Security

Microsoft isn't too happy with the results of a recent test that found fault with its antivirus software.

For the second time in a row, the company's Security Essentials failed to win certification from AV-Test, a German-based testing lab that evaluates the efficacy of antivirus products. Out of 25 programs tested, only three failed to gain AV-Test's thumb's up for certification.

Microsoft's Forefront Endpoint Protection, which is geared toward corporate customers, also failed to gain certification.

Microsoft responded to the test via a blog posted yesterday, challenging its findings.

"Our review showed that 0.… Read more

Lately Java has been getting a bit of bad press, thanks to several consecutive security holes that have been exploited by malware developers. One notable occurrence was the Flashback malware threat that affected a number of OS X users, which (though due in part to Apple's negligence about Java upkeep) was rooted in the Java runtime. More recently, Java 7 has seen a new zero-day vulnerability that has been circulating in exploit kits.

In response to these threats, many in the tech community have recommended that people uninstall Java altogether. However, this can be impractical for some, as many … Read more

Updated Thursday, January 17, 2012, at 4:50 p.m. PDT with comment from AV-Test.org.

For the second time in a row, Microsoft Security Essentials has failed to be certified as effective by AV-Test.org, an independent testing lab based in Germany.

The lab publishes test results every two months, and the test from November and December 2012 looked at 25 consumer antivirus security programs. Three failed certification: PC Tools Internet Security 2012, AhnLab Internet Security 8.0, and Microsoft Security Essentials 4.1.

This was the second test in a row in which MSE failed to earn certification. … Read more

Sometimes, there is truth in advertising. Today's case-in-point: Abine's DeleteMe Mobile, which, as the name suggests, vigorously petitions Internet data brokers to remove personally identifying information from their databases.

Previously only available as a Web service, the app debuts on iOS with an Android version in the works. As CNET reported last year, DeleteMe is a partially human-powered service where Abine employees take on the onerous duty of contacting data brokers on your behalf. That's an important step because many of them have been known to add your data again, just months after removing it, according to … Read more

A new Trojan horse called Mal/JavaJar-B has been found that exploits a vulnerability in Oracle's Java 7 and affects even the latest version of the runtime (7u10).

The exploit has been described by Sophos as a zero-day attack since it has been found being actively used in malware before developers have had a chance to investigate and patch it. The exploit is currently under review at the National Vulnerability Database and has been given an ID number CVE-2013-0422, where it is still described as relatively unknown:

Security researchers have spotted a new vulnerability in the widely used Java software that could give attackers access to your computer.

The US-CERT group today issued an alert saying that Java 7 Update 10 and earlier versions of the software contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code. The attack can be induced if someone visits a Web site that's been set up with malicious code to take advantage of the hole.

This weak spot is already being attacked "in the wild" -- that is, it's a real-world threat … Read more

LAS VEGAS--Private WiFi has been making a name for itself as a subscription VPN service on desktops. At CES 2013, the company has unveiled mobile apps for iOS and Android.

Private WiFi wraps your data in 128-bit encryption as it runs in the background of your phone or tablet. Based on the open-source OpenVPN, the service will block attacks on public, unsecure networks such as man-in-the-middle attacks, rogue networks, honeypots, ARP spoofing, sniffing, and session sidejacking.

Private WiFi CEO Kent Lawson said that his app stands a better chance than the competition because Private WiFi is low-cost but avoids privacy … Read more

Security flaws in Adobe Flash, Reader, and Acrobat could have been the cause of computer crashes recently. The software company announced today that it sent out updates for these three programs, which are meant to patch security vulnerabilities that cause such system crashes.

"These updates address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system," the company wrote in a security bulletin today. "Adobe recommends users update their product installations to the latest versions."

Microsoft's regular Patch Tuesday rolls around next week. But one flaw that won't be fixed in the mix is the latest zero-day exploit in Internet Explorer.

Last Saturday, Microsoft warned about the zero-day flaw in IE 6, 7, and 8 that could allow attackers to gain control of Windows computers to host malicious Web sites. In its advisory, the company noted that IE 9 and 10 are unaffected by the vulnerability and suggested a variety of workarounds to those running the older browser versions.

On Monday, the company issued a temporary fix that prevents the flaw from being … Read more