Category Archives: Security News

On this page you will find links to selected IT-security related news articles from various sources, including news from conferences and some test results (also from other testing labs). If you find some interesting news or test reports, please let us know!

Spotlight on security: Pi-hole a blackhole for Internet advertisements

Published by:

Starting from June, AV-Comparatives will highlight an interesting event, idea, initiative, announcement or product which will make the digital world a safer place to surf and live in. We will kick off with an interesting piece of software originally developed for the Raspberry Pi, called Pi-hole.   

Pi-hole is basically an adblocker which works at the network level. Pi-hole now also runs on Linux hardware and virtual machines. You may think big deal, I already use a a host file or browser extension to block trackers and advertisements. On top of that I am using Android, Apple and Windows devices, not Linux. So why does Pi-hole deserve to be highlighted in our new “spotlight on security” blog series? Well, besides blocking advertisements at the earliest stage possible (at first DNS request) it has some interesting features and applications. Furthermore, Pi-hole is open source and free to use.

Your old TV set-top and your new Smart TV already connect to the internet. Soon your car will inform your air conditioning or central heating that you are leaving work and start the microwave or oven to prepare your meal. The Internet Of Things (IoT) will increase the number of devices connected to the internet in our house. Blocking advertisements by installing software on clients will become a tedious task. Most of these devices probably won’t allow you access to the OS or pre-installed software anyway. This is where Pi-hole comes to the rescue. Pi-hole is a black hole in which internet ads and bugs disappear by blocking trackers and advertisements and trackers at the network level for all IoT-devices in your home.

People unfamiliar with linux can rest assure. The installation of Pi-hole is well documented and supported with an automated one step script, which can be copied from a website. Pi-hole has a well-designed and easy-to-use web interface, so anyone can whitelist domains or add blocklists. The Web interface offers a wealth of information, informing you what goes on in your network. The graphical interface shows how many ads were blocked, a query log, and more, like top domains visited and top advertisers blocked.

The smartphone has had a huge impact on how we communicate and socialize with other people. Will the IoT have a similar effect on how the digital agents on our devices communicate with each other?  Some antivirus companies are already anticipating the new security issues this network of interrelated devices will cause. AVG (Ally), Bitdefender (Box) and Norton (Core) have announced or launched antivirus solutions embedded in routers developed for the home and SOHO (Small Office and Home Office) market. At AV-Comparatives, we will be keeping an eye on this new trend and will keep you informed of the latest developments.

Malware in the media – May’s lesson

Published by:

Month after month, our Real-World Protection Tests show an increase in ransomware prevalence.  For people following the security industry, this is no surprise, since many security vendors (e.g. Adaware and Avast) have been predicting this.

The “star” of this month’s media attention was WannaCry. The high media coverage was caused not only by its massive outbreak in over 150 countries in a few days (according to CrowdStrike), but also because it has all the elements of an exciting 007 movie: a plot with a national security agency causing the problem (Emsisoft: “WannaCry outbreak caused by NSA exploits”); a conspiracy theory with an evil organization (The Shadow Brokers), possibly connected to a rogue nation (Symantec: “WannaCry attack shows strong links with North Korean Lazarus Group”); a young hero (22-year-old Marcus Hutchins, AKA MalwareTech) saving the world from further damage by activating the built-in kill switch by the quick registration of an internet domain name.

Despite all the media attention, it was not WannaCry but the Jaff ransomware that affected the most victims in May (eScan: “Ransomware variants vying for top slot”). Jaff ransomware is often delivered through spam emails containing a PDF attachment. When the attachment is opened, an embedded word document with macros is started. If the user ignores the macro warning and lets them run, a copy of the actual ransomware will be downloaded and executed.

Safe computing habits and an updated system with an antivirus program will protect against most ransomware attacks. The infection statistics for the recent WannaCry outbreak clearly illustrate the importance of an updated security product and operating system. Contrary to initial belief it was not XP, but Windows 7 systems that were worst hit by the WannaCry ransomware (98% of cases, according to Kaspersky Lab’s Costin Raiu).

Whilst Microsoft’s inclusion of basic antivirus protection in Windows 8.1 and 10 is in principle commendable, there are a couple of areas of possible concern which should be noted. Firstly, the same name (Windows Defender) is used for the antispyware-only program in Windows 7 as for the full antimalware program in Windows 8.1/10; some security researchers think that security-unaware PC users may believe their Windows 7 systems are fully protected without additional antivirus software, which they are not. Secondly, as ESET point out (based on Microsoft data), a monoculture of security software would make far more systems vulnerable, as attackers would only have to work out how to bypass a single antivirus program.

Proactive protection against the WannaCry ransomware (not the exploit)

Published by:

The WannaCry ransomware has been a major news story over the last few days. It has infected hundreds of thousands of computers worldwide (mostly in Russia), including some well-known companies and institutions. All the programs in our public Main Test Series now detect the WannaCry malware samples by means of signatures, but we decided to find out which of these programs would have blocked the malware sample (not the exploit) proactively, i.e. before the the outbreak started and the malware samples became known. We ran a proactive protection test, i.e. we used vulnerable Windows 7 systems with definitions prior to May 12th. A WannaCry malware sample was then executed on offline systems. The list below shows which of the tested programs would have protected the system, and which did not.

Adaware Pro Security Protected
Avast Free Antivirus Protected
AVG Free Antivirus Protected
AVIRA Antivirus Pro Protected
Bitdefender Internet Security Protected
BullGuard Internet Security Protected
CrowdStrike Falcon Prevent Protected
Emsisoft Anti-Malware Protected
eScan Corporate 360 Protected
F-Secure SAFE Protected
Fortinet FortiClient Not protected
Kaspersky Internet Security Protected
McAfee Internet Security Not protected
Microsoft Security Essentials Not protected
Panda Free Antivirus Protected
Seqrite Endpoint Security Protected
Tencent PC Manager Protected
Symantec Norton Security Protected
Trend Micro Internet Security Protected
VIPRE Advanced Security for Home Protected

As can be seen above, a majority of these products protected against this ransomware, but over 200,000 systems worldwide were compromised by it nonetheless. New variants might appear, and results for the next outbreak could look different. Users are advised to keep their systems patched, enable AV protection (i.e. do not disable features) and keep it up-to-date, as well as practising safe computing.

* This test only looked whether the ransomware part (WannaCry ransomware) would have been blocked.

ESET (removed from table above) would like to point out that their network protection module detected the exploit/spreading part (EternalBlue exploit) – and therefore protected the users – already since April 25th.

This blog post was updated on May 18th.

Introducing AV-Comparatives’ Malware Protection Test

Published by:

The Malware Protection Test is an enhancement of the File Detection Test which we performed in previous years. It assesses a security program’s ability to protect a system against infection by malicious files; what is unique about this test is that in addition to checking detection in scans, it additionally assesses each program’s last line of defence. Any samples that have not been detected e.g. on-access are executed on the test system, with Internet/cloud access available, to allow features such as behavioural protection to come into play.

Continue reading

Sample quality for the Malware Protection Test

Published by:

The test set for Malware Protection Test  consisted of about 38,000 samples. As we only use samples that have been analysed by our own in-house automated sandboxes, the quality of our sets is very high. Unlike some other testers, we only use malware in our tests, and do not include PUAs or other controversial software. What is malicious and what is “potentially unwanted” is sometimes debatable. We welcome feedback from vendors; however, the decision as to whether something can or cannot be classified as malware is ultimately up to us, even if our decisions may sometimes be regarded as imperfect.

Continue reading

Hacking Smart Lock Security

Published by:

Case Study: Hacking Smart Lock Security – NewSky Security

Exponential growth of smart technology and Bluetooth Smart With the booming of Internet of Things (IoT), Bluetooth Smart, or Bluetooth v4.0 (aka Low Energy or BLE), has played an increasing role in technology adoption. According to Bluetooth SIG, the global market is expected to reach 1.2 billion Bluetooth Smart devices and 2.7 billion Bluetooth Smart…