Tag Archives: Panda Security

Struggling with your Panda security subscription renewal?

How to renew your Panda antivirus subscription?

Renew your Panda Antivirus it’s easier than you think. Here’s how to do it.

pandasecurity-renew-antivirus-infographic

You can renew your subscription in three ways:

1.Go to Panda Security’s website.

On the homepage, go to “My Account” ➡ “Product Renewal”. To access your Renewals area you’ll have to enter your email address and customer ID. You can find your customer ID in the welcome email that you received after purchasing your product.

If you can’t find your customer ID, don’t worry. There are other ways to renew your subscription:

2.Open your antivirus, go to “My Products” and click the Renew option.

Alternatively,

3.Renew your subscription from the renewal notices

Renew your subscription from the renewal notices you will receive at your mailbox or from the pop-up messages displayed by your antivirus.

Once in your personal area, select the protection whose subscription you want to renew. You will receive an email with a new activation code. Then, enter the new activation code in “My Products” ➡ “I have an activation code”. The next time you open your antivirus your protection will have been extended.

Follow these simple steps to remain protected!

The post Struggling with your Panda security subscription renewal? appeared first on Panda Security Mediacenter.

“Securing a business involves so much more than plugging in various pieces of computer technology”, Simon Edwards

guest article panda

I met Simon Edwards in January 2007 at the first AMTSO meeting in Bilbao. For many years, Simon dedicated himself to testing security products for Dennis Publishing and, at the time, he was also the technical director of Dennis Technology Labs. The prestige gained over the years has made him a recognized authority in this sector.  Less than a year ago he began a new career path when he started his own business, SE Labs.

1 – Since your time as the editor of the Computer Shopper magazine, your life has been linked with computer security. What has your experience been like in such a changing and innovative industry?

simon-edwards-mediumres

Simon Edwards, founder of SE Labs

I have always approached the security business from an ethical position because we genuinely want to make a bad situation better. We do much more than testing anti-malware products. We provide threat intelligence to very large companies and, in the UK, the insurance industry uses our information to make important decisions. That is a new diversion from testing, but we do still test security products and that feeds back into the threat intelligence information we provide. We didn’t set out to create a security testing business from day one, though.

When I was first asked to write an anti-virus group test I thought about how to do it, but without any input from other testers or even the companies that made anti-virus programs. In complete isolation from the experts I came up with a method of testing and found that some well-known threats could bypass anti-virus, particularly those that were more like Trojans and hacking attacks rather than standard self-replicating ‘viruses’. That was interesting.

The response from the readers was fantastic and every time we published such a test we sold more magazines than in a usual month. The anti-virus industry was less pleased and I received aggressive phone calls from some people who, today, I actually count as very good friends. We just had to get to know each other and develop trust.

I think that the default position the security industries take, when confronted by challenging results from a new face, is to attack. “We don’t know this guy and he’s saying our product sucks? He must be an idiot, or corrupt!” Nothing much has changed on that front. At least now people know SE Labs creates useful tests and works ethically. Well, most people do. There are some companies, particularly new ones, who are still working out what’s what. They assume that if you don’t support their marketing message then you are an enemy with a biased agenda.

The default position the security industries take, when confronted by challenging results from a new face, is to attack.

One big change is that vendors are starting to see the usefulness of testers really attacking systems, rather than just scanning regular malware that exists on the general internet. We were running hacking attacks in tests back in the days of Back Orifice 2000  and we also used other tools that the bad guys had access to. At the time that was extremely controversial, as the industry had a general view that creating threats was taboo. Many still feel that way, but we’ve been crafting targeted attacks for testing purposes ever since, and it seems fair considering how many products claim to prevent such things.

2- What is like to be an entrepreneur? Are you still able to perform the tests yourself or has management become the main part of your day-to-day?

I personally review every set of data that powers the tests that we publish, and I also develop the test methodologies used by the talented testers who actually sit in front of the systems and put the products through their paces. The ongoing testing and general office tasks are managed by the SE Labs team in London. Once a test is up and running I trust the team and spend most of my time doing one of a million other things. What’s really cool about setting up a company from scratch is that there are so many creative tasks to carry out. But, as we’ll see, there’s also a load of nonsense to contend with too.

When you are running a company on your own you make decisions about literally everything. One day I would be negotiating six-figure finance deals and then I’d be fielding questions about teaspoons. I spent literally half a day in Ikea arguing with colleagues about which cutlery sets to buy.

There is a lot of emotion and some immaturity in this emerging ‘next-gen’ industry.

Back to testing, I have spent a large amount of time trying to work with the newer companies in the industry. Some of them can be reluctant and I understand why. Startups are vulnerable and a poor result could kill a business before it even starts. That said, some of the aggressive marketing we’ve seen very much invites testing to challenge quite extraordinary claims. There is a lot of emotion and some immaturity in this emerging ‘next-gen’ industry. That needs to stop, because it does not serve the customers.

3- As Director of SE Labs, does your work continue to surprise you on a daily basis? Do you have to adapt your tests to the type of attacks that appear frequently? 

A fundamental part of what we do is to seek out and use prevalent threats. Theoretically every product should score 100 per cent in our tests because we’re not using threats from the edges of the internet or zero day threats. So it’s always been quite surprising to me that most vendors don’t score 100 per cent. It’s well-known in the security world that a test in which everyone scores 100 per cent is useless. I don’t think that’s true, as long as the test comes with a good explanation of what it’s trying to achieve.

But regardless, if I throw 100 well-known threats at the leading anti-malware products I know there will be compromises. And that still surprises me. We work with many vendors to help them fix these issues.

4- In addition to traditional security solutions, in the past few years several new solutions have appeared on the market with names like “Next Gen AV” that use a different approach to protect businesses. Have you had the opportunity to try one of these solutions? What has your experience been like?

We have managed to gain access to some so-called ‘next-gen’ products and I know what you’re expecting me to say! But they are not the snake oil that their crazy marketing suggests. They are proving to be competent solutions. I don’t think I’d want to run many on my systems without some other form of anti-malware, but they are not the ‘smoke and mirrors’ fake solution I think many people assume. They are not perfect but neither are they rubbish.

It’s always been quite surprising to me that most vendors don’t score 100 per cent.

5- There are also solutions from “traditional” manufacturers within the EDR category (Endpoint Detection and Response). Have you had the opportunity to try out any of them? 

Indeed we have, and we even run one on these products alongside so-called ‘traditional’ AV on our own systems. Being able to track a breach if/when it happens could be useful. Although we’re a relatively small company, it would be naïve to think that no-one would ever mess with us. We take security seriously, especially considering the nature of some of our clients (we don’t just test anti-malware products, but also provide security advice to some of the largest companies in the world). Our influence extends beyond the basic ‘AV test’ world and, as such, we need to be very careful.

6- You have been involved in AMTSO since the very beginning, and in fact you are currently a member of the Board of Director. In your opinion, what are the major accomplishments AMTSO has achieved since its inception?

The relationship between testers of anti-malware products and the developers of those products is a million times better today than it was. This is important because a good relationship means a productive development cycle of the software that we all use to protect our computers. Once it was the case that vendors hated testers and treated their results as something to work around, rather than use to improve products. I think that AMTSO has largely fixed that problem.

7- What are the challenges that AMTSO has to face in the near future in the testing landscape?

The next-generation companies are opposed to testing. They might claim otherwise, but in my opinion they don’t want to be challenged. Their focus is investment and growth. AMTSO needs to bring these companies into the fold and help them understand that there is something more important than just raising investment funding. Customers count and they need to be protected. Testing actually plays a crucial part in that. They can’t expect to succeed if they operate in a vacuum.

8- In your opinion, what is the biggest challenge that institutions and corporations are up against today in regards to cybersecurity? Does that time lag really exist between adopting new technologies in businesses and applying the proper security measures?

I think the biggest challenge is that securing a business involves so much more than plugging in various pieces of computer technology. Users are potentially the strongest link in the chain, whereas often they are accused of being the weakest. Training can help a lot here. Going back to fundamentals and really understanding what security is would help. It’s easier to spend a few millions on some new types of firewalls, but that’s not going to do the job. CISOs need to understand that.

 

The post “Securing a business involves so much more than plugging in various pieces of computer technology”, Simon Edwards appeared first on Panda Security Mediacenter.

Panda Security Protects Privacy in Public Administration

Header-EN

There have been thousands of top secret documents leaked, confidential information pertaining to individuals has been stolen, cyber espionage between powerful governments has occurred, and attacks have been performed by personnel with privileged access. These are all examples that confirm that propagandistic pursuit and economic gain drive cybercriminals, and they target those who are willing to pay for the retrieval of their valuable information, such as institutions in the public sector.

PandaLabs, Panda Security’s anti-malware laboratory, presents the “Privacy in Public Administrationwhitepaper; detailing numerous cyber-attacks on countries that could almost have come from a science fiction story.

Legislative Developments in Cybersecurity

The technological revolution in the public sector, the digitalization and storage of information, and the boom in online services to simplify administration for the public have led to an exponential growth  in the generation, storage and processing of confidential data; data which must be treated with the utmost care. Consequently, the public sector now faces a new series of demands in risk prevention, security and legal compliance.

Politically-motivated attacks

During the past decade, crimes including cyber-terrorism, cyber-espionage and hacktivism have been on the rise, threatening the privacy of Public Administrations, businesses and nations:

Manning-EN 2010: Bradley Manning, a US soldier, copied 700,000 confidential documents and used WikiLeaks to publish the data. In total almost half a million records from the Iraq and Afghanistan conflicts, and more than 250,000 secret U.S. diplomatic cables.

2013: EdSnowden-ENward Snowden, a former employee of the CIA and NSA, published top secret documents through the Guardian and the Washington Post concerning various NSA programs, including the mass surveillance programs PRISM and xkeyscore.

2016: A total of 19,252 emails (including attachments) from 8,034 servers of the US Democratic National Committee sent between January 2015 and May 2016 were revealed on WikiLeaks this July. The security company contracted by the Democratic National Committee has claimed that the hack was the work of at least two different groups of hackers linked to a Russian government agency in an action designed to favor Republican candidate Donald Trump.

Now, three months before the US elections, the FBI has confirmed the hacking of at least two electoral databases by foreign hackers who have extracted voter information from at least one of them. There is an ongoing investigation and IPs have been traced back once again to Russian hacking forums. Coincidence?

Elections-EN

The solution for adapting to the change.

The emergence of new players from different backgrounds and with varying motivations combined with their ability to act in any security dimension, hinders the identification of aggressors and decreases the ability of countries to adequately respond. Current legislation is not adapted to the new cyber-crime dynamic or to new technological or data management demands.

To prevent new attacks on public agencies, a common regulatory and legislative framework is needed, with responsibilities shared between states. One such example is the new regulatory framework passed in the EU in 2016.

For public institutions, success in ensuring cyber-security lies with meeting certain requirements:

  • Having real-time information about incidents and security holes related to data security, such as the accidental or illegal destruction, loss, alteration, unauthorized disclosure or remote transference of data.
  • Compliance with Article 35 of the “General Data Protection Regulation” on data protection with regular and systematic monitoring of data on a large scale.
  • Reporting all possible transfers of data files to foreign countries.
  • Improving individual rights, including the right to be forgotten, and data portability across all shared data files.
  • Safeguarding delegation to other processors of data deletion, reporting and notification requirements, and the maintenance of file transfer activities.

To this effect, the implementation of advanced technologies such as Adaptive Defense 360, as a complement to traditional antivirus solutions or perimeter security, enables compliance with guidelines and the technical requirements outlined above, since Adaptive Defense offers guaranteed security against threats and advanced targeted attacks on companies.

Download the Infographic here.

Download the Whitepaper:

International Edition
Edición América Latina Edición México
Edição Portugal Ausgabe Schweiz
UK Edition US Edition

The post Panda Security Protects Privacy in Public Administration appeared first on Panda Security Mediacenter.

Improved Efficiency and Centralized Management with the Latest Version of Panda Systems Management

Systems management

Computer systems have become part of every aspect of our lives. As digital transformation continues to grow in the corporate environment and the number of devices connected to the network is on the rise, the issues associated with this topic are becoming increasingly complex.

For this reason, Panda Security has presented the latest version of Panda Systems Management: the most powerful, scalable and easy-to-use RMM administration tool on the market. Systems Management is capable of combating all inefficiencies in the IT environment, allowing businesses to save time and money.

The Problem

This new hyper-connected context means that new challenges may arise while trying to increase your company’s productivity. Some of the challenges that have added to the already complex IT environment include: the increasing and varied number of devices connected to the network, the growing number of remote users, and the need to fix problems with greater flexibility (anytime, anywhere).

The mixture of tools used everyday in the workplace provoke incidents and interrupt work. Consequently, as these inefficiencies multiply, they add to the IT department’s workload, and other important details that affect business management and security can be overlooked.

The Solution: Greater Automation and Maximum Performance

Systems Management remotely monitors and manages devices from the Cloud so that every IT department can offer a professional service with minimal impact on employee work.

Patch Management - manual n

What does the new version offer?

The new version of Systems Management gives you maximum performance ’out of the box’. To increase efficiency and grow business for our clients and partners, the Systems Management manager facilitates five pillars (asset inventory, device monitoring, remote device management, resolution tool support that is not intrusive, and generated reports) with the following functions:

device_new_mRecommended monitoring policies based on the best practices of our clients.

  • New filters improve management systems: instant visualization of the IT Park so you can see what you need.
  • New reports for server performance, CPU, memory, and disk performance for the last 30 days, including general averages.
  • Integrates with Microsoft Hyper-V and the new hardware monitors added for VMware ESXi.
  • New maintenance Windows- now alerts can be programmed and silenced.

 

 

 

 

 

 

 

The post Improved Efficiency and Centralized Management with the Latest Version of Panda Systems Management appeared first on Panda Security Mediacenter.

Panda Security Achieves 100% Detection Rate

awards-pandaPanda Security  solutions were recently recognized by Virus Bulletin, one of the world leaders in testing security for the prevention, detection and elimination of malicious software and spam.

With more than two decades of experience, Virus Bulletin regularly analyzes the latest viruses then evaluates the current anti-malware products on the market in their publication. This year, Virus Bulletin has honored Panda with a VB100 certificate in their most recent comparative test.

Here you can see the complete report with all of the results of the 2016 study: https://www.virusbulletin.com/testing/results/latest/vb100-antimalware

A History that Guarantees 100% Detection

This is not the first time that Panda Security’s cybersecurity solutions have received a high grade from a demanding approving agency.

Halfway through this year, the independent organization AV-TEST, named Panda as the best antivirus software for Windows End Users. On this occasion, Panda was also given a certification that recognized their software as the highest protection against 0-Day attacks, and the Panda products additionally had the highest ratio of detection for the most extended and frequent malware. The lightness of the software on the system load and its impact on PC use were also key factors included in the test results.

Additionally, at the end of 2015 Panda was recognized in the Real World Protection Test for the proper functioning and efficiency of our solutions. So, have you enjoyed the benefits of the Panda guarantee?

panda-security-solutions-tests

The post Panda Security Achieves 100% Detection Rate appeared first on Panda Security Mediacenter.

“Counter- intelligence as a change to the IT security strategy”, David Barroso

david barroso panda

David Barroso is one of the key names in IT security in Spain and our guest article. We’ve known each other for years, as even though we haven’t had the chance to work together on joint projects, we have often met at security conferences over the last decade or so. That said, I’m going to let him introduce himself:

1-  David, who are you? How have you got to where you are in IT security? How did you get into this crazy, fascinating world?

It all started when I began university in the 90’s. I left my home town of Palencia to study in Madrid, living on campus with more than 300 others. The IT and telco people had set up a network of coaxial cables across the floor (later we were able to wire up each room with RJ45) and we were responsible for managing the network. In fact, in the late 90’s, we were the first ADSL customers in Spain, so it was like running a company of 300 employees. This was the era of the beginning of Linux, Windows 95, with all the fun of using winnukes, land, back orifice, exploits for X-Windows with your colleagues, generally to play tricks on people. But we also had to configure the whole network back then, to share a miserly 256Kb ADSL connection among 300 students: IP masquerading, QoS, provide email for everyone, Web pages, Linux security, Windows, etc.

I learned a lot during this time because we did everything from scratch and everything was really manual, not to mention the continuous incidents affecting our ‘users’.

panda security

David Barroso, CEO of Countercraft

2- As an entrepreneur you have set up your own company, Countercraft. What are the main challenges and obstacles nowadays when setting up a cyber security startup?

I think there are several major challenges. The first, of course, is to create a product or service that customers want to buy, and that means finding a balance between the technical and business sides of the project. Tech people often fail to appreciate the marketing and sales aspects, but both are essential.

Another mistake we tend to make in Spain is that we don’t think about creating something international from the outset; we try to do something local. That’s so different from the Israeli or US outlook (today’s leaders in IT security) where they want to take on the world from the word ‘go’.

It is also makes a difference where you start up your company. We are grateful to have had support though it is nowhere near the support that companies get in the countries mentioned before. They are not only supported financially, but are also helped to position their company or product.

Tech people often fail to appreciate the marketing and sales aspects, but both are essential.

3-  Tell us about a typical day in the life of David Barroso. What sort of challenges do you come up against in your day–to-day life?

The truth is that for obvious reasons, I’m working quite intensely at the moment, dedicating some 12-13 hours a day to our company, doing everything: programming (which I really enjoy), defining the product, analyzing the competition, discussing the market policy, talking with partners, visiting customers, administrating computers, changing print toner, buying laptops, sorting out invoices, etc. There’s no time to get bored.

We’re gradually beginning to outsource some tasks, especially after the round of financing, though there are still many, many things to do in a small company.

I’d say the main challenge is to try to get the whole band playing in tune in this early phase without creating problems further down the line.

4- Countercraft sets itself out as a counter-intelligence startup… Can you explain this concept and the focus of the company? What kinds of organizations need these solutions?

We are positioning ourselves as a change to the IT security strategy. Today, most companies tend to focus on setting up all possible security measures, then resolving security incidents as they occur.

What we propose is to use a lot of the techniques that our enemies are using, particularly as we need to be more proactive. Just as attackers deceive and lie, why not do the same thing (legally, of course)?

We use the classic concept of honeypots adapted to the present day, with many other techniques to make life as difficult as possible for attackers. The idea is to identify them as soon as possible, discover their tools and modus-operandi, as well as getting as much information about them as possible.

We are positioning ourselves as a change to the IT security strategy(…) Just as attackers deceive and lie, why not do the same thing ?

The types of companies that can adapt to this new strategy are those that have already done their security homework, i.e. mature companies from a security perspective, as it is not a good idea to use lures if you have security holes.

5- The world of IT security is advancing at an incredible pace, both in terms of technological developments as well as the sophistication and complexity of attacks. What new challenges will security companies have to face over the coming years?

An inherent problem is that human beings will always be the main entry point for security problems, and as such, technology and security products face an uphill task as we are so unpredictable. It’s also true that we don’t really like following security procedures and we are easily tricked. So even if we give most users highly secured desktops, attackers will (and already do) target system administrators, who generally have more freedom.

In our case, what we try to do is to find a human error or lapse on the part of the attackers (they also make mistakes), and give a tug on the loose thread to see if we get what we’re looking for. In other words, we also take advantage of the fact that attackers are human and make mistakes, maybe because of too much haste or greed, or a lack of knowledge.

6- The type of strategy employed by Countercraft is strongly focused on attacks that aim to penetrate corporate networks and steal sensitive data. Do you believe that these techniques could be used to counter other types of attacks?

Of course. In fact there are other scenarios in which we are using the same techniques, such as to counter fraud to identify and monitor malware and phishing campaigns, sabotage of governments or companies, or working with law enforcement agencies to tackle child pornography or online recruitment by terrorist groups.

7-  Managing to hoodwink cyber-crooks offers you the chance to find out a lot about them, not just how they operate and the steps they take to infiltrate a company, but also data that could also help to identify the culprits. Do you anticipate, as part of your strategy, working with law enforcement agencies, or would this be a decision for each of the customers you protect?

From the outset we work with law enforcement agencies, although the decision to contact them regarding incidents in companies is entirely down to the customer.

 

 

The post “Counter- intelligence as a change to the IT security strategy”, David Barroso appeared first on Panda Security Mediacenter.

Anti-malware Testing Undercover

lab malware

This week Cylance’s Chad Skipper published an article called Security Testing Houses: Know the Truth! that all people interested in security solutions testing should read. There are some serious accusations against some testing houses and vendors (without naming them) such as:

–          “vendors who pay so that their test results will show 100% efficacy”

–          “bribing the testing house to hide the negative results of their tests.”

Even though I have been involved in this industry for more than 17 years, I am not aware of any case like those described above. That being said, I do agree with most of the article. To name a few: outdated testing methodologies, not enough samples being used, having to pay to challenge the test results… that happens. And it has to be fixed, that’s why organizations like AMTSO exist, and the first thing that came to my mind after reading the blog was “we need to have Chad in the next AMTSO meeting”. Guess what, when I asked AMTSO about it they told me he had already registered for the next meeting we’ll have next month in Malaga. Awesome!

Chad ends the article saying “Test for Yourself”. I also agree with this, and in fact it is something that has been happening for a long time. The largest customers we have in different areas (Governments, Telecommunications, Financial, Health, Facilities industries) have selected our EDR solution (Adaptive Defense 360) after several months of intensive and deep testing of different solutions.

The truth is that this kind of “do-it-yourself” testing is only available for big corporations. Small and medium companies lack the resources to do it properly, and that’s why they trust professional testing companies’ results to make decisions. Security Week’s Kevin Townsend wrote an article a few months ago about this topic in this fantastic article: “Inside The Competitive Testing Battlefield of Endpoint Security”.

Out of all the regular tests performed by the biggest testing companies one of the tests I like the most is the Real-World Protection Test performed by AV-Comparatives. In the aggregated February-June 2016 test with 1,868 test cases (PDF), how many vendors obtained 100% accuracy with 0 false positives? None of them. It is clear that Chad cannot be referring to AV-Comparatives when he is talking about vendors that pay to obtain a 100% efficacy.

This is the same AV-Comparatives I talked to last year to test our EDR solution, Adaptive Defense 360, with a number of other similar solutions. Have you seen that test? No, that’s because even though Panda offered to pay for each product included in that test, the other vendors (Cylance was NOT one of them) didn’t want to.

In 3 weeks I will be in Denver to discuss these topics at the 26th Virus Bulletin conference with ESET’s Righard Zwienenberg in our talk “Anti-malware Testing Undercover”.

The post Anti-malware Testing Undercover appeared first on Panda Security Mediacenter.

What you should know about Windows 10

windows 10 panda securityIt is reaching the end of its first year and now companies are asking, is it the right moment to update to Windows 10?Now that it’s becoming somewhat mature, should businesses take the plunge and invest time and money to upgrade their software? The general opinion is that yes, companies should upgrade. After all, it takes far less time and resources to plan the transition than to deal with it after problems emerge due to outdated software.

January 2020 may be far away, but that is when Windows 7 will be discontinued, and businesses need a lot of time—months or even years—to complete this type of transition. There are also some companies that have chosen to continue using Windows 8, an operating system which has brought more sorrow than glory to the corporate sector.

In addition to the added benefits offered in Windows 10, the tech company has also tried to fix the Windows 8 problems and has also introduced new elements that are designed to attract more businesses which is a huge market that Microsoft can’t afford to lose to its competitors: Apple Mac and Google Chromebook.

The main focus for Windows 10 is to reinforce security. Some of the improvements include biometric identification support (Hello), improvements for mobile device management (MDM) and a centralized verification center through Azure Active Directory (this prevents unnecessary password duplication).

Panda Security’s antivirus solutions work perfectly with Windows 10

But perhaps the most talked about and significant aspect for businesses is the new update cycle. With the 10th version of their operating system, Microsoft has gotten rid of something that is typical in other companies: constant updates. Until now, security patches were published once a month (the famous “Patch Tuesday”) and most of the improvements were concentrated in large blocks called “Service packs”.

The wait until 2020 is long and not in-rhythm with the current digital economy, but with this new system, Windows 10 will be able to install updates immediately (as long as the people in charge decide so).

The post What you should know about Windows 10 appeared first on Panda Security Mediacenter.