Maximum PC antimalware RSS Feed

Symantec Releases Public Beta of Norton Internet Security 2010 and AntiVirus 2010

Paul Lilly — Fri, 03 Jul 2009 17:19:54 -0500

Many of our readers were taken off-guard when we rated Norton Internet Security 2009 a 9/Kickass in last year's antivirus roundup, and we even admit to being surprised at Norton's transformation from a resource-heavy sloth to a lean and competent antimalware package. We hope the trend continues, and we'll have a chance to see if it does now that Symatec has released beta versions of its upcoming 2010 releases to the public.

The new version features a new protection model codenamed Quorum and will put a heavier focus on reputation-based malware detection. While it won't replace existing signature-based detection for known threats, Norton says the reputation model can detect zero-day malware that's never been seen before.

"Our new approach changes the rules by both enhancing traditional security techniques to make them more aggressvie and by making it dramatically more difficult for attackers to evade detection by simply changing their malware," said Rowan Trollope, Symantec senior vice president, Consumer Business Unit.

Other features include an overhaul to parental control and spam filtering, more detailed information provided by Norton Insight, which identifies known good programs for faster scanning, and a new feature called Autopsy, which is designed to help the user understand what just happened when Norton automatically removes an infection.

Norton Internet Security 2010 Beta
Norton Antivirus 2010 Beta

Image Credit: Symantec

Fake Microsoft Update Email Can Ruin Your Evening - Stop It Now!

Mark Soper — Tue, 22 Jan 2008 21:25:52 -0600

Heed This "Warning" - And You'll Be Sorry

Security vendor Sunbelt Software's blog reports that a fake warning to "update your P.C. in maximum 12 hours otherwise your Windows will be Expired" is making the email rounds. While the message (visible here) has all of the earmarks of a fake (including broken English), it might convince some technical novices that they'd better get clicking. If they do click, what happens? They download IRC.Backdoor.Trojan, an old threat that can still take over a system. It's disguised as updateWindows.exe. You can learn more about how it works by reading PacketShack.org's analysis.

Removing IRC.Backdoor.Trojan

There are a large number of variants of this nasty bit of malware, as this Tek-Tips thread suggests. It also goes by many different names depending upon the antivirus vendor, including Win32.HackTool (eSafe), Backdoor.IRC.Zapchast (F-Secure and Kaspersky), Riskware.HideWindow.B (Webwasher-Gateway), and many others (link requries a PDF reader). Some antivirus programs may have difficulty removing it.

If you're working on an infected computer and can't get rid of it, one Tek-Tips poster recommends using the free F-Secure online scanner. You must use IE6 or IE7 with ActiveX enabled to use the F-Secure scanner, and it runs on Windows XP or 2000 (a beta version is available for Windows Vista users).

What Not to Click

Tired of fixing virus and malware infections? Remind your family, friends, co-workers (and anybody else who thinks you're a technology genius) of the rules for staying out of trouble online:

Don't click links purporting to come from PayPal, eBay, or your local bank or credit union
Always log into Windows Update, e-commerce and similar sites manually
Hover the mouse over links in an email or web page to find out where it will really take you
Ignore logos and artwork when attempting to determine if an email or website is legit - they're easily stolen and reused

These can be summarized in one rule: Think before you click!

Storm Worm Strikes Again - and Blasts from the Past, Part 1

Mark 'Marcus Soperus' Soper — Thu, 27 Dec 2007 22:17:27 -0600

Storm Worm Prepares to Rings Out 2007...

UK's the Register website reports that the Storm Worm, which first surfaced in January 2007, has been making the rounds again, first with email messages sent out on December 24th containing links to scantily clad young women in Santa Claus suits, and since then with messages directing users to a malicious website called uhavepostcard.com.

...Just as It Rung In 2007

How bad is the Storm Worm? While the Storm Worm (so named because its original version used the subject line '230 dead as storm batters Europe'), points users to various fake websites for various types of downloads, the malware is always some variant of the Small.DAM Trojan. Small.DAM installs the wincom32 service and turns the computer into a member of a botnet network that can send thousands of emails in a few minutes. The Wikipedia entry for Storm Worm contains plenty of references to its history and variants.

Calming the 'Storm'

Stop the Storm Worm by using up-to-date antivirus and antimalware programs, and remind your less technically-adept friends and families that Santa Claus doesn't encourage naughty behavior and that 'free' postcard messages from unfamiliar servers always have a high cost.

My Favorite Blog Posts from 2007, Numbers 10-7

Here are my favorite 'blasts from the past' from 2007: the blog posts that gathered lots of diggs and/or comments while shedding more light on difficult subjects.

10. Vista's User Account Control 'Nags' Are Useful – Believe It or Not This story from May 10 pointed out some of the hidden benefits of Vista's User Account Control feature, garnering 8 diggs in the process.
9. Microsoft Patch Tuesday Knocks Out Skype - What Can We Learn From This? With millions of users (not to mention Maximum PC's podcast) affected by VoIP provider Skype's outage in August, there were plenty of users asking "what happened?" As a result of the comments on this story, I dug deeper, resulting in my next nominee:
8. Skype to Users: Microsoft Good, My Bad, We Fixed, All Better Now My investigation of exactly how Skype works (it combines peer-to-peer and distributed network features) also garnered a lot of comments and concerns from readers.
7. Use a Sony USB Fingerprint Reader and Thumbdrive, Get a Rootkit Free! I wasn't the only one who was shocked to see that Sony was up to its old tricks again with this story from August. It gathered 5 diggs as well as a bunch of comments from readers. See page 2 to read my proposed "Bill of Rootkit Rights," designed to promote transparency and honesty about rootkits. With some versions of the Storm Worm using rootkit techniques to hide themselves, it may be time to review this story again. Next time, numbers 6-4.

---------------------------------------------------------

Gift card burning a hole in your pocket? From digital photography to home networking, from Windows Vista to Windows XP, and other subjects, Mark's written outstanding books that make you smarter about technology - and make you smile in the process. Mark's books are available from Amazon.com, Barnes & Noble, Books-a-Million, Borders, Target, Powells and other fine stores everywhere.