Spyware, Viruses, & Security forum

General discussion

NEWS - November 20, 2010

Survey reveals apathy surrounding anti-malware protection

Inconvenient subscription models preventing UK consumers from protecting their PCs adequately.

A survey conducted in the UK by security firm GFI Software has revealed that 40% of respondents would rather let their anti-malware software lapse at the end of the initial subscription period than pay to renew the subscription, while 15.3% said that they would probably let their subscription lapse due to the renewal process being too difficult or inconvenient.

35% of those surveyed could not recall when their existing anti-malware subscription was due to expire, while 20% said they had already decided not to renew their subscription when the current one expires.

The survey - commissioned by GFI as part of the company's marketing strategy for its GFI VIPRE Lifetime Edition - asked respondents whether they would be prepared to replace their existing anti-malware solution with one that offered lifetime coverage for a one-off fee (the model offered by the VIPRE Lifetime Edition) and 40% of users claimed that they would.

While this piece of research is obviously part of a vendor marketing ploy, it does call into question the value of the paid subscription model for consumers - and whether the industry should, in fact, be making it as effortless as possible for end-users to secure their machines and avoid compromise.

Discussion is locked
You are posting a reply to: NEWS - November 20, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - November 20, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
News about royal engagement leads to malware

In reply to: NEWS - November 20, 2010

Taking advantage of the long awaited news of the engagement of Prince William of England to his long-time girlfriend Kate Middleton, malware pushers have hopped immediately on the wagon and initiated their search poisoning campaigns.

Sunbelt reports that searching for photos of the future royal bride results in some images that redirect the (Firefox) users to a website where they are urged to download a Trojan masquerading as a Firefox update.

But, that's no the only instance of search poisoning regarding this announcement. According to The Tech Herald, terms related to "prince william engagement", "kate middleton prince william", "royal wedding prince william" and their various variants all show signs of search poisoning - no wonder, since all those search terms are currently detected as trending by Google.


Also see: Instant Previews: A Pawn for Malicious Intent

Collapse -
Hybridized Malware Spreading?

In reply to: NEWS - November 20, 2010

Trend Micro has recently been encountering more hybridized malware files. These are conventional malware files (such as worms or Trojans) that have been infected themselves. Consequently, they display both sets of behaviors- those of the worm/Trojan and of the file infector.

One recent example of this type of attack involved an IRC bot detected as WORM_LAMIN.AC that was also infected by a mother file infector PE_VIRUX.AA-O.

It's not clear if these kinds of malware were intentionally created or if they are the result of a highly infected user system. While some of these problems largely affect malware analysts (such as inaccurate detection names), the biggest issue for users is how it affects cleanup. An incomplete clean operation could lead to the creation of a damaged variant of the malware, which might allow them to evade detection by security software.

If this were deliberate, however, it could be an effective tactic that cybercriminals can use to increase the effectiveness of their attacks. Both groups?those behind PE_VIRUX and WORM_LAMIN, respectively?benefit.


Collapse -
Oracle names date for next Java

In reply to: NEWS - November 20, 2010

Oracle has set a date for the completion of the next version of Java, hard on the heels of submitting its plan to Java's governing body for approval.

The database giant has given July 28, 2011 as the date for when the Java Development Kit (JDK) 7 will be released to general availability. Previously, Oracle's had set "mid" 2011 as part of the roadmap it outlined at its annual OpenWorld conference in September.

The next, immediate milestone for JDK 7 will be December 16, 2010. That's when Oracle's engineers have committed to have the development kit feature complete. You can read more here.


Collapse -
IE9 takes top benchmark prize, no cheating involved

In reply to: NEWS - November 20, 2010

A Mozilla engineer has uncovered an oddity with Microsoft?s Internet Explorer 9 where one test that is part of the SunSpider JavaScript benchmark gives an odd, unexpected result.

Mozilla engineer Rob Sayre set about benchmarking Firefox 4.0 beta against a selection of other browsers and found that IE9 was about ten times faster at one certain test (the math-cordic test) than the other browsers, with IE9 completing the test in around 1ms while Chrome and Opera took around 10ms.

And I was planning to speculate a little about when Microsoft would deliver a release candidate, which is the next milestone. I was going to guess, given the quick turnaround for this preview release, that an RC will probably be ready before the end of the year.

And then a funny thing happened. Via Twitter, I saw a link to a disturbing headline: Microsoft caught cheating on IE9 SunSpider JavaScript tests? Oddly, it led to a post from my colleague Adrian Kingsley-Hughes. But when I started following the original sources, I learned that Adrian had been taken in by a Slashdotted flamebait troll story.


Collapse -
China did not hijack 15% of the Net, counters researcher

In reply to: NEWS - November 20, 2010

Talk that China hijacked 15% of the Internet earlier this year is overblown, a researcher said today.

"There's been some confusion over routing versus traffic," Craig Labovitz, chief scientist at Arbor Networks, said in an interview today. "While maybe 10% to 15% of the routes to other peers may have been diverted, a lot of those routes didn't propagate."

Instead of the widely-reported 15%, Labovitz estimated that the actual amount of Internet traffic affected by the April 2010 incident was much lower, on the order of just 0.015%.

Labowitz was reacting to media reports, many of which he said got it wrong, on the disclosure this week by the U.S.-China Economic and Security Review Commission that for 18 minutes on April 8, a significant portion of the Internet's destinations were routed through servers belonging to China Telecom.

The Commissions' report to Congress noted that the route redirection had affected U.S. government and military networks, as well as major U.S. commercial sites such as Microsoft's and Dell's.

"China Telecom advertised erroneous network traffic routes that instructed U.S. and other foreign Internet traffic to travel through Chinese servers," the report stated. "Other servers around the world quickly adopted these paths, routing all traffic to about 15% of the Internet's destinations through servers located in China."

But routes do not equal traffic, argued Labovitz.


Also see: China telecom operator denies hijacking Internet traffic

Collapse -
Nearly One Million Consumers Getting Refunds From LifeLock

In reply to: NEWS - November 20, 2010

LifeLock, an identity theft security firm, has begun mailing checks to customers nationwide, part of a settlement with the Federal Trade Commission (FTC) and 34 states.

The settlement was reached in March of this year, following an investigation into the company's allegedly misleading advertising practices.

LifeLock sells identity theft services that past advertisements allegedly claimed were "guaranteed" to protect consumers' personal information and prevent criminals from using it to open accounts in consumers' names. Some ads even included LifeLock CEO Todd Davis' social security number in an effort to demonstrate Davis' confidence in the services offered.

The FTC and various state attorneys general charged that the fraud alerts that LifeLock placed on customers' credit files protected only against certain forms of identity theft and gave them no protection against the misuse of existing accounts, the most common type of identity theft. It also allegedly provided no protection against medical identity theft or employment identity theft, in which thieves use personal information to get medical care or apply for jobs.


Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.