Tag Archives: Virus Bulletin

Panda Endpoint Protection Is Given The VB100 Certificate By Virus Bulletin For Windows 10

virus-bulletin-panda-awards

Panda Security’s cybersecurity solutions have been recognized by the independent consultancy Virus Bulletin, which specializes in the prevention, detection, and elimination of malicious software and spam.

The publication, which regularly features analyses of the latest virus threats and evaluations of the leading anti-malware products on the market, has awarded Panda Endpoint Protection the VB100 certificate in the most recent comparative examination of 2016 with Windows 10 Pro.

The publication, which regularly features analyses of the latest virus threats and evaluations of the leading anti-malware products on the market, has awarded Panda Endpoint Protection the VB100 certificate in the most recent comparative examination of 2016 with Windows 10 Pro.

Panda Security consistently maintains excellent results in the latest tests, placing the Spanish company in a privileged position.

See the complete report with study results here.

Quality Assurance Certification

Windows 10 has become the predetermined OS for Windows launched by Microsoft. There have been various issues which have set off alarm bells for some of the most cautious users.

The first characteristic of Microsoft’s new operating system that we should be aware of is that it has been designed like a cloud service. This means that now, whether you like it or not, you will share more information than ever with Microsoft. Fortunately, there are some things that you can configure to minimize the damage if you consider this to be a threat to your security.

Another of the characteristics of Windows 10 that has caused much debate is the “Advertisement ID”. It is basically a code, a unique identification number, which works like the cookies of a webpage.

For some, the new location options that Microsoft has included may feel invasive. Also potentially invasive is the fact that, as happens with Apple’s Siri or with Google Now, this tool requires access to large quantities of personal information in order to respond to whatever questions a user may ask it.

If this new operating system still hasn’t convinced you, and you’d prefer to keep your information private after installing Windows 10, the most advisable course of action would be to turn to a good cybersecurity solution such as the one offered by Panda Security, compatible with Windows 10 and vouched for by Virus Bulletin.

The post Panda Endpoint Protection Is Given The VB100 Certificate By Virus Bulletin For Windows 10 appeared first on Panda Security Mediacenter.

Anti-malware Testing Undercover

lab malware

This week Cylance’s Chad Skipper published an article called Security Testing Houses: Know the Truth! that all people interested in security solutions testing should read. There are some serious accusations against some testing houses and vendors (without naming them) such as:

–          “vendors who pay so that their test results will show 100% efficacy”

–          “bribing the testing house to hide the negative results of their tests.”

Even though I have been involved in this industry for more than 17 years, I am not aware of any case like those described above. That being said, I do agree with most of the article. To name a few: outdated testing methodologies, not enough samples being used, having to pay to challenge the test results… that happens. And it has to be fixed, that’s why organizations like AMTSO exist, and the first thing that came to my mind after reading the blog was “we need to have Chad in the next AMTSO meeting”. Guess what, when I asked AMTSO about it they told me he had already registered for the next meeting we’ll have next month in Malaga. Awesome!

Chad ends the article saying “Test for Yourself”. I also agree with this, and in fact it is something that has been happening for a long time. The largest customers we have in different areas (Governments, Telecommunications, Financial, Health, Facilities industries) have selected our EDR solution (Adaptive Defense 360) after several months of intensive and deep testing of different solutions.

The truth is that this kind of “do-it-yourself” testing is only available for big corporations. Small and medium companies lack the resources to do it properly, and that’s why they trust professional testing companies’ results to make decisions. Security Week’s Kevin Townsend wrote an article a few months ago about this topic in this fantastic article: “Inside The Competitive Testing Battlefield of Endpoint Security”.

Out of all the regular tests performed by the biggest testing companies one of the tests I like the most is the Real-World Protection Test performed by AV-Comparatives. In the aggregated February-June 2016 test with 1,868 test cases (PDF), how many vendors obtained 100% accuracy with 0 false positives? None of them. It is clear that Chad cannot be referring to AV-Comparatives when he is talking about vendors that pay to obtain a 100% efficacy.

This is the same AV-Comparatives I talked to last year to test our EDR solution, Adaptive Defense 360, with a number of other similar solutions. Have you seen that test? No, that’s because even though Panda offered to pay for each product included in that test, the other vendors (Cylance was NOT one of them) didn’t want to.

In 3 weeks I will be in Denver to discuss these topics at the 26th Virus Bulletin conference with ESET’s Righard Zwienenberg in our talk “Anti-malware Testing Undercover”.

The post Anti-malware Testing Undercover appeared first on Panda Security Mediacenter.

Avast at Virus Bulletin Conference 2015

Our team had a wonderful time meeting and networking with the crème de la crème of security industry professionals at this year’s Virus Bulletin Conference in Prague, of which we were a proud platinum sponsor. Throughout the conference, a handful of Avast employees presented talks a variety of today’s most prominent security-centered topics. For those who weren’t able to make it to the conference, we’d like to provide a brief recap of the content that was covered.

Taking a close look at denial of service attacks

Avast senior malware analysts Petr Kalnai and Jaromir Horejsi discuss distributed denial-of-service (DDoS) attacks.

Avast senior malware analysts Petr Kalnai and Jaromir Horejsi discuss distributed denial-of-service (DDoS) attacks.

In their presentation, “DDoS trojan: a malicious concept that conquered the ELF format“, senior malware analysts Petr Kalnai and Jaromir Horejsi discussed the serious issues relating to distributed denial-of-service (DDoS) attacks.

Abstract: DDoS threats have been out there since the Internet took over half of global communication, posing the real problem of denial of access to online service providers. Recently, a new trend emerged in non-Windows DDoS attacks that was induced by code availability, lack of security, and an abundance of resources. The attack infrastructure has undergone significant structural, functional and complexity changes. Malicious aspects have evolved into complex and relatively sophisticated pieces of code, employing compression, advanced encryption and even rootkit capabilities. Targeted machines run systems supporting the ELF format – anything from desktops and servers to IoT devices like routers or digital video recorders (DVRs) could be at risk.

In this session, Petr and Jaromir examined the current state of DDoS trojans forming covert botnets on unsuspecting systems. They provided a technical analysis of the most important malware families with a specific focus on infection methods, dynamic behavior, C&C communication, obfuscation techniques, advanced methods of persistence and stealth, and elimination of rivals. After studying cybercriminals’ behavior, our two speakers introduced their operation tools, including vulnerability scanners, brute-forcers, bot builders and C&C panels. They explained that in many cases, it’s unnecessary to apply reverse engineering within the analysis — the original source codes are indexed in public search engines and their customization is a subject of monetization. The pair concluded their presentation by introducing tracking methods and techniques and revealed the targets of these attacks.

Taking mobile security to the next level

Avast security researcher Filip Chytry talks about privacy in the mobile sphere.

Avast security researcher Filip Chytry talks about privacy in the mobile sphere.

Next up was security researcher Filip Chytry’s talk, “Privacy: a growing commodity in the modern age and our Remotium virtual solution to protect it“. Filip’s presentation focused on a few mobile apps that have experienced privacy leaks and provided insight on what could be used as potential solutions to these types of security breaches.

Abstract: Today, we are surrounded by millions of sensors that measure and monitor our lives, cities, travels, homes and communities. There are currently more online endpoint devices and sensors in existence across the globe than there are human beings. Smartphones have become unbelievably integrated into our daily lives, and these tiny gadgets are just the tip of the iceberg that is the modern spying age. Take cameras, for example — when you get the chance, try taking a stroll around a city and see how many cameras you can spot. These could be cameras belonging to other people or surveillance cameras capturing public images. Whether they were taken accidentally or intentionally, it’s difficult to argue with the fact that each of us is featured in public images and visual data that we remain largely unaware of.

Filip pointed out that when examining this issue through a mobile lens, it’s interesting to take a look at apps which benefit us in some way. Although these apps can lend us a helping hand or aid us in socializing with our peers, they often sharing certain data with developers that the average person is likely unaware of and would be uncomfortable with sharing. Filip went on to explain that in the worst case scenario, these apps’ developers can implement poor security standards which could permit leakages of data shared by the user. Concluding the presentation, Filip explained that Avast Remotium is a virtual space that allows users to mask their data, delivering unidentified data in its place in order to protect against data leaks and privacy breaches.

Home Network Security in the spotlight

Pavel Sramek and Martin Smarda discuss home network security issues.

Pavel Sramek and Martin Smarda discuss home network security issues.

Another two stellar Avast malware analysts, Pavel Sramek and Martin Smarda, presented “Solving the (in)security of home networked devices“. This talk outlined real-life issues of home network devices and examined potential risks related to the devices, a topic which is extremely relevant at this time.

Abstract: In the past few years, there has not been a VB conference without a talk about someone hacking the devices they have at home. Be they routers, NAS-es or ‘smart’ TVs, there is always one thing in common — the vendors ignore the problems and refuse to patch their products. We are developing an automated vulnerability scanner intended to test devices without our code running on them. The intention is to educate users about the misconfigurations and vulnerabilities that are detectable from another device in the network. Integrating such a scanner into consumer AV brings home network security to a new level and increases user awareness of those issues. We will present the technology and the challenges we faced on the way towards accomplishing this goal via maximizing the impact of even the simplest vulnerability scans.

Pavel and Martin acknowledged that while a couple researchers reporting an issue is simply not enough pressure to affect manufacturers’ decisions, the possibilities could be huge if millions of users reported this problem to their vendors or made the decision to replace their devices with more secure ones.

Fun at the Avast booth

A bottle of our own Avastweiser beer!

A bottle of our own Avastweiser beer!

In addition to the presentations given by our talented speakers, Avast had a handful of fun activities to offer to Virus Bulletin attendees. At the Avast booth, our team served three types of Czech beer in addition to our own Avastweiser brew, which we handed out to visitors free of charge.

Attendees had the opportunity to join Avast in a tournament of old-school Arcade Games, which we rented from Prague’s Arcade Museum. Among the prizes were a smartphone-controlled paper airplane and a Cheerson CX-20 drone!

We’d like to thank everyone who attended Virus Bulletin 2015 for their interest and support in the security and antivirus industry. We look forward to what next year’s conference has in store!

 

 

 

 


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.