Things you should know before you decide to install Antivirus software

First I want to start by saying that Antivirus software is as good as the user behind it.

Here are a few simple but very important things you should consider when choosing your Antivirus software.

1. Always test Antivirus software before you decide to buy it, all the tests and reviews can’t tell you if the program will be compatible with the rest of your system. Most Antivirus programs have 15-30 day trial versions and that is enough time to see if the program will suite your needs and blend in with the rest of your programs.

2. Be honest about your knowledge and experience and pick a program that you understand.

3. Inform yourself about the possibility of False Positives, most vendors will not talk about it, but False Positives are very common and can cause as much damage as  viruses. Almost all of today’s Antivirus programs have some form of heuristic detection, this ,in other words, means they are able to detect new variants of viruses without receiving signatures for them. This method of detection is known to produce False Positives, be sure that you understand what False Positives are before you decide the activate this feature.

4. You have to understand that Antivirus programs are your first line of defense, therefore you need to keep them updated at all times. It is strongly recommended to enable automatic updates upon installation.

5. Enable Real Time protection. Real Time protection is the most important feature of all security applications, its job is to block and prevent infections.

6. When choosing Antivirus software, try to find a balanced solution. The best options are the programs that provide high level of Real Time protection, have good malware removal capabilities and have low False Positives rates. This is about the hardest thing you will have to do, but at the end you will see that it was worth it.

7. Don’t make your system a slave. Many people get obsessed with internet security and choose applications that are recommended by other users, this may or may not be the best solution for you. Many times people install quite a few security applications thinking that then they will be secure.What they don’t realize that their system, the one they are protecting, is carrying a tremendous load and is not able to function properly with all the programs running.

8. What is more valuable then any Antivirus program? You, you decide , in 99.9% of the cases, what comes into your computer and try to make wise choices and think twice before you click on something.

How did I get infected with malware?

This question is very common among users so I’ve decided to give you a few hints about where that nasty infection came from.

Every user has different internet related habits, some can be benign and some can be very dangerous. As many of you know, malware creators target only the most popular internet places so don’t be surprised when you take a look at this list.

1. XXX , Porn sites

2. Warez , Places that distribute pirated software, movies, music…

3. P2P, File sharing networks

4. Social Networking Sites, MySpace, Facebook, Linkedin, Twitter like places

These are the very top of “malware distribution centers” ,  so if you visit one (or all) of the places listed above it is very possible that your computer is indeed infected with some form of malware.

Single Product Flash Test – Symantec Norton Antivirus, January 2012

Single Product Flash Test

Product: Symantec Norton Antivirus 2012

Product Version:

Operating System: Windows 7 32-Bit

Amount of samples used: 50

Results Table:


Set 1
Set 2
Backdoors Spy/PWS Other
Rammit Diple DsBot LdPinch Krap
Inject Menti Cycbot Banbra FakeAV
Rozena Cidox Zegost Zeus Alureon
Vilsel Lampa Havar Chekafev Digitala
Injector Rimecud Agobot Adramax Vobfus
Buzus Midgare Shiz Lmir
Refroso Pakes Hupigon SpyEye Ransom
Liac Small Simda Bjlog AutoRun
Renos Chifrax Wuca Kykymber VBNA
Scar Otran Simbot QQLogger ZAccess


System Status: Compromised


Single Product Flash Test – DefenseWall HIPS, November 2011

Single Product Flash Test

Product: SoftSphere DefemseWall HIPS

Product Version: 3.15

Operating System: Windows 7 32-Bit

Amount of samples used: 50

Results Table:


Trojan Financial Malware BackDoor Rootkit
Jorik Banker FlyAgent TDSS 1 AutoRun
Swysin Goldun Cycbot TDSS 2 Injector
Buzus Zeus Zegost ZAccess 1 FakeAV
Small Sinowal Rbot ZAccess 2 Kates
Inject Usteal Poison Alureon 1 AutoIt
Ircbrute SpyEye Hupigon Alureon 2
Menti Carberp Wuca Tent Krap
Vilsel LdPinch Bifrose ZAccess 3 FakeAlert
Refroso Adramax Ripinip Cidox Cinmus
Ramnit Banbra Prorat ZAccess 4 Lmir


System Status: Secure


Green – Passed

Red – Failed

Malware Research Group Project 28 – Results

Online Banking Security Project


Twelve months on from our Online Banking Security Project, we have just completed our latest Online Banking Security Report.

In this report we assess the efficacy of nineteen internet security applications and nine dedicated browser security / anti-logging applications against our latest financial malware simulator on both 32 and 64 bit versions of Windows 7.

Moscow arrests cyber-criminals for spreading viruses in Internet to get money

A crime family, deliberately spreading viruses in Internet and raking in money with sms aid, was detained in Moscow on Tuesday.

The operation on apprehending suspects was carried out by officers of the Moscow economic crime service along with colleagues from the K section with support from specialists of the information security group.

“It was established that the detainees circulated virus programmes via various Internet sites, including social networks, that blocked the operation of customers’ computers,” a source said. Then, the customer was suggested to send an sms-dispatch worth over 300 roubles to a short number so as to get a code to unblock the system.”

According to preliminary calculations, more than 3,000 Internet users fell victims of fraudsters in April alone, including in CIS countries. According to police data, the annual profit of law-breakers topped one billion roubles.

Good Passwords, Safer Accounts

When picking Usernames and Passwords, try to be as creative as possible . Don’t use short Passwords and don’t put any personal details in them. Passwords should be changed from time to time to make them even harder to crack.

Here is an example of a good and hard to crack password: C&hv_w+iX%!i=A&+B[@TPgv!R

How Secure Are Government Institutions?

Do you remember what happened when Conficker worm attacked multiple government institutions all over the world not so long ago?  The reports we were getting at the time were devastating, we were shocked to find out that many of these extremely important institutions were wide open to all sorts of attacks. Nowadays things are not looking any better, Malware Research Group recently did some consulting for a government institution in Europe and we had to change the overall structure of their defense system to prevent disaster.

It is very important that every company (no matter how big), government institution… has a qualified person in this field as installing Antivirus applications on the server is simply not enough. Rules of the game change on daily bases and people who need to counter these threats need to be on top of their game too.

Iranian hackers attack over 1,000 US, British, French Government Websites

An Iranian cyber group announced that it has hacked more than 1,000 important governmental websites of the US, Britain and France in protest at their support and financial aids to anti-Iran terrorist groups.
“To commemorate the Day of Campaign against Terrorism and the martyrdom anniversary of (former Iranian President Mohammad Ali) Rajayee and (his Prime Minister Mohammad Javad) Bahonar (by the terrorist Mojahedin-e Khalq Organization), the group rose to protest at the inhumane measures of the supporters of terrorism, with the US and Britain standing on top of them, through a new method and hacked and changed the pages of more than 1,000 of their websites,” Behrouz Kamalian, Head of the Iranian Ashiyaneh (nest) cyber group, told FNA on Monday.
If you open the hacked sites now, you can see a logo of Iran and some pictures of martyrs Rajaee and Bahonar and a bi-lingual text in Persian and English expressing our group’s protest at the US, Britain and France’s attitude towards terrorism, Kamalian added.

A Conference For Malware Writers

There is a security conference being held in Mumbai later this year called MalCon, and the organizers say it’s the first ever conference dedicated to the ‘malware coder community.’  Brian Krebs interviewed one of them and got this gem: ‘Just like the concept of “ethical hacking” has helped organizations to see that hackers are not all that bad, it is time to accept that “ethical malware coding” is required to research, identify and mitigate newer malwares in a “proactive” way.’ Bruce Schneier is speaking at a sister MalCon event in Pune, India two days later, and he said he doesn’t agree with the organizer’s premise that more malware is needed to build better security tools.

What good can come out of malware writers convention?