Posts Tagged ‘software’

Articles

How to update (and not die in the process)

In Uncategorized on February 1, 2012 by tecnologyantivirus Tagged: , , , , ,

Published by Ana Etxebarria

6.45 AM The alarm clock of my BB goes off. As every day, I turn it off, I stretch and as soon as I am able to open my eyes I look to check what’s new. Mhhhh! The App World icon tells me that there are 4 new updates. A new version of Foursquare, WhatsApp, Twitter and of BBM. What is special about these versions? Well, as far as I know, nothing much, but experience tells me that either I update them, or I will be bombarded by those annoying messages informing of the availability of a new version. So much to my regret, I start the update process. Of course, as usual, during the first update the BB freezes and there is no other way to revive it but by removing the battery. Once rebooted, I choose to live with the new version messages and before I starve to death, I decide to go get breakfast.

9.00 AM I arrive at the office. As I start my computer, I fetch some water, turn on the heater, check my agenda …, but just as I prepare to open my Outlook, an update message informing me that Acrobat Reader update is available appears on my screen. The truth is I do not know how many updates Acrobat releases, but my perception is that there is at least, one a week … So after the BB experience a while ago, I choose to upgrade later. I do not feel like it now. I am rebellious. But what is this new shield like icon at the bottom right of my screen? Should I click it?, it won’t be yet another update, will it? … Well, quite right, ladies and gentlemen, on this occasion it is Microsoft kindly letting me know of the availability of new automatic updates. This is wearing me out, really..

17.00 PM It has been days since I last synchronized my iPad. I will do it now that I seem to be a little calmer. I open iTunes, connect the USB, and what is the first thing I see on the screen? Bingo! A new version of iTunes available. Well, I do NOT want it, thank you very much!, Very kind of you! Enough is enough, what a day … And now whaaaat?, another screenshot?, This is not happening, arggggghhhhh !!!!! Now, this time, very politely, and totally free, I am offered a new version of the iPad software … I am not exaggerating one iota.

I give up, I throw in the towel. I cannot put up with it anymore … Let them do whatever they want. Go ahead, update the software! Do so daily if you wish! But please, I do not want to know about it. Do it silently. Do not ask for my permission. At the end of the day, if only at their persistence, they always win…

The moral of my post is the following: If today I had accepted all the kind offers of available updates for my gadgets, I would have upgraded 3 different machines, 7 software programs and an Operating System. There! Not to mention the 52 updates that according to the App Store are available …

Don’t you think that something that is very positive in theory, is becoming a torture and a nightmare for users? What do you think?

Advertisements

Articles

Kids and technologies: 6 basic tips to bear in mind

In Security,Teenagers,Uncategorized on January 3, 2012 by tecnologyantivirus Tagged: , , , , , , ,

Published by Ana Etxebarria

Continuing our series of articles on children and new technologies, today we give you some simple tips to make sure your children stay safe on the Internet.

Last week I posted an article describing two different approaches to parenting in the digital age: controlling and permissive; and despite I am clearly in favor of the latter approach, I am also aware that you cannot lower your guard when dealing with Internet risks.

I still believe that interaction on the Internet is not very different from real-world interaction, and people who manage well in real life do at least equally well in the virtual world. In any event, I must admit the online world may pose additional risks due to the Internet’s immunity and anonymity.

How can you help your children deal with that threat?

  1. Just as you know about your children’s friends, you better also know who your child contacts on the Internet.
  2. Keep an eye on how much time your children spend online, including other points of Internet access too, like smartphones and gaming consoles.
  3. Just as you teach your children never to talk to strangers or accept gifts from them, remind them never to physically meet anyone they’ve only become friends with online. If they decide to meet a cyber-friend in person, go with them.
  4. Talk to kids about the types of information they post online and how it can impact their reputation and future. Kids can unknowingly give out personal details about their life that could be maliciously used… And embarrassing and inappropriate photos and comments can stay with you forever.
  5. Teach them to be cautious with giving too much personal information, such as their location, their parents’ working hours, hobbies, etc. The less potential ‘unfriends’, the better.
  6. As Facebook makes frequent changes to its privacty policy, it is a good idea to sit with your kids and check out their online profiles with them. Pay special attention to their privacy settings and which messages, photos and personal details are accesible to whom.

Are you comfortable monitoring your child’s online world? What are your family’s technology ground rules?

Articles

Do we still need to learn languages?

In Uncategorized on November 10, 2010 by tecnologyantivirus Tagged: , ,

Published by Ana Etxebarria, november 2010

I spent my whole childhood learning English. I’m not exaggerating; I started when I was three years old in the kindergarten, doing gym class and singing “head, shoulders, knees and toes…”

When it came to deciding which degree course to go for, I opted for my best subject and chose one of those courses that will guarantee you a place in the dole queue: English Philology.

At university I had to choose a second foreign language. I chose German. I didn’t learn very much, though I did get to spend an unforgettable year living in Munich, so I think that was the right decision.

Some years on, I feel I can say that my English is decent enough and in German I would be able to order a taxi, book a table in a restaurant and not much else.

But we are in 2010, and my linguistic limitations are no longer an obstacle to reading a Web page in German. Let’s take my company’s Web page as an example. It seems as if there is some kind of special Panda Security 2011 product discount, but I couldn’t tell you much more. Now, if you look closely, Google is kindly asking if we would like the page translated. So, would we? Yeah, why not?

The result is not great, but it may be good enough depending on what we’re looking for.

Let’s keep testing. I have copied a complete paragraph describing one of our products, Panda Global Protection 2011, into Google Translator.

The result is spectacular. It really is good. My conclusion is that you no longer need to know a language to be able to read newspapers, Web pages, etc.

Of course, these types of tools would never be able to tell us how to pronounce the words, or maybe they would?

Forvo (http://forvo.com/) offers the pronunciation of more than 700,000 words in the most common languages and in some that are not so common:

I could go on indefinitely about the countless translation applications that exist for iPhone or iPad, but I think we can leave it there for the moment.

To finish, I would say that it is no longer necessary to know a language in order to read it, but of course it would always be necessary in order to have a coffee, exchange ideas, or tell someone who doesn’t speak your language how you feel. I still think I chose a wonderful course at university, and although it has had nothing to do with my professional career, the memories I have from those years will be with me forever. Bye, Tschüss, Adiós!

Articles

False positives – What are they?

In Malware,Security on September 8, 2010 by tecnologyantivirus Tagged: , , , , ,

Posted by Javier Guerrero, September 8th, 2010

Sometimes when writing my posts, I get the urge to forget about malware for a while and talk about the other “side”: antivirus software. Specifically, I like to stress the difficulty involved in certain aspects of developing anti-malware products; I think it’s an interesting subject, and one that is not widely understood.

False positives

False positives

And so now, I’d like to talk about a problem that affects all malware detection software: false positives… So what are they?

A false positive occurs when an antivirus erroneously identifies a legitimate file or process as malware. This can happen with signature-based scans as well as behavior analysis.

An antivirus identifies malware basically using one of two methods: signature-based scanning or analysis of behavior. In the first instance, the scanner looks for a specific pattern of bytes, which has been previously catalogued as malicious, or at least suspicious, and may correspond to a sequence of malware commands, a univocal value that identifies the file (known as a hash) or other values that may be used for identification.

In the case of behavior analysis, actions are detected which, although on their own may not be malicious, when they are correlated with others represent a symptom of malicious activity.

The problem is that neither of these methods is infallible: the hash of a file is useless, for example, against polymorphic viruses, or expackers. Moreover, a sequence of instructions classified as suspicious could easily be contained in a legitimate file, as after all, we are talking about executable code.

The same thing occurs with behavior analysis: The process that generates an executable file, which later writes a registry entry referring to the executable, could be an intruder inserting a rootkit on the system, but also the installer of a bona fide application.

The consequences of false positives can be serious: If an antivirus erroneously deletes a file which is vital to the functioning of the computer, the system could be rendered unusable, and this does actually happen, with grave repercussions.

Fortunately, false positives are not frequent (particularly in relation to the immense amount of files that anti-viruses have to scan) and security companies implement strict quality control to avoid them.

In any event, as I mentioned in the beginning, all developers suffer from this problem, which, I believe, demonstrates how challenging it is to develop and anti-malware product.

Articles

Rootkits – The Invisible Threat

In Malware,Security on September 3, 2010 by tecnologyantivirus Tagged: , , , , , ,

Published by Javier Guerrero,  September 3rd, 2010

Malware is no longer viewed with the notoriety it once was. Gone are the days of massive infections, such as the “I love you” worm, which was headline news even in the mainstream press.

Today, professional creators looking to profit financially from malware need any virus, worm or Trojan to be able to operate undetected by users, as this is a key ingredient in achieving their objectives. In other words, an invisible virus is far more dangerous than one that is easily noticed.

So how can we see malware?

Well let’s not forget, after all, that it is only software, and all software leaves its trace on a system: not just the file or files that contain the intruder, but also the registry keys, folders, activity reports, etc. Any tool that lets you list files or registry values, such as Windows Explorer or Regedit, will reveal the presence of an intruder that cannot cover its tracks.

Now, this is where rootkits come in to play. A rootkit is software whose sole purpose is to hide system components, such as files, processes, registry keys, etc, so that the user cannot see them. They do this by penetrating the most critical layer of the operating system, the kernel, and manipulating certain internal structures and functions, thereby deceiving applications and preventing them from displaying the real content of the system.

For example, imagine there is a virus, whose binary name is “malo.exe”, installed in  “C:Windows\System32”.

Virus binary marked in red.

Virus binary marked in red.

When the intruder loads to memory, the rootkit manipulates the system functions that list the files in this folder, so that when they detect the path “C:\Windows\System32\MALO.EXE”, they ignore it and go on to the next one. This way, an application that requests the list of files cannot see this folder. The same thing happens with registry keys, processes, or any other component of the system that the rootkit wants to hide.

Now the file has disappeared.

Now the file has disappeared.

It is interesting to note here that rootkits are not malicious per se, as they may have perfectly legitimate uses, or at least, uses that are not related in any way to malware. In fact, the term “rootkit” first became used on a wide scale thanks to an incident involving the company Sony.

In 2005, Sony BMG Music included copy protection software on its music CDs which also included a rootkit designed to hide the protection system. The problem in this case was that it was done without user authorization, transmitting information and creating a security hole. Any attempt to remove the rootkit manually would leave the CD drive inoperable.

The danger therefore of any malware that includes a rootkit component is evident, given the significant stealth capacity and the ability to control a system without users realizing. Moreover, rootkits are among the most complex, advanced and resilient threats, operating at a level so deep that typical detection techniques are of little use, and specific purpose-built scanners are required, such as the free Panda Anti-Rootkit.

In any event, it is important to remember that all rootkits enter systems initially through a file, so the usual precautionary advice we offer for other types of malware also serves in the case of rootkits: use a good antivirus, keep it up-to-date, use a firewall, install the latest security patches, do not use an administrator account unless strictly necessary , etc.

So now you know…. watch out for rookits!!

Javier Guerrero Diaz
R+D Development Dept.
Panda Security

Articles

Rootkits – The Invisible Threat

In Malware,Security on September 3, 2010 by tecnologyantivirus Tagged: , , , , , ,

Published by Javier Guerrero,  September 3rd, 2010

Malware is no longer viewed with the notoriety it once was. Gone are the days of massive infections, such as the “I love you” worm, which was headline news even in the mainstream press.

Today, professional creators looking to profit financially from malware need any virus, worm or Trojan to be able to operate undetected by users, as this is a key ingredient in achieving their objectives. In other words, an invisible virus is far more dangerous than one that is easily noticed.

So how can we see malware?

Well let’s not forget, after all, that it is only software, and all software leaves its trace on a system: not just the file or files that contain the intruder, but also the registry keys, folders, activity reports, etc. Any tool that lets you list files or registry values, such as Windows Explorer or Regedit, will reveal the presence of an intruder that cannot cover its tracks.

Now, this is where rootkits come in to play. A rootkit is software whose sole purpose is to hide system components, such as files, processes, registry keys, etc, so that the user cannot see them. They do this by penetrating the most critical layer of the operating system, the kernel, and manipulating certain internal structures and functions, thereby deceiving applications and preventing them from displaying the real content of the system.

For example, imagine there is a virus, whose binary name is “malo.exe”, installed in  “C:Windows\System32”.

Virus binary marked in red.

Virus binary marked in red.

When the intruder loads to memory, the rootkit manipulates the system functions that list the files in this folder, so that when they detect the path “C:\Windows\System32\MALO.EXE”, they ignore it and go on to the next one. This way, an application that requests the list of files cannot see this folder. The same thing happens with registry keys, processes, or any other component of the system that the rootkit wants to hide.

Now the file has disappeared.

Now the file has disappeared.

It is interesting to note here that rootkits are not malicious per se, as they may have perfectly legitimate uses, or at least, uses that are not related in any way to malware. In fact, the term “rootkit” first became used on a wide scale thanks to an incident involving the company Sony.

In 2005, Sony BMG Music included copy protection software on its music CDs which also included a rootkit designed to hide the protection system. The problem in this case was that it was done without user authorization, transmitting information and creating a security hole. Any attempt to remove the rootkit manually would leave the CD drive inoperable.

The danger therefore of any malware that includes a rootkit component is evident, given the significant stealth capacity and the ability to control a system without users realizing. Moreover, rootkits are among the most complex, advanced and resilient threats, operating at a level so deep that typical detection techniques are of little use, and specific purpose-built scanners are required, such as the free Panda Anti-Rootkit.

In any event, it is important to remember that all rootkits enter systems initially through a file, so the usual precautionary advice we offer for other types of malware also serves in the case of rootkits: use a good antivirus, keep it up-to-date, use a firewall, install the latest security patches, do not use an administrator account unless strictly necessary , etc.

So now you know…. watch out for rookits!!

Javier Guerrero Diaz
R+D Development Dept.
Panda Security

Articles

With one hand behind our backs

In Malware on April 7, 2010 by tecnologyantivirus Tagged: , , ,

Posted by Javi Guerrero, April 7th, 2010

It’s a known fact that security software in general, and antivirus software in particular is always a couple of steps behind cyber-crooks. That is, the most usual thing is for malware creators to find new ways to attack computers and for security companies to update their products to be able to combat the new threat.
So, operating systems and applications must fix their vulnerabilities and antivirus solutions keep their databases up-to-date to be able to detect the new malware that appears.fish-small-eat-big

If you consider the huge amount of threats that appear every day, it is easy to realize the huge effort that must be invested to keep up the fight against malware. Along these lines, Panda’s innovative developments such as TruPrevent technologies or the recent Cloud AV (the first antivirus in the world to put the concept of cloud-based protection into practice) have proved to be extremely effective when it comes to detecting malware. However, the fight goes on and will continue indefinitely.

Yet, there is an aspect of antivirus software development that clearly shows the disadvantageous situation it is in: the requirement to respect the operating system and other installed applications, in terms of stability, performance and functionality.

What does this mean? Well, just as I explained in my previous article Antivirus, performance and security, security solutions must protect the system without affecting performance beyond what is reasonable. They must also avoid affecting the way other applications or the operating system work, in order not to cause instability, crashes or incompatibility conflicts. This is sometimes very difficult to guarantee, due to the peculiarities of the way an antivirus product works.

Getting back to the topic of this post, here is an example of a disadvantageous situation:  Any antivirus software in general, and especially some of its components (such as the “on-access” detection layer) must fulfill certain conditions and good practice recommendations set out by Microsoft in order to ensure the product’s reliability and quality, and obtain compatibility certificates, etc. These rules include, among other things, to avoid using undocumented system functions, as they can change from one Windows version to another, or even among various service packs, and generate an incompatibility conflict that might cause the problems above.

However, malware evidently does not have to follow any of these rules or try to ‘respect’ the system and its applications, or at least not beyond what is strictly necessary to achieve its goals, as it is not a legitimate application.

The antivirus, however, must abide by those rules and is at a clear disadvantage when it comes to detecting and neutralizing threats. Sometimes, this makes security developers feel as if they were fighting with one hand tied behind their backs… Actually this is very similar to real life: whereas criminals break the law as they like, law enforcement agencies must abide by a series of rules and laws in the process of stopping them.

If you take all these circumstances into consideration, it is really worth admiring the effort put in by security software developers to try and keep ever-increasing threats at bay.