Category Archives: Security News

On this page you will find links to selected IT-security related news articles from various sources, including news from conferences and some test results. Posts in this category might be written by externals and students. If you find some interesting news, please let us know!

Malware in the media: Bad Rabbit ransomware and Wifi-Krack vulnerability

Published by:

At AV-Comparatives we follow around 50 security related news sources for the selection of the malware of the month. Often the blog post headers of the news feeds show a variety of security issues and news items addressed. To Determine which malware(s) got substantial media attention normally requires further reading of the blog posts. This month it was an easy choice. Bad Rabbit and the Wifi-Krack dominated the media.

To illustrate how unanimous the (security) media were, we summarized the blog posts of the antivirus solutions participating in our Real-World Protection Tests.   

Company Bad rabbit ransomware Wifi Krack vulnerability
Avast Its rabbit season Securing Wifi networks
AVIRA Bad rabbit ransomware WPA2 Wifi Krack
Bitdefender Ransomware strikes again Wifi networks at risk
BullGuard Bad rabbit on the prowl Wifi flaw exposed
eScan Another ransomware Krack attack
ESET Not Petya back as rabbit Serious Wifi issue
Most routers vulnerable
F-Secure Following the bad rabbit
Big difference with Petya
Fortinet Tracking the bad rabbit WPA has been broken
Kaspersky Lab Bad rabbit ransomware Krack attack
McAfee Rabbit burrows Ukraine Krack not the end of world
Panda Not Petya bad rabbit Krack public Wifi
Seqrite/Quick Heal Bad Rabbit outbreak
Ransomware stay safe
Symantec/Norton New strain ransomware What you need to know
Trend Micro Protect yourself against rabbit WPA exposed by krack

Above table reflects the media attention of this month. Bad rabbit got a little more attention than the Wifi Krack. The Bad rabbit outbreak proofs that ransomware remains a nuisance and threat in 2017. When you are a victim of ransomware check the website of your favourite antivirus. Many vendors provide additional malware removal tools for free.

A complete list of free additional ransomware removal tools, can be found on “No More Ransom” is an excellent initiative of the Dutch police and Europol’s Cybercrime Centre together with McAfee and Kaspersky. Many cybersecurity companies have joined this collective: Avast, Barracuda, Bitdefender, CheckPoint, CrowdStrike, ElevenPaths, Emsisoft, ESET, Fortinet, G DATA, Heimdal and Trend Micro.

With ransomware continuously threatening home and business users, you might get depressed. To counter Seasonal Affective Disorder (SAD) we advise you to read Emsisoft’s “The 10 most ridiculous ransomware we have ever seen”.  This will certainly put a smile on your face :).

Spotlight on security: New Windows 10 security features

Published by:

On Tuesday the 17th October, Microsoft started to rollout the ‘Fall Creators Update’ of Windows 10. This second major update in 2017 has some interesting new security features. Microsoft was so generous to give Windows 10 Home users also the added protection of the new Exploit Guard and Controlled folder access. The only catch is that they are built into Windows Defender. 

Before commenting on the go-to-market strategy of Microsoft, lets first unwrap this present. The Exploit Guard is re-incarnation of Microsoft’s EMET which could be optionally installed as extra exploit mitigation. The new feature is enabled by default. So, average users now benefit of this extra exploit protection feature while power uses still have the option to add programs and extra protections.

To access the Exploit Guard, open Windows Defender Security Center, click on the ‘App and browser control’ icon, scroll downward and you find the settings link of the Exploit Guard. Before we tell something about tweaking this exploit protection: we first have to explicitly mention our disclaimer: don’t try this at home. A new feature which we found interesting is the option to block start of child programs by the program monitored by Exploit Guard.

The other interesting new feature ‘Controlled folder access’ is off by default. Microsoft probably wants to collect more telemetry data, before they enable it. This new feature is developed to help protect Windows 10 users against ransomware. You can enable this new feature by opening the Windows Defender Security Center, click on the Virus and threat protection icon and look for the click on the Virus and threat protection settings. Scroll down until you see the ‘Controlled folder access’ and enable it.

By default, the standard user folders like Documents, Pictures, and Movies are protected against ransomware attacks. Most power users have their data on separate partitions, so for this protection to be effective these folders have to be added to the ‘Controlled folder access’. Don’t try this at home when you are not a power user with sufficient knowledge about security.

Advanced features like exploit and ransomware protection are often part of the paid version of antivirus products. By offering this as part of the free Windows Defender, it will be interesting to see how other antivirus software vendors will react on these new features. In the past free antivirus products have pushed innovation of their paid siblings.

The “Fall Creators Update” is a step ahead in Windows 10 security.

Malware in the media: anti-malware tests are our legacy and future

Published by:

The DerbyCon security conference reminded us of an important AV-Comparatives advantage. In his keynote speech John Strand stated that “researchers are terrified that they are going to get sued”.  At AV-Comparatives we have some experience with security firms threatening to go to court to prevent publish our (independent) test report. One vendor for example tried to prevent us publishing our Next Gen endpoint protection test results by publicly announcing to sue one of our partners. 

Maybe other researchers are terrified, but at AV-Comparatives we take these threats with a big spoon of salt, because we have the advantage of being protected by Austrian Law. So terrified is somewhat exaggerated after the lost lawsuit against NSS Labs and the Consumer Review Fairness Act. Some ‘review bullies’ apply a new tactic to control and ban product reviews.

Some security software vendors now claim the publishing rights of product tests in their EULA’s. Publishing those test without their consent, deems the content “unlawful”. This content could be removed under the Digital Millennium Copyright Act (DMCA). Instead of going to court, they can use copyrights protection tools to remove the content. We have not seen vendors using this tactic yet, but the Electronic Frontier Foundation (EFF) fears this might be a loophole in US law.

This possible loophole in US-law brings us back to our advantage: we are an Austrian based company. In Europe consumer interest is generally better protected than in the US. Austria has one of the best consumer protection legislation within Europe.

As long as we serve the interest of the consumers we can test products and publish reports, no matter what the EULA states. It is our mission to check whether security software, lives up to its promises. Consumers have the right to get unbiased results from professional testing laboratories. As long as we exist we will be publishing these tests.

The theme of the DerbyCon security conference was heritage. AV-Comparatives has been testing and evaluating security software for years. Independent security software testing is our heritage. As long as there is malware, we will be testing security software and will be publishing the results. We won’t let vendors get away with bad testing results by threatening with law suits or court action. AV-Comparatives Antivirus product testing is our heritage and our future.

Spotlight on security: iPhone X introduction – job well done?

Published by:

Did you watch the Apple event? The first ever announcement in the Steve Jobs Theater showed that they miss Steve Jobs. I remember Steve Jobs introducing the NeXTcube. That was a jaw dropping event. The NeXTcube had display depth while the rest of the world used monochrome. It marked the birth of the dock. Combining an application launcher, desktop explorer, and task manager into one single application. So simple straightforward, yet so brilliant and beautiful.

The unforgettable NeXTcube introduction was literary art for geeks. The cube played a duet with a violinist from the San Francisco Symphony. A feat in the mid-eighties, but a near miracle when combining it with other complex tasks. Like navigating through Shakespeare’s plays and sending and receiving emails.

Compare this with the embarrassing demo fail of Face ID and the lengthy introduction of the new Apple Head Quarter. Since when are bricks more interesting than clicks? I bought a Volvo because it has many active security features. Not because the Swedes who build the Volvo, open a new head office. This comparison brings me back on topic: security.

The new iPhones have two interesting new security features. Facial recognition (FaceID) replaces fingerprint recognition (TouchID) on flagship smartphones. Enough has been said about the FaceID not recognizing Craig Federighi. Another less discussed feature is the improved SOS-call feature. It is triggered by repeatedly (5 times) pressing the power button. A preset personal or national (e.g. 911) alarm number will be called. Also, TouchID and/or FaceID will be disabled, so anyone knowing the passcode can use the phone in case of emergency.

Apple’s iOS is based on the NeXTstep operating system. Together with Apple’s closed shop, still gives iOS a security edge. iOS by itself is probably safer than Linux, Android and Windows. Android and Windows are making up ground and have the advantage of third party security. When the OS itself becomes safer, third party software has to innovate to keep their added value. The hype on using Artificial Intelligence is an example of this innovation push.

Luckily for Mac users many of those vendors also offer antivirus solutions for Apple devices. Read our report on Mac security software. Unluckily for Apple, the footsteps of Steve Jobs are huge and very hard to fill in. At AV-Comparatives we have not forgotten this inspiring innovator.

Malware in the media – Augusts’ eclipse and Android 8

Published by:

On August the 21st people in the USA could witness a total solar eclipse. People from Oregon to South Carolina could see the moon totally covering the sun. A total eclipse is a unique event. The last total eclipse of the sun happened 38 years ago and the next one will be in 2024. Google smartly used this event to introduce the next Android OS version. Version 8 is named Oreo, a popular chocolate cookie filled with butter milk cream.

Google modestly markets their new Android operating system as an “open wonder” and promises us that Android 8 will be “safer, smarter and sweeter”. The new Android OS has many interesting features and security improvements. Truth needs to be told that August also marked another record: over 1800 apps were found in Google Play and blacklisted.

Forbes reported on 10th of August that a developer managed to “spawn 1000 Android Spyware Apps”. Some of these apps were not detected by Google’s automated Google Play app analysis. Two weeks later Fortune posted that “Google Kicks 500 Apps Off Online Store Over Spyware Concerns”. All these apps used a software module that helps companies to target people with ads based on people’s preferences. In the last week of August CSO Online published that “experts from Akamai, Cloudflare, Flashpoint, Google, Oracle (Dyn), RiskIQ, Team Cymru united”  to take down the WireX botnet and “removed another 300 apps from the Play Store” according to Techspot.

According to BitdefenderApp install fraud is a 300 million business”. This high profit potential explains why the mobile market will keep on attracting malware. eScan even calls it an “alarming rise of mobile security threats”. This rise will also impact corporate users, since employees are allowed to bring their own (mobile) devices to work. With this in mind we applaud the ongoing efforts of Google to improve the security of the Android ecosystem. The three most important security improvements on Android device and Google server side ecosystem are:

  • No more install from unknown sources
  • Improved Google Play protect
  • Android instant apps

At AV-Comparatives we will keep testing mobile security software against real world mobile malware. Read our 2017 mobile security review, when you consider adding Antivirus on your Mobile phone.

Spotlight on security: Does Google lives up to its promise?

Published by:

In 2007 Google promised to change the world with Android and the Open Handset Alliance: “A new computing environment that will change the way people access and share information in the future. The Android platform will be available under one of the most progressive, developer-friendly open-source licenses to bring to market new innovative products faster and at a much lower cost.

A decade after the announcement we did some fact checking to see whether Google lives up the promises made in the original press release?  

The price of the average Android phone has dropped 50 percent in the last 10 years. This graph also shows that the price of Apple phones has remained the same. Android flagship phones usually have the same price as flagship iPhones. The price promise is true for the average phone, but the price for flagship phones remained the same. The price promise is half true!

Open source is often mentioned in one sentence with free. Google earns money with advertisements in browsers. Smartphone’s with browsers would double Google’s earning potential. So many people expected Android to be completely free. Android is free, but the Google services running on it are not free. Manufacturers have to pay to install Gmail, Google Maps and the Google Play Store. Again the verdict is half true.

Android is build on Linux. Linux-based systems (like Apple’s iOS) claim they are a lot safer than Windows. When counting platform vulnerabilities this might be true, but how does this relate to real-world usage?

In March 2017 Google published its ‘Android Security 2016 Year In Review’ report. This report reveals interesting facts about Google’s efforts to improve security. According to Google, less than 0.71 percent of two billion Android devices had Potentially Harmful Applications installed. Google qualified these numbers as small.

Are these numbers really small? How does this 0.71 percent compares to the Windows platform? Every month most Windows PC’s are checked with the Malicious Software Removal Tool. These metrics are reported in Microsoft’s Security Intelligence Report. The Computers Cleaned per Mille (1000 PC’s) worldwide average was 0.88 percent in 2016.

So yes, Android is safer, but not as much people tend to believe. According to FBI data the risk of being victim of a violent crime in the US is only half of this risk.  So again, we value this promise as half true. Read our ‘2017 Mobile Security Report‘, when you consider adding Antivirus on your Android device. 

Malware in the media – July’s “ignorance is bliss”

Published by:

The Internet of Things (IoT) promises to make life easy, but Panda calls it “the next cyber security nightmare” and CSO ranked “the Internet of malicious things” as the number one threat for 2017. Shortly after the NotPetya ransom-worm, the first ever WIFI-worm was unveiled: broadpwn!

On July the 27th Nitay Artenstein demonstrated the first successful WIFI-worm attack at the Blackhat USA 2017 event. Broadpwn used a vulnerability of the Broadcom WIFI chipset which could potentially impact over one billion smartphones. Luckily both Google  and Apple released a patch before public disclosure (ignorance is bliss).

Immediately another WIFI-related scoop came to mind, a practical joke published on July the 18th by Purple, a WIFI marketing and provisioning company. 22.000 people accepted a free WIFI EULA without reading and committed themselves to 1,000 hours of community service, like cleaning toilets at public events (is ignorance really a bliss?).

Combine the agility (by air) of the broadpwn worm with the eagerness of people seeking free WIFI, and the IoT suggests a gloomy outlook of titanic ignorance proportions. But is it really that dark? Let’s have a look at what positive influences can be expected from legislation, law and the increasing insights of the (IT) industry itself.

According to Bitdefender, a Swedish governmental outsource blunder exposed sensitive military data, and the names, addresses and photos of people in the witness protection program. Maybe the resignation of two Swedish ministers and the recent targeted ransom-worm attacks on critical infrastructure are a wakeup call for politicians.

When both the general public and government show little concerns about privacy and security, there is little incentive for smart product vendors to adopt their procedures, protocols and software to the security standards required by the cloud and the Internet of Things.  

So our last hope is the (security) industry itself. In our Pi-hole blog we have already noted that antivirus software vendors have partnered with hardware vendors. Tencent and Tesla have taken this partnership a step further. Tencent now owns five percent of the Tesla shares and helps Tesla to improve the security of the car control systems of the Model X. Maybe these cross-industry alliances are the way to tackle the security challenges of the IoT. After all, it makes sense when IT is an integral part of a smart product, IT-security also has to be an integral part of that smart product.

Spotlight on security: Bob Dylan & Dalai Lama on threats & transparency

Published by:

At first glance the WannaCry and NonPetya outbreaks are no different from the CryptoLocker outbreak of 2015 or the CryptoWall outbreak of 2014. Some of us may even remember the first file-encrypting malware, called PC Cyborg Trojan (aka AIDS Trojan) discovered in 1989. So security insiders may ask themselves in despair: How many fools does it take, to make the same mistake over and over again?

To quote Bob Dylan, “the times they are a changing”, because the recent outbreaks of crypto-ransomware changed the mindset of public, press and ultimately politicians:

  • The first ever case of cyber cooperation at EU level between the national Computer Security Incident Response Teams.
  • The first EU-wide legislation on cyber security to harmonize and harden network and infrastructure security for both critical infrastructure (energy, water, banking, etc.) and digital infrastructure.
  • The first framework for a joint EU diplomatic response to malicious cyber-attacks against one of its members.
  • The NATO Cooperative Cyber Defence Centre of Excellence concluded that “the global outbreak of WannaCry and NotPetya called for a Joint Response from International Community”.

Politicians finally realize that cyber-attacks are covert and cross border by nature. Ironically the cloud of confusion related to cyber-attacks also impacts the security industry itself.

According to the Dalai Lama, “A lack of transparency results in distrust and a deep sense of insecurity”. This sense of insecurity was addressed in recent Senate Intelligence Committee hearings in which unsubstantiated allegations were made against Kaspersky Lab. In a response, Eugene Kaspersky, CEO of Kaspersky Lab, said he would allow his source code to be reviewed by US officials, adding that he was ready to testify before U.S. lawmakers as well. “Anything I can do to prove that we don’t behave maliciously I will do it.” 

Code reviews are not uncommon to acquire government contracts in the China, Russia and the US (the EU officially prefers open source software). Besides intellectual property issues, source code is the intellectual capital of a software firm. By disclosing the source code, a company risks leaking its competitive advantage. Symantec for example refused to disclose their source code to the Russian FSTEC, but other IT companies like Cisco, IBM and McAfee agreed.

At AV-Comparatives we contribute to transparency by providing systematic testing of security software. Being the first test lab to be both ISO and EICAR certified, we have committed ourselves to maintaining the highest standards.