December 3-5 marked the 9th annual AVAR conference. This year yours truly got to be the conference chairman and ESET hosted the conference in New Zealand. AVAR is the Association of anti Virus Asia Researchers (http://www.aavar.org) and has a mission to prevent the spread and damage caused by malicious software, and to develop cooperative relationship
Apple QuickTime includes the ability to create a movie that can use JavaScript commands. This “feature” is referred to as the HREF track. One exploitation of this “feature” resulted in the spreading of a worm on MySpace. While the functionality itself has legitimate uses there is no legitimate reason for forcing active content from a
At the Virus Bulletin conference this year I gave a presentation on what I believe will be the impact of Microsoft entering the anti-virus industry. You can download the full paper at: http://www.eset.com/download/whitepapers/RandyAbrams_VB2006.pdf. Some people think that this is the beginning of the end of the anti-virus industry and cite examples, such as Netscape as
You may have seen a report that Jim Allchin, a Microsoft co-president said that the new lock down features in Vista are “so capable and thorough that he was comfortable with his own seven-year-old son using Vista without antivirus software installed.” Of course, the words “Lock down features” are very important. This means that the
A while back I had a chat with Ed Skoudis, who with Tom Liston created Spycar. The log of the chat is available here. In this conversation Ed agreed that Spycar is not a comprehensive test for anti-spyware products, and that it was not designed to be such a test. Randy says: OK, so to
The Hamburglar, http://en.wikipedia.org/wiki/Hamburglar, was the crook in some old McDonald’s commercials. It appears that Hamburglar has returned to steal information from McDonald’s customers. Don’t worry, you would have to be one of 10,000 winners (in Japan) to get this special treatment, the rest of us losers keep our passwords. McDonald’s unfortunately put their trust in
Microsoft released an out-of-band patch for a vulnerability that affects how Internet Explorer and Outlook process VML code. VML is a method of displaying some high end graphics. If the vulnerability is exploited a remote attacker can gain control of your PC. ESET’s NOD32 is the first known anti-virus product to detect all known types
There have been a lot of articles about ZERT and their patch for the MS VML vulnerability. ZERT is a group of security researchers who feel that the danger of the vulnerability and lack of an MS patch warrants creating their own temporary patch. ESET, Microsoft, and a number of other security vendors do not
For several months now we have a seen a trend where hackers who discover a vulnerability in a Microsoft product wait until the day after “Patch Tuesday” to release the exploit. This month there has been a proof of concept exploit released for the Microsoft DirectAnimation Path ActiveX Control. ActiveX controls are little programs that
OK, so I told you I would blog about the Spycar test file – I will, but first you need to understand behavior blocking technology for anything about Spycar to make sense. Scanners and behavior blockers both attempt to stop viruses, spyware and other bad programs. The approaches used by scanners and behavior blockers are complementary
The EICAR test file was given a shiny new coat of paint this September (2006). Nothing inside the file changed, but the file is no longer “The Anti-virus test file”, it is now “The Anti-Virus or Anti-Malware test file”. Why the change? To answer that let us first look at what the EICAR file is
Before joining ESET, I worked for Microsoft for over 12 years. Much of that time it was my job to make sure that Microsoft did not release any infected software. Properly selecting anti-virus software was essential. Proper testing of anti-virus software is time consuming, very tedious, requires significant resources, and takes some skill and knowledge.
Last Month Microsoft released security Patch MS06-040 which patches a vulnerability that can allow a remote attacker to take control of your system. Some experts predicted that this vulnerability would lead to another worm like Blaster, which spread very quickly. Fortunately that has not yet happened, but the bad guys are busy working on ways
Well, there’s a right way and a wrong way. Unfortunately ConsumerReports.org didn’t know of ESET’s NOD32 or the right way to test for unknown viruses either. Here is what happened. “To pit the software against novel threats not identified on signature lists, we created 5,500 new virus variants derived from six categories of known viruses,
Recently an article (http://news.bbc.co.uk/2/hi/technology/5150508.stm) quoted a security vendor as advising users to consider switching to Mac for better security. Are Macs inherently safer? The real answer is that there is no scientific data to support a claim that the Mac OS is a safer OS than Windows, and the truth is that it really is
NOD32 now detects attempts to exploit the Excel vulnerability announced June 16th. This means that even if an attacker tries to use the exploit to download a virus or trojan that no product in the world detects, NOD32 will prevent the vulnerability from being exploited. No download means no threat to NOD32 users. NOD32 is
It’s been a busy day in anti-virus land. There is a reported zero-day vulnerability in Microsoft Excel. Currently the exploit of the vulnerability comes in email as an attached Excel spreadsheet. When a user opens the spreadsheet the vulnerability is exploited and malicious software is downloaded. So far the malicious downloads have been proactively detected
Perhaps calling it DDAY is a little over hyped. Mind you, nothing like the hype associated with people who call the worm du jour “Kama Sutra”, which of course is a book that shows a number of different positions to do what some members of the media have done to the name of Win32/VB.NEI! Anti-virus
Working in the anti-virus industry requires a good stock of tin foil hats to hand out to some strange conspiracy theorists. The fact is that the anti-virus industry didn’t name a worm “Kama Sutra”, the media did. The AV industry didn’t name the worm “Blackworm”, that was a group (TISF BlackWorm task force) from a
That’s right, 5 simple steps worth a combined total of $20 USD! There’s a reason why legitimate companies like ESET are members of the Anti-Spyware Coalition (ASC) and other companies are not. It has to do with quality and integrity. This is not to say that companies who are not member lack those attributes, but
