Tuesday, March 30, 2010

“Don't Be Fooled by 'Facebook Antivirus' (PC Magazine via Yahoo! News)” plus 3 more

“Don't Be Fooled by 'Facebook Antivirus' (PC Magazine via Yahoo! News)” plus 3 more

Don't Be Fooled by 'Facebook Antivirus' (PC Magazine via Yahoo! News)

Posted: 29 Mar 2010 06:22 AM PDT

Nick buzzed up: Feds pick Delaware, Tenn. for $600M ed grants (AP)

4 minutes ago 2010-03-30T03:02:02-07:00

Five Filters featured article: Chilcot Inquiry. Available tools: PDF Newspaper, Full Text RSS, Term Extraction.

N.Y. man sues McAfee over antivirus auto-renewal fees (Network World)

Posted: 30 Mar 2010 01:57 AM PDT

The New Yorker who sued Symantec two months ago for automatically renewing his subscription to that company's antivirus software has doubled down by suing rival McAfee over the same practice.

According to the lawsuit, filed March 10 in New York federal court, Kenneth Elan of Port Washington, N.Y., was charged $78.85 in April 2009 for a renewal to his copy of McAfee Security Center Antivirus. Elan claimed that he had not consented to the automatic billing.

"The language of the automatic renewal provision states that automatic renewal is an option of the purchaser," the lawsuit stated, referring to a section of the McAfee end-user licensing agreement (EULA). "[But] despite McAfee's representation, enrollment in the automatic renewal is compulsory with purchase of McAfee's software. Purchasers are not given the option to decide if they want an automatically renewing subscription for the software they are purchasing."

Like most security software, McAfee's typically comes with a one-year license, which includes a subscription to new malware signature updates. When that initial signature subscription expires, customers must renew to continue to receive updates that will recognize new threats.

Many antivirus vendors enroll customers in automatic renewal programs when they purchase or activate the software, claiming that it's the only way to guarantee that users stay protected against new threats. McAfee began automatic renewals in 2001, while Symantec followed suit four years later.

McAfee's current EULA is slightly different than Elan's lawsuit described, although recurring renewal remains automatic. "If you have provided McAfee with a valid credit card number or an alternate payment method, your subscription will be automatically renewed (and charged to the account you have provided) for another term at the expiration of your current term," the EULA reads.

Consumers who purchase McAfee security software must agree to the EULA to install the programs, or proceed in the online ordering process.

This is not the first time that McAfee has encountered legal problems over its antivirus renewal practices. In June 2009, New York Attorney General Andrew Cuomo announced that his office had reached a settlement with Symantec and McAfee over consumer complaints that the companies didn't get users' approval to automatically bill them, and had made it difficult for customers to opt out or obtain refunds. Symantec and McAfee paid $375,000 each in penalties, and said they would clarify subscription renewal costs and refund fees to consumers who asked for them within 60 days of being charged. But the agreement, which applied only to New York consumers, did not ban automatic subscription renewals.

Elan charged McAfee with fraud, breach of contract and violations of both California and New York consumer protection laws, and asked the court to award damages to be determined at trial. He also asked the court to grant the lawsuit class-action status, which would open the case to a potential pool of consumers nationwide.

Five Filters featured article: Chilcot Inquiry. Available tools: PDF Newspaper, Full Text RSS, Term Extraction.

N.Y. man sues McAfee over antivirus auto-renewal fees (Computerworld)

Posted: 29 Mar 2010 10:11 AM PDT

Computerworld - The New Yorker who sued Symantec two months ago for automatically renewing his subscription to that company's antivirus software has doubled down by suing rival McAfee over the same practice.

According to the lawsuit, filed March 10 in New York federal court, Kenneth Elan of Port Washington, N.Y., was charged $78.85 in April 2009 for a renewal to his copy of McAfee Security Center Antivirus. Elan claimed that he had not consented to the automatic billing.

"The language of the automatic renewal provision states that automatic renewal is an option of the purchaser," the lawsuit stated, referring to a section of the McAfee end-user licensing agreement (EULA). "[But] despite McAfee's representation, enrollment in the automatic renewal is compulsory with purchase of McAfee's software. Purchasers are not given the option to decide if they want an automatically renewing subscription for the software they are purchasing."

Like most security software, McAfee's typically comes with a one-year license, which includes a subscription to new malware signature updates. When that initial signature subscription expires, customers must renew to continue to receive updates that will recognize new threats.

Many antivirus vendors enroll customers in automatic renewal programs when they purchase or activate the software, claiming that it's the only way to guarantee that users stay protected against new threats. McAfee began automatic renewals in 2001, while Symantec followed suit four years later.

McAfee's current EULA is slightly different than Elan's lawsuit described, although recurring renewal remains automatic. "If you have provided McAfee with a valid credit card number or an alternate payment method, your subscription will be automatically renewed (and charged to the account you have provided) for another term at the expiration of your current term," the EULA reads.

Consumers who purchase McAfee security software must agree to the EULA to install the programs, or proceed in the online ordering process.

This is not the first time that McAfee has encountered legal problems over its antivirus renewal practices. In June 2009, New York Attorney General Andrew Cuomo announced that his office had reached a settlement with Symantec and McAfee over consumer complaints that the companies didn't get users' approval to automatically bill them, and had made it difficult for customers to opt out or obtain refunds. Symantec and McAfee paid $375,000 each in penalties, and said they would clarify subscription renewal costs and refund fees to consumers who asked for them within 60 days of being charged. But the agreement, which applied only to New York consumers, did not ban automatic subscription renewals.

Elan charged McAfee with fraud, breach of contract and violations of both California and New York consumer protection laws, and asked the court to award damages to be determined at trial. He also asked the court to grant the lawsuit class-action status, which would open the case to a potential pool of consumers nationwide.

In mid-January, Elan filed a class-action lawsuit in New York County court, accusing rival antivirus software maker Symantec of charging his credit card for a subscription renewal without notifying him beforehand.

McAfee did not immediately reply to a request for comment. According to court records, the company has also not yet responded to Elan's lawsuit.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer or subscribe to Gregg's RSS feed Keizer RSS. His e-mail address is gkeizer@ix.netcom.com.

Read more about standards and legal issues in Computerworld's Standards and Legal Issues Knowledge Center.

Five Filters featured article: Chilcot Inquiry. Available tools: PDF Newspaper, Full Text RSS, Term Extraction.

Is there hope for antivirus programs? (TechRepublic)

Posted: 29 Mar 2010 01:07 PM PDT

Antivirus software is getting a bad rap right now. Justified or not, we need to step back and figure out how to fix it.

—————————————————————————

To start, let's define antivirus protection. Simply put, it's software that prevents malware from infecting computers. If that's agreeable to you, I then have to ask why computers protected by antivirus apps are still getting infected.

To explore this further, I enlisted the help of Rick Moy, president of NSS Labs, a company with the following charter:

"NSS Labs performs expert, independent security-product evaluations to assist end-user organizations in selecting the right security products for their environment."

I initially learned about NSS Labs while doing research for a piece about browsers and their ability to fend off malware. Since that article, Rick and I have had several interesting conversations about the current malware versus antivirus software climate, something NSS Labs is very interested in. With that in mind, I asked Rick several questions about the seemingly epic battle:

TechRepublic: You mentioned there are two classes of malware threats, user attacks and machine attacks. Could you explain what you meant?

Moy: Taking a high view, malware can be defined by the way it executes:

  • Attack on the User: Users are tricked into downloading and executing software containing malware such as fake AV, video codecs, and pirated software. In this case, the user is the vulnerable or weak link.
  • Attack on the computer: Attackers exploit vulnerabilities in computer software without the user's knowledge. For example, visiting a malicious Web site with a vulnerable browser usually leads to exploitation and the installation of malware. All without any user interaction.

The first threat is solved by a combination of user education and reputation systems (like those provided in Internet Explorer 8, Firefox, or Chrome) that warn people, the software they are about to download is infected. Some AV products have this as well.

The second is solved by Host Intrusion Prevention Systems (HIPS), not traditional AV. They do this by operating in memory and inspecting data as it streams onto a computer. HIPS also inspect processes before allowing them to run. This once-stand-alone technology is increasingly being integrated into endpoint security products.

TechRepublic: During our talks, you mentioned that antivirus software usually has three components, each focusing on a different aspect of malware. I found that interesting and would appreciate you elaborating on that.

Moy: Operation Aurora is a great example. It consists of all three stages; vulnerabilities, exploits, and malicious payloads. This distinction is often confused in discussions, but critical to understanding how to effectively block attacks.

  • Vulnerability: Is a bug in software code that allows a product to be exploited, e.g., a buffer overflow.
  • Exploit: Is a specially crafted code sequence that can leverage vulnerabilities within an application. Some examples would be heap sprays and buffer overflow attacks. An exploit can be hiding in an infected Web site (client-side attack) where it ambushes visiting computers or be launched from another computer (remote attack).
  • Payload: Is malicious content that gets delivered once the vulnerable application has been exploited. Payloads are the actions performed on the compromised target computer, such as command execution, writing a downloader or Trojan to disk, or returning a reverse shell.

The following graph shows the relative volume of attack components at each stage.

Rather than chasing malware payloads, endpoint security products should focus more on vulnerability protection. That's because the number of vulnerabilities is far less, therefore more manageable.

TechRepublic: According to antivirus software companies, their products will protect against malware. You feel that users are being somewhat misled by those claims. Could you please explain?

Moy: During the end of 2009, we surveyed 500 visitors to our Web site and found that 46% expected their antimalware product to stop 100% of the threats. Major security vendors estimate 30+% of machines they scan have some form of malware. The statistics show that malware is far from under control.

TechRepublic: It only takes one time of having a protected computer become infected for people to realize something is not quite right. What do you think the problem is?

Moy: We are fighting an asymmetric battle right now; the bad guys have more power than the good guys. As defenders, we need to watch and guard ALL possible avenues of attack. As attackers, cybercriminals only need to find ONE to exploit our systems. They are motivated and disciplined, testing their malware creations until they get an effective strain, i.e., evade the most antivirus products and infect the most machines.

Going forward, software developers must write more secure code, in order to reduce the number of vulnerabilities. Users must educate themselves and patch frequently.

TechRepublic: I have been a strong advocate of: If you keep the operating system and application software up-to-date, there is no problem. You gave an example of why that's not always true. Could you share it?

Moy: While it's important to apply the latest software patches, this will not guarantee your safety. Patches are only written to address known issues. Cybercriminals are constantly developing and using new attacks that have yet to be discovered by the security community, so called zero-day attacks.

Zero-day exploits give attackers a window of opportunity. That is, until analysts can figure out what's going on and push out a signature file and or patch. It's during that time frame when behavioral protection may help.

TechRepublic: You seem optimistic that antivirus applications can be improved to where they will be effective. What will it take?

Moy: There are clearly areas where antivirus products can improve. In our recent study of the Operation Aurora attack, we found six out of seven products were not stopping exploit variants. And, they had mixed results in detecting the malicious payloads.

Security products should evolve to provide more vulnerability-based protection. Reputation services are also key technologies for reducing end-user exposure, but not all vendors use them. Finally, security vendors should embrace more real-world testing and third-party services to drive innovation and quality.

TechRepublic: You mentioned that NSS Labs uses a different methodology when testing security products. Could you tell us about that and why you feel it is a better way?

Moy: Given the speed with which new threats arrive and spread through the Internet, legacy testing techniques are no longer a relevant measure of a product's capabilities. Thus, NSS Labs has developed a unique "Live in-the-cloud" testing framework that emulates the experience of average users.

Client machines visit malicious Web sites using their Web browsers and attempt to download malware. Files not blocked are then executed dynamically. This new test methodology focuses on threats currently active on the Internet and is the best predictor of protection offered by a product.

Recurring testing introduces malware into the test harness within a few hours of discovery, as malicious URLs are visited every few hours. This enables us to measure how long it takes a vendor to add protection, since few sites are stopped on the first visit. These metrics help show the significant differences in effectiveness among products.

TechRepublic: With that unique approach do you feel that you can be of service to antivirus software developers?

Moy: Absolutely. Our engineers take a hacker's approach to testing - with the gloves off. Without such an approach, testers merely validate what a product can do. It's important to find what a product can NOT do, before the bad guys do. We have already helped many of the world's best known security companies improve their products.

Final thoughts

Three comments by Rick, really stood out:

  • Defenders need to protect all possible avenues of attack, the bad guys only need one to exploit.
  • Endpoint security products should focus more on vulnerability protection.
  • Test security products in a way that emulates the experience of average users.

To me, these three simple statements clarify the problem and what needs to be done. What do you think?

I would like to thank Rick Moy of NSS Labs for sharing his insight about a subject near and dear to all of us.


Five Filters featured article: Chilcot Inquiry. Available tools: PDF Newspaper, Full Text RSS, Term Extraction.
Posted by at

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)