Archive for the ‘antivirus’ Category

Microsoft Announces Windows Defender ATP Antivirus for Mac

March 22nd, 2019
Brace yourself guys. Microsoft is going to release its Windows Defender ATP antivirus software for Mac computers. Sounds crazy, right? But it's true. Microsoft Thursday announced that the company is bringing its anti-malware software to Apple’s macOS operating system as well—and to more platforms soon, like Linux. As a result, the technology giant renamed its Windows Defender Advanced

Posted in anti malware, Anti-virus, antivirus, antivirus for macos, Antivirus protection, Best Antivirus software, Microsoft Defender ATP, Windows Defender, windows security | Comments (0)

Researchers use Intel SGX to put malware beyond the reach of antivirus software

February 12th, 2019
Intel Skylake die shot.

Intel Skylake die shot. (credit: Intel)

Researchers have found a way to run malicious code on systems with Intel processors in such a way that the malware can't be analyzed or identified by antivirus software, using the processor's own features to protect the bad code. As well as making malware in general harder to examine, bad actors could use this protection to, for example, write ransomware applications that never disclose their encryption keys in readable memory, making it substantially harder to recover from attacks.

The research, performed at Graz University of Technology by Michael Schwarz, Samuel Weiser, and Daniel Gruss (one of the researchers behind last year's Spectre attack), uses a feature that Intel introduced with its Skylake processors called SGX ("Software Guard eXtensions"). SGX enables programs to carve out enclaves where both the code and the data the code works with are protected to ensure their confidentiality (nothing else on the system can spy on them) and integrity (any tampering with the code or data can be detected). The contents of an enclave are transparently encrypted every time they're written to RAM and decrypted upon being read. The processor governs access to the enclave memory: any attempt to access the enclave's memory from code outside the enclave is blocked; the decryption and encryption only occurs for the code within the enclave.

SGX has been promoted as a solution to a range of security concerns when a developer wants to protect code, data, or both, from prying eyes. For example, an SGX enclave running on a cloud platform could be used to run custom proprietary algorithms, such that even the cloud provider cannot determine what the algorithms are doing. On a client computer, the SGX enclave could be used in a similar way to enforce DRM (digital rights management) restrictions; the decryption process and decryption keys that the DRM used could be held within the enclave, making them unreadable to the rest of the system. There are biometric products on the market that use SGX enclaves for processing the biometric data and securely storing it such that it can't be tampered with.

Read 15 remaining paragraphs | Comments

Posted in antivirus, DRM, Intel, malware, security, sgx, Tech | Comments (0)

A sampling of networking gear from CES: TP-Link goes Wi-Fi 6, D-Link goes 5G

January 10th, 2019
The Deco X10.

Enlarge / TP-Link's Deco X10 Wi-Fi 6 mesh product. (credit: TP-Link)

The halls of CES might be filled with voice assistants and OLED televisions, but few things make a bigger impact on your day-to-day experience with technology than your networking solution. And there were a bunch of announcements on that front this year.

5GHz routers, smart home, and mesh Wi-Fi systems are where most of the movement is, and many companies like D-Link and TP-Link are offering similar options—but of course, each has its own unique value propositions.

To get a sense of the landscape for home and office networking products (the consumer ones, mind you), let's look at what those two companies showed at CES this year.

Read 18 remaining paragraphs | Comments

Posted in 5G, antivirus, CES, d-link, ethernet, networking, routers, smart home, Tech, TP-Link, WiFi | Comments (0)

Four months after its debut, sneaky Mac malware went undetected by AV providers

December 21st, 2018
Screenshot of virus-detecting program.

Enlarge / A screenshot of VirusTotal showing only two AV providers detected malware, four weeks after it was outed. (credit: Patrick Wardle)

Four months after a mysterious group was outed for a digital espionage operation that used novel techniques to target Mac users, its macOS malware samples continued to go undetected by most antivirus providers, a security researcher reported on Thursday.

Windshift is what researchers refer to as an APT—short for "advanced persistent threat"—that surveils individuals in the Middle East. The group operated in the shadows for two years until August, when Taha Karim, a researcher at security firm DarkMatter, profiled it at the Hack in the Box conference in Singapore. Slides, a brief description, and a report from Forbes are here, here and here, respectively.

A few things make Windshift stand out among APTs, Karim reported in August. One is how rarely the group infects its targets with malware. Instead, it relies on links inside phishing emails and SMS text messages to track the locations, online habits, and other traits of the targets. Another unusual characteristic: in the extremely rare cases Windshift uses Mac malware to steal documents or take screenshots of targets' desktops, it relies on a novel technique to bypass macOS security defenses. (The above-linked Forbes article has more on how this technique, known as a custom URL scheme, allows attacker-controlled sites to automatically install their malware on targeted Macs.)

Read 5 remaining paragraphs | Comments

Posted in antivirus, apple, Biz & IT, MacOS, Macs, malware | Comments (0)

Windows Built-in Antivirus Gets Secure Sandbox Mode – Turn It ON

October 29th, 2018
Microsoft Windows built-in anti-malware tool, Windows Defender, has become the very first antivirus software to have the ability to run inside a sandbox environment. Sandboxing is a process that runs an application in a safe environment isolated from the rest of the operating system and applications on a computer. So that if a sandboxed application gets compromised, the technique prevents its

Posted in anti malware, Anti-virus, antimalware, antivirus, Antivirus Sandbox, Best Antivirus, cybersecurity, microsoft, Microsoft Antivirus, sandbox, sandbox bypass, sandboxing, windows antivirus, Windows Defender | Comments (0)

Microsoft Adding Artificial-Intelligence Based Advanced Antivirus to Windows 10

June 28th, 2017

Microsoft is making every effort to make its Windows operating system more secure and advanced than ever before by beefing up its security practices and hardening it against hackers and cyber attacks in its next release.

With the launch of its Windows 10 Creator Update (also known as RedStone 3), which is expected to release sometime between September and October 2017, Microsoft is planning

Posted in AI Technology, antivirus, antivirus software, Artificial intelligence, Best Antivirus, malware protection software, secure windows 10, Windows 10, windows 10 antivirus | Comments (0)

Amenazas avanzadas demandan un nuevo abordaje para la seguridad del endpoint

June 28th, 2017

Una nueva onda de malware avanzado está buscando lagunas en las defensas de los endpoints convencionales y nuevas formas de explorarlas. Esos malwares usan técnicas como criptografía y polimorfismo para mascarar su verdadera intención, alcanzando las empresas con ataques de “día-cero”, los cuales las herramientas de seguridad basadas en firma no consiguen identificar.

Esos ataques usan ejecutables ​​sofisticados capaces de reconocer cuando están siendo analizados en herramientas de sandbox ​​y, así, atrasar la ejecución. Ellos también incluyen archivos legítimos y aplicativos que aparecen limpios en la superficie, pero que contienen código malicioso embutido y accionado por gatillos posteriores.

Los responsables por la seguridad en las empresas corren contra el reloj para detectar, contener y remediar las nuevas amenazas y muchas veces no lo consiguen. Cuando varios productos de defensa de endpoint no se comunican unos con los otros, eso exige etapas extras y gran esfuerzo manual de los administradores. Muchos recursos son necesarios para filtrar tantas alertas, generadas por varias soluciones en varios puntos diferentes. Y el tiempo entre la detección y la remediación solo aumenta.

Es necesario pensar en un abordaje de seguridad diferente para aumentar la protección del endpoint. Imagine un sistema unificado, totalmente integrado, con varias capas de defensa que pudiese responder a nuevos eventos inmediatamente, sin intervención humana. En vez de depender de diversas herramientas de seguridad diferentes, usar técnicas de machine learning para parar la mayoría de las amenazas antes que ellas alcancen los endpoints.

Para contener amenazas avanzadas y de día-cero es necesario incluir análisis de estructura y comportamiento de malwares en el sistema de seguridad. Los ciber-criminosos pueden alterar el aspecto del código, pero aún será un malware. Por lo tanto, es probable que comparta muchos atributos con ataques ya conocidos, lo que torna posible analizar el código binario estático para comparar la estructura de los ejecutables sospechosos con las amenazas ya conocidas.

De la misma forma, incluso siendo desconocido, el malware va siempre a seguir cierto comportamiento. Al comparar el comportamiento real del código con perfiles de centenares de millones de muestras de malware es posible identificar y bloquear el archivo si este empieza a comportarse maliciosamente, como sustituir archivos o hacer alteraciones de registro que correspondan al comportamiento de otro malware conocido.

Con esos recursos es posible reducir las etapas manuales e interrumpir la mayoría de las amenazas antes que esas puedan damnificar el endpoint. Al usar defensas integradas y automatizadas, el resultado es un modelo en constante evolución, cada nueva amenaza detectada mejora las defensas de la organización como un todo.


*Bruno Zani es gerente de ingeniería de sistemas de McAfee en Brasil

The post Amenazas avanzadas demandan un nuevo abordaje para la seguridad del endpoint appeared first on McAfee Blogs.

Posted in Advanced Persistent Threats, Advanced Threat Defense, antivirus, endpoint security, Español | Comments (0)

Webroot ‘mistakenly’ flags Windows as Malware and Facebook as Phishing site

April 25th, 2017

Popular antivirus service Webroot mistakenly flagged core Windows system files as malicious and even started temporarily removing some of the legit files, trashing user computers around the world.

The havoc caused after the company released a bad update on April 24, which was pulled after approximately 15 minutes. But that still hasn’t stopped some PCs from receiving it, causing serious

Posted in antimalware, antivirus, antivirus software, webroot antivirus, windows antivirus, windows crash | Comments (0)

New Versions of Cloud Workload Discovery and McAfee MOVE AntiVirus Now Available!

April 20th, 2017

As part of our continued enhancements to our server security solutions, Cloud Workload Discovery 4.5.1 was released on March 27, 2017 and the McAfee MOVE AntiVirus 4.5.1 release followed on April, 20 2017.  These solutions have some valuable new features and benefits that I’d like to share with you.

Cloud Workload Discovery 4.5.1

Let’s start with Cloud Workload Discovery 4.5.1.  Cloud Workload Discovery, covering VMware, OpenStack, AWS and Microsoft Azure, provides end-to-end visibility into cloud workloads and their underlying platforms. You can get an in-depth description of Cloud Workload Discovery in our previous blog, “New Server Security Release Makes Borderless Cloud Security a Reality”.  Prior to version 4.5.1, Cloud Workload Discovery was available to work with two of Intel Security’s antivirus solutions, McAfee VirusScan Enterprise and McAfee MOVE AntiVirus.

Cloud Workload Discovery 4.5.1 extends visibility to McAfee Endpoint Security for AWS and Microsoft Azure workloads.  McAfee Endpoint Security is a collaborative, extensible framework for protecting Microsoft Windows and Linux servers against zero-day exploits and advanced attacks. Now that Cloud Workload Discovery supports McAfee Endpoint Security, we are adding two of its modules, Threat Prevention and Firewall, to all three of our server security suites, McAfee Server Security Suite Essentials and McAfee Server Security Suite Advanced for hybrid cloud protection and McAfee Public Cloud Security Suite.

Threat Prevention scans for viruses, spyware, unwanted programs and other threats – automatically with user access or on demand at any time.  The Firewall module monitors communication between the computer and resources on the network and the Internet to intercept suspicious communications.

 McAfee MOVE AntiVirus 4.5.1

McAfee MOVE AntiVirus is a key component of McAfee Server Security Suite Essentials and  McAfee Server Security Suite Advanced.  McAfee MOVE AntiVirus can now protect Linux virtual machines in agentless deployments as part of the 4.5.1 release, including 64-bit versions of SUSE Linux Enterprise Server 12, Red Hat Enterprise Linux 7 and Ubuntu 14.04 LTS.  This includes all the Linux distributions supported by VMware NSX 6.3. In addition, McAfee MOVE Antivirus (Agentless) is now certified for VMware NSX 6.3 so that customers can be sure that these solutions work seamlessly together.

Learn More

Here’s some links for our server security suites and McAfee MOVE AntiVirus if you’d like to find out more about these solutions:

McAfee Server Security Suite Essentials

McAfee Server Security Suite Advanced

McAfee Public Cloud Server Security Suite

McAfee MOVE AntiVirus

The post New Versions of Cloud Workload Discovery and McAfee MOVE AntiVirus Now Available! appeared first on McAfee Blogs.

Posted in antivirus, Cloud security, endpoint security, Security Connected | Comments (0)

Critical Flaw in ESET Antivirus Exposes Mac Users to Remote Hacking

February 28th, 2017

What could be more exciting for hackers than exploiting a vulnerability in a widely used software without having to struggle too much?

One such easy-to-exploit, but critical vulnerability has been discovered in ESET’s antivirus software that could allow any unauthenticated attackers to remotely execute arbitrary code with root privileges on a Mac system.

The critical security flaw, tracked

Posted in antivirus, Apple Mac OS, eset antivirus, Google Security, hacking news, Mac security, remote code execution, Vulnerability | Comments (0)