Sections:
|
General
Sometimes free security is worth what you pay for it. But if you know what to look for, you can get a an excellent buy when it comes to protecting yourself—without dropping a lot of cash.
» Repair Tool of the Week: McAfee Product Removal Tool - Technibble - A Resource for Computer Repair
www.technibble.com/repair-tool-of-the-week-mcafee-... Repair Tool of the Week: McAfee Product Removal ToolThere are two software security suites I really dislike - one of them is Norton Internet Security and the other is McAfee Internet Security. Why? Because they are bloated applictions that make most computers run poorly once installed. Often they have been the cause of the problems I had to fix onsite. A big problem I frequently come across with Norton and McAfee is that both of these products sink their hooks so deeply into a system and once the appliction becomes corrupted it can cause serious stability problems - often to the point where you cannot boot into Windows. To make matters worse, neither product can be uninstalled from Safe Mode easily which is obviously a problem. Enter the McAfee Consumer Product Removal Tool. This tool will remove the following McAfree Products:
Free software finds your security flaws
Get an analyst's findings without the analyst These days, no one who cares about their system and data can afford to be without a security plan. But most small business and home users are not in a position to hire a security expert to analyze their setup and tell them what to fix. Fortunately, you can find a number of free tools online that will analyze your system and produce a detailed report of your security strengths and weaknesses. The best ones will even point you to a solution. I tested each of the following products: • Microsoft Baseline Security Analyzer • Belarc Advisor • Securable • AOL Active Security Monitor • xp-AntiSpy Bonus tip: None of the tools listed above check the patch status of all your software (Flash, Acrobat, Java, and so on). This means you should also use the Online Software Inspector at Secunia.com to learn which applications on your system need patching. I described the benefits of this free service in articles on Aug. 16 and Sept. 6. The WSN Security BaselineA minimum of three products are necessary to give your PC comprehensive protection against hackers. These are (1) a hardware firewall, (2) a software security suite, and (3) a patch-management solution to stay current with patches. We don't operate a test lab and don't rate products. Instead, we summarize, below, the top ratings of trusted reviewers. Support
Alert reader Briard has a close look at how the top anti-virus scanners
perform. Having identified the top vendors he looks at their latest
security suite offerings.
USB WriteProtector : Protect Flash Drive With Write Protection ~ WongSK Blog
wongsk.blogspot.com/2008/07/usb-writeprotector-pro... Are you worry about the flash drive infected by virus ? Try this USB WriteProtector free software,it has anti write protection capabilities with mode ON / OFF two options operation. USB WriteProtector is a portable tool with size 186KB.Download USB WriteProtector and install it.You must unplug the flash drive from the PC before turn On the USB write protection.  You have two option ( USB write protection ON & OFF ).If you wanted turn on USB write protection,select 'USB write protection ON',then click 'Close' button and plug in your flash drive. After insert the flash drive, the file will not be able to be written or delete files (press [Del] key will be invalid) to ensure that the information will not be misused or infected by virus.you will getting a warning message as below;  Then if need to cancel the write protection,just remove the flash drive and run USB WriteProtector.exe again, select "USB write protection OFF" and click ''Close'. USB WriteProtector compatible with Window XP/Vista and supports 9 languages ( English,Hungarian,Italy,Dutch, Polish,Portuguese,Russian,Chinese and Spanish ). http://www.gaijin.at/dlusbwp.php Review Websites
The PC Antivirus Reviews site was created with the mission of assisting the average person in making an informed purchase when it comes to antivirus software. There are lots of antivirus software applications that claim to be the best. How do you decide which one is the best antivirus software for you? How do you get real, unbiased opinions about which product really works and will really protect you?
We understand most people don't have the time, energy, or desire to sort through the mountains of software options available these days. That's why we at PC Antivirus Reviews have done our best to do this work for you. We've simplified the process by researching and comparing available titles and providing users with straight-forward product reviews. With over a decade of combined software industry knowledge, our team of industry veterans have reviewed each product and simplified the results into an easy to understand, no-nonsense manner. Security Suites
Reviewers rate Norton the No. 1 security suite
Windows Secrets writers periodically analyze the ratings of trusted reviewers and summarize for you in the WS Security Baseline which personal-protection products are currently getting the best marks. Based on reviews from PC World, PCMag, Maximum PC, and others, today's security-suite winner is Symantec's Norton Internet Security 2009 (photo at right). The Best Security Suites for 2009 - Reviews by PC Magazine
www.pcmag.com/article2/0,2817,2333444,00.asp The fall influx of 2009-model security suites is mostly complete, though a few like Norton 360 and Windows Live OneCare operate on a different schedule. Vendors promise that these new versions will do more for your security while tying up fewer system resources. It's about time: Users have had it with suites that offer security but bog down the computer. Several vendors have introduced new "in the cloud" technologies to keep up with the accelerating growth of new malware. And many have redesigned their user interfaces to be more attractive and look lighter and faster. Some are new, innovative, and speedy. Others haven't kept pace. Which are which? I put them all through grueling tests to find out. Top Internet Security Suiteshttp://www.pcworld.com/article/158178/top_internet_security_suites.htmlJudge by the PCW rating (little blue number to the left). The Best Security Suites for 2009 - Norton Internet Security 2009 - Full Review - Reviews by PC
www.pcmag.com/article2/0,2817,2330024,00.asp Most users have a love-hate relationship with their security software. They love the protection from online and other threats, but they hate the way the software drags down their daily activities. This past spring, Symantec Senior Vice President Rowan Trollope detailed Symantec's all-out effort to reduce the Norton suite's impact on performance. And, what do you know—it worked! Norton Internet Security 2009 ($69.99 direct for three licenses) affects performance less than any suite I've tested.
Antimalware (includes Antivirus)
VIPRE Antivirus + Antispyware 2009 | PC Software Antivirus Reviews 2009
www.pcantivirusreviews.com/reviews/vipre_antivirus...
It's difficult for a relative newcomer like VIPRE to introduce a brand-new version of antivirus software into this very competitive field.
But VIPRE is no ordinary antivirus. And Sunbelt Software, makers of VIPRE, is no ordinary company. With this release of VIPRE, Sunbelt has managed to pack a mighty blow against viruses, spyware, and all forms of malware in one powerful punch. Not only has VIPRE Antivirus + Antispyware come out of the corner swinging, but they've done it with the grace and expertise consumers demand from antivirus software. It's easy to install, easy to use, and is the lightest running antivirus application we've ever seen. Really, this should come as no surprise since Sunbelt, founded in 1994, has a track record of producing award-winning programs for Windows. With their latest antivirus release of VIPRE, they're getting rave reviews across the board, and we're in the same fan club. Does it hold up against the powerful malware foes out there today? Can it really run that light and still be that potent? Read on to find out. VIPRE Antivirus + Antispyware 3.1 - At A Glance - Reviews by PC Magazine
www.pcmag.com/article2/0,2817,2326526,00.asp We all know that multiple real-time antivirus products on the same system can cause conflict. It's also possible for a real-time antivirus product to conflict with a real-time antispyware product, so you're safest when a single product handles both tasks. As its name indicates, Sunbelt Software's VIPRE Antivirus + Antispyware 3.1 is designed to handle all kinds of malicious software, and it does a very thorough job.
The Ultimate Security Solution
VIPRE is a completely new product combining antivirus, antispyware, anti-rootkit and other technologies into a seamless, tightly-integrated application. Utilizing next-generation technology, the product provides powerful protection against today's highly complex malware threats, without the performance and resource headaches of many traditional antivirus products. Norton AntiVirus 2009 | PC Antivirus Reviews 2009
www.pcantivirusreviews.com/reviews/norton_antiviru...
Antivirus Programs
On Tuesday we asked you to share your favorite antivirus application, and today we're rounding up the five most popular answers. Hit the jump for an overview of the five best antivirus applications and to cast your ballot for the best antivirus app of the group.
Favorite or popular is not generally a good criteria for picking security programs, but in this case, these are good choices. Best Free Anti-Virus Software | Gizmo's Tech Support Alert
www.techsupportalert.com/dr/best-free-anti-virus-s... Tue, 04/08/2008 - 03:29 — jeffrey
Antivirus tools are essential in protecting the host client from a multitude of viral, Trojan, and rootkit Internet threats. They also can stop virus infestation from cross-media file sharing. Antivirus programs are also essential as a secondary preventative Internet security solution inside a firewall. If you are looking for the best possible protection, my top recommendation is Avira AntiVir Personal Edition. Although its detection rate is outstanding, there are some reservations. First, it lacks the email scanning feature that is only available in the paid version. This means that AntiVir won't warn you of infected emails before you open them. However, should you open an infected email, AntiVir will still spring into action, so the absence of an email scanner doesn't mean you are not protected from email-based infections. My second reservation is that AntiVir is quite an intrusive product - you will certainly be well aware of its presence. Finally, AntiVir Personal Edition Classic has a time limited license. It is renewable, but be aware that you will have to periodically go through the hoops. The latest version includes anti-rootkit and a faster scan rate and is very light on resources. If you are not prepared to accept the drawbacks to AntiVir, I would suggest either AVG Antivirus Free Edition or the Avast! scanner. Neither is quite as effective in detection as AntiVir, but they are both more complete products, and less intrusive in use. AVG Free has been continuously refined since it was initially released in 1991. The latest version makes further improvements to an already solid product. It now comprises spyware, phishing, and email scam protection. While it has grown considerably in size and is a bit heavy on resources, its detection rate has improved. Regular automatic updates come quickly as before, and despite rumors, the new email scanning feature is not trial limited to 30 days. There are free and pro versions; the only difference is the free version has a few non-critical features disabled and has no technical support other than a free user forum . Equally effective is the free Avast! scanner, although its funky media player style interface is not to everyone's taste. Avast now has built in anti-rootkit and anti-spyware capabilities. Avast also required periodic re-registration, while AVG Free does not. However, Avast does not seem to suffer the signature file update problems that plague some AVG users. The latest version includes anti-spyware and anti-rootkit. 7 dirty secrets of the security industry | InfoWorld | News | 2008-05-01 | By Tim Greene, Network
www.infoworld.com/article/08/05/01/7-dirty-secrets... Antivirus certifications are misleading. The certification standards confirm that devices block 100 percent of all replicating malcode. The catch is that 75 percent of
malcode coming into networks is non-replicating, such as Trojans. When the standard was set, non-replicating malcode represented
5 percent of malcode, Corman says. "Certification means [a product] caught 100 percent of 25 percent of the bad stuff," he
says. (Compare antivirus products)
" Replicating" means code that is slightly morphed each time it is delivered to keep it under the virus radar.
Sunbelt Blog: Rather nice review of CounterSpy
sunbeltblog.blogspot.com/2007/12/rather-nice-revie... In fact, the AV engine in CounterSpy is very basic, and is primarily used to improve the antispyware functionality of CounterSpy. However, we are releasing our standalone AV product in Q1, called VIPRE, which will include all the functionality of CounterSpy but have full AV protection as well. It will be a very inexpensive upgrade for any CounterSpy user.)
Twenty years after the first one appeared, PC viruses are more diabolical than ever. How do you keep them off your system? Read on for the results of our rigorous lab tests of the top antivirus programs. 23-Apr-2007
Kaspersky's first-rate but pricey program offers a smooth, easy-to-use design and excellent protection against malware. 23-Apr-2007 Note: pricey may not be the best description. It's more relevant to compare yearly costs of virus signature updates.
BitDefender has excellent malware detection and a good price, but it adds a noticeable (though not show-stopping) system slowdown. 23-Apr-2007
Symantec's solid program wins top marks for antivirus detection and cleanup, but its renewal and support costs are high. 23-Apr-2007
This effective but expensive program has solid malware detection and the fastest outbreak-response time among currently tested competitors. 23-Apr-2007
Symantec's solid program wins top marks for antivirus detection and cleanup, but its renewal and support costs are high. 23-Apr-2007
This effective but expensive program has solid malware detection and the fastest outbreak-response time among currently tested competitors. 23-Apr-2007
NOD32 has the best proactive protection by far, but its overall malware detection is second-tier, and it has an overly technical interface. 23-Apr-2007
The least-expensive program we tested, AVG has average overall malware detection, the worst proactive protection, and a clunky interface. 23-Apr-2007
Poor performance at detecting malicious software (overall and proactive) resulted in a bottom-of-the-barrel ranking. 23-Apr-2007
This program offers decent overall malware detection, but poor proactive protection and an awkward design. It also lacks U.S. phone support. 23-Apr-2007
This well-priced option provides good proactive protection, average overall malware detection, and a poor disinfection rate. 23-Apr-2007 NOTE: Overall malware detection in an antivirus program is not important if you have a top-notch antispyware program.
NOD32 has the best proactive protection by far, but its overall malware detection is second-tier, and it has an overly technical interface. Support Alert Newsletter Issue 144, Premium SE Edition
techsupportalert.com/supporters/Issues/al_current.... Of
the commercial products I favor NOD32 as it provides first class detection, yet is light
on resources. The $19.95 paid version of Avira is also a fine choice, providing the same
or slightly better protection as NOD32 at the cost of slightly heavier resource usage.
Kaspersky and Norton AV are also sound options provided you have a fast PC.
Antispyware
Spyware Doctor has been downloaded over 125 million times with millions more downloads every week. People worldwide use and trust Spyware Doctor to protect their PCs from spyware, adware and other online threats. Spyware Doctor has consistently been awarded Editors' Choice, by leading PC magazines and testing laboratories around the world, including United States, United Kingdom, Sweden, Germany and Australia. In addition, after leading the market in 2005, Spyware Doctor was awarded the prestigious Best of the Year at the end of 2005 and again in 2006. This is one of the applications in the "Google Pack". Nine Ways to Wipe Out Spyware - Reviews by PC Magazine
www.pcmag.com/article2/0,1759,2255857,00.asp?kc=PC... We've rounded up the best (and worst) of the apps dedicated to finding and killing spyware—and keeping it from getting onto your machine in the first place. Not all antispyware apps are created equal!
Sunbelt CounterSpy 2.0 Search Result reviews - CNET Reviews
reviews.cnet.com/search-results/sunbelt-counterspy... Product summary
The good: CounterSpy is inexpensive, scored well on CNET tests, has an intuitive interface, and offers more features than other antispyware apps on the market. The bad: CounterSpy requires a reboot with some updates. The bottom line: Sunbelt CounterSpy 2.0 distinguished itself in a crowded field by providing a clean, institutive interface and great test results.
Price range: $14.99 http://www.pcmag.com/article2/0,1895,2100586,00.asp
Sunbelt Software's CounterSpy V2 is good at removing spyware that has sunk its claws into your system, but it's even better at keeping spyware out of a clean system. It also offers a variety of security extras, mostly for expert users. And it costs less than the leading brands. Firewalls
Online Armor Firewall: First Impressions | Defensive Computing - CNET News
news.cnet.com/8301-13554_3-9989929-33.html?tag=mnc... The install process for Online Armor was uneventful, but then things went downhill. After installing, you have to reboot, no surprise there, I would expect this with any firewall. But, on the first computer I installed it on, the reboot looked like it wouldn't happen. For what seemed like an eternity, I was staring at the Windows desktop image with no icons. Perhaps a watched pot never boils, but I was sure glad that I had made a disk image backup beforehand.
Problem 2: Inadequate outbound protection The outbound protection of several well-known firewalls — including the popular freeware version of ZoneAlarm — is poor. To see how your firewall's outbound protection rates, check out the "leak test" results at these two sites: These two sets of results are not in exact alignment. Furthermore, the results are based on leak tests that in themselves are only part of the outbound-protection equation. However, the tests are useful guides. Certainly, if your firewall is down the bottom of both lists, you may want to consider changing it or augmenting your defenses with another security product. Upgrading your firewall may sound like an easy option, but unfortunately, the top-performing products in these tests — including the popular free Comodo and Online Armor firewalls — are quite demanding on you, the end user. Maybe too demanding. For some users, there are better options than using a high-performing outbound firewall. One alternative is to add a standalone host intrusion prevention system (HIPS) such as PCTools' ThreatFire (available in free and $30 Pro versions). Another is to use a policy-based security program such as SoftSphere Technologies' $30 DefenseWall (30-day free trial available) or a sandbox program such as Ronen Tzur's free SandBoxie. I can't properly address this complex issue in this column, but I will dedicate a whole article to the subject in a future issue. In the interim, you may want to try Comodo. It's free and has a basic operating option that puts less demand on users, though this low-maintenance mode reduces outbound protection. Problem 3: User failure Outbound protection is effective only if the user responds appropriately to the warning messages thrown up by the firewall. The problem is that many users don't have the knowledge required to provide the appropriate responses. This weakness is compounded by the fact that many firewalls are most unhelpful in providing the user with guidance on how to respond to the programs' security alerts. For example, no average user could be expected to respond appropriately to a message that reads something like this: Program lsass.exe wants to connect to the Internet. Approve or Deny? When regularly faced with this kind of nonsense, many users will simply answer "Approve" to everything, totally negating the effectiveness of outbound protection. There is no point in blaming the user here. They're just ordinary folks, not technical experts. The problem is that the model is flawed; you cannot rely on the user's response for security decisions. Some firewall vendors have made progress in reducing the burden on users by applying smart techniques to reduce the number of warnings and also by providing more information to help users make an informed decision. However, while the problem can be lessened, it cannot be eliminated. Because of these poor interfaces, firewalls that top the leak-test charts may in practice offer average users no better outbound protection than poorer-performing firewalls. So, what can be done? As I mentioned above, you can augment your protection using other less-demanding security options, such as a sandbox. Another approach is to select a firewall that balances technical protection with realistic user demands. A product such as the free Sunbelt Personal Firewall (formerly Kerio) sure won't win any prizes in the leak-test contests, but for many people it is one of the best choices. And Sunbelt is the hands-down winner over the Windows Defender firewall that most home users rely on. It's a simple case of the "right" firewall being a better choice than the "best" firewall for the average PC user. Yahoo Mail's makeover gives it the webmail edge
windowssecrets.com/paid/080724/?u=wwqb2g0b93od&r=2... The best personal firewalls revisited
In my Apr. 17 column, I described the personal firewalls with the best and worst performance. That column discussed research conducted by Matousec, a security consulting and research group named after its founder, David Matousek. After some testing to determine which firewalls are best at withstanding a variety of security tests, Matousec revealed that the free Comodo Firewall Pro and Tall Emu's U.S. $40 Online Armor Personal Firewall stopped every attack thrown at them. Matousec recently updated the results after a new round of testing. This time, Agnitum's $40 Outpost Pro Firewall came in first, blocking 99 percent of the attacks thrown at it. In second place was Online Armor Personal Firewall (which had a 98-percent rating), coming in third was Comodo Firewall Pro (stopping 95 percent of attacks), and in fourth place was ProSecurity (with a score of 93 percent). Firewalls' ratingsThe table below sorts the tested firewalls by their total score. This table also shows the exact version of every tested product. The PDF document icon allows you to download the testing report in PDF format for the tested product. "The security researchers and consultants of Matousec bring far more knowledge to firewall leak testing than most competing sites, which gives me more confidence in their results." -- Mark Joseph Edwards, Windows Secrets Scot’s Newsletter Blog » Blog Archive » The Best Firewall Software of 2008: Online Armor
blog.scotsnewsletter.com/2008/03/24/the-best-firew... The decision is in. After a year and a half of testing, and with the help of more than a thousand Scot’s Newsletter readers who’ve written detailed descriptions of their software firewall experiences, I’m happy to announce that Tall Emu’s Online Armor 2.1 is The Scot’s Newsletter Blog Best Firewall Software of 2008.
Reviewers have not done the best job keeping pace with reviewing software firewalls. Because several companies have merged or gone out of business, many slightly older reviews are no longer relevant. For example, PC Magazine and PCFlank.com (a security site) have excellent reviews, but haven't reviewed enough current versions of programs to provide a useful basis for comparison. Consumer Reports mentions firewalls in passing in some of its outdated security software articles. Some other reviewers do a better job of keeping pace. Computer Shopper, InformationWeek and Matousec.com offer very good reviews supported by testing. Reviewers test each firewall program for its ability to monitor incoming and outgoing traffic, including tests for port-scan attacks and leak tests. Firewall Leak Tester doesn't review products, but tests all major firewall programs with leak tests. A leak test is a malware program that tries to connect to an outside server from a computer to give a hijacker access. Reviewers also try to disable the software, as some malware programs try to do. While features and ease of use are important, technical performance is the most important buying consideration for firewall software. The sources covered
in our report review both commercial and free programs. Commercial programs
generally include updates for one year, with automatic updates. Most of the
commercial programs have 30-day free trials, but setting up and training a
firewall is a time-consuming hassle that few people would want to repeat.
You can buy a standalone firewall program or an integrated Internet security
suite. Suites also include antivirus software, a spam filter, anti-spyware
software and parental controls. They are cheaper to buy than separate programs
and most are more convenient to use. However, the consensus of reviewers is
that standalone programs are more effective. See our report on Internet
security software
for more information.  Comodo Personal Firewall 2.0: Full Review - Review by PC Magazine
www.pcmag.com/article2/0,1895,1969225,00.asp Last summer, PC Magazine rounded up free personal firewall products from Agnitum, Kerio, Sygate, and Zone Labs. (Symantec has since purchased Sygate and pulled it from the market; Sunbelt has purchased and rebranded the Kerio product.) They all did a decent job, though none was up to the standard of the best for-pay personal firewalls. Comodo Personal Firewall 2.0 brings excitement back to the free-firewall category with a spiffy interface and impressive performance. It protects any Windows 2000 or XP SP2 system from hack attacks, and it blocks unauthorized programs from using the Internet—even programs whose malware-style trickery fooled the other free firewalls.
Will my security software prevent my confidential data from being transmitted to a hacker?Will my security software stop a virus from corrupting or destroying my important documents?HIPS - Hosted Intrusion Prevention System
SoftSphere Technologies, the official site of the DefenseWall HIPS - Host Intrusion Prevention
www.softsphere.com/ DefenseWall HIPS
More efficient than an anti-virus! Isolate good from evil. DefenseWall HIPS (Host Intrusion Prevention System) is the simplest and easiest way to protect yourself from malicious software (spyware, adware, keyloggers, rootkits, etc.), that can not be stopped by your anti-virus and anti-spyware programs, when you surf the Internet! Using the next generation proactive protection technologies, sandboxing and virtualization, DefenseWall HIPS helps you achieve a maximum level of protection against malicious software, while not demanding any special knowledge or ongoing online signature updates. No signatures, no popup windows, no false positives. It is just reliable and transparent protection, easy to use and strong. DefenseWall HIPS divides all applications into 'Trusted' and 'Untrusted' groups. Untrusted applications are launched with limited rights to modification of critical system parameters, and only in the virtual zone that is specially allocated for them, thus separating them from trusted applications. In the case of penetration by malicious software via one of the untrusted applications (web browsers etc), it cannot harm your system and may be closed with just one click! With DefenseWall HIPS, Internet surfing has never been so simple, safe and easy. Online Armor has some of the best Security feature of any Security Suite
www.tallemu.com/product_features.html The program blocker gives you control of which programs are allowed to run on your computer. Known safe programs, such as MS Office will automatically be allowed to run and dangerous programs will give a red warning popup so you can prevent them from running. If a new program is detected, you have the option to allow, block or get more information and you can always change your mind. If you block a program while it is still running, Online Armor will stop it and prevent it running in future.
Traditional antivirus protection fails you when you need it most - That's when you need ThreatFireConsumers spend over a billion dollars a year on security software to keep their PCs safe. Every month they spend countless hours configuring and updating their software. And yet every week millions of users are infected by new threats that their traditional antivirus does not stop. Why? Traditional antivirus solutions cannot protect you until after they've discovered a new threat and produced a signature to counter it. ThreatFire is different. It does not rely on signatures, but instead constantly analyzes your computer's behavior to detect and block any malicious activity. ThreatFire protects immediately so you know your PC and your valuable data is always secure. Limited Rights
Support Alert Newsletter Issue 145, Premium SE Edition
techsupportalert.com/supporters/Issues/al_current.... 2.3 Options for Limiting User Rights in XP Using a Windows limited user account for your normal work is an effective way of reducing the chance of your computer getting infected by malware. That's because most viruses, trojans, keyloggers, rootkits and other nasties require administrator level rights to install. When you use a limited user account with reduced privileges these products simply can't get a foothold. It sounds like a great idea but there are many problems in practice. First, lots of simple routine tasks like changing the system clock, plugging in a USB drive, running a defragger and updating software can't be carried out in a limited user account. Second many applications, including a lot of security products, won't work either. Some of these problems can be solved by the judicious choice of software while others can be addressed by temporarily switching to an account with administrator rights to run any software that needs these rights. Indeed Windows has an inbuilt command line program called "RunAs" that can be used to temporarily switch to an admin level account simply by typing in the admin account password. In the Premium edition of issue #144, I mentioned a program called Sudo for Windows [1] that like RunAs, provides on-the-spot escalation of privileges for limited user accounts but is more convenient to use. Unlike RunAs, it allows the escalation directly within the restricted account so you remain the owner of the installed files, registry keys, etc. Again unlike RunAs, any icons installed are visible on your desktop. My mention of Sudo for Windows prompted subscriber Paulus T to write in about another free program called suDown [2] that does much the same thing as Sudo for Windows. It not quite a configurable as Sudo for Windows but it's simpler to use and doesn't require the .NET framework to be installed. Overall it's a better choice for most users. Paulus also alerted me to a site [3] that's dedicated to the problem of running reduced rights accounts; it's an excellent resource. [1] http://www.lostcreations.com/sudowin/sudowin [2] http://sudown.sourceforge.net/ [3] http://nonadmin.editme.com 2.4 An Alternative to Sandboxing In the previous item I mentioned some programs that allow you to temporarily elevate the rights of a Windows limited user account. An alternative approach is to adopt the converse policy, that is, to routinely use an administrator account with full rights but reduce the privileges of specific high risk programs like your web browser. It's a strategy that offers fewer inconveniences than running a limited user account at the cost of a slightly lower level of security. Personally I prefer sandboxing these risky applications but for those who have experienced problems when they install a sandboxing program, reducing the privileges of risky applications is a viable alternative. Several free tools are available that allow you run specified programs with reduced privileges. Best known is Microsoft's own DropMyRights [1] which works with XP Pro only or SetSAFER [2] that also works with XP Home provided the .NET framework is installed. Then there is StripMyRights [3] that offers more features than DropMyRights such as command line parameters. Amust's 1-Defender [4] is also an option. Which is the best? If you are a straight Microsoft type who uses Internet Explorer /Outlook / Messenger than 1-Defender is your best bet as it's the easiest to set up. Most other users will probably find DropMyRights a better option as it works with Firefox and other products and has decent documentation on usage. What programs should you reduce the rights for? The same programs you should sandbox namely your browser, email client and IM client. If you reduce the rights of all these programs you will dramatically lower the chances of becoming infected with malware. You will a pay penalty though. Certain functions such as program updates, Macromedia Flash and others functions that require admin privileges may no longer work. Still it's not hard to switch back to full privilege versions of the programs when needed and that's an acceptable cost to pay for the increase in security you get. Remember though, that even if you run your risk-prone applications with reduced privileges you can still get infected from downloads, borrowed programs and other sources. That's why you still need to run anti-virus and other security programs. [1] http://msdn2.microsoft.com/en-us/library/ms972827.aspx [2] http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure01182005.asp [3] http://www.sysint.no/nedlasting/StripMyRights.htm [4] http://www.amustsoft.com/1-defender/ Paul Thurrott's SuperSite for Windows: Windows Vista Security Suites Review: Windows Live OneCare 1.
www.winsupersite.com/reviews/winvista_security_sui... How could such a great idea be implemented so poorly? When Microsoft released its initial version of Windows Live OneCare (see my review) back in early 2006, I lauded the company for providing a resource-friendly security and PC health suite that thought outside the box and offered a compelling set of services, a sort of "Web services-based IT administrator for home users," if you will. Indeed, aside from some silly and incessant pop-up dialogs and a curious lack of anti-spam functionality, I thought OneCare was pretty darned good. Compared to the security suites of the day, of course. I was pretty much alone in that opinion. Security researchers in particular have ripped OneCare to shreds over the past year, complaining that it falls short of the competition when it comes to detecting and removing known malware. That said, those competitors were also busy working on OneCare rip-offs, the most obvious of which is Norton 360, reviewed below. Credit Microsoft for at least creating a new kind of security suite: Companies like Symantec, with Norton 360, and McAfee are still busy tweaking their own products to be more OneCare-like. Rootkits
Downloads• F-Secure Labs - Preview of Feature Candidates The Cure - Innovative New TechnologyNow, there is a cure, F-Secure BlackLight Rootkit Elimination Technology. And, it's time to find out, whether your computer is infected by invisible rootkits. Read more about this innovative counter-measure F-Secure BlackLight™. Download TrialNote: An integrated BlackLight engine is included in F-Secure Internet Security 2008 as well as Client Security 7. F-Secure Online Scanner also includes BlackLight technology. A standalone BlackLight Utility can be downloaded from our Security Center. Don't be a victim of Sinowal, the super-Trojan
windowssecrets.com/2008/11/20/03-Dont-be-a-victim-... Your antivirus program may help, for a while. Time and time again, however, Sinowal/Mebroot's creators have modified the program well enough to escape detection. AV vendors scramble to catch the latest versions, but with one or two new Sinowal/Mebroot iterations being released every month, the vendors are trying to hit a very fleet — and intelligent — target.
Peter Kleissner told me, "I think Sinowal has been so successful because it's always changing ... it is adjusting to new conditions instantly. We see Sinowal changing its infection methods and exploits all the time." Similarly, you can't rely on rootkit scanners for protection. Even the best rootkit scanners miss some versions of Sinowal/Mebroot. (See Scott Spanbauer's review of free rootkit removers in May 22's Best Software column and Mark Edwards' review of rootkit-remover effectiveness in his May 22 PC Tune-Up column; paid subscription required for the latter.) Truth be told, there is no single way to reliably protect yourself from Sinowal/Mebroot, short of disconnecting your computer from the Internet and not opening any files. But there are some historical patterns to the exploit that you can learn from. First of all, most of the Sinowal/Mebroot infections I've heard about got into the afflicted PCs via well-known and already-patched security holes in Adobe Reader, Flash Player, or Apple QuickTime. These are not the only Sinowal/Mebroot infection vectors by a long shot, but they seem to be preferred by the Trojan's creators. You can minimize your risk of infection by keeping all of your third-party programs updated to the latest versions. I tested a number of free rootkit detectors for Windows XP and Windows Vista, and my clear favorite is F-Secure's Blacklight, which combines thorough system scanning with the familiar interface reminiscent of a standard antivirus program.
On the other hand, do-it-yourself types will find plenty to like in GMER. The utility offers fine-grained control over which files it scans, and it produces detailed reports of your system's processes, files, Registry entries, and other rootkit-related information. Trend Micro's Rootkit Buster beta is similar to Blacklight, but the program's scans are suspiciously brief. I ran the three rootkit scanners on two different PCs: one running Windows XP and the other Vista. Since none of the programs found anything dangerous on either system, I wasn't able to test their rootkit-removal skills, which generally involve renaming or deleting the problem files and processes they discover. German research group AV-Test recently conducted an analysis (PDF) to determine how well anti-rootkit tools detect and remove the pests. The company's tests were conducted using Windows XP SP2 and were begun on Oct. 25, 2007. Granted, that was over half a year ago, but rootkit testing takes quite a long time. For example, AV-Test points out that testing just one product against 60 rootkit samples can take as much as 20 to 30 hours.
The organization's tests determined how well the tools prevented initial rootkit infiltrations as well as their ability to detect and remove a rootkit already present on the test machine, along with any malware installed by the rootkit. According to AV-Test's results, the best-performing security suite is BitDefender Internet Security 2008, which recorded near-perfect scores across the board. The second-best rootkit-detecting suite is Kaspersky Internet Security 7. The best Web-based rootkit-removal tools are F-Secure Online Virus Scanner and Panda Security ActiveScan. Topping the list of specialized rootkit detectors is AVG Anti-Rootkit Free (which is now available only in commercial versions of AVG 8), followed closely by Rootkit Unhooker LE; this program has since been acquired by Microsoft. Keep in mind that AV-Test did not call out specific winners in any category. Instead, the group lists the test results broken down by areas of functionality. The tools I named as the best were chosen by me based on their scores across all of the tests. While most of the tests involve Windows XP SP2, the report includes a much smaller set of test results for systems running 32-bit Vista Ultimate Edition. These tests used only six rootkit samples. Their results indicate a three-way tie for first place: F-Secure Antivirus 2008, Norton AntiVirus 2008, and Panda Security Antivirus 2008. Each achieved perfect scores in detection and removal of active and inactive rootkits. If you're wondering what other rootkit-removal tools might be available beyond those included in the tests, head over to Antirootkit.com, where you'll find a list of 32 such tools, the majority of which are free. PC World - Privacy Watch: New Rootkit Detectors Help Protect You and Your PC
www.pcworld.com/article/126117-1/article.html Rootkits--malware that can be particularly well hidden--are ferreted out by these free tools.Andrew Brandt Illustration: Mark Matcho
By now you've heard about Windows rootkits--tools malware authors use to hide their evil creations from our antivirus or antispyware software. Because rootkits often hide dangerous viruses, Trojan horses, or spyware, detecting them is important. Only a few rootkit-detection tools have received attention: the free RootkitRevealer from sysinternals.com, and BlackLight (freeware until October 1) from F-Secure. But luckily for us, developers are working on a number of powerful, no-cost tools to detect rootkits. IceSword Author Speaks Out On 'Rootkits'
That's the situation with IceSword, a program I wrote about on May 31 and June 7. IceSword is a remarkably effective tool against "rootkits," virus-type programs that can evade detection by ordinary antivirus products. IceSword is available only in a Chinese-language version. Using several search engines, I was able to find dozens of comments about the program in Chinese-language sites, but not a single mention in English. The one exception was the site of Hacker Defender, a rootkit package that's sold in a basic version for 20 euros (about $25 USD) and "silver" and "gold" versions for up to 450 euros. The package's author, who calls himself "holy_father," has written on his site that currently the only antirootkit tool that can detect Hacker Defender (HxDef) is IceSword. He called it "such a nice tool, [a] real challenge," adding, "One of my priorities this summer [will be] to beat IceSword." The author of IceSword is a Chinese programmer who goes by "pjf_" in online postings. I was finally able to track down pjf_ and interview him through an intermediary. (After discovering an e-mail address pjf_ once used in a discussion forum, I sent a message requesting his full name, but my communication went unanswered.) The following interview was conducted for me in Chinese by Ming Jin, a researcher who works with eEye Digital Security, based in southern California. I had the responses translated into English by Zhen Wang, a professional translator in Beijing. Support Alert Newsletter Issue 153 Premium SE Edition
techsupportalert.com/members/Issues/al_current.htm... 1.3 Free Security Scan of Your Running Processes Software vendor Uniblue is offering a free process scanner [1] that you can download and run on your PC. There are many excellent free process scanners but what's different about this one is that it cross checks each of your running processes against Uniblue's huge internet catalogue of legitimate and known malware programs. If one of your programs is a security risk it is flagged. It works quite well, and if you use it together with a good rootkit scanner such as Panda [2] you should be able to pick up just about any secret malware infection lurking on your PC. [1] http://www.processlibrary.com/processscan (901KB) [2] http://www.pandasecurity.com/homeusers/downloads/docs/product/help/rkc/en/rkc_en.htm Scans
Support Alert Newsletter Issue 153 Premium SE Edition
techsupportalert.com/members/Issues/al_current.htm... 1.3 Free Security Scan of Your Running Processes Software vendor Uniblue is offering a free process scanner [1] that you can download and run on your PC. There are many excellent free process scanners but what's different about this one is that it cross checks each of your running processes against Uniblue's huge internet catalogue of legitimate and known malware programs. If one of your programs is a security risk it is flagged. It works quite well, and if you use it together with a good rootkit scanner such as Panda [2] you should be able to pick up just about any secret malware infection lurking on your PC. [1] http://www.processlibrary.com/processscan (901KB) [2] http://www.pandasecurity.com/homeusers/downloads/docs/product/help/rkc/en/rkc_en.htm Security Software Reviews
Support
Alert reader Briard has a close look at how the top anti-virus scanners
perform. Having identified the top vendors he looks at their latest
security suite offerings.
There are ratings and links to more ratings under these categories. Proactive Software
Norton AntiBot definitely offers protection against fast-changing, fast-acting malware such as bots—protection you won't get from a signature-based malware scanner. It won't catch "sleepers," such as viruses that go dormant until a particular time. But when they wake up and get nasty, so does NAB!
Disarm Net Threats
New types of security tools proactively limit the power of viruses and
other malicious software to infiltrate and damage your system. 25-Aug-2006
Six HIPS Programs Reviewed and Rated An analysis of how well the latest generation of HIPS security products perform More on the Web
Good sources for security software reviews:
The
46 Best-ever Freeware Utilities (Lots of Security Software here) There are a lot of great freeware products out there. Many are as good or even better than their commercial alternatives. This list features my personal pick of the "best of the best." All the utilities in this list have featured in past issues of my free monthly newsletter "Support Alert" More freebies are published in each new issue. If you are interested in great utilities and freeware you really should consider subscribing. It's free. |
|||||||||||||||||||
Computer users in the Western world had better adjust to the fact that excellent software is coming from China and will initially be available only in Chinese.