antivirus
Latest
Chinese hackers impersonated McAfee to attack election campaign staffers
Google says that Chinese state hackers impersonated McAfee to trick election campaign workers into installing malware.
Multiple antivirus apps are vulnerable to common security flaws
At least 28 well-known antivirus apps could be exploited by shared security flaws, and a few are still vulnerable now.
Avast is shutting down its subsidiary that sold user data
Avast is shutting down its Jumpshot subsidiary after a joint investigation by Motherboard and PCMag found that the two were selling user data to a host of large companies such as Expedia, Intuit and Keurig. The news comes just days after the two publications published their reporting.
Avast packaged detailed user data to be sold for millions of dollars
The popular antivirus program Avast has been selling users data to giant companies like Google, Home Depot, Microsoft and Pepsi, a joint investigation by Motherboard and PCMag found. Avast reportedly scraped data from its antivirus software and handed it off to its subsidiary Jumpshot, which repackaged the data and sold it, sometimes for millions of dollars. While Avast required users to opt-in to this data sharing, the investigation found that many were unaware that Jumpshot was selling their data.
Microsoft Defender is jumping from Windows to Mac
Just days after launching Windows Defender extensions for Chrome and Firefox, Microsoft is bringing its antivirus software to more platforms, starting with the Mac. Of course, it no longer makes sense to call it Windows Defender, so now it's Microsoft Defender.
Two thirds of Android antivirus apps don't work properly
It can be wise to secure your Android phone with antivirus software, but which ones can you count on? You can rule out most of them, apparently. AV-Comparatives has tested 250 antivirus apps for Google's platform, and only 80 of them (just under one third) passed the site's basic standards -- that is, they detected more than 30 percent of malicious apps from 2018 and had zero false positives. Some of the apps that fell short would even flag themselves, according to the researchers.
Windows' built-in antivirus tool can run in a secure sandbox
Antivirus programs, by their nature, introduce a degree of risk. Since they have to scan malicious data to stop attacks (and thus need extensive permissions), a piece of malware that exploits antivirus flaws can typically run with impunity. That could be much more difficult if you're using Windows 10's built-in safeguards, though. Microsoft is gradually rolling out a Windows Insider preview where Defender Antivirus has the option of running in a sandbox -- the first "complete" solution to do this, the company said. Should the worst happen and malware targets Defender Antivirus, any hostile actions will be limited to the antivirus tool's environment instead of running amok on your PC.
Kaspersky to move to Switzerland following latest government ban
Things are going from bad to worse for Kaspersky Labs, the Russian anti-virus software developer. The Dutch government says it's planning to phase out the use of the software "as a precautionary measure", and is proactively suggesting other companies do the same.
Microsoft fixes more Meltdown and Spectre flaws in Windows
Microsoft has taken another step on its gargantuan journey to fortifying more than a billion PCs worldwide against Meltdown and Spectre vulnerabilities. This week's Patch Tuesday release updates PCs running x86 versions of Windows 7 and 8.1 against Meltdown, meaning that all currently supported Windows releases now include defense against this vulnerability.
Kaspersky sues US government over federal software ban
To no one's surprise, Kaspersky Lab isn't happy that the US government has banned its software over the potential for Russian influence. The security firm has sued the Trump administration to challenge the ban, arguing that the Department of Homeland Security's September directive didn't provide "due process" and unfairly tarnished the company's reputation.
Kaspersky's antivirus software takes non-threatening files (updated)
Kaspersky's attempt to quash collusion fears through transparency isn't quite reassuring everyone. In an interview with Reuters, founder Eugene Kaspersky has acknowledged that his company's antivirus software has copied files that weren't marked as direct threats. In one example, the program removed GrayFish, a tool meant to corrupt Windows' startup sequence. Reuters sources also claim that Kaspersky's software once grabbed the photo of a suspected hacker from their computer, although the CEO didn't confirm this. He declined to talk about too many specific instances out of concern that it might help hackers cover their tracks.
Kaspersky hopes independent review will restore trust in its software
Security software firm Kaspersky has had a rough year. As a means of trying to fix its public image, the company will now submit the source code for its anti-virus software to independent third-parties for review, Reuters reports. That starts next year, and there's also plans to open three "transparency centers" around the world by 2020. The first will open in 2018.
Best Buy pulls Kaspersky's antivirus software from its shelves
Amid growing concern/speculation/hysteria that Kaspersky Lab products could be tied to the Russian government, retailer Best Buy has stopped selling its antivirus. Minnesota's StarTribune first reported the move, citing a source who said that the company felt there are "too many unanswered questions" after conducting its own investigation. There's no word on what those questions are, or why Kaspersky's offer to share its source code isn't enough to prove there's no backdoor, and the company hasn't spoken about the move beyond confirming the report. In a tweet, Kaspersky noted its products are available through other retailers and said that while its relationship with Best Buy is suspended, it "may be re-evaluated in the future."
Kaspersky and Microsoft reach truce over antivirus software
Microsoft and Kaspersky Lab appear to have reached a truce over their ongoing antivirus (AV) software battle. The Moscow-based cyber security firm has agreed to withdraw antitrust complaints following Microsoft's announcement that it would change the way it delivers security updates to users. The dispute between the two companies began in 2016 when Kaspersky accused Microsoft of anti-competitiveness. The company argued that the US tech giant wasn't giving other developers enough notice of updates and new releases that would mess up third-party security software settings. As such, users' computers would either be left unprotected or would automatically default to Windows Defender.
Congress looks into government agencies' deals with Kaspersky
Kaspersky has a long and difficult path ahead if it wants to clear its name. The US House of Representatives Committee on Science, Space and Technology has just asked 22 government agencies for all the documents and communications they have about Kaspersky Lab products, staring from January 1st, 2013 until today. It wants to see their internal risk assessments, the lists of all the systems they're using loaded with Kaspersky products and the lists of their contractors and subcontractors that use the cyber security company's offerings.
Kaspersky launches its free antivirus software worldwide
Kaspersky has finally launched its free antivirus software after a year-and-a-half of testing it in select regions. While the software was only available in Russia, Ukraine, Belarus, China and in Nordic countries during its trial run, Kaspersky is releasing it worldwide. The free antivirus doesn't have VPN, Parental Controls and Online Payment Protection its paid counterpart offers, but it has all the essential features you need to protect your PC. It can scan files and emails, protect your PC while you use the web and quarantine malware that infects your system.
WikiLeaks latest CIA dump focuses on malware for Windows
As WikiLeaks continues to extend the mileage from its "Vault 7 cache" of CIA information, its latest release focuses on tools it says the agency uses for hacking Windows computers. While its release didn't include any source code, manuals described a "Grasshopper" tool used to create custom malware setups depending on the target intended. As CSO Magazine explains, it used some elements from the Carberp financial malware that leaked onto the internet in 2013. The CIA's Advanced Engineering Division and Remote Development Branch allegedly modified that malware, while the Grasshopper setup allows them to customize its ability to persist on the victim's computer, reinstall itself and evade antivirus scans.
Microsoft is making Windows 10 security easier
It's easy to mock bad passwords and phishing scam victims, but PC security is hard to grok for the average user. That's why Microsoft is introducing the Windows Defender Security Center as part of the Windows 10 Creators Update coming in April. Within a central hub, you'll be able to see settings for threat protection, performance and more at a glance. The other aim with the new hub, says Microsoft, is to ensure that "you are protected by default and continuously protected."
Kaspersky says Windows' security bundle is anti-competitive
Windows 10's bundled Defender security tool can be helpful for basic antivirus protection, but what if you prefer third-party software? The operating system normally steps aside when you run other programs, but antivirus mainstay Eugene Kaspersky (above) believes Microsoft still isn't playing fair. He just filed complaints in both the European Union and Russia alleging that Windows 10's handling of third-party antivirus tools is anti-competitive. The argument mostly hinges around when Microsoft switches you to Defender and the amount of breathing room given to other developers.
Google: Symantec antivirus flaws are 'as bad as it gets'
Products from Symantec that are supposed to protect users have made them much more open to attack, according to Google. Researcher Tavis Ormandy has spotted numerous vulnerabilities in 25 Norton and Symantec products that are "as bad as it gets," he says. "Just emailing a file to a victim or sending them a link to an exploit is enough to trigger it -- the victim does not need to open the file or interact with it in any way." Symantec has already published fixes for the exploits, so users would do well to install them immediately.
