advice watches your system over time, checking for things you could do to speed it up. At present the main thing it does is warn you to close and restart your browser when it's using too much memory. I wasn't able to reproduce the problem that triggers this advice, but it seems like a good idea.
The LinkScanner feature, which detects malicious code on Web pages, now takes a wider view. In addition to analyzing Web page code it tracks what's running in the browser. This lets it handle modern dynamic threats whose code is spread over multiple Web pages.
Fake antivirus, also called scareware, was a top threat in AVG's second quarter threat report. The product now uses a patent-pending technique to detect scareware program strictly based on their actions and user prompts. This lets it detect brand-new scareware threats without requiring a file signature.
Powerful Malware Protection
AVG doesn't skimp on protection in their free antivirus product. It has exactly the same malware-fighting capabilities as the full suite. I'll summarize my findings here. For full details see my review of AVG Anti-Virus Free 2012 (Free, 4 stars).
All of the antivirus testing labs whose results I follow include AVG in their tests. When the test's constraints permit, AVG submits the free product for testing. AVG antivirus technology gets good marks overall, though not always the very highest. The chart below summarizes a collection of recent tests. For a full explanation see the article How We Interpret Antivirus Lab Tests.
Related Story
AVG Internet Security 2012 lab tests chart
In my own malware removal test AVG installed without incident and scanned faster than most products. Strangely, its rootkit scan is separate from the whole computer scan. On any test system with rootkit-based samples installed I ran the rootkit scan too.
AVG detected 88 percent of the threats, the second-highest detection rate of products tested with the current sample set. Its score of 6.5 points for malware removal is the highest among that group, and its 6.7 point score for rootkit removal ties for first place with ZoneAlarm Antivirus + Firewall 2012 ($59.95 direct for three licenses, 3 stars). Like Panda Cloud Anti-Virus 1.5 Free Edition (Free, 3.5 stars), Malwarebytes' Anti-Malware Free 1.51 (Free, 4 stars), and several others AVG scored 9.5 points for scareware removal.
For a full explanation of how I come up with these scores see How We Test Malware Removal.
Related Story
AVG Internet Security 2012 malware removal chart
AVG also scored well in my malware blocking tests, though it didn't take as many top scores as in the malware removal tests. It detected 94 percent of the threats, the second-highest detection rate among products tested with this sample set. Its overall score of 8.4 points would have been higher, but a couple of the threats it detected managed to install and run anyway. AVG detected all of the rootkit and scareware samples scoring 8.3 for rootkit blocking and 9.1 for scareware blocking. For details on where these scores come from, see How We Test Malware Blocking.
Related Story
AVG Internet Security 2012 malware blocking chart
The LinkScanner component in the suite includes a feature called Online Shield that's not available in the free antivirus. When I tried re-downloading my malware collection it blocked 42 percent of the existing samples, compared with 33 for the free antivirus. That's better, but not great. TrustPort Total Protection 2012 ($89.95 direct for three licenses, 2.5 stars) blocked 93 percent of the samples either at the Web page level or during the download.
30 Eylül 2011 Cuma
ESET Smart Security 5
A lot has changed since I reviewed version 4 of ESET's security suite in early 2009. However, there aren't a lot of differences to note in ESET Smart Security 5 ($59.99, direct; $79.99 for three licenses). It does include a kind of parental control now, but its antivirus didn't do nearly as well at protecting a test system from attack by my current collection of threats.
In version 4, ESET offered a simple interface and an advanced interface, as well as a very complex advanced setup. Version 5 has removed the advanced interface and tamed the advanced setup, to a degree. Most users will only need to open advanced setup on advice from tech support.
Specifications
Type
Personal
OS Compatibility
Windows Vista, Windows XP, Windows 7
Tech Support
Knowledge base; free phone and email support.
More
Uneven Antivirus
The suite's core antivirus protection is exactly the same as that provided by ESET's standalone antivirus. I'll summarize my findings here; for full details please read my review of ESET NOD32 Antivirus 5 ($39.99 direct, 3 stars).
Some problems installing and scanning with the product were solved by running a full scan in Safe Mode. However, one persistent threat triggered a request to reboot for full cleanup over and over, endlessly. Tech support only managed to fix this problem by using a third-party cleanup tool.
Overall ESET detected 88 percent of the threats and scored 6.5 points for malware removal, the same as AVG Internet Security 2012 ($68.99 direct for three licenses, 3 stars). It detected all of the scareware and rootkit threats and scored 9.5 for scareware removal and 6.7 for rootkit removal. Norton Internet Security 2012 ($69.99 direct for three licenses, 4.5 stars) scored a perfect 10 for scareware removal and an impressive 8.9 points for rootkit removal.
For an explanation of where the score numbers come from, please read How We Test Malware Removal.
ESET Smart Security 5 malware removal chart
ESET turned in a poor performance in my malware blocking test. One identified threat managed to install and run despite repeated attempts by ESET to stop it. Its overall score for malware blocking and its breakout scores specifically for rootkit blocking and scareware blocking were all either the worst or second-worst among suites tested with my current malware collection. For an explanation of how I derive these scores, see How We Test Malware Blocking.
ESET Smart Security 5 malware blocking chart
ESET's technology rates better with the independent antivirus labs, especially those that use static tests of its ability to recognize thousands of inactive viruses and other malicious files. All of the labs I follow do test it, and its results overall are good. For an explanation of how I interpret the different types of tests, see How We Interpret Antivirus Lab Tests.
In version 4, ESET offered a simple interface and an advanced interface, as well as a very complex advanced setup. Version 5 has removed the advanced interface and tamed the advanced setup, to a degree. Most users will only need to open advanced setup on advice from tech support.
Specifications
Type
Personal
OS Compatibility
Windows Vista, Windows XP, Windows 7
Tech Support
Knowledge base; free phone and email support.
More
Uneven Antivirus
The suite's core antivirus protection is exactly the same as that provided by ESET's standalone antivirus. I'll summarize my findings here; for full details please read my review of ESET NOD32 Antivirus 5 ($39.99 direct, 3 stars).
Some problems installing and scanning with the product were solved by running a full scan in Safe Mode. However, one persistent threat triggered a request to reboot for full cleanup over and over, endlessly. Tech support only managed to fix this problem by using a third-party cleanup tool.
Overall ESET detected 88 percent of the threats and scored 6.5 points for malware removal, the same as AVG Internet Security 2012 ($68.99 direct for three licenses, 3 stars). It detected all of the scareware and rootkit threats and scored 9.5 for scareware removal and 6.7 for rootkit removal. Norton Internet Security 2012 ($69.99 direct for three licenses, 4.5 stars) scored a perfect 10 for scareware removal and an impressive 8.9 points for rootkit removal.
For an explanation of where the score numbers come from, please read How We Test Malware Removal.
ESET Smart Security 5 malware removal chart
ESET turned in a poor performance in my malware blocking test. One identified threat managed to install and run despite repeated attempts by ESET to stop it. Its overall score for malware blocking and its breakout scores specifically for rootkit blocking and scareware blocking were all either the worst or second-worst among suites tested with my current malware collection. For an explanation of how I derive these scores, see How We Test Malware Blocking.
ESET Smart Security 5 malware blocking chart
ESET's technology rates better with the independent antivirus labs, especially those that use static tests of its ability to recognize thousands of inactive viruses and other malicious files. All of the labs I follow do test it, and its results overall are good. For an explanation of how I interpret the different types of tests, see How We Interpret Antivirus Lab Tests.
ESET NOD32 Antivirus 5
Many antivirus vendors have adopted a yearly update model, but ESET doesn't swing with that crowd. I reviewed ESET's version 4 in March of 2009, and ESET NOD32 Antivirus 5 ($39.99, direct; $59.99 for three licenses) has just now turned up. This version hasn't changed much in appearance. ESET NOD32 Antivirus 5’s user interface exposes just the information and controls you're likely to need, hiding more complex settings under advanced setup.
During installation you must actively choose whether to enable or disable detection of "potentially unwanted applications." There's no default; you must choose one or the other. Naturally I enabled this feature for testing.
View Slideshow See all (16) slides
ESET NOD32 Antivirus 5 : Main Window
ESET NOD32 Antivirus 5 : Simple Setup
ESET NOD32 Antivirus 5 : Smart Scan
ESET NOD32 Antivirus 5 : In-Depth Scan
More
Specifications
Type
Personal
OS Compatibility
Windows Vista, Windows XP, Windows 7
Tech Support
Knowledge base; free phone and email support.
More
ESET's activation system is a bit awkward. It demands full contact information including physical mail address. Once you've entered a three-license key, you can't use that key again to protect two other PCs. Rather, you must locate the randomly-generated username and password emailed to you after that initial activation and use those for the other two.
Install Trouble, Scan Trouble
Getting ESET installed on my twelve malware-infested test systems was a bit of a challenge. On over half the systems the real-time protection module requested a reboot to finish cleaning up an active threat immediately after installation.
That initial reboot is no problem in itself, but one of those systems became unresponsive after rebooting. I got it working again by using Task Manager to kill and restart Windows Explorer. At that point a message from ESET appeared warning that Explorer was attempting to access a virus and requesting another reboot. I took this as a possible clue that ESET caused the hangup by suspending Windows Explorer, though I couldn't prove it.
I went around this circle five or six times, with a different file each time, before giving up. Fortunately scanning in Safe Mode solved the problem. Another system stuck in a similar fashion, and the icons vanished from ESET's display. Once again a Safe Mode scan solved the problem.
On a third system ESET asked for a reboot to finish wiping out a particular threat. After reboot it did the exact same thing again and again, without end. Something similar happened in my testing of Trend Micro Titanium Antivirus+ 2012 ($39.95 direct, 2.5 stars).
Tech support instructed me to gather logs and use ESET's built-in SysInspector tool. After evaluating the logs they supplied a script for a third-party tool called The Avenger. The script successfully wiped out this persistent threat, but I would have been more impressed had an in-house tool accomplished that feat.
Good Malware Cleanup
With those problems out of the way, testing went quickly. An in-depth scan of the hard drive and operating memory on my standard clean test system finished in 13 minutes. That's faster than Malwarebytes' Anti-Malware Free 1.51 (Free, 4 stars) (14 minutes) and AVG Anti-Virus Free 2012 (Free, 4 stars) (16 minutes). However, a repeat scan with AVG took less than two minutes.
On finishing a scan, ESET reports statistics on what it did. You can click a link for the full scan log, but most users will find it much too detailed. I'd prefer a simple list of threats found, with the individual file and Registry traces hidden by default.
ESET detect 88 percent of the threats, the same as AVG, and scored 6.5 points for malware removal, also the same as AVG. Norton AntiVirus 2012 ($39.99 direct, 4.5 stars) had a slightly lower detection rate, but better cleanup earned it the top removal score of 7.1 points.
Like many of the current antivirus products, ESET detected 100 percent of the scareware (rogue antivirus) samples and scored 9.5 points for scareware removal. Norton and Malwarebytes both managed a perfect 10 on the scareware test.
Quite a few products tested with the current sample set also detected 100 percent of the threats that use rootkit technology. ESET detected 88 percent and scored a so-so 5.3 points for rootkit removal. For an explanation of how I boil down a product's behavior into a malware removal score see How We Test Malware Removal.
During installation you must actively choose whether to enable or disable detection of "potentially unwanted applications." There's no default; you must choose one or the other. Naturally I enabled this feature for testing.
View Slideshow See all (16) slides
ESET NOD32 Antivirus 5 : Main Window
ESET NOD32 Antivirus 5 : Simple Setup
ESET NOD32 Antivirus 5 : Smart Scan
ESET NOD32 Antivirus 5 : In-Depth Scan
More
Specifications
Type
Personal
OS Compatibility
Windows Vista, Windows XP, Windows 7
Tech Support
Knowledge base; free phone and email support.
More
ESET's activation system is a bit awkward. It demands full contact information including physical mail address. Once you've entered a three-license key, you can't use that key again to protect two other PCs. Rather, you must locate the randomly-generated username and password emailed to you after that initial activation and use those for the other two.
Install Trouble, Scan Trouble
Getting ESET installed on my twelve malware-infested test systems was a bit of a challenge. On over half the systems the real-time protection module requested a reboot to finish cleaning up an active threat immediately after installation.
That initial reboot is no problem in itself, but one of those systems became unresponsive after rebooting. I got it working again by using Task Manager to kill and restart Windows Explorer. At that point a message from ESET appeared warning that Explorer was attempting to access a virus and requesting another reboot. I took this as a possible clue that ESET caused the hangup by suspending Windows Explorer, though I couldn't prove it.
I went around this circle five or six times, with a different file each time, before giving up. Fortunately scanning in Safe Mode solved the problem. Another system stuck in a similar fashion, and the icons vanished from ESET's display. Once again a Safe Mode scan solved the problem.
On a third system ESET asked for a reboot to finish wiping out a particular threat. After reboot it did the exact same thing again and again, without end. Something similar happened in my testing of Trend Micro Titanium Antivirus+ 2012 ($39.95 direct, 2.5 stars).
Tech support instructed me to gather logs and use ESET's built-in SysInspector tool. After evaluating the logs they supplied a script for a third-party tool called The Avenger. The script successfully wiped out this persistent threat, but I would have been more impressed had an in-house tool accomplished that feat.
Good Malware Cleanup
With those problems out of the way, testing went quickly. An in-depth scan of the hard drive and operating memory on my standard clean test system finished in 13 minutes. That's faster than Malwarebytes' Anti-Malware Free 1.51 (Free, 4 stars) (14 minutes) and AVG Anti-Virus Free 2012 (Free, 4 stars) (16 minutes). However, a repeat scan with AVG took less than two minutes.
On finishing a scan, ESET reports statistics on what it did. You can click a link for the full scan log, but most users will find it much too detailed. I'd prefer a simple list of threats found, with the individual file and Registry traces hidden by default.
ESET detect 88 percent of the threats, the same as AVG, and scored 6.5 points for malware removal, also the same as AVG. Norton AntiVirus 2012 ($39.99 direct, 4.5 stars) had a slightly lower detection rate, but better cleanup earned it the top removal score of 7.1 points.
Like many of the current antivirus products, ESET detected 100 percent of the scareware (rogue antivirus) samples and scored 9.5 points for scareware removal. Norton and Malwarebytes both managed a perfect 10 on the scareware test.
Quite a few products tested with the current sample set also detected 100 percent of the threats that use rootkit technology. ESET detected 88 percent and scored a so-so 5.3 points for rootkit removal. For an explanation of how I boil down a product's behavior into a malware removal score see How We Test Malware Removal.
23 Eylül 2011 Cuma
Grey market business
Beyond student virus-writers and purely criminal business in the Internet there are “grey” businesses - activities existing on the brink of law. Imposing electronic advertisement, utilities, offering user to visit this or that paid web-resource and other types of unwanted software — they all also require technical support of hacker programmer. It is requires to secretly intrude into the system, repetitive renewal of components and various masking (to protect from deletion from the system), resist anti-virus programs — these aims almost fully coincide with the functional of different Trojans.
Adware
Special advertising components penetrate the system, download advertising information from special servers and show it to the user. In most cases (but not always) the intrusion into the system happens unknown for the user and pop-ups appear only when the Internet-browser is operating (as advertising systems are masked as advertisement banners of web-sites).
After several USA states passed anti-advertisement regulations, Adware developers actually turned out to be beyond law (and practically all of them are American companies). Finally some of them legalized their developments to the maximum: Adware is currently supplied with an installator, there is an icon on the systems panel and a deinstallator. However, hardly any person of sound mind will be willing to install an advertising system on his computer, therefore legal Adware is ‘hard-sold’ together with some free software.
Adware is installed together with this software: most users click “OK”, ignoring texts (appearing) on the screen — and get advertising programs together with the ones being installed. As often a half of the desktop and system panel are filled with various icons, the icon of the advertisement program becomes lost among them. Thus Adware, legal de jure, is installed secretly from the user and is not seen in the system.
It should be noted that in some cases it is impossible to delete legal advertising systems without affection of operation of the main software. Thus producers of Adware protect it from deinstallation.
Pornography and premium-pay resources
To attract users to paid web-sites often different programs are used which de jure are not categorized as malicious as they do not conceal their presence, and the user appears on the paid resource having positively answered а corresponding question. However, installation of such is not authorized by the user, and for instance when the user visits dubious web-sites. Then they obtrusively offer (the user) to visit this or that paid resource.
Rogue antivirus and anti-spyware programs
This is a relatively new type of cybercrime. The user is fobbed off with a small program, which informs that spyware or virus has been detected on the computer. The message appears in any case regardless of the actual situation - even if no other programs except ОС Windows are installed on the computer. At the same time the user is offered to purchase a “treatment” for a small sum of money which in fact does not cure anything.
Adware
Special advertising components penetrate the system, download advertising information from special servers and show it to the user. In most cases (but not always) the intrusion into the system happens unknown for the user and pop-ups appear only when the Internet-browser is operating (as advertising systems are masked as advertisement banners of web-sites).
After several USA states passed anti-advertisement regulations, Adware developers actually turned out to be beyond law (and practically all of them are American companies). Finally some of them legalized their developments to the maximum: Adware is currently supplied with an installator, there is an icon on the systems panel and a deinstallator. However, hardly any person of sound mind will be willing to install an advertising system on his computer, therefore legal Adware is ‘hard-sold’ together with some free software.
Adware is installed together with this software: most users click “OK”, ignoring texts (appearing) on the screen — and get advertising programs together with the ones being installed. As often a half of the desktop and system panel are filled with various icons, the icon of the advertisement program becomes lost among them. Thus Adware, legal de jure, is installed secretly from the user and is not seen in the system.
It should be noted that in some cases it is impossible to delete legal advertising systems without affection of operation of the main software. Thus producers of Adware protect it from deinstallation.
Pornography and premium-pay resources
To attract users to paid web-sites often different programs are used which de jure are not categorized as malicious as they do not conceal their presence, and the user appears on the paid resource having positively answered а corresponding question. However, installation of such is not authorized by the user, and for instance when the user visits dubious web-sites. Then they obtrusively offer (the user) to visit this or that paid resource.
Rogue antivirus and anti-spyware programs
This is a relatively new type of cybercrime. The user is fobbed off with a small program, which informs that spyware or virus has been detected on the computer. The message appears in any case regardless of the actual situation - even if no other programs except ОС Windows are installed on the computer. At the same time the user is offered to purchase a “treatment” for a small sum of money which in fact does not cure anything.
Distributed network attacks
Also referred to as DDoS-attacks (Distributed Denial of Service). Network resources (eg. web-servers) are limited in the number of requests serviced simultaneously — it is limited in capacities of the server as well as width of the channel used to connect it to the Internet. If the number of requests exceeds allowable, either operation of the server will become considerable slower, or users’ requests will be ignored at all.
Taking advantage if this, computer hackers initiate “garbage” requests to the attacked resource, with the number of such requests manifold exceeding potential of the victim resource. A “zombie-network” a mass DDoS-attack starts attacking one or several internet-resources entailing failure of attacked network nodes.
As a result, the attacked resource becomes inaccessible for common users. Usually Internet-stores, Internet-casinos and other businesses which are highly dependent on efficiency of Internet-services are affected. Most often distributed attacks are arranged either to discredit competitor’s business or request money for stop the attack — an Internet-racket of a sort.
In 2002-2004 this kind of criminal activity was quite common. Later it recoiled, which seemed to be accounted for by successful police investigations (at least several tens of people all around the world have been arrested) and due to quite successful technical countermeasures (to such attacks).
Botnets
Special Trojans – ‘bots’ (from “robot”) are created for this kind of networks, centrally managed by the remote “master”. The Trojan intrudes into thousands, tens of thousands or even millions of computers. This enables the master of the “zombie network” (or “bot-network”) to access resources of all infected computers and use them to own benefits. Sometimes such networks of “zombie-machines” come into the black Internet-market where they are acquired by spammers or rented.
Calls to premium-pay numbers or sending paid SMS
Cybercriminals, or groups of cybercriminals, create and distribute a special program which illegally makes telephone calls or sends SMS messages from mobile phones, which is not authorized by the user. Before this or in parallel the same time the same people register the company on whose behalf a contract with the local mobile provider on paid service is made.
Naturally, the provider is not notified that these calls are not authorized by the user. Then a Trojan calls a paid telephone number, the mobile company выставляет accounts for the numbers which initiated the calls and pays the hacker the sum defined by the contract.
Stealing electronic currency
To be more precise, this includes creation, distribution and maintenance of Trojan spy programs aimed to steal funds from personal e-wallets (e.g. e-gold, WebMoney). Trojan programs of this kind collect information on access codes to accounts and send it to their “master”. Usually the information is collected by searching and decoding files which store personal data of the account’s owner.
Stealing banking information
This is currently one of the most common types of criminal activity on the Internet. In this case numbers of credit cards and access codes to Internet personal (sometimes even corporate) bank accounts ((“Internet-banking”) are at risk. In such attacks Trojan spies use a wide range of methods. For instance, they show a dialogue window or image which duplicates the web-page of the bank and request login and password from the user to access the account or a credit card number (similar methods are also typical of phishing — spam mailings with imitation text which reminds a message from the bank or other Internet-service).
In order to get the user to enter his/ her personal data, social engineering tricks are used. The user is informed about negative consequences if he does not enter the code (e.g. internet-bank will cease to serve the account) or that something very positive will not happen (“a lot of money will be deposited on your account — please, confirm your account details”).
Often a keylogger Trojan (“keyboard spies”) are waiting for the user to connect to his original banking web-page and capture symbols inserted from the keyboard (i.e. login and password). For this purpose they monitor launch and activity of applications and if user uses a browser, compare the name of the website with the list of banks registered in the Trojan’s code. If the web-site is found in the list, the keyboard spy is activated and the tapped information (the sequence of keys) sent to the hacker. Trojans of this type (unlike other bank Trojans) do not reveal themselves in the system.
Stealing other confidential information
Hackers may take an interest not only in financial, but any other valuable information — databases, technical documentation e.t.c. To access and steal this information specially developed Trojan spies intrude into victim computers.
Also legal network applications are known to be used for the attack. An FTP-server, for example, would secretly intrude into the system or file-exchange («Peer-to-Peer» — P2P) program software would also be secretly installed. As a result, computer’s files became accessible from the outside. Due to numerous incidents, connected with felonious use of P2P-networks, they were officially banned in France and Japan in 2006.
Cyber blackmail and cyber extortion
Cybercriminals create Trojans which can encrypt a user's personal files. The Trojan penetrates the system, searches for and encrypts the user data and then leaves a message that files are not subject to restoration and that the decryption program can be obtained by contacting the address given in the message.
Archiving user files encrypted with a long password is another notorious method of cyber blackmail. Once the original files have been archived, they are deleted followed by a request to transfer a certain amount of money in exchange for the password to the archive.
This type of cybercrime (data encryption) is critically dangerous from the technical perspective. In other cases it is possible to protect the computer from the Trojan, however in this case one has to deal with firm encoding algorithms. If such algorithms and keys (passwords) are long enough, it becomes technically impossible to restore files without getting the information from the hacker.
Evolving “delivery methods”
To commit the crimes described above, cybercriminals have created and distribute network worms which have caused numerous Internet epidemics. Their major aim is to install criminal Trojans on as many computers as possible in the global network. Mydoom and Bagle, notorious since 2004, and the Warezov mail worm, which emerged in 2006, are examples of such worms.
In some cases the aim is not that of “maximum coverage” — vice versa, the number of infected computers seems to be purposefully limited, not to attract too much attention of law enforcement agencies. In such cases victim computers are intruded not by the uncontrolled network worm, but, for instance, through infected web-page. Criminals can register the number of visitors to the page and the number of successful infecting — and develop the Trojan code when the required number of infected computer is reached.
Targeted attacks
Unlike mass attacks, aimed to infect as many computers as possible, targeted attacks have an altogether different purpose — to infect the network of a certain company or organization or implement a specially developed Trojan agent to the single node (server) of the network infrastructure. Companies in possession of valuable information, such as banks, billing companies (e.g. telephone companies) e. t. c. are at risk in this case.
The reason why bank servers or networks are attacked is obvious: criminals are trying to access bank information, illegally transfer funds (sometimes — in very considerable amounts) to the account(s) of the hacker. When billing companies are attacked, the aim is to access clients’ accounts. Targeted attacks are seeking any valuable information stored at the network servers, i.e. client databases, financial and technical documentation — everything that can be of interest for a potential hacker.
Usually large companies holding critical and valuable information are attacked. Their network infrastructure is quite well protected from external attacks and without any internal help it is not possible to intrude it. Therefore most frequently such attacks are arranged either by employees of attacked companies (insiders) or with their direct participation.
Other criminal activity
Other cybercrimes do exist, but are not yet widespread. These are the theft (collection) of e-mail addresses from infected computers and selling them to spammers, search of exposures in operating systems and applications and selling them to other computer criminals. These businesses also include development and selling of custom-made Trojans e. t. c. Most probably, as existing Internet-services develop and new ones emerge, new crimes in the cyber-space will also appear.
Taking advantage if this, computer hackers initiate “garbage” requests to the attacked resource, with the number of such requests manifold exceeding potential of the victim resource. A “zombie-network” a mass DDoS-attack starts attacking one or several internet-resources entailing failure of attacked network nodes.
As a result, the attacked resource becomes inaccessible for common users. Usually Internet-stores, Internet-casinos and other businesses which are highly dependent on efficiency of Internet-services are affected. Most often distributed attacks are arranged either to discredit competitor’s business or request money for stop the attack — an Internet-racket of a sort.
In 2002-2004 this kind of criminal activity was quite common. Later it recoiled, which seemed to be accounted for by successful police investigations (at least several tens of people all around the world have been arrested) and due to quite successful technical countermeasures (to such attacks).
Botnets
Special Trojans – ‘bots’ (from “robot”) are created for this kind of networks, centrally managed by the remote “master”. The Trojan intrudes into thousands, tens of thousands or even millions of computers. This enables the master of the “zombie network” (or “bot-network”) to access resources of all infected computers and use them to own benefits. Sometimes such networks of “zombie-machines” come into the black Internet-market where they are acquired by spammers or rented.
Calls to premium-pay numbers or sending paid SMS
Cybercriminals, or groups of cybercriminals, create and distribute a special program which illegally makes telephone calls or sends SMS messages from mobile phones, which is not authorized by the user. Before this or in parallel the same time the same people register the company on whose behalf a contract with the local mobile provider on paid service is made.
Naturally, the provider is not notified that these calls are not authorized by the user. Then a Trojan calls a paid telephone number, the mobile company выставляет accounts for the numbers which initiated the calls and pays the hacker the sum defined by the contract.
Stealing electronic currency
To be more precise, this includes creation, distribution and maintenance of Trojan spy programs aimed to steal funds from personal e-wallets (e.g. e-gold, WebMoney). Trojan programs of this kind collect information on access codes to accounts and send it to their “master”. Usually the information is collected by searching and decoding files which store personal data of the account’s owner.
Stealing banking information
This is currently one of the most common types of criminal activity on the Internet. In this case numbers of credit cards and access codes to Internet personal (sometimes even corporate) bank accounts ((“Internet-banking”) are at risk. In such attacks Trojan spies use a wide range of methods. For instance, they show a dialogue window or image which duplicates the web-page of the bank and request login and password from the user to access the account or a credit card number (similar methods are also typical of phishing — spam mailings with imitation text which reminds a message from the bank or other Internet-service).
In order to get the user to enter his/ her personal data, social engineering tricks are used. The user is informed about negative consequences if he does not enter the code (e.g. internet-bank will cease to serve the account) or that something very positive will not happen (“a lot of money will be deposited on your account — please, confirm your account details”).
Often a keylogger Trojan (“keyboard spies”) are waiting for the user to connect to his original banking web-page and capture symbols inserted from the keyboard (i.e. login and password). For this purpose they monitor launch and activity of applications and if user uses a browser, compare the name of the website with the list of banks registered in the Trojan’s code. If the web-site is found in the list, the keyboard spy is activated and the tapped information (the sequence of keys) sent to the hacker. Trojans of this type (unlike other bank Trojans) do not reveal themselves in the system.
Stealing other confidential information
Hackers may take an interest not only in financial, but any other valuable information — databases, technical documentation e.t.c. To access and steal this information specially developed Trojan spies intrude into victim computers.
Also legal network applications are known to be used for the attack. An FTP-server, for example, would secretly intrude into the system or file-exchange («Peer-to-Peer» — P2P) program software would also be secretly installed. As a result, computer’s files became accessible from the outside. Due to numerous incidents, connected with felonious use of P2P-networks, they were officially banned in France and Japan in 2006.
Cyber blackmail and cyber extortion
Cybercriminals create Trojans which can encrypt a user's personal files. The Trojan penetrates the system, searches for and encrypts the user data and then leaves a message that files are not subject to restoration and that the decryption program can be obtained by contacting the address given in the message.
Archiving user files encrypted with a long password is another notorious method of cyber blackmail. Once the original files have been archived, they are deleted followed by a request to transfer a certain amount of money in exchange for the password to the archive.
This type of cybercrime (data encryption) is critically dangerous from the technical perspective. In other cases it is possible to protect the computer from the Trojan, however in this case one has to deal with firm encoding algorithms. If such algorithms and keys (passwords) are long enough, it becomes technically impossible to restore files without getting the information from the hacker.
Evolving “delivery methods”
To commit the crimes described above, cybercriminals have created and distribute network worms which have caused numerous Internet epidemics. Their major aim is to install criminal Trojans on as many computers as possible in the global network. Mydoom and Bagle, notorious since 2004, and the Warezov mail worm, which emerged in 2006, are examples of such worms.
In some cases the aim is not that of “maximum coverage” — vice versa, the number of infected computers seems to be purposefully limited, not to attract too much attention of law enforcement agencies. In such cases victim computers are intruded not by the uncontrolled network worm, but, for instance, through infected web-page. Criminals can register the number of visitors to the page and the number of successful infecting — and develop the Trojan code when the required number of infected computer is reached.
Targeted attacks
Unlike mass attacks, aimed to infect as many computers as possible, targeted attacks have an altogether different purpose — to infect the network of a certain company or organization or implement a specially developed Trojan agent to the single node (server) of the network infrastructure. Companies in possession of valuable information, such as banks, billing companies (e.g. telephone companies) e. t. c. are at risk in this case.
The reason why bank servers or networks are attacked is obvious: criminals are trying to access bank information, illegally transfer funds (sometimes — in very considerable amounts) to the account(s) of the hacker. When billing companies are attacked, the aim is to access clients’ accounts. Targeted attacks are seeking any valuable information stored at the network servers, i.e. client databases, financial and technical documentation — everything that can be of interest for a potential hacker.
Usually large companies holding critical and valuable information are attacked. Their network infrastructure is quite well protected from external attacks and without any internal help it is not possible to intrude it. Therefore most frequently such attacks are arranged either by employees of attacked companies (insiders) or with their direct participation.
Other criminal activity
Other cybercrimes do exist, but are not yet widespread. These are the theft (collection) of e-mail addresses from infected computers and selling them to spammers, search of exposures in operating systems and applications and selling them to other computer criminals. These businesses also include development and selling of custom-made Trojans e. t. c. Most probably, as existing Internet-services develop and new ones emerge, new crimes in the cyber-space will also appear.
Petty theft
Following emergence and promotion of paid internet-services (mail, web, hosting) computer underground members start to take a interest to how to access to network at somebody else’s expense, i.e. by stealing somebody’s login and password (or several logins and passwords from different infected computers) by using specially developed Trojans.
1997 brought the emergence and spread of Trojans designed to steal AOL passwords. In 1998 with further spread of Internet services, Trojans of this kind start to affect other Internet-services as well. Such Trojans, as viruses themselves, are usually written by young people who cannot pay for Internet-services. (It is noteworthy), as the cost of Internet-services gets lower the proportion number of such Trojans decreases accordingly. However, Trojans stealing passwords to dial-up, AOL, ICQ and access codes to other services constitute a considerable part of everyday “inflows’ to labs of anti-virus companies all around the globe.
Petty thieves also create other types of Trojans which steal account information and key files of various program products and resources of infected computers for the benefit of their “master” e. t. c.
In recent years there has been a constant increase in the number of Trojans, stealing personal information from network games (gaming virtual property) for unauthorized use or resale. Such Trojans are especially widely spread in Asian countries, especially China, Korea and Japan.
Cybercrime
The most dangerous group of virus writers is hackers or groups of hackers who intentionally create malicious programs in their own interests. They create such virus and Trojan programs which steal access codes to bank accounts, obtrusively advertise products or services, illegally use resources of the infected computer (for the purpose of getting money again – to develop spam-business or arrange distributed network attacks further aiming at blackmailing). Activities of this kind (of individuals) are multifarious. Let us look at major types of criminal business in the network in more detail.
Support for spammers
Trojan proxy-servers and multipurpose Trojans functioning as proxy servers make up “zombie-networks” (proxy server — utility used for anonymous work in the network, usually installed on a dedicated computer) (designed) to mass-mail spam. Further Trojan proxy-servers get a spam sample and addresses to mail this spam from their “master”.
In sending spam from thousands (or tens of thousands) of infected computers spammers achieve several aims:
distribution is anonymous — message headings and other service information in the letter do not allow to discover the real address of the spammer;
spam-mailing is very fast, as it involves many “zombie-computers”;
“black list” technologies of tracing addresses of infected machines are ineffective in this case — it does not seem possible to trace all spam-mailing computers as there are too many of them.
1997 brought the emergence and spread of Trojans designed to steal AOL passwords. In 1998 with further spread of Internet services, Trojans of this kind start to affect other Internet-services as well. Such Trojans, as viruses themselves, are usually written by young people who cannot pay for Internet-services. (It is noteworthy), as the cost of Internet-services gets lower the proportion number of such Trojans decreases accordingly. However, Trojans stealing passwords to dial-up, AOL, ICQ and access codes to other services constitute a considerable part of everyday “inflows’ to labs of anti-virus companies all around the globe.
Petty thieves also create other types of Trojans which steal account information and key files of various program products and resources of infected computers for the benefit of their “master” e. t. c.
In recent years there has been a constant increase in the number of Trojans, stealing personal information from network games (gaming virtual property) for unauthorized use or resale. Such Trojans are especially widely spread in Asian countries, especially China, Korea and Japan.
Cybercrime
The most dangerous group of virus writers is hackers or groups of hackers who intentionally create malicious programs in their own interests. They create such virus and Trojan programs which steal access codes to bank accounts, obtrusively advertise products or services, illegally use resources of the infected computer (for the purpose of getting money again – to develop spam-business or arrange distributed network attacks further aiming at blackmailing). Activities of this kind (of individuals) are multifarious. Let us look at major types of criminal business in the network in more detail.
Support for spammers
Trojan proxy-servers and multipurpose Trojans functioning as proxy servers make up “zombie-networks” (proxy server — utility used for anonymous work in the network, usually installed on a dedicated computer) (designed) to mass-mail spam. Further Trojan proxy-servers get a spam sample and addresses to mail this spam from their “master”.
In sending spam from thousands (or tens of thousands) of infected computers spammers achieve several aims:
distribution is anonymous — message headings and other service information in the letter do not allow to discover the real address of the spammer;
spam-mailing is very fast, as it involves many “zombie-computers”;
“black list” technologies of tracing addresses of infected machines are ineffective in this case — it does not seem possible to trace all spam-mailing computers as there are too many of them.
Who creates malware and why?
Let us first answer the main question. Who benefits from it? Why have computers, networks, and mobile phones become carriers of not only useful information, but also a “habitat” for different malicious programs? It is not difficult to answer this question. All (or almost all) inventions, mass use technologies have, sooner or later, become a tool of hooligans, swindlers, blackmailers and other criminals. As soon as there is an opportunity to misuse something, somebody will definitely find new technologies and use them in a way that was not intended by the inventors, but in an altogether different way — for their own interests or to assert themselves to the detriment of others. Unfortunately, computers, mobile phones, computer and mobile networks have not escaped this fate. As soon as these technologies started being used by the masses, the bad guys stepped in. However, the criminalization of these innovations was a gradual process.
Computer vandalism
Petty theft
Cybercrime
“Grey” business
Computer vandalism
In the past the majority of viruses and Trojans were created by students who had just mastered a programming language and wanted to try it out, but failed to find a better platform for their skills. Up to present time writers such viruses were seeking only one thing - to raise self-esteem. Fortunately, a large part of such viruses have not been distributed (by their authors) and shortly viruses “died away” together with the storage disks or authors of viruses sent them only to anti-virus companies with a note that the virus would not be further transferred.
The second group viruses-writers also includes young people (often — students), who have not yet fully mastered the art of programming. Inferiority complex is the only reason prompting them to write viruses, which is compensated by computer hooliganism. Such “craftsmen” often produce primitive viruses with numerous mistakes (the so-called “student viruses”). Life of such virus-writers has become much simpler with the development of Internet and emergence of numerous websites training how to write a computer virus. Web-resources of this kind give detailed recommendations on how to intrude into the system, conceal from anti-virus programs and offer ways of further distribution of a virus. Often ready original texts are provided, which require only minimal “author” changes and compilation as recommended.
When older and more experienced, many virus-writers fall into the third and most dangerous group, creating professional viruses and lets them out to the world. These elaborate and smoothly running programs are created by professionals, not infrequently very talented programmers. These viruses often intrude into data system domains in very unusual ways, use mistakes of security systems of operating environments’, social engineering and other tricks.
The fourth group of malware writers is very special— “researchers”, rather shrewd programmers who invent new methods of infecting, concealing and resistance to anti-viruses etc. They also invent ways of intrusion into new operational systems. These programmers create viruses not for the sake of viruses themselves, but rather to research the potential of “computer fauna” — they produce the so-called “connectional viruses” (Proof of Concept — PoC). Often their authors do not spread these creations, but actively promote their ideas via numerous Internet resources, devoted to the creation of viruses. The danger of such “research viruses” is also very high — when falling among the third groups of “professionals”, new viruses where these ideas are revealed emerge in no time.
“Traditional” viruses created by people mentioned above are still emerging - hooligan teenagers who become adults are constantly replaced by the new generations (of teenagers). Interestingly enough, recently “hooligan viruses” have become less and less relevant — except when malicious programs evoke global network and e-mail epidemics. New viruses of “traditional“ type are considerably decreasing in number — 2005-2006 faced a dramatic decrease in their number as compared to mid and late 1990. There are several possible reasons why students are not as interested to creating viruses.
It was a lot easier to create viruses for MS-DOS in the 1990-s than for the more complex Windows.
Special computer-related articles were introduced to legislation of many countries and arrests of virus writers were widely covered by the press, which definitely cooled students’ interest to viruses.
Moreover, they found a new way to show their worth — network games. Most probably, modern games shifted the interest and attracted computerized young people.
Thus, currently the share of “traditional” hooligan viruses and Trojans is no more than 5% of all programs registered in anti-virus databases. The remaining 95% are much more dangerous than simply viruses. They are created for the following purposes.
Computer vandalism
Petty theft
Cybercrime
“Grey” business
Computer vandalism
In the past the majority of viruses and Trojans were created by students who had just mastered a programming language and wanted to try it out, but failed to find a better platform for their skills. Up to present time writers such viruses were seeking only one thing - to raise self-esteem. Fortunately, a large part of such viruses have not been distributed (by their authors) and shortly viruses “died away” together with the storage disks or authors of viruses sent them only to anti-virus companies with a note that the virus would not be further transferred.
The second group viruses-writers also includes young people (often — students), who have not yet fully mastered the art of programming. Inferiority complex is the only reason prompting them to write viruses, which is compensated by computer hooliganism. Such “craftsmen” often produce primitive viruses with numerous mistakes (the so-called “student viruses”). Life of such virus-writers has become much simpler with the development of Internet and emergence of numerous websites training how to write a computer virus. Web-resources of this kind give detailed recommendations on how to intrude into the system, conceal from anti-virus programs and offer ways of further distribution of a virus. Often ready original texts are provided, which require only minimal “author” changes and compilation as recommended.
When older and more experienced, many virus-writers fall into the third and most dangerous group, creating professional viruses and lets them out to the world. These elaborate and smoothly running programs are created by professionals, not infrequently very talented programmers. These viruses often intrude into data system domains in very unusual ways, use mistakes of security systems of operating environments’, social engineering and other tricks.
The fourth group of malware writers is very special— “researchers”, rather shrewd programmers who invent new methods of infecting, concealing and resistance to anti-viruses etc. They also invent ways of intrusion into new operational systems. These programmers create viruses not for the sake of viruses themselves, but rather to research the potential of “computer fauna” — they produce the so-called “connectional viruses” (Proof of Concept — PoC). Often their authors do not spread these creations, but actively promote their ideas via numerous Internet resources, devoted to the creation of viruses. The danger of such “research viruses” is also very high — when falling among the third groups of “professionals”, new viruses where these ideas are revealed emerge in no time.
“Traditional” viruses created by people mentioned above are still emerging - hooligan teenagers who become adults are constantly replaced by the new generations (of teenagers). Interestingly enough, recently “hooligan viruses” have become less and less relevant — except when malicious programs evoke global network and e-mail epidemics. New viruses of “traditional“ type are considerably decreasing in number — 2005-2006 faced a dramatic decrease in their number as compared to mid and late 1990. There are several possible reasons why students are not as interested to creating viruses.
It was a lot easier to create viruses for MS-DOS in the 1990-s than for the more complex Windows.
Special computer-related articles were introduced to legislation of many countries and arrests of virus writers were widely covered by the press, which definitely cooled students’ interest to viruses.
Moreover, they found a new way to show their worth — network games. Most probably, modern games shifted the interest and attracted computerized young people.
Thus, currently the share of “traditional” hooligan viruses and Trojans is no more than 5% of all programs registered in anti-virus databases. The remaining 95% are much more dangerous than simply viruses. They are created for the following purposes.
20 Eylül 2011 Salı
Worms
A worm is a computer program that has the ability to copy itself from machine to machine. Worms use up computer time and network bandwidth when they replicate, and often carry payloads that do considerable damage. A worm called Code Red made huge headlines in 2001. Experts predicted that this worm could clog the Internet so effectively that things would completely grind to a halt.
A worm usually exploits some sort of security hole in a piece of software or the operating system. For example, the Slammer worm (which caused mayhem in January 2003) exploited a hole in Microsoft's SQL server. "Wired" magazine took a fascinating look inside Slammer's tiny (376 byte) program.
Worms normally move around and infect other machines through computer networks. Using a network, a worm can expand from a single copy incredibly quickly. The Code Red worm replicated itself more than 250,000 times in approximately nine hours on July 19, 2001 [Source: Rhodes].
The Code Red worm slowed down Internet traffic when it began to replicate itself, but not nearly as badly as predicted. Each copy of the worm scanned the Internet for Windows NT or Windows 2000 servers that did not have the Microsoft security patch installed. Each time it found an unsecured server, the worm copied itself to that server. The new copy then scanned for other servers to infect. Depending on the number of unsecured servers, a worm could conceivably create hundreds of thousands of copies.
The Code Red worm had instructions to do three things:
Replicate itself for the first 20 days of each month
Replace Web pages on infected servers with a page featuring the message "Hacked by Chinese"
Launch a concerted attack on the White House Web site in an attempt to overwhelm it [Source: eEye Digital Security]
Upon successful infection, Code Red would wait for the appointed hour and connect to the www.whitehouse.gov domain. This attack would consist of the infected systems simultaneously sending 100 connections to port 80 of www.whitehouse.gov (198.137.240.91).
The U.S. government changed the IP address of www.whitehouse.gov to circumvent that particular threat from the worm and issued a general warning about the worm, advising users of Windows NT or Windows 2000 Web servers to make sure they installed the security patch. .
Reported Viruses
According to a report by Symantec published in September 2007, the company received more than 212,000 reports of viruses, worms and other threats during the first half of 2007, a 185% increase over the second half of 2006.
A worm called Storm, which showed up in 2007, immediately started making a name for itself. Storm uses social engineering techniques to trick users into loading the worm on their computers. So far, it's working -- experts believe between one million and 50 million computers have been infected [source: Schneier].
When the worm is launched, it opens a back door into the computer, adds the infected machine to a botnet and installs code that hides itself. The botnets are small peer-to-peer groups rather than a larger, more easily identified network. Experts think the people controlling Storm rent out their micro-botnets to deliver spam or adware, or for denial-of-service attacks on Web sites.
A worm usually exploits some sort of security hole in a piece of software or the operating system. For example, the Slammer worm (which caused mayhem in January 2003) exploited a hole in Microsoft's SQL server. "Wired" magazine took a fascinating look inside Slammer's tiny (376 byte) program.
Worms normally move around and infect other machines through computer networks. Using a network, a worm can expand from a single copy incredibly quickly. The Code Red worm replicated itself more than 250,000 times in approximately nine hours on July 19, 2001 [Source: Rhodes].
The Code Red worm slowed down Internet traffic when it began to replicate itself, but not nearly as badly as predicted. Each copy of the worm scanned the Internet for Windows NT or Windows 2000 servers that did not have the Microsoft security patch installed. Each time it found an unsecured server, the worm copied itself to that server. The new copy then scanned for other servers to infect. Depending on the number of unsecured servers, a worm could conceivably create hundreds of thousands of copies.
The Code Red worm had instructions to do three things:
Replicate itself for the first 20 days of each month
Replace Web pages on infected servers with a page featuring the message "Hacked by Chinese"
Launch a concerted attack on the White House Web site in an attempt to overwhelm it [Source: eEye Digital Security]
Upon successful infection, Code Red would wait for the appointed hour and connect to the www.whitehouse.gov domain. This attack would consist of the infected systems simultaneously sending 100 connections to port 80 of www.whitehouse.gov (198.137.240.91).
The U.S. government changed the IP address of www.whitehouse.gov to circumvent that particular threat from the worm and issued a general warning about the worm, advising users of Windows NT or Windows 2000 Web servers to make sure they installed the security patch. .
Reported Viruses
According to a report by Symantec published in September 2007, the company received more than 212,000 reports of viruses, worms and other threats during the first half of 2007, a 185% increase over the second half of 2006.
A worm called Storm, which showed up in 2007, immediately started making a name for itself. Storm uses social engineering techniques to trick users into loading the worm on their computers. So far, it's working -- experts believe between one million and 50 million computers have been infected [source: Schneier].
When the worm is launched, it opens a back door into the computer, adds the infected machine to a botnet and installs code that hides itself. The botnets are small peer-to-peer groups rather than a larger, more easily identified network. Experts think the people controlling Storm rent out their micro-botnets to deliver spam or adware, or for denial-of-service attacks on Web sites.
E-mail Viruses
Virus authors adapted to the changing computing environment by creating the e-mail virus. For example, the Melissa virus in March 1999 was spectacular. Melissa spread in Microsoft Word documents sent via e-mail, and it worked like this:
Phishing and Social Engineering
While you may be taking steps to protect your computer from becoming infected by a virus, you may very well run into another, more insidious type of attack. Phishing and other social engineering attacks have been on the rise. Social engineering is a fancy term for someone trying to get you to give up your personal information -- online or in person -- so they can use it to steal from you. Anti-spam traps may catch e-mail messages coming from phishers, but the U.S. Computer Emergency Readiness Team says the best way for you to beat them at their own game is to be wary. And never give out your personal or financial information online.
Someone created the virus as a Word document and uploaded it to an Internet newsgroup. Anyone who downloaded the document and opened it would trigger the virus. The virus would then send the document (and therefore itself) in an e-mail message to the first 50 people in the person's address book. The e-mail message contained a friendly note that included the person's name, so the recipient would open the document, thinking it was harmless. The virus would then create 50 new messages from the recipient's machine. At that rate, the Melissa virus quickly became the fastest-spreading virus anyone had seen at the time. As mentioned earlier, it forced a number of large companies to shut down their e-mail systems.
The ILOVEYOU virus, which appeared on May 4, 2000, was even simpler. It contained a piece of code as an attachment. People who double-clicked on the attachment launched the code. It then sent copies of itself to everyone in the victim's address book and started corrupting files on the victim's machine. This is as simple as a virus can get. It is really more of a Trojan horse distributed by e-mail than it is a virus.
The Melissa virus took advantage of the programming language built into Microsoft Word called VBA, or Visual Basic for Applications. It is a complete programming language and it can be programmed to do things like modify files and send e-mail messages. It also has a useful but dangerous auto-execute feature. A programmer can insert a program into a document that runs instantly whenever the document is opened. This is how the Melissa virus was programmed. Anyone who opened a document infected with Melissa would immediately activate the virus. It would send the 50 e-mails, and then infect a central file called NORMAL.DOT so that any file saved later would also contain the virus. It created a huge mess.
Microsoft applications have a feature called Macro Virus Protection built into them to prevent this sort of virus. With Macro Virus Protection turned on (the default option is ON), the auto-execute feature is disabled. So when a document tries to auto-execute viral code, a dialog pops up warning the user. Unfortunately, many people don't know what macros or macro viruses are, and when they see the dialog they ignore it, so the virus runs anyway. Many other people turn off the protection mechanism. So the Melissa virus spread despite the safeguards in place to prevent it.
In the case of the ILOVEYOU virus, the whole thing was human-powered. If a person double-clicked on the program that came as an attachment, then the program ran and did its thing. What fueled this virus was the human willingness to double-click on the executable.
Now that we've covered e-mail viruses, let's take a look at worms.
Phishing and Social Engineering
While you may be taking steps to protect your computer from becoming infected by a virus, you may very well run into another, more insidious type of attack. Phishing and other social engineering attacks have been on the rise. Social engineering is a fancy term for someone trying to get you to give up your personal information -- online or in person -- so they can use it to steal from you. Anti-spam traps may catch e-mail messages coming from phishers, but the U.S. Computer Emergency Readiness Team says the best way for you to beat them at their own game is to be wary. And never give out your personal or financial information online.
Someone created the virus as a Word document and uploaded it to an Internet newsgroup. Anyone who downloaded the document and opened it would trigger the virus. The virus would then send the document (and therefore itself) in an e-mail message to the first 50 people in the person's address book. The e-mail message contained a friendly note that included the person's name, so the recipient would open the document, thinking it was harmless. The virus would then create 50 new messages from the recipient's machine. At that rate, the Melissa virus quickly became the fastest-spreading virus anyone had seen at the time. As mentioned earlier, it forced a number of large companies to shut down their e-mail systems.
The ILOVEYOU virus, which appeared on May 4, 2000, was even simpler. It contained a piece of code as an attachment. People who double-clicked on the attachment launched the code. It then sent copies of itself to everyone in the victim's address book and started corrupting files on the victim's machine. This is as simple as a virus can get. It is really more of a Trojan horse distributed by e-mail than it is a virus.
The Melissa virus took advantage of the programming language built into Microsoft Word called VBA, or Visual Basic for Applications. It is a complete programming language and it can be programmed to do things like modify files and send e-mail messages. It also has a useful but dangerous auto-execute feature. A programmer can insert a program into a document that runs instantly whenever the document is opened. This is how the Melissa virus was programmed. Anyone who opened a document infected with Melissa would immediately activate the virus. It would send the 50 e-mails, and then infect a central file called NORMAL.DOT so that any file saved later would also contain the virus. It created a huge mess.
Microsoft applications have a feature called Macro Virus Protection built into them to prevent this sort of virus. With Macro Virus Protection turned on (the default option is ON), the auto-execute feature is disabled. So when a document tries to auto-execute viral code, a dialog pops up warning the user. Unfortunately, many people don't know what macros or macro viruses are, and when they see the dialog they ignore it, so the virus runs anyway. Many other people turn off the protection mechanism. So the Melissa virus spread despite the safeguards in place to prevent it.
In the case of the ILOVEYOU virus, the whole thing was human-powered. If a person double-clicked on the program that came as an attachment, then the program ran and did its thing. What fueled this virus was the human willingness to double-click on the executable.
Now that we've covered e-mail viruses, let's take a look at worms.
Virus Evolution
As virus creators became more sophisticated, they learned new tricks. One important trick was the ability to load viruses into memory so they could keep running in the background as long as the computer remained on. This gave viruses a much more effective way to replicate themselves. Another trick was the ability to infect the boot sector on floppy disks and hard disks. The boot sector is a small program that is the first part of the operating system that the computer loads. It contains a tiny program that tells the computer how to load the rest of the operating system. By putting its code in the boot sector, a virus can guarantee it is executed. It can load itself into memory immediately and run whenever the computer is on. Boot sector viruses can infect the boot sector of any floppy disk inserted in the machine, and on college campuses, where lots of people share machines, they could spread like wildfire.
In general, neither executable nor boot sector viruses are very threatening any longer. The first reason for the decline has been the huge size of today's programs. Nearly every program you buy today comes on a compact disc. Compact discs (CDs) cannot be modified, and that makes viral infection of a CD unlikely, unless the manufacturer permits a virus to be burned onto the CD during production. The programs are so big that the only easy way to move them around is to buy the CD. People certainly can't carry applications around on floppy disks like they did in the 1980s, when floppies full of programs were traded like baseball cards. Boot sector viruses have also declined because operating systems now protect the boot sector.
Infection from boot sector viruses and executable viruses is still possible. Even so, it is a lot harder, and these viruses don't spread nearly as quickly as they once did. Call it "shrinking habitat," if you want to use a biological analogy. The environment of floppy disks, small programs and weak operating systems made these viruses possible in the 1980s, but that environmental niche has been largely eliminated by huge executables, unchangeable CDs and better operating system safeguards.
In general, neither executable nor boot sector viruses are very threatening any longer. The first reason for the decline has been the huge size of today's programs. Nearly every program you buy today comes on a compact disc. Compact discs (CDs) cannot be modified, and that makes viral infection of a CD unlikely, unless the manufacturer permits a virus to be burned onto the CD during production. The programs are so big that the only easy way to move them around is to buy the CD. People certainly can't carry applications around on floppy disks like they did in the 1980s, when floppies full of programs were traded like baseball cards. Boot sector viruses have also declined because operating systems now protect the boot sector.
Infection from boot sector viruses and executable viruses is still possible. Even so, it is a lot harder, and these viruses don't spread nearly as quickly as they once did. Call it "shrinking habitat," if you want to use a biological analogy. The environment of floppy disks, small programs and weak operating systems made these viruses possible in the 1980s, but that environmental niche has been largely eliminated by huge executables, unchangeable CDs and better operating system safeguards.
Virus History
Traditional computer viruses were first widely seen in the late 1980s, and they came about because of several factors. The first factor was the spread of personal computers (PCs). Prior to the 1980s, home computers were nearly non-existent or they were toys. Real computers were rare, and they were locked away for use by "experts." During the 1980s, real computers started to spread to businesses and homes because of the popularity of the IBM PC (released in 1982) and the Apple Macintosh (released in 1984). By the late 1980s, PCs were widespread in businesses, homes and college campuses.
The second factor was the use of computer bulletin boards. People could dial up a bulletin board with a modem and download programs of all types. Games were extremely popular, and so were simple word processors, spreadsheets and other productivity software. Bulletin boards led to the precursor of the virus known as the Trojan horse. A Trojan horse is a program with a cool-sounding name and description. So you download it. When you run the program, however, it does something uncool like erasing your disk. You think you are getting a neat game, but it wipes out your system. Trojan horses only hit a small number of people because they are quickly discovered, the infected programs are removed and word of the danger spreads among users.
floppy disk in computer
Floppy disks were factors in the spread of computer viruses.
The third factor that led to the creation of viruses was the floppy disk. In the 1980s, programs were small, and you could fit the entire operating system, a few programs and some documents onto a floppy disk or two. Many computers did not have hard disks, so when you turned on your machine it would load the operating system and everything else from the floppy disk. Virus authors took advantage of this to create the first self-replicating programs.
Early viruses were pieces of code attached to a common program like a popular game or a popular word processor. A person might download an infected game from a bulletin board and run it. A virus like this is a small piece of code embedded in a larger, legitimate program. When the user runs the legitimate program, the virus loads itself into memory and looks around to see if it can find any other programs on the disk. If it can find one, it modifies the program to add the virus's code into the program. Then the virus launches the "real program." The user really has no way to know that the virus ever ran. Unfortunately, the virus has now reproduced itself, so two programs are infected. The next time the user launches either of those programs, they infect other programs, and the cycle continues.
If one of the infected programs is given to another person on a floppy disk, or if it is uploaded to a bulletin board, then other programs get infected. This is how the virus spreads.
The spreading part is the infection phase of the virus. Viruses wouldn't be so violently despised if all they did was replicate themselves. Most viruses also have a destructive attack phase where they do damage. Some sort of trigger will activate the attack phase, and the virus will then do something -- anything from printing a silly message on the screen to erasing all of your data. The trigger might be a specific date, the number of times the virus has been replicated or something similar.
The second factor was the use of computer bulletin boards. People could dial up a bulletin board with a modem and download programs of all types. Games were extremely popular, and so were simple word processors, spreadsheets and other productivity software. Bulletin boards led to the precursor of the virus known as the Trojan horse. A Trojan horse is a program with a cool-sounding name and description. So you download it. When you run the program, however, it does something uncool like erasing your disk. You think you are getting a neat game, but it wipes out your system. Trojan horses only hit a small number of people because they are quickly discovered, the infected programs are removed and word of the danger spreads among users.
floppy disk in computer
Floppy disks were factors in the spread of computer viruses.
The third factor that led to the creation of viruses was the floppy disk. In the 1980s, programs were small, and you could fit the entire operating system, a few programs and some documents onto a floppy disk or two. Many computers did not have hard disks, so when you turned on your machine it would load the operating system and everything else from the floppy disk. Virus authors took advantage of this to create the first self-replicating programs.
Early viruses were pieces of code attached to a common program like a popular game or a popular word processor. A person might download an infected game from a bulletin board and run it. A virus like this is a small piece of code embedded in a larger, legitimate program. When the user runs the legitimate program, the virus loads itself into memory and looks around to see if it can find any other programs on the disk. If it can find one, it modifies the program to add the virus's code into the program. Then the virus launches the "real program." The user really has no way to know that the virus ever ran. Unfortunately, the virus has now reproduced itself, so two programs are infected. The next time the user launches either of those programs, they infect other programs, and the cycle continues.
If one of the infected programs is given to another person on a floppy disk, or if it is uploaded to a bulletin board, then other programs get infected. This is how the virus spreads.
The spreading part is the infection phase of the virus. Viruses wouldn't be so violently despised if all they did was replicate themselves. Most viruses also have a destructive attack phase where they do damage. Some sort of trigger will activate the attack phase, and the virus will then do something -- anything from printing a silly message on the screen to erasing all of your data. The trigger might be a specific date, the number of times the virus has been replicated or something similar.
Virus Origins
Computer viruses are called viruses because they share some of the traits of biological viruses. A computer virus passes from computer to computer like a biological virus passes from person to person.
Unlike a cell, a virus has no way to reproduce by itself. Instead, a biological virus must inject its DNA into a cell. The viral DNA then uses the cell's existing machinery to reproduce itself. In some cases, the cell fills with new viral particles until it bursts, releasing the virus. In other cases, the new virus particles bud off the cell one at a time, and the cell remains alive.
Patch Tuesday
On the second Tuesday of every month, Microsoft releases a list of known vulnerabilities in the Windows operating system. The company issues patches for those security holes at the same time, which is why the day is known as "Patch Tuesday." Viruses written and launched on Patch Tuesday to hit unpatched systems are known as "zero-day" attacks. Thankfully, the major anti-virus vendors work with Microsoft to identify holes ahead of time, so if you keep your software up to date and patch your system promptly, you shouldn't have to worry about zero-day problems.
A computer virus shares some of these traits. A computer virus must piggyback on top of some other program or document in order to launch. Once it is running, it can infect other programs or documents. Obviously, the analogy between computer and biological viruses stretches things a bit, but there are enough similarities that the name sticks.
People write computer viruses. A person has to write the code, test it to make sure it spreads properly and then release it. A person also designs the virus's attack phase, whether it's a silly message or the destruction of a hard disk. Why do they do it?
There are at least three reasons. The first is the same psychology that drives vandals and arsonists. Why would someone want to break a window on someone's car, paint signs on buildings or burn down a beautiful forest? For some people, that seems to be a thrill. If that sort of person knows computer programming, then he or she may funnel energy into the creation of destructive viruses.
The second reason has to do with the thrill of watching things blow up. Some people have a fascination with things like explosions and car wrecks. When you were growing up, there might have been a kid in your neighborhood who learned how to make gunpowder. And that kid probably built bigger and bigger bombs until he either got bored or did some serious damage to himself. Creating a virus is a little like that -- it creates a bomb inside a computer, and the more computers that get infected the more "fun" the explosion.
The third reason involves bragging rights, or the thrill of doing it. Sort of like Mount Everest -- the mountain is there, so someone is compelled to climb it. If you are a certain type of programmer who sees a security hole that could be exploited, you might simply be compelled to exploit the hole yourself before someone else beats you to it.
Of course, most virus creators seem to miss the point that they cause real damage to real people with their creations. Destroying everything on a person's hard disk is real damage. Forcing a large company to waste thousands of hours cleaning up after a virus is real damage. Even a silly message is real damage because someone has to waste time getting rid of it. For this reason, the legal system is getting much harsher in punishing the people who create viruses.
Unlike a cell, a virus has no way to reproduce by itself. Instead, a biological virus must inject its DNA into a cell. The viral DNA then uses the cell's existing machinery to reproduce itself. In some cases, the cell fills with new viral particles until it bursts, releasing the virus. In other cases, the new virus particles bud off the cell one at a time, and the cell remains alive.
Patch Tuesday
On the second Tuesday of every month, Microsoft releases a list of known vulnerabilities in the Windows operating system. The company issues patches for those security holes at the same time, which is why the day is known as "Patch Tuesday." Viruses written and launched on Patch Tuesday to hit unpatched systems are known as "zero-day" attacks. Thankfully, the major anti-virus vendors work with Microsoft to identify holes ahead of time, so if you keep your software up to date and patch your system promptly, you shouldn't have to worry about zero-day problems.
A computer virus shares some of these traits. A computer virus must piggyback on top of some other program or document in order to launch. Once it is running, it can infect other programs or documents. Obviously, the analogy between computer and biological viruses stretches things a bit, but there are enough similarities that the name sticks.
People write computer viruses. A person has to write the code, test it to make sure it spreads properly and then release it. A person also designs the virus's attack phase, whether it's a silly message or the destruction of a hard disk. Why do they do it?
There are at least three reasons. The first is the same psychology that drives vandals and arsonists. Why would someone want to break a window on someone's car, paint signs on buildings or burn down a beautiful forest? For some people, that seems to be a thrill. If that sort of person knows computer programming, then he or she may funnel energy into the creation of destructive viruses.
The second reason has to do with the thrill of watching things blow up. Some people have a fascination with things like explosions and car wrecks. When you were growing up, there might have been a kid in your neighborhood who learned how to make gunpowder. And that kid probably built bigger and bigger bombs until he either got bored or did some serious damage to himself. Creating a virus is a little like that -- it creates a bomb inside a computer, and the more computers that get infected the more "fun" the explosion.
The third reason involves bragging rights, or the thrill of doing it. Sort of like Mount Everest -- the mountain is there, so someone is compelled to climb it. If you are a certain type of programmer who sees a security hole that could be exploited, you might simply be compelled to exploit the hole yourself before someone else beats you to it.
Of course, most virus creators seem to miss the point that they cause real damage to real people with their creations. Destroying everything on a person's hard disk is real damage. Forcing a large company to waste thousands of hours cleaning up after a virus is real damage. Even a silly message is real damage because someone has to waste time getting rid of it. For this reason, the legal system is getting much harsher in punishing the people who create viruses.
How Computer Viruses Work
Strange as it may sound, the computer virus is something of an Information Age marvel. On one hand, viruses show us how vulnerable we are -- a properly engineered virus can have a devastating effect, disrupting productivity and doing billions of dollars in damages. On the other hand, they show us how sophisticated and interconnected human beings have become.
More Security Issues
For example, experts estimate that the Mydoom worm infected approximately a quarter-million computers in a single day in January 2004. Back in March 1999, the Melissa virus was so powerful that it forced Microsoft and a number of other very large companies to completely turn off their e-mail systems until the virus could be contained. The ILOVEYOU virus in 2000 had a similarly devastating effect. In January 2007, a worm called Storm appeared -- by October, experts believed up to 50 million computers were infected. That's pretty impressive when you consider that many viruses are incredibly simple.
When you listen to the news, you hear about many different forms of electronic infection. The most common are:
Viruses - A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.
E-mail viruses - An e-mail virus travels as an attachment to e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book. Some e-mail viruses don't even require a double-click -- they launch when you view the infected message in the preview pane of your e-mail software [source: Johnson].
Trojan horses - A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically.
Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.
More Security Issues
For example, experts estimate that the Mydoom worm infected approximately a quarter-million computers in a single day in January 2004. Back in March 1999, the Melissa virus was so powerful that it forced Microsoft and a number of other very large companies to completely turn off their e-mail systems until the virus could be contained. The ILOVEYOU virus in 2000 had a similarly devastating effect. In January 2007, a worm called Storm appeared -- by October, experts believed up to 50 million computers were infected. That's pretty impressive when you consider that many viruses are incredibly simple.
When you listen to the news, you hear about many different forms of electronic infection. The most common are:
Viruses - A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.
E-mail viruses - An e-mail virus travels as an attachment to e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book. Some e-mail viruses don't even require a double-click -- they launch when you view the infected message in the preview pane of your e-mail software [source: Johnson].
Trojan horses - A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically.
Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.
10 Worst Computer Viruses of All Time
Computer viruses can be a nightmare. Some can wipe out the information on a hard drive, tie up traffic on a computer network for hours, turn an innocent machine into a zombie and replicate and send themselves to other computers. If you've never had a machine fall victim to a computer virus, you may wonder what the fuss is about. But the concern is understandable -- according to Consumer Reports, computer viruses helped contribute to $8.5 billion in consumer losses in 2008 [source: MarketWatch]. Computer viruses are just one kind of online threat, but they're arguably the best known of the bunch.
Computer viruses have been around for many years. In fact, in 1949, a scientist named John von Neumann theorized that a self-replicated program was possible [source: Krebs]. The computer industry wasn't even a decade old, and already someone had figured out how to throw a monkey wrench into the figurative gears. But it took a few decades before programmers known as hackers began to build computer viruses.
While some pranksters created virus-like programs for large computer systems, it was really the introduction of the personal computer that brought computer viruses to the public's attention. A doctoral student named Fred Cohen was the first to describe self-replicating programs designed to modify computers as viruses. The name has stuck ever since.
Old-school Viruses
Some of the earliest viruses to infect personal computers included the Apple Viruses, which attacked Apple II computers
and the Brain virus, which could infect PCs.
In the good old days (i.e., the early 1980s), viruses depended on humans to do the hard work of spreading the virus to other computers. A hacker would save the virus to disks and then distribute the disks to other people. It wasn't until modems became common that virus transmission became a real problem. Today when we think of a computer virus, we usually imagine something that transmits itself via the Internet. It might infect computers through e-mail messages or corrupted Web links. Programs like these can spread much faster than the earliest computer viruses.
We're going to take a look at 10 of the worst computer viruses to cripple a computer system. Let's start with the Melissa virus
Computer viruses have been around for many years. In fact, in 1949, a scientist named John von Neumann theorized that a self-replicated program was possible [source: Krebs]. The computer industry wasn't even a decade old, and already someone had figured out how to throw a monkey wrench into the figurative gears. But it took a few decades before programmers known as hackers began to build computer viruses.
While some pranksters created virus-like programs for large computer systems, it was really the introduction of the personal computer that brought computer viruses to the public's attention. A doctoral student named Fred Cohen was the first to describe self-replicating programs designed to modify computers as viruses. The name has stuck ever since.
Old-school Viruses
Some of the earliest viruses to infect personal computers included the Apple Viruses, which attacked Apple II computers
and the Brain virus, which could infect PCs.
In the good old days (i.e., the early 1980s), viruses depended on humans to do the hard work of spreading the virus to other computers. A hacker would save the virus to disks and then distribute the disks to other people. It wasn't until modems became common that virus transmission became a real problem. Today when we think of a computer virus, we usually imagine something that transmits itself via the Internet. It might infect computers through e-mail messages or corrupted Web links. Programs like these can spread much faster than the earliest computer viruses.
We're going to take a look at 10 of the worst computer viruses to cripple a computer system. Let's start with the Melissa virus
12 Eylül 2011 Pazartesi
Top Ten Antivirus Ratings
Top Ten Antivirus Ratings
Most of these antivirus software have been tested extensively for their performance. The old versions have received ratings based on the performance to quickly detect viruses from infected systems and stop new viruses from infecting the computers. There is a very strong criteria that will be used to provide points to various antivirus software 2012. Another interesting factor that we are considering is the antivirus coupons, we will give scores to antivirus software companies that offer discount coupons from time to time. Although this is not a major factor, but many users value coupons because it is a good way to save money on security software. Although this factor will not inflate the original ratings, we are including it only to help people save money. These are the factors that will contribute to the scoring:
•Speed: When it comes to computing, speed is an important aspect that we can’t neglect. It has been reported that some antivirus software are much slower in comparison to other antivirus software. Which means, some antivirus programs slow down a computer. Computer users (specially gamers) like using antivirus software that does not degrade the performance of a computer system. They enjoy using the fastest antivirus software.
•Stealth: Many viruses and spyware are designed to deactivate antivirus programs so that they are not detected. Antivirus software should quickly detect such a threat and stop the virus from harming the system files. Those antivirus software will receive higher score that can not only defend against known viruses but also protect a computer system from new and unknown virus and spyware.
•Detection: A good antivirus program will quickly detect infection and will take the necessary steps to quarantine the infected files in order to stop the virus from spreading to other system files. Only if security software has the capabilities of detecting infection, it can stop a virus/spyware. So this is a major aspect of security software. Many poorly designed security software cannot detect all forms of threat. However, only those antivirus software will be included in our top ten antivirus 2012 list that are capable of detecting all sorts of threats.
•Technical Support: We will also provide scores depending upon the type of technical support and customer service provided by the antivirus software manufacturer. Only those programs will receive higher ratings that are bundled with quality support. We will also count on the type of support available: phone, chat, email, etc. When your computer system is infected with virus, spyware or other forms of malware, you need quick assistance. That’s when you need to contact someone who is technically equipped to assist you. Based on the quality of technical support, scores will be provided to various security software and hence will win a rank in our top ten antivirus 2012 list.
•Price: Antivirus software should not be too costly, it should be reasonably priced. We will be comparing the price of antivirus software and will be providing scores based upon how cheap is the antivirus software. The cheapest and the best antivirus 2012 will receive higher rankings. People love saving money, so the cheapest antivirus software will receive higher scores.
These are some of the major factors we will be using to rate the best antivirus software of 2012. We will also include other factors like real-time scanning, frequency of updates, blocking phishing attempts, link scanning, IM protection, parental lock and lots more factors. However, we will majorly focus on the 5 key-points mentioned above. Based on these factors, we will provide our lab test reports that will show you which antivirus software is best for your computer in the year 2012. Most antivirus manufacturers will release their 2012 antivirus software sometime in May or June this year.
Most of these antivirus software have been tested extensively for their performance. The old versions have received ratings based on the performance to quickly detect viruses from infected systems and stop new viruses from infecting the computers. There is a very strong criteria that will be used to provide points to various antivirus software 2012. Another interesting factor that we are considering is the antivirus coupons, we will give scores to antivirus software companies that offer discount coupons from time to time. Although this is not a major factor, but many users value coupons because it is a good way to save money on security software. Although this factor will not inflate the original ratings, we are including it only to help people save money. These are the factors that will contribute to the scoring:
•Speed: When it comes to computing, speed is an important aspect that we can’t neglect. It has been reported that some antivirus software are much slower in comparison to other antivirus software. Which means, some antivirus programs slow down a computer. Computer users (specially gamers) like using antivirus software that does not degrade the performance of a computer system. They enjoy using the fastest antivirus software.
•Stealth: Many viruses and spyware are designed to deactivate antivirus programs so that they are not detected. Antivirus software should quickly detect such a threat and stop the virus from harming the system files. Those antivirus software will receive higher score that can not only defend against known viruses but also protect a computer system from new and unknown virus and spyware.
•Detection: A good antivirus program will quickly detect infection and will take the necessary steps to quarantine the infected files in order to stop the virus from spreading to other system files. Only if security software has the capabilities of detecting infection, it can stop a virus/spyware. So this is a major aspect of security software. Many poorly designed security software cannot detect all forms of threat. However, only those antivirus software will be included in our top ten antivirus 2012 list that are capable of detecting all sorts of threats.
•Technical Support: We will also provide scores depending upon the type of technical support and customer service provided by the antivirus software manufacturer. Only those programs will receive higher ratings that are bundled with quality support. We will also count on the type of support available: phone, chat, email, etc. When your computer system is infected with virus, spyware or other forms of malware, you need quick assistance. That’s when you need to contact someone who is technically equipped to assist you. Based on the quality of technical support, scores will be provided to various security software and hence will win a rank in our top ten antivirus 2012 list.
•Price: Antivirus software should not be too costly, it should be reasonably priced. We will be comparing the price of antivirus software and will be providing scores based upon how cheap is the antivirus software. The cheapest and the best antivirus 2012 will receive higher rankings. People love saving money, so the cheapest antivirus software will receive higher scores.
These are some of the major factors we will be using to rate the best antivirus software of 2012. We will also include other factors like real-time scanning, frequency of updates, blocking phishing attempts, link scanning, IM protection, parental lock and lots more factors. However, we will majorly focus on the 5 key-points mentioned above. Based on these factors, we will provide our lab test reports that will show you which antivirus software is best for your computer in the year 2012. Most antivirus manufacturers will release their 2012 antivirus software sometime in May or June this year.
Top Ten Antivirus 2012 List
Top Ten Antivirus 2012
1.BitDefender Antivirus 2012
2.McAfee Antivirus 2012
3.Kaspersky Antivirus 2012
4.ESET Antivirus 2012
5.Norton Antivirus 2012
6.F-Secure Antivirus 2012
7.Vipre Antivirus 2012
8.TrendMicro Antivirus 2012
9.ZoneAlarm Antivirus 2012
10.Panda Antivirus 2012
Other Antivirus Programs
1.Avira Antivirus 2012
2.Avast Antivirus 2012
3.Avanquest Antivirus 2012
4.G Data Antivirus 2012
5.Webroot Antivirus 2012
6.PC Tools Antivirus 2012
7.Comodo Antivirus 2012
8.CA Antivirus 2012
9.Norman Antivirus 2012
10.AVG Antivirus 2012
11.Sophos Endpoint Security 2012
12.Quick Heal Antivirus 2012
13.Microsoft Security Essentials 2012
1.BitDefender Antivirus 2012
2.McAfee Antivirus 2012
3.Kaspersky Antivirus 2012
4.ESET Antivirus 2012
5.Norton Antivirus 2012
6.F-Secure Antivirus 2012
7.Vipre Antivirus 2012
8.TrendMicro Antivirus 2012
9.ZoneAlarm Antivirus 2012
10.Panda Antivirus 2012
Other Antivirus Programs
1.Avira Antivirus 2012
2.Avast Antivirus 2012
3.Avanquest Antivirus 2012
4.G Data Antivirus 2012
5.Webroot Antivirus 2012
6.PC Tools Antivirus 2012
7.Comodo Antivirus 2012
8.CA Antivirus 2012
9.Norman Antivirus 2012
10.AVG Antivirus 2012
11.Sophos Endpoint Security 2012
12.Quick Heal Antivirus 2012
13.Microsoft Security Essentials 2012
Top Ten Antivirus 2012
Top Ten Antivirus 2012
Antivirus software companies are working round the clock to improve their software to combat with virus and malicious codes over the internet. It is about time when antivirus firms are about to roll out their latest 2012 version of antivirus software. We are already testing the beta software to come up with our latest article on top ten antivirus 2012 so that you can install the best software and protect your computer. Since the numbers of viruses and malicious codes is increasing with a high pace, we will be testing all the leading antivirus and internet security programs aggressively to come up with our list of the top 10 antivirus software. In our top ten antivirus 2012 review we will be showing the test results of 20 different security software. By mid of 2011, most security software providers will launch their 2012 version of antivirus and security software. These are the antivirus programs we have short-listed for our review.
Top Ten Antivirus 2012
Here is the list of the best antivirus and security software of all times. Among the top are BitDefender, ESET, Norton, F-Secure, Kaspersky, TrendMicro, AVG, Avira, Zonealarm, Panda security and more. We will be running comparisons between different versions of the same security software, for eg., 2011 version vs 2012 version. We will be also comparing between the capabilities of different security software, for eg., BitDefender vs Norton. Based on the performance of various different antivirus security software, we will give them scoring. The factors on which we will score antivirus software: Speed, stealth, detection, link scanning, removing virus, updates, blocking bad websites, blocking phishing attempts, technical support and lots more factors. These are the antivirus programs we will be testing to come up with our top ten antivirus list:
Antivirus software companies are working round the clock to improve their software to combat with virus and malicious codes over the internet. It is about time when antivirus firms are about to roll out their latest 2012 version of antivirus software. We are already testing the beta software to come up with our latest article on top ten antivirus 2012 so that you can install the best software and protect your computer. Since the numbers of viruses and malicious codes is increasing with a high pace, we will be testing all the leading antivirus and internet security programs aggressively to come up with our list of the top 10 antivirus software. In our top ten antivirus 2012 review we will be showing the test results of 20 different security software. By mid of 2011, most security software providers will launch their 2012 version of antivirus and security software. These are the antivirus programs we have short-listed for our review.
Top Ten Antivirus 2012
Here is the list of the best antivirus and security software of all times. Among the top are BitDefender, ESET, Norton, F-Secure, Kaspersky, TrendMicro, AVG, Avira, Zonealarm, Panda security and more. We will be running comparisons between different versions of the same security software, for eg., 2011 version vs 2012 version. We will be also comparing between the capabilities of different security software, for eg., BitDefender vs Norton. Based on the performance of various different antivirus security software, we will give them scoring. The factors on which we will score antivirus software: Speed, stealth, detection, link scanning, removing virus, updates, blocking bad websites, blocking phishing attempts, technical support and lots more factors. These are the antivirus programs we will be testing to come up with our top ten antivirus list:
9 Eylül 2011 Cuma
Virus History
Traditional computer viruses were first widely seen in the late 1980s, and they came about because of several factors. The first factor was the spread of personal computers (PCs). Prior to the 1980s, home computers were nearly non-existent or they were toys. Real computers were rare, and they were locked away for use by "experts." During the 1980s, real computers started to spread to businesses and homes because of the popularity of the IBM PC (released in 1982) and the Apple Macintosh (released in 1984). By the late 1980s, PCs were widespread in businesses, homes and college campuses.
The second factor was the use of computer bulletin boards. People could dial up a bulletin board with a modem and download programs of all types. Games were extremely popular, and so were simple word processors, spreadsheets and other productivity software. Bulletin boards led to the precursor of the virus known as the Trojan horse. A Trojan horse is a program with a cool-sounding name and description. So you download it. When you run the program, however, it does something uncool like erasing your disk. You think you are getting a neat game, but it wipes out your system. Trojan horses only hit a small number of people because they are quickly discovered, the infected programs are removed and word of the danger spreads among users.
floppy disk in computer
Floppy disks were factors in the spread of computer viruses.
The third factor that led to the creation of viruses was the floppy disk. In the 1980s, programs were small, and you could fit the entire operating system, a few programs and some documents onto a floppy disk or two. Many computers did not have hard disks, so when you turned on your machine it would load the operating system and everything else from the floppy disk. Virus authors took advantage of this to create the first self-replicating programs.
Early viruses were pieces of code attached to a common program like a popular game or a popular word processor. A person might download an infected game from a bulletin board and run it. A virus like this is a small piece of code embedded in a larger, legitimate program. When the user runs the legitimate program, the virus loads itself into memory and looks around to see if it can find any other programs on the disk. If it can find one, it modifies the program to add the virus's code into the program. Then the virus launches the "real program." The user really has no way to know that the virus ever ran. Unfortunately, the virus has now reproduced itself, so two programs are infected. The next time the user launches either of those programs, they infect other programs, and the cycle continues.
If one of the infected programs is given to another person on a floppy disk, or if it is uploaded to a bulletin board, then other programs get infected. This is how the virus spreads.
The spreading part is the infection phase of the virus. Viruses wouldn't be so violently despised if all they did was replicate themselves. Most viruses also have a destructive attack phase where they do damage. Some sort of trigger will activate the attack phase, and the virus will then do something -- anything from printing a silly message on the screen to erasing all of your data. The trigger might be a specific date, the number of times the virus has been replicated or something similar.
In the next section, we will look at how viruses have evolved over the years.
The second factor was the use of computer bulletin boards. People could dial up a bulletin board with a modem and download programs of all types. Games were extremely popular, and so were simple word processors, spreadsheets and other productivity software. Bulletin boards led to the precursor of the virus known as the Trojan horse. A Trojan horse is a program with a cool-sounding name and description. So you download it. When you run the program, however, it does something uncool like erasing your disk. You think you are getting a neat game, but it wipes out your system. Trojan horses only hit a small number of people because they are quickly discovered, the infected programs are removed and word of the danger spreads among users.
floppy disk in computer
Floppy disks were factors in the spread of computer viruses.
The third factor that led to the creation of viruses was the floppy disk. In the 1980s, programs were small, and you could fit the entire operating system, a few programs and some documents onto a floppy disk or two. Many computers did not have hard disks, so when you turned on your machine it would load the operating system and everything else from the floppy disk. Virus authors took advantage of this to create the first self-replicating programs.
Early viruses were pieces of code attached to a common program like a popular game or a popular word processor. A person might download an infected game from a bulletin board and run it. A virus like this is a small piece of code embedded in a larger, legitimate program. When the user runs the legitimate program, the virus loads itself into memory and looks around to see if it can find any other programs on the disk. If it can find one, it modifies the program to add the virus's code into the program. Then the virus launches the "real program." The user really has no way to know that the virus ever ran. Unfortunately, the virus has now reproduced itself, so two programs are infected. The next time the user launches either of those programs, they infect other programs, and the cycle continues.
If one of the infected programs is given to another person on a floppy disk, or if it is uploaded to a bulletin board, then other programs get infected. This is how the virus spreads.
The spreading part is the infection phase of the virus. Viruses wouldn't be so violently despised if all they did was replicate themselves. Most viruses also have a destructive attack phase where they do damage. Some sort of trigger will activate the attack phase, and the virus will then do something -- anything from printing a silly message on the screen to erasing all of your data. The trigger might be a specific date, the number of times the virus has been replicated or something similar.
In the next section, we will look at how viruses have evolved over the years.
2 Eylül 2011 Cuma
How a virus works
The word virus is often being used as a common term for all malicious programs, but technically a virus is a program or code that attaches itself to a legitimate, executable piece of software, and then reproduces itself when that program is run. Viruses spread by reproducing and inserting themselves into programs, documents, or email attachments. They can be transmitted through emails or downloaded files and they can be present on CDs, DVDs, USB-drives and any other sort of digital media.
A virus normally requires action to successfully infect a victim. For instance - the malicious programs inside email attachments usually only strike if the recipient opens them. The effect of a virus can be anything from a simple prank that pops up messages to the complete destruction of programs and data.
In recent years viruses have been on the decrease. In January 2007, one in 119.9 e-mails, or 0.83 percent, were infected with viruses, while more than 20 percent of emails at times contained viruses five years earlier. The difference is partly due to virus attacks becoming more targeted and no longer occurring as one large outbreak. Also, there has been big increase in spam emails that contains links to download viruses.
The computer virus turned 25 in 2007. Long-suffering computer users would be forgiven for thinking that the first computer virus appeared in the mid-1980s, but the first virus actually predates the first IBM-compatible PC. Elk Cloner, which spread between Apple II computers via infected floppy disks, was released July 1982 and it was the first computer virus to spread in the wild.
Viruses had their heyday around the year 2000, with the Y2K scare. In 1999, the Melissa virus caught antivirus companies flat-footed and propagated rapidly. It was the first real outbreak of many of its kind that spread using Microsoft's Word and Outlook. A year later, the 'I Love You' virus caught the world by surprise. Lloyds of London estimated that the virus cost the global economy $10bn, making it the most expensive piece of malicious software to be unleashed to date. It was also the first time a computer virus became the day's top story for newspapers and television stations, marking a shift to mainstream awareness of computer viruses.
Nowadays, also mobile operators are starting to feel the pinch from viruses resulting from the increasing use of emails and Internet browsing on cellphones. Attacks on cellphones rose five times in 2006, with clients of 83 percent of mobile operators around the world having been hit, an industry study showed.
But mobile viruses are around 20 years behind those plaguing PCs, which translates into more than 300 virus variants targeting mobiles and smartphones, but around 400,000 such threats targeting PCs. In June 2004, a security company released details of a piece of mobile-phone malware that used Bluetooth to try to spread to other Symbian Series 60-based mobiles. That is believed to be the first case of a self-replicating mobile-phone virus and since then there has been a consistent increase in mobile viruses.
Keeping your PC up-to-date
Constantly patching the software on your PC is just as important as keeping your antivirus program up-to-date and running a firewall. Yet the numbers show that a lot of users are struggling with the task of keeping all their software up-to-date.
Research released in January 2008 revealed that only 5 percent of users are running fully-patched Windows PCs, while more than 40 percent have more than 10 insecure applications installed.
Another survey from December 2007 showed that more than 20 percent of all applications installed on users PCs have known security flaws for which patches have been released by the vendors of the products. That result was based on scans of more than 14.5 million applications on end-user computers.
The length of time between the release of security patches and the development of exploits targeting the security holes they address has been dropping for some time. Hackers exploit this period of time - the so-called "patch window" - to launch attacks against unpatched machines.
Microsoft delivers almost all its patches on the second Tuesday of each month, known as Patch Tuesday. In 2006, Microsoft released 49 critical, 23 important, and 5 moderate updates, while 2007 brought 43 critical, 24 important, and 2 moderate fixes.
If your software applications have automatic update features, then be sure to switch them on. If you have to download patches manually, then make sure that you do it from the actually Web site of the software vendor and that you didn't wind up on the download page following a link from an untrusted source.
Research released in January 2008 revealed that only 5 percent of users are running fully-patched Windows PCs, while more than 40 percent have more than 10 insecure applications installed.
Another survey from December 2007 showed that more than 20 percent of all applications installed on users PCs have known security flaws for which patches have been released by the vendors of the products. That result was based on scans of more than 14.5 million applications on end-user computers.
The length of time between the release of security patches and the development of exploits targeting the security holes they address has been dropping for some time. Hackers exploit this period of time - the so-called "patch window" - to launch attacks against unpatched machines.
Microsoft delivers almost all its patches on the second Tuesday of each month, known as Patch Tuesday. In 2006, Microsoft released 49 critical, 23 important, and 5 moderate updates, while 2007 brought 43 critical, 24 important, and 2 moderate fixes.
If your software applications have automatic update features, then be sure to switch them on. If you have to download patches manually, then make sure that you do it from the actually Web site of the software vendor and that you didn't wind up on the download page following a link from an untrusted source.
What are security holes?
Security holes are constantly discovered in all sorts of software and to plug the holes software vendors issue patches - also called "fixes" or just plainly "security updates" - to offer an immediate quick-repair solution for the problem and/or a general enhancement of the software.
Flaws in Microsoft's software seem to be the most popular to exploit, so the American software giant releases a lot of patches. But other common desktop applications like Firefox, QuickTime, RealPlayer, Adobe Reader, Adobe Flash Player, and Sun Java Runtime Environment also often need to be patched to fix security issues.
In 2003, Microsoft introduced Patch Tuesday to simplify patch management. Patch Tuesday is the second Tuesday of each month, when Microsoft releases the newest fixes for Windows and related software applications like Internet Explorer, the Office suite, and Windows Media Player.
Microsoft's patches are distributed via Automatic Updates and the company's Microsoft Update downloads website.
Unfortunately, releasing patches also means that cyber-criminals are able to analyse the patch code and exploit the vulnerabilities that the patches were intended to deal with. Therefore a lot of exploits are seen shortly after the release of a patch and the term "Exploit Wednesday" was coined for the day following Patch Tuesday. Malware authors also know that if they start exploiting a vulnerability not known to Microsoft right after Patch Tuesday, it will normally be an entire month before Microsoft releases a patch to fix it. In 2006 Microsoft only broke its patch cycle twice to release very critical fixes.
Today's cyber-criminals are very fast at creating exploit code. When Microsoft issues patches, exploit code for the publicly disclosed vulnerabilities will usually appear the same or the next day. Hackers are able to do that through reverse engineering.
In April 2008, a group of computer researchers urged Microsoft to redesign the way it distributes patches, after they created a technique that automatically produces attack code by comparing the vulnerable and repaired versions of a program.
Using an automated tool, an exploit could be created in a few minutes or less after looking at the patch, according to the researchers. This means it is theoretically possible for hackers to start trying to exploit machines a short time after the attackers have received the patch, putting more PCs at risk of becoming infected with malicious software.
Flaws in Microsoft's software seem to be the most popular to exploit, so the American software giant releases a lot of patches. But other common desktop applications like Firefox, QuickTime, RealPlayer, Adobe Reader, Adobe Flash Player, and Sun Java Runtime Environment also often need to be patched to fix security issues.
In 2003, Microsoft introduced Patch Tuesday to simplify patch management. Patch Tuesday is the second Tuesday of each month, when Microsoft releases the newest fixes for Windows and related software applications like Internet Explorer, the Office suite, and Windows Media Player.
Microsoft's patches are distributed via Automatic Updates and the company's Microsoft Update downloads website.
Unfortunately, releasing patches also means that cyber-criminals are able to analyse the patch code and exploit the vulnerabilities that the patches were intended to deal with. Therefore a lot of exploits are seen shortly after the release of a patch and the term "Exploit Wednesday" was coined for the day following Patch Tuesday. Malware authors also know that if they start exploiting a vulnerability not known to Microsoft right after Patch Tuesday, it will normally be an entire month before Microsoft releases a patch to fix it. In 2006 Microsoft only broke its patch cycle twice to release very critical fixes.
Today's cyber-criminals are very fast at creating exploit code. When Microsoft issues patches, exploit code for the publicly disclosed vulnerabilities will usually appear the same or the next day. Hackers are able to do that through reverse engineering.
In April 2008, a group of computer researchers urged Microsoft to redesign the way it distributes patches, after they created a technique that automatically produces attack code by comparing the vulnerable and repaired versions of a program.
Using an automated tool, an exploit could be created in a few minutes or less after looking at the patch, according to the researchers. This means it is theoretically possible for hackers to start trying to exploit machines a short time after the attackers have received the patch, putting more PCs at risk of becoming infected with malicious software.
Kaydol:
Kayıtlar (Atom)