Here’s my review of new Avast 7 in Windows 8 Consumer Preview. New Windows system contains upgraded Windows Defender version 6.2, which has now full antivirus functionality and runs by default. Microsoft basically put there what they used to call Security Essentials (but the name is too long as per modern guidelines, I guess). So I wanted to test and see if third-party antivirus in Windows CP would be welcome. That means that Defender would need to be shut down automatically. I liked the previous versions of Avast and always recommended that security software, besides, it did perform very efficiently.
At some point I realized that I cannot access www.careerbuilder.com website. For the first time it happened to me back in Switzerland when I worked few years ago. Since then I moved from there and from time to time I tried that website again. I like Money section on msn.com and careers.msn.com was always just a click away. But I had no luck. First I thought it was screened by a corporate firewall, but an attempt to connect at home did not improve the situation. Careerbuilder.com is not something I really need to use, but it has been a bothering feeling that there’s a major website where you are not allowed to access, and you do not know why.
As in a good detective story there was another plot developing independently from the Careerbuilder.com story. I have an iPod Touch and I installed Opera Mini browser there as I enjoy Opera browser in general (mouse gestures are very handy). After a while I noticed that with Opera Mini I can access some sites that I could not normally access from the country where I’m staying now (Russia). To my surprise it turned out that Opera Mini uses a transparent proxy, which is built-in and cannot be disabled, as according to my ip I was somewhere in Iceland (please see the screenshot below):
Puzzled I typed in careerbuilder.com and here you go, as if it has been always there for me:
Then I pinged careerbuilder.com in a usual way, and here’s the result:
Reply from 18.104.22.168: Destination net unreachable. As I could not decipher that message myself, I posted a question on Neowin.net forum.
And mighty BudMan replied in his typical elaborated manner, with a short summary in this quote: ”Clearly ICMP is being blocked [...]. Yeah it sucks with parts of the internet do not follow the RFCs and block icmp that should not be blocked..” Continue reading
If you like to use power stuff , try Norton 360 from Symantec promotion page here. It has been updated to version 5 recently (version 2011). Norton 360 v5 is a huge security and computer maintenance suite that includes several modules: PC Security (antivirus and firewall), Identity Protection, Backup, and PC Tuneup. In this version, similar to Norton Internet Security 2011, Norton 360 features the latest generation of the Norton reputation-based detection and prevention technology. Here’s the direct download link to the 90-days trial: http://buy-download.norton.com/akdlm/dm/estore/downloads/OEM/N360/5.0/N360_22.214.171.124_MS_LOEM_MRF1441_5671.exe?LNG=EN&None&fileExt=.exe
Windows Firewall is a built-in security tool you would never regret to have, even if you do not know what it is and what for. It is designed to protect your computer from hackers attacks from outside, that is not always solely Internet — local network (LAN) could be also an area where you want to be alerted. Firewall can also protect, if some malware is already planted and trying to communicate out of your machine. The latter is very unlikely though, that is once your machine is infected, the virus would most probably find a way to break silently through the firewall. I once already explained how to configure Windows Vista firewall to filter outbound traffic [article link "Tweak Windows Firewall"]. Since then I expect Windows 7 firewall to be even more convenient and maybe more functional, let’s check.
Let’s see what we can learn from popular books. Let’s start with Windows 7. The missing manual. By David Pogue, Published by O’Reilly Media, 2010. At first it gives a nice definition of the firewall: “The firewall acts as a gatekeeper between you and the Internet. It examines all Internet traffic and lets through only communications that it knows are safe; all other traffic is turned away at the door.” But then on page 363 it describes the outbound versus inbound topic, where to my big surprise I see the following: “Windows Vista didn’t have an outbound-blocking firewall at all.” That’s wrong, Vista had almost the same firewall that Windows 7 has. Good suggestion for the errata, I think. But anyway, the author is right about the firewall: outbound-blocking feature is turned off by default. Why? “The theory is that if your PC is locked down tight enough with antivirus software, antispyware software, and an inbound firewall, you won’t get any infection that could send outbound signals in the first place.” That’s a fair explanation, but a bit too general for a book like that. Otherwise, there is a good guide in the book of how to tweak Windows firewall. One good point I would like to quote: “there’s no harm in having both a hardware and software firewall in place. In fact, having the Windows Firewall turned on protects you from viruses you catch from other people on your own network (even though you’re both “behind” the router’s firewall).” The book gives an interesting link to Microsoft TechNet library article Windows Firewall with Advanced Security Getting Started Guide, where you can learn a lot of interesting stuff. For example, I was wondering why my Avast Internet Security 5.0.677 did not disable the Windows Firewall once it has it’s own. As it turned out, that is a new feature in the Windows Firewall that it coexist with third party firewalls:
I like applications from Avast. I know it is not wise to be hooked on security software, because when you get used to something, you isolate yourself from all the other similar stuff, and one security tool is never enough. But still, to me Avast makes incredibly pleasing software. The main thing I like about it (And I mean anything starting from free Avast antivirus) is that it’s completely seamless and not intrusive at all (especially when you shut down the sound messages). I hate when an antivirus behaves like an unexpected guest, setting his rules instead of following your rules.
So I installed Avast Internet Security version 5.0.677. And it is great from a user interface perspective. Yet there are some very important features to mention. As I reviewed in one of my recent posts, Avast free antivirus v.5 performed with flying colors in the drive-by test. That basically tells you a lot about the company, because it takes time and effort to watch those web threats spreading around. In the Internet Security package have some extra stuff to appreciate: a sand box tool which allows to run any program in the virtual environment (similar to instant virtual machine):
Sometimes you need to quickly destroy all your data, for whatever reason. In this case Darik’s Boot And Nuke bootable CD can help. What you need to do is download the file image dban-2.2.6_i586.iso (last version 2.2.6) and burn it without unzipping. Then to deploy it, simply reboot and follow the prompts. Important to mention, that in your PC BIOS booting order must be set to start from DVD(CD)-ROM. Beware though, as this program is designed to look for any hard drives, not only the system one, and to wipe out everything without any possibility to restore. Therefore, be extremely careful with that CD. DBAN is a good way to recycle your old computer, making sure that no identity theft is possible if you sell your PC, for instance. It is also a good way to totally sanitize your hard drive before new Windows (or whatever OS) installation, especially if you suspect it was compromised with virus or rootkit infection. Creator of this tool claims that “DBAN prevents or thoroughly hinders all known techniques of hard disk forensic analysis.” It is free to use. Just be aware that good cleaning of large volume of data takes time.
I have installed McAfee Internet Security with 6-month complimentary subscription for Facebook users, but I’m confused to tell whether it is version 2010 or 2011, because it is not shown anywhere. Maybe it is just a smart marketing move, but I would call it a sneaky move, as the packaging design on their official website shows no difference. About window tells me the following: Security Center version is 10.5 and VirusScan 14.5.
First I’d like to say something good about McAfee IS. Installation went very easy and fast [screenshot] — no reboot required, no annoying registration forms, no nothing. Installation options were presented well [screenshot]. The program, once it is running, feels very light on system resources. It would be ridiculous to say that a McAfee application cannot get its job done, as well as Symantec these guys probably spent a fortune in Reasearch and Development and most tests and reviews say they are good. But there were some really surprising things to me.
I take care of my files, and if there’s something I need to know — I need to know that in details. OK, Mcafee IS found few viruses during the scan of some downloaded samples and presented the report:
Ok, I want to see the details of the viruses and Trojans found in my files, so I click the links to see an explanation. A new window opens in the internet browser where I can see exactly that McAfee has empty database entries under the names W32/Autorun.worm!ji and Generic.gh. With risk assessment Low it probably means that they have no clue of what they found and how to prove it is a virus. Or maybe the engineers at McAfee just don’t care. Because for the suspect Artemis!83A917492B0D [screenshot] they even have no trace in the database, “page not found”, 404, you know. What did they find then? Not much, I’m afraid it just what is called “false positives” — files with inner structure elements which resemble elements of malware. And I don’t mind pointing to some dangerous areas, as no one can be 100% percent sure, but tell me something reasonable, suitable for a human. Literally: “We are not sure, but this file looks suspicious, click here if you want to know why… We suggest we delete it, or quarantine (isolate), so you could decide later what to do…” Here’s what I call human approach.
Are you a Facebook user? Here is a link to a free 6-month subscription of McAfee Internet Security 2011, complimentary for all Facebook users: http://us.mcafee.com/root/landingpages/affLandPage.asp?affid=773&lpname=272multi&cid=70235 If you are not, you can register and receive that nice software as well. Why McAfee? Well I found it interesting to see in the last issue of Russian computer hacking magazine (http://www.xakep.ru/articles/magazine/xa.asp) a heuristics test of Kaspersky Internet Security 2011, Eset NOD32, Avira AntiVir, and McAfee (all latest builds).
Viruses are money-driven tools these days, they are trying to stay in the shadow from a regular consumer point of view. Reason is they are designed for an economic crime (D.o.S., online banking fraud, blackmail, etc.) and big chances are you are not very suitable as a target. They can make some harm to you personally, but probability of that is close to zero. If they steal your credit card number, you may never know about it. But even if your bank let you become the fraud victim (very unlikely) for certain period, your real loss at the end will be frustration and anger.
I’m afraid the biggest coming internet threat is fake information. The Truman Show may never end for those who confuse living souls with spam bots, news with generated text, and books with messy databases. I feel a shiver going down my spine while reading fake spam messages as they truly reflect the schizophrenic reality, the endless fall to the demons abyss.
How do you know the information you’ve just read is real, true, valid, and was not published three years ago?
Here’s the final round of my antivirus drive-by test. Preparation for the drive-by test and setup configuration is described here (part 1) and here (part 2). First of all I wanted to see if major free antivirus programs would be effective against web threats. To make picture complete I also tested Norton Antivirus 2011 and ESET NOD32 Antivirus, yet surprisingly they did not show 100% protection as I expected from paid software. Again, it is important to note that I checked only the first lines of defence, because there are few of them to mention:
1. web site blocking based on IP, from the list of known domains containing malware
2. detection of malicious scripts while browsing
3. detection of exploit code before a web browser triggers it
4. shell-code detection
5. detection of downloaded installer (based on virus signatures or heuristics analysis)
As detection of sploit portion fully installed and functioning may take lots of man hours, I say an antivirus fails if it does not react up to 4th barrier, this is important to understand.