Facebook Trojan: Brazen, but (Luckily) Benign - Friendly Computers

Third-party application called "Phutos" was able to mimic Facebook's native functionality. - Friendly Computers

Read more below…

This past weekend, a Trojan mimicked Facebook's native functionality and sent notifications on the user's behalf. While Facebook says that the application was harmless, its ability to break through a boundary of trust on the platform alarmed me.

The Trojan came to my attention on Saturday after I received several Facebook notifications (in the form of a red number in the bottom right of the page) telling me that friends had commented on my photos. It was the same notification that I receive on a day-to-day basis.

When I clicked on the notification, it attempted to load an application called "Phutos," which wanted access to my personal information and social network. I declined. A few minutes later, another notification appeared, but I was not taken to the application screen after I clicked on it. That seemed fishy, so I decided to review my applications.

"Phutos" was under my list of recently used applications-even though I never authorized its installation. At that point, I uninstalled the application and notified Facebook of my findings. Obviously, I also had some questions for it.

Facebook spokesperson Simon Axton stayed in steady contact with me over the weekend, and informed me on Monday that the company had disabled the application because it violated Facebook's Developer Principles and Policies. Facebook had determined that the application did not contain any malware, and has a dedicated enforcement team that investigates reports about suspicious applications, he told me.

When I asked what else Facebook does to protect its users, Axton said "We rely on reports from users for suspicious applications. Our team also conducts spot reviews of top applications and of many other applications, including looking at the data they need to run the application versus the data they gather. When we find a violation, we take action to enforce our policies."

It's great that Facebook says it's taking its users' safety seriously, but I am taken back by how easily a third-party application could mimic Facebook's default Web applications. Users can now specify what information applications may access, but everyone uses Facebook differently, so there is a bounty of information for malware to exploit.

There should be a wall between the Facebook development platform and the applications that make up the site itself.

Source: http://www.pcworld.com/article/185274/facebook_trojan_brazen_but_luckily_benign.html

Microsoft Virus Scanning Recommendations Bring Risks - Friendly Computers

We have recently received queries from customers about the official exclusion list recommendations from Microsoft. It seems that they have published a Knowledge Base entry that lists down recommendations to improve performance in Windows when running antivirus scanners. - Friendly Computers
Read more below…

This list recommends customers to exclude certain extensions and folders from antivirus scanning. Now, although it actually makes sense to stop checking Windows Update and some Group Policy-related files if you really want to speed up the system, we are concerned by the fact that this was released publicly.

This is an overview of these recommendations from Microsoft:

Certain files in the SoftwareDistribution folder.
Certain specific filename (for example: edb.chk)
A small extension list in certain specific folder (*.log)
Plus, some other similar lists for the Group Policy.

Following the recommendations does not pose a significant threat as of now, but it has a very big potential of being one. Cybercriminals may strategically drop or download a malicious file into one of the folders that are recommended to be excluded from scanning, or use a file extension that is also in the excluded list.

We find it sensible for users to aim for better system performance. However, we also think that excluding certain file types or folders from antivirus scanning is not something novice users should tinker with. Doing so may expose the system to risks that can lead to an inconvenience far more severe than a slightly slower system.

In line with this, we advise users to educate themselves fully about these recommendations before taking any actions. We recommend users not to exclude any file, unless there is a critical reason to do so, and be aware of the risks entailed by such an action.

Source: http://blog.trendmicro.com/microsoft-virus-scanning-recommendations-bring-risks/

MP3 Spam Is Back! - Friendly Computers

Old trends never die, it just resurface from time to time. - Friendly Computers
Read more below…

Case at point, spammed messages that have attached MP3 files, which was last seen two years ago, made its presence felt once again today.

Trend Micro researchers were alerted to the discovery of spammed messages that bore no subject and body content. The email message only contained a MP3 file that when executed, a voice advertising Viagra pills and other sexual enhancement pills is heard. The said “voice” also entices users to visit a certain URL, which points to the all-too familiar Canadian pharmacy sites.

In the past, Trend Micro has blogged about how cybercriminals utilized MP3 files or purport as such to proliferate their malicious activities in the following blog posts :

Storm Pump-and-Dump: The Musical
Music Unleashes the Malware Beast
Users are strongly advised not to open and execute attached files from unknowing users. Trend Micro secures users from this attack via its Smart Protection Network that blocks the said spammed messages.

Source: http://blog.trendmicro.com/mp3-spam-is-back/

AV-Test.Org Releases Real-World Malware Protection Report - Friendly Computers

Magdeburg-based research lab AV-Test.org today released the results of a lengthy real-world malware protection study. This test challenged a dozen major security suites to protect Internet-connected physical computers against up-to-the-minute threats. Each day for 60 days, researchers released 10 fresh threats on the test systems and analyzed each product's ability to detect the threat and to fully block its installation. They also checked for false alarms--valid programs reported as malware. All of the suites did a decent job, though some were significantly better than others. - Friendly Computers

Read more below…

The report notes that modern security suites include many layers of protection, including "URL filtering, web reputation services, exploit blocking, 'in-the-cloud' scanning as well as behavior-based protection mechanisms." A test that only challenges the product's on-demand scanner is not representative of real-world performance. The current test simply evaluated whether the product detected each malware sample, without regard for which security component handled the detection. Afterward, the team used in-house analysis software to determine whether the malware attack was successfully blocked.




This kind of dynamic testing is much more labor intensive than simply running a static collection of malware past an on-demand scanner. An automated static file test can process millions of samples without human intervention. By contrast, tracking the 600 malware samples and 400 clean files took all of AV-Test's resources. "Our entire lab with 14 full-time employees and up to 150 PCs and server systems were involved in this project."

Norton Internet Security 2010 scored highest at malware detection, at 98.0 percent. Even the least successful of the twelve, Trend Micro Internet Security 2010, detected 83.3 percent. Of course, detecting a threat doesn't always mean successfully preventing the attack. The top scorer for actual malware blocking was PC Tools Internet Security 2010, at 94.8 percent. CA Internet Security 2010 brought up the rear with 73.5 percent. Here are the full results:

MALWARE DETECTION RATES AND WARNING MESSAGES (FALSE ALARMS)



Tested Product Malware Detected False Alarms
Symantec Norton Internet Security 2010 98.0% almost none
Kaspersky Internet Security 2010 97.5% few
PC Tools Internet Security 2010 95.8% almost none
AVG Internet Security 9.0 92.2% few
G Data Internet Security 2010 90.0% many
Panda Internet Security 2010 90.0% almost none
Avira Premium Security Suite 9.0 87.7% many
McAfee Internet Security 2010 87.2% few
CA Internet Security 2010 86.7% few
F-Secure Internet Security 2010 85.8% almost none
BitDefender Internet Security 2010 84.3% few
Trend Micro Internet Security 2010 83.3% few




MALWARE BLOCKING RATES AND WARNING MESSAGES (FALSE ALARMS)



Tested Product Malware Blocked False Alarms
PC Tools Internet Security 2010 94.8% none
Symantec Norton Internet Security 2010 92.8% none
Kaspersky Internet Security 2010 89.8% few
Panda Internet Security 2010 88.7% none
Avira Premium Security Suite 9.0 87.2% none
McAfee Internet Security 2010 86.7% none
AVG Internet Security 9.0 84.2% few
G Data Internet Security 2010 83.0% few
Trend Micro Internet Security 2010 81.3% few
F-Secure Internet Security 2010 80.2% none
BitDefender Internet Security 2010 77.8% none
CA Internet Security 2010 73.5% none




This kind of dynamic testing is the wave of the future. It's hard to do, but it's the only way to really evaluate a product's ability to protect against malware.

Source: http://blogs.pcmag.com/securitywatch/2009/12/av-testorg_releases_real-world.php#more

Scammers exploit Google Doodle to spread malware - Friendly Computers

Online scammers are taking advantage of the public's interest in the Google Doodle to spread malware, a security firm warned on Tuesday - Friendly Computers
Read more below…

Online scammers are taking advantage of the public's interest in the Google Doodle to spread malware, a security firm warned on Tuesday.

In so-called "SEO poisoning," scammers use search engine optimization techniques to increase the distribution of malware. They create special malware-rigged Web sites or hide malware on legitimate Web sites they've compromised and then use tags associated with popular search terms to get them listed high up in search engine results.

Typically, scammers capitalize on public interest in news events or celebrities, targeting searches like "Swine Flu" or "Michael Jackson death." But in the latest twist on this technique, scammers are exploiting interest in the Google Doodle, the graphics that often take over the Google logo on holidays or to mark special events.

For instance, the doodle on Tuesday showed a flag for Esperanto, a universal language created by L.L. Zamenhof which is based on parts from a variety of languages. Clicking on the doodle, located near the search box, brings up a list of search terms for "L.L. Zamenhof."

Dave Michmerhuizen, a research scientist at Barracuda Networks, found 31 poisoned sites among the first 100 results, 27 of them in the first 50 sites alone.

On the first results page was a link leading to a compromised Web site that redirects visitors to a fake antivirus site, according to Michmerhuizen. That site displays a fake alert saying the computer might be infected and does a fake scan before prompting the user to pay for antivirus software, he said.

A Google spokesperson said the company had already removed many of the allegedly malicious sites from the index using manual and automated processes to enforce the policies.

"As you probably know, the use of popular search terms to target malware is neither a new vector nor unique to any particular search engine. We work hard to protect our users from malware, and using any Google product to serve malware is a violation of our product policies," the spokesperson said in an e-mail.

"Our Safe Browsing technology is capable of detecting malware being served from sites that have been compromised," the Google e-mail said. "In fact, as we've explained publicly, we have been seeing more infections coming from compromised sites" across the entire Web.

Source: http://news.cnet.com/8301-27080_3-10416246-245.html?tag=mncol

Rating the best anti-malware solutions - Friendly Computers

AV-Comparatives' December 2009 report has been released and there are eight winners. The other eight products didn't do so well.
Friendly Computers
Read more below…

Following its November 2009 retrospective/proactive report, AV-Comparatives has released its December 2009 Potentially Unwanted Applications (PUA) comparative. PUA refers to adware, spyware, rogue, and other fraudulent software circulating on the Internet that are not typical malware (classification in the last category is sometimes not an easy task; under some circumstances, PUAs are accepted in some countries, depending on the cultural background or the legal system, and hence the term "potentially unwanted"). AV-Comparatives typically do not include PUAs in their malware test sets, but since users may want to know how well their antivirus program detects potentially unwanted software, a separate test was created.

The first PUA test contained 750,297 individual samples (only program executables) that cover mainly adware, spyware, and rogue software gathered between January 2009 and October 2009 (sets were frozen on the October 29, 2009). Dialers, potentially dangerous tools, and other greyware were not included, as their classification is debatable. Not all security products include detection for them as this sometimes breaks company policy. Sixteen products were updated on November 6, 2009, set on the highest detection settings (except for Sophos and F-Secure, per their own request), and put to the test.

Here are the results of this particular test:

1.G DATA Antivirus 2010: 99.8 percent
2.Trustport Antivirus 2010: 99.8 percent
3.AVIRA AntiVir Premium 9.0: 98.9 percent
4.McAfee VirusScan Plus 2010: 98.9 percent
5.BitDefender Antivirus 2010: 98.6 percent
6.eScan AntiVirus 10.0: 98.6 percent
7.F-Secure Anti-Virus 2010: 98.6 percent
8.Symantec Norton Antivirus 2010: 98.6 percent
9.Kaspersky Anti-Virus 2010: 96.7 percent
10.ESET NOD32 Antivirus 4.0: 96.5 percent
11.avast! Free 5.0: 96.3 percent
12.Sophos Antivirus 9.0.1: 95.4 percent
13.Microsoft Security Essentials 1.0: 94.6 percent
14.AVG Anti-Virus 9.0: 93.9 percent
15.Norman Antivirus & Anti-Spyware 7.30: 88.5 percent
16.Kingsoft AntiVirus 9 Plus: 87.1 percent

Missed Samples in Percentage Points
AV-Comparatives The bulleted list represents the detection rates in percentage points for adware, spyware, and rogues, while the chart shows the number of missed samples in percentage points. After taking these results into consideration, AV-Comparatives rated the security companies from best to worst in three categories:

•Advanced+: TrustPort, G DATA, McAfee, AVIRA, Symantec, F-Secure, BitDefender, eScan
•Advanced: Kaspersky, ESET, Avast, Sophos, Microsoft, AVG
•Standard: Norman, Kingsoft
The results seem to suggest that the best antivirus applications that regularly rank highly in general malware tests are not necessarily as good at anti-adware, antispyware, and antirogue detection. That said, all 16 products detected at least 85 percent of the threats, which is respectable. Overall, we can say that the detection rate of PUAs is similar to the detection rate of general malware.

It's worth noting that this is the first AV-Comparatives test in which Microsoft Security Essentials (MSE), Redmond's free antimalware solution, was tested in its final 1.0 form. MSE was released in September 2009 and these tests were performed last month. Clearly Microsoft has work to do, at least in the PUA department (the beta version did quite well in older antimalware tests).

Windows 7: Inside Multitouch

 

Friendly Computers have seen touch screens before, so what makes the ones supported by Windows 7 so special? Below is the inside scoop.

Touch screen technology may seem shiny and new but any analyst will tell you that it has been around for decades: ATMs, grocery store self-check kiosks, even museum exhibits. But what makes Windows 7 so exciting is that no computer operating system ever incorporated native support for multitouch before. The new breed of multitouch laptops and desktops with touch screens don't need extra downloads or plugins-- multitouch just works.

Multitouch's Predecessors

To be fair, Windows 7 is not the first operating system to support some form of touch computing. Vista offered single-touch capabilities in tablet mode, and pen input is quite common as well. But as much as Microsoft would love to paint multitouch as a natural progression in its operating systems, its Apple that was the real democratizer of multiple-input touch screens. Introducing now familiar gestures like pinching, tapping, and flicking, the iPhone and the iPod Touch, made multitouch second nature to many users. Apple followed up its mobile devices with gesture-based touchpads on its MacBook and MacBook Pro models in late 2008. Though it was a bit tough to get used to the integrated mouse button and touchpad, the ability to use gestures based on up to four fingers opened up new possibilities.

A few Windows-based "multitouch" systems have come out as well—namely the HP TouchSmart TX2 and Dell Latitude XT line of laptops, as well as the HP TouchSmart desktop PCs. These systems used built-in hardware and software solutions to accommodate two-finger touch (though they still couldn't support three- and four-finger gestures). But it wasn't until early glimpses at Windows 7 this year that we saw Microsoft itself respond to the multitouch trend.

How Multitouch Works

A few months before those MacBooks hit the scene, Microsoft announced its plans for multitouch at the All Things Digital conference in California. Unlike any of its predecessors, Windows 7 natively supports multitouch functionality in touch screens and is built to accommodate up to 10 points of contact. On the Engineering Windows 7 blog, the developers highlight all the ways the OS was tweaked to optimize it for touch. It's everything from making keys on the on-screen keyboard glow when your finger is covering the letter to improving high dpi support to make small links and buttons easier to access with touch.

Though the software is similar across platforms, the PCs we've tested use different hardware solutions. The multitouch laptops we've seen so far, like the Lenovo ThinkPad X200 Tablet and Fujitsu LifeBook T5010 use dual-active digitizers, meaning they have one technology for the stylus and another, called capacitive, is activated for multitouch using your fingers. Non-tablets like the Lenovo ThinkPad T400s use a capacitive touch screen only, and many more will follow this implementation (Toshiba and Acer have already announced capacitive touch panels on their mainstream laptops).

In capacitive screens, a small current of electricity runs across the surface, with circuits at the corners. Touching the screen interrupts that current. Capacitive technology only works on smaller screens, so desktops like the HP TouchSmart 600-1055 PC and Gateway One ZX6810-01 employ optical solutions. Optical sensors are set up around the screen creating a grid. The screen reacts when your finger, pen, stylus, or any other implement break one of the beams; you don't actually have to physically touch the surface to get a response.

All of the PC manufacturers that have put out multitouch systems so far have included Windows 7's Touch Pack, a software suite that incorporates applications that work with the Windows 7 kernel to use a multitude of different gestures. For instance, Microsoft Surface Collage lets you access and manipulate all your photos to create different designs on the screen. You can drag and drop images with one motion, resize or rotate them with two fingers, and scroll through the images available on the bottom pane using the flicking motion. Other games and applications like BlackBoard and Microsoft Surface Lagoon act like tutorials for multitouch, creating objectives that force you to perfect various gestures in order to win the games.

What's Next for Multitouch

Although the Windows 7 Touch Pack certainly has that gee whiz factor, the real question regards implementations for multitouch in the future. Will it change the user experience? And can we harness that potential to take it beyond a neat trick for games and fun apps? Clearly the onus right now is on software makers to come up with revolutionary ways to integrate multitouch and expand its possibilities. Some PC manufacturers have included programs built around multitouch, like Gateway's TouchPortal and HP's TouchSmart interface. While HP's includes extra functionality like Hulu desktop and HP games, these still don't bring much more to the table than a new way to interact with Microsoft's existing touch-based programs.

Whether its niche markets like education, health care, and engineering finding new uses for multitouch, or multitouch making its way onto new platforms like netbooks, there's no question that this interface can change the way we look at computing. The Engineering Windows 7 blog sums its effect up well. In it, Steven Sinofsky, the president of the Windows division wrote, "One of my favorite experiences recently was watching folks at a computer retailer experience one of the currently available all-in-one touch desktops and then moving to another all-in-one and continuing to interact with the screen—except the PC was not interacting back. The notion that you can touch a screen seems to be becoming second nature."

For a closer look at some of the emerging Windows 7 multitouch systems, be sure to read our full reviews.

 

 

Source: http://www.pcmag.com/article2/0,2817,2354680,00.asp