Tag: anti-virus

All posts

How well does your anti-virus really protect you?

Written By

SE Labs Team

Published on

January 10, 2017

Not equally well, is the short answer. Find out which anti-virus products are consistently the best. And how we help make anti-virus improvements.

Latest reports now online

Welcome to the final set of endpoint security tests for 2016. We’ve spent the entire year scanning the internet for prevalent threats that affect real people and exposing popular security products to those same threats in real-time.

Continue reading “How well does your anti-virus really protect you?”
All posts

What is Machine Learning?

Written By

SE Labs Team

Published on

November 28, 2016

… and how do we know it works?

What’s the difference between artificial intelligence and machine learning? Put simply, artificial intelligence is the area of study dedicated to making machines solve problems that humans find easy, but digital computers find hard. Examples include driving cars, playing chess or recognising sarcasm.

Continue reading “What is Machine Learning?”
All posts

Does your anti-malware stop hacking attacks?

Written By

SE Labs Team

Published on

November 1, 2016

An attack rarely ends when the malware runs. That’s just the beginning…

Latest reports now online.

Testing security software is a challenging task and it’s tempting to take clever shortcuts. However, while doing so might save the tester time and other resources, it doesn’t always produce useful results. And if the results aren’t accurate then the test becomes less valuable to you when you’re choosing which product to use.

Can anti-malware stop hacking?

We are big supporters of the idea of full product testing. This means installing the security product the way it was intended to be used, on systems commonly used in the real world and ensuring that every component of that product has a chance to defend the system.

In practice this means that we installed the anti-malware products tested in this report on regular PCs that are connected to a simple network that has unfiltered internet access. We visit malicious websites directly, where possible, and use a special replay system when the bad guys start to interfere with our activities.

Since the beginning of this year we started including targeted attacks in our testing. These types of attacks try to compromise the target using infected documents and browser exploits. Once an exploit has succeeded we then continue ‘hacking’ the target. This step is crucial because in many cases it is these post-exploitation hacking activities that can trigger an alert.

Full product testing doesn’t just mean turning on (or leaving enabled) all of a product’s features. It also means running a full attack as realistically as possible. Testers should not make assumptions about how a product works. You need to act like a real bad guy to understand how these products protect the system. Can anti-malware stop hacking? Test like a hacker and find out. And read our results!

These reports, for enterprises, small businesses and home users are now available for free from our website.

All posts

The Great Anti-Virus Conspiracy

Written By

SE Labs Team

Published on

September 20, 2016

20110517023616-6824093One problem with the internet is that anyone can set themselves up as an expert. There’s money to be made from convenient messages. Examples abound in nutrition and health, as well as many other areas.
There are certainly internet opinions on security tests!
 
Despite widespread public ridicule, such sites thrive and make their owners rich because they play into what people already believe. The tendency being exploited is called confirmation bias, and it can even exert enough power over us to compromise the online safety of entire nations.

Anti-Virus Conspiracy

Take this post from the Above Top Secret forum from 2008. The author began with the hunch that the biggest beneficiaries of malware are the anti-virus (AV) companies themselves. However, Google only returned stories explaining why this view on an anti-virus conspiracy was incorrect.
This raised the author’s suspicions. Did anyone else have any information?
 
The ensuing nine pages of comments were a tour de force of ideas, theories and claims, but a recurring theme was distrust. Many commenters simply don’t trust what they don’t understand, and they don’t understand computers or AV. 

above2btop2bsecret2bpost2b2-2590096

 

above2btop2bsecret2bpost2b1-5852347
 
It took a few seconds to find similar examples from other forums, some dating back to 2005 and even 2002. There are many more and they usually cover the same ideas, but a common theme is still distrust. Compounding this, some commenters vaguely remember something about John McAfee once claiming to have written viruses to create demand for his first AV product, which of course proves everything.

anandtech2bpost2b1-8075294
 
That was a decade or more ago, but with phishing and ransomware now firmly in the public eye, the benefit of online protection will be obvious, right? Not necessarily.

Detection issues

In August 2016, the Daily Mail reported that some AV products can fail to adequately secure your computer. The research being reported actually identified the potential for man-in-the-middle certificate attacks. It’s something our own Simon Edwards wrote about in a more general context in his own blog over 18 months earlier
 
As usual, the comment section of the Daily Mail’s report was far more revealing than the article:
 
daily2bmail2bpost2b3-6769095

 

daily2bmail2bpost2b1-8831954

 

daily2bmail2bpost2b2-8316150
 
And so on. Perhaps what’s most disturbing is that despite living in a world now publicly trying to cope with a grand cybercrime epidemic, such uninformed views are so mainstream. There’s even a certain pride to some of them.
 
The McAfee virus-writing story is also still doing the rounds. Mr McAfee hasn’t helped matters by claiming to have planted keyloggers in laptops he then gave away to government officials in Belize. But did he really write malware to create demand for his own AV software?

John McAfee, virus author?

In March 2014, McAfee went on the Alex Jones show to talk conspiracies (what else?). A caller asked if he was indeed responsible for writing early malware. Despite Jones talking over portions of his answer, this was the nub of his reply:

There were at the time thousands of computer viruses, he said. We could barely keep up with the viruses that were out there, so we certainly had no time to build new ones. It would just be a senseless thing to do. So I can categorically say, and you can talk to any of the McAfee employees that were there are the time, that thought never crossed anyone’s mind.

Indeed, in his book Computer Viruses and Malware, John Aycock of the University of Calgary in Canada also points out that if AV companies really are writing malware and yet simultaneously failing to detect some of it, then what’s the point in all that effort being expended for zero gain? The anti-virus conspiracy is starting to look less likely…
 
So, how do you protect the distrustful, the misinformed, and even the downright cynical online? One solution is to do it automatically, but this demands that governments, their intelligence agencies, and the ISPs become involved in actively blocking malicious content. Public reaction to any such suggestion is predictably very bad.
 
When GCHQ recently proposed their DNS filtering technology to block malicious domains, there was instant outrage. The Guardian, which broke the Edward Snowden story, has little love for the Cheltenham Doughnut, and was predictably upset. As usual, it’s the public’s comments that are really interesting. 

grauniad2bpost2b1-7296248

Trust no-one

So, we’re at an impasse. Despite their poor reputations, governments and the intelligence agencies they run are the only entities with the authority and capabilities to attempt to protect entire nations online. However, the tools they use are by their very nature shadowy, double-edged and closed to scrutiny. The public at large worries that policing cyberspace means the erosion of freedom and privacy. Nothing will convince us that this isn’t the start of a dictatorship or a new world order. Too much evidence of past lies and misdeeds confirms this deep-seated bias. 

grauniad2bpost2b2-7557116

If the public won’t listen to the government, who will it listen to? Who is it listening to?

Something about the caller who asked John McAfee if he wrote early viruses keeps coming back to me. He seemed to remember being told something by some old OSS guy. This idea of an unnamed source vaguely remembered is a common feature of discussions where facts are scarce and conjecture runs free. It’s a feature of the threads I referenced above about the anti-virus conspiracy.
 
That being the case, maybe it’s down to us, as infosec professionals, to be those sources in future. Maybe it’s down to us to engage friends and family, to explain how cybercrime works, how it relies on them not protecting themselves, and what to do about it.
 
But then again, I would say that wouldn’t I. 😉

Contact us

Give us a few details about yourself and describe your inquiry. We will get back to you as soon as possible.

Get in touch

Feel free to reach out to us with any questions or inquiries

info@selabs.uk Connect with us Find us