General discussion

NEWS - October 19, 2010

Competitors declare MSE is not enough for small businesses

Three antivirus makers have weighed in on Microsoft's decision to make Microsoft Security Essentials free for small businesses with 10 PCs or fewer. Symantec, ESET, and Avast have all commented about the change, and their opinions can be summed up by saying "it's great what Microsoft is doing, but it's not enough."

Last week, Microsoft flipped the licensing switch for MSE, making it legal to use the antimalware program for free, even outside of home use. Microsoft claims that enterprise security software is too expensive, complicated, and hard to use for such small organizations, hence its decision to expand the reach of MSE.

Symantec, maker of the Norton line of products, says Microsoft's decision makes sense, and backs it up with data from a 2009 survey conducted by the company an the National Cyber Security Alliance. The survey found that small businesses are storing more important information than ever, while cybercriminals are particularly interested in taking advantage of these inadequately protected small companies.

That said, Symantec thinks Microsoft's approach is poor. [...]

ESET, the company behind the NOD32 line of products, is also highly critical of what MSE lacks. "Free software always sounds great - especially in this economy. And for businesses with relatively simple needs, it might be the perfect solution," the company said. "However customers should be aware that it's the same product as Microsoft Security Essentials for home users repackaged for business use. Protection for servers is not included and in case customers need help, there is no one to call. It's also our understanding that it doesn't have centralized management nor group policy capabilities, and is limited to Windows PCs."

Avast Software, creator of the Avast! antivirus program, seemed to agree.

Discussion is locked

Reply to: NEWS - October 19, 2010
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - October 19, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Have you checked the Java?

From Microsoft Malware Protection Center Blog:

Whilst working on our normal data pull and analysis for the Microsoft Security Intelligence Report (v9 - released last week), I embarked on a mini discovery mission on the exploit data that MMPC detects with our antimalware technology. Although the main focus of antimalware software is on traditional malware families, antimalware technologies can do a good job when it comes to file exploits that require a lot of parsing, such as exploit-laden movies, documents, and ... Java.

What I discovered was that some of our exploit "malware" families were telling a scary story - an unprecedented wave of Java exploitation. In fact, by the beginning of this year, the number of Java exploits (and by that I mean attacks on vulnerable Java code, not attacks using JavaScript) had well surpassed the total number of Adobe-related exploits we monitored. See chart below for details:

The Java spike in Q3 is primarily driven by attacks on three vulnerabilities, which all, by the way, have had patches available for them for some time now. The first two, in particular, have gone from hundreds of thousands per quarter to millions.

In short, the problem in Java has been patched but many (millions?) of users aren't patching in timely manner.

- Collapse -
Prevx's ill-conceived idea

Last week, BBC News reported that security firm Prevx will release a "small program" that will gather data about the effectiveness of anti-virus software:

"In the face of the tidal wave of malware, said Mr Bolin, PC users need a better way to find out how well they are being protected and how long they have been at risk.

Mr Bolin believes the way to get a better sense of the performance of security companies is via a small program that sits on a PC and logs when files are installed.

The program would lie dormant most of the time but would alert a user if it noticed that a fix had been created for a particular virus or trojan it had spotted on a PC.

The idea seems to be that measuring the lag time between when a file is installed until a definitions file addresses it will "bring about change in an industry that is not changing."

My comments here are based on the BBC story, as I couldn't find any additional information about the plan at Prevx's website or blog.

The first problem with the plan is that Prevx is itself an anti-virus company. Therefore, it's hard to believe the real goal isn't to make its competitors look bad. Even if this isn't the case, the company's decision to release this software on its own, rather than working through a trade association or an independent third party, makes it appear to be the case. Only with independent scrutiny and a design that is intended to objectively measure effectiveness should a tool like this be considered reputable.

Another problem is that security software is changing.

- Collapse -
New Likejacking-Attack on Facebook

Currently a new likejacking-attack is running on facebook. If a user clicks on the link of a friend which is reads ?I Will NEVER TEXT Again After Seeing THIS!! on CLICK HERE TO SEE.?, she or he will automatically ?like? that link too due to some clever scripting on the attacking website.

A second like-link says ?This American GUY must be Stoned to Death for doing this to a GIRL (NO SURVEYS)! ? on CLICK HERE TO SEE.?. This is another variant of the same likejacking-attack.

- Collapse -
Trojan trouble at Lenovo

Lenovo's web site for service and support-related training ( is infected and is spreading the hackload.AD trojan. Although Lenovo was informed of the issue yesterday (Monday), the vendor appears to have difficulties with solving the problem or even officially warning its users. At least the page has now been marked as dangerous in Google's Safe Browsing API, which allows browsers such as Firefox or Chrome, to block the page. The virus scanners by ESET, Kaspersky and Avast all reportedly (German language link) now detect the attack and prevent an infection from the site.

First analyses have shown that the trojan is retrieved from an external server via a link to some JavaScript code in the Lenovo page. However, it remains unclear whether the link, which leads to a marketing firm, was injected by criminals in order to act as a retrieval mechanism for the malicious code. The link could also already have existed, and the code for retrieving the malware could be finding its way onto Lenovo's web page via a hacked ad server.

CNET Forums

Forum Info