SECURITY TO THE CORE

Posts tagged “Virus

Brazilian malware blocks user access to Anti-Virus sites

In addition to preventing the virus definition update, the Trojan redirects the user to fake banking websites.

Computer Virus

A new malware created in Brazil is trying to prevent the Internet browsers from accessing the websites of various Anti-Virus companies and redirects the Internet users to fake banking websites, even when typing the correct address. In addition to that, the code was written to prevent the Antivirus software to download updates.

Fabio Assolini, analyst at Kaspersky Lab explains that the virus uses a technique called Man in the Browser (MitB). This type of infection works by changing/modifying the key “AutoConfigURL” in the Windows registry, making the browser to use the URL as a proxy (intermediate) in its web connection.

If the infected user attempts to access a Web site to download some antivirus software or its updates, then he’ll see the following message: “Service Temporarily Unavailable, try again later …”.

The viral code provides a list of servers used by Anti-Virus companies to distribute their virus definition updates to users. The intention is clear: stop trying to download antivirus updates and remain un-detected,” explains the analyst.

The malware changes the settings of Firefox and registers itself at windows startup. It also updates the malicious proxies in the system incase it is removed by the hosting services. “Thus, the criminal tries to ensure that the victim remain infected as long as possible.”

Advertisements

First Glimpse: Quick Heal Total Security 2011

"A complete security solution for managing and protecting your computer."

The battle will continue as long as malware and other threats won’t cease to exist. Unfortunately I can’t think of a reason that would lead to a decrease of spyware, viruses or any other type of nasties in the near future. I am not the one to say this, but the dramatic increase of viruses created and the ever increasing speed of infections all across the world.

If we talk about an infection, because computer viruses can be considered one, we have to talk about a cure or at least try to find a healing solution. So today we are going to check out an antivirus program that can keep you safe and take away most of your worries. Its name is Quick Heal Total Security 2011, a latest release from Quick Heal Technologies..

So let’s stop wasting the precious time and get straight to the product overview and its features..

Overview and Features

Quick Heal Total Security is the most complete security suite from Quick Heal Technologies, an Indian based outfit. Although, Quick Heal Anti-Virus is not a strong name on the antivirus market, it cannot go unnoticed either.

The latest version of the Quick Heal Total Security has been developed with the average user in mind, so working with it is easy, regardless of your computer skills. It is designed for home use, so a clean and simple interface is a big advantage.

It brings a total of 13 different components, designed to deliver protection against all sorts of malicious threats at the same time supplying the tools to increase the security of your personal data and turn the infection risk down to a minimum. Below are the available features in the program:

Key Features:

  • Real time protection against known and unknown threats.
  • Extensive Malware Recognition of viruses, Trojans, backdoor programs, worms, etc.
  • E-Mail Protection and Anti-Spam – Provides email protection for MS Outlook, Outlook Express, Eudora Mail Client.
  • USB Protection Prevents execution of auto-run from infected pen drives, while they are plugged in on your machine, and also vaccinate the USB drive against auto run malware infections.
  • Parental Control Restricting kids or other user accounts when using the computer.
  • Data Theft Protection – Prevents unauthorized copying of data using USB storage devices.
  • Browsing Protection – Provide an additional protection for your system from any website that contains threats.
  • Anti-Phishing Technology Picks out fraudulent activities and provides protection from other Phishing scams while you perform transactions online.
  • PC2Mobile Scan – Allows you scan your mobile phones for viruses and other malicious threat.
  • PC Tuner – Keeps your PC running at peak performance with its diagnostic & tuneup software.
  • Automatic incremental updates of anti-virus signatures, engine and entire software.
  • User friendly interface.

    New Features:

  • NEW! Silent Firewall – It’s a completely new feature from Quick Heal that silently works in the background and prevent unknown threats from entering your PC.
  • NEW! IDS/IPS  Intrusion Detection System (IDS) blocks exploits and prevents any attacks in your computer or network & Intrusion Prevention System (IPS) prevents exploits and code injection (DLL injection) by another process or application to another program.

    Installation and System Requirements

    Quick Heal Total Security 2011 is available in different languages and supports Windows 2000 (SP3)/XP (SP2)/Vista and Windows 7 operating systems (32 bit/64 bit).

    Unwrapping the 156 MB installer goes fairly smoothly, with a few stops to completing the process. But let me tell you one thing that Quick Heal Total Security 2011 is one of the slowest installing programs that I’ve  ever tested – requiring 5 minutes and 5 seconds to install – which is really very slow.

    Installation

    Scanning Memory

    While installing, Quick Heal Total Security performs a quick memory scan. This quickly checks your system memory for any active threats before installation. While not extremely thorough, I am always glad to see things that stop malware and other nasty threats sooner rather than later.Installation Window

    Right after the installation, a system reboot is not required to start protecting the computer from any types of malware activity.

    Definition updates are not downloaded automatically, however. But they will eventually download within about 20-25 minutes of use. Or, you can always manually download current antivirus definitions right away.

    Features & Ease of Use

    The user interface of Quick Heal is effectively organized, intuitive to use, and straight forward. The main screen is divided into four modules, each dealing with a specific task: : File & Folders, Emails, Internet & Network, and External Drives & Devices along with a general status indicator displaying a tick on green background for correct system state, an exclamation mark on orange surroundings to call for your attention and a cross on red background if your system is in danger. 

    Pointing at any one of the icons brings up a menu of common tasks like running an antivirus scan, Email Scan, Firewall & Browsing protection or viewing detailed settings.

    Main UI

    The greatly simplified, user-friendly interface makes Quick Heal Total Security 2011 easy to use for novices. It is easy to set up and doesn’t require much user intervention.

    File & Folder feature will give the user the much needed protection from viruses, spyware, worms, bots, rootkits, Trojans, and a variety of other malicious threats. Quick Heal Total Security is equipped with DNAScan (Quick Heal’s Indigenous Technology) to proactively protect your computer from the latest as well as unknown threats.

    Files & Folders

    As any respectable security suite, Quick Heal’s Total Security offers protection against the nagging spam messages reaching our inbox. The Email Protection feature checks every email you receive and verifies its content before you access them. It also allows user to customize the setting that concern the protection of emails entering the mailbox.

    Emails

    Moving on to Internet & Network module, here you will find some of the most common feature of any security product such as Firewall Protection, Browsing Protection, Malware Protection, Phishing Protection, and Parental Control. All of these features except Parental Control are pre-defined with quick controls that turn features on and off, hence doesn’t require any user interaction.

    Internet & Network

    One thing which catches my eye is the latest Firewall protection from Quick Heal Technologies. The latest version of Quick Heal Total Security includes a “Silent two-way firewall” which will perform all the blocking and filtering functions required to keep your computer secure without all the annoying “you want let this do that” type prompts.

    As all-in-one premium security suites, Quick Heal Total Security 2011 offers a host of capabilities beyond those of a typical virus protection program. Prominent among them is the latest Parental Control feature. It gives parents the opportunity to block web pages and schedule web usage in which their children are allowed to access the Internet.

    Parental Control

    Website blocking is done by category: Adult, Social Networking & Chat, Offensive, Drugs, etc. Or you can block by a specific URL (domain). Website blocking works with all major browsers but I couldn’t find a list of all supported browsers so there may be ways for clever users to find ways around this.

    Web Category

    One thing I miss in Quick Heal’s parental control feature is the option to monitor IM or email and no key-logger software: all areas that all parental controls should address.

    Overall, Quick Heal’s parental controls are average and adequate for basic use but it shouldn’t be relied upon for maximum child Internet safety.

    Under External Drives & Devices screen, the application will display a four different expandable panes. The first on the list is Auto-Run Protection which is one of the most important features of the suite. Other menus available are Scan External Drives, Data Theft Protection and Scan Windows Mobile.

    External Drives & Devices

    Nowadays, the majority of USB devices come with auto-run instructions and these could very easily be exploited by malicious code in order to infect computers. The latest version of Quick Heal Total Security ensures that autorun.inf instructions are no longer executed.

    Scan External DrivesThreats can enter your system from removable media such as USB thumb drives. For self-running media, Quick Heal TS 2011 scans autorun.inf and associated files when the medium is inserted, in addition to scanning any file on any removable device when it is accessed, or during a full-scan of the media.

    Data Theft Protection tool is also a feature-rich solution from Quick Heal. It is designed to stop unauthorized illegal transfer of data between the system and USB drives.

    Quick Heal Total Security suites have an extra feature that I find particularly valuable, providing users an option to Scan their mobile phones when connected to PC either via USB Cable or Bluetooth.

    General Setting allows users turning on Password Protection (secure the settings area with a countersign), Quick Heal Self Protection (secures them against unauthorized changes).

    Settings

    Automatic Update section lets you enable the automatic update process, get notification when updates are available. This way, your computer will be protected with Quick Heal having the latest definitions installed.

    Registry Restore is another very handy feature that I like in Quick Heal Total Security. It helps users to repair and restore critical system registry areas by flushing out the changes made by malwares or other malicious threats.

    Additional Features:

    Quick Heal Total Security is thick with additional features that I haven’t discussed yet. You can use Hijack Restore to restore default settings for your Internet Explorer browser and remove any changes that had been made.

    When malicious software hijacks your system it may put some policies in place to keep you from undoing the changes it has made and prevent you from removing the malware itself. Hijack Restore has the ability to scan for and remove policy settings that may have been imposed by malware.

    Tools

    Quick Heal Total Security also includes an Anti-Rootkit tool. It is tailored to protect you. It does only one thing, and one thing alone: finds and kills rootkits. Run it and let it scan your PC, sniffing them out of their hidden places. When it finds any, it will remove them.

    Anti-Rootkit

    Quick Heal TS  2011 also comes with a spread of extra features which includes Emergency CD, Quarantine, System Explorer and Windows SPY.

    The Emergency CD option is useful for removing viruses in case the system is infected before installation. If your computer system is infected with a "deadly" virus or inoperable because of an extensive or deep-rooted virus infection, then you can use Emergency Disk and Command line scanner to get it cleaned.

    The Quarantine box contains all the suspicious and malicious files that was detected during the on-demand or on-access scan and you did not want to delete in the first place.

    There’s one thing I don’t like about Quick Heal Total Security. When adding files, you can only add them one by one, multiple file or folder selection is not possible at all. If I have a folder with 1000 files that I suspect of being infected with a new polymorphic virus that can’t be detected yet,  I can’t easily add them in the Quarantine box. This is exactly the same thing which I have mentioned in Coranti Anti-Virus review.                        

    For keep good tabs on what runs on your computer Quick Heal brings up a System Explorer tool to monitor the processes currently running in the system, active network connections (all of them), start up elements, browser extensions or LSP’s.

    System Explorer

    PC Tuneup option available in Quick Heal Total Security 2011 are quite modest in alternatives. By using this tool users can clean up the junk files located in Recycle Bin, delete fragments of lost files, known log files, Windows temporaries, IE history, cookies and other unnecessary files and can perform a defragmentation of the files to improve performance of their system.

    All the modifications the PCTuner does are recorded and can be rolled back in case something goes wrong. The “Restore” section of PCTuner menu presents all the changes that occurred on the system chronologically, permitting you selective revert, according to the areas you are interested in.

    Other than this there is absolutely nothing else to contribute to an improved PC performance.

    PCTuner 2.1

    At last, the Reports section lets you check all passed actions performed by the program. Everything is intuitive and I am sure you won’t have any problems handling this program.

    Performance

    A full-system manual scan only used 85% of CPU during my testing. But most of the time, CPU usage was under 30% when scanning text files and other files. Memory usage started around 80 MB and slowly increased to 137.2 MB after 03 minutes of scanning. Not bad.

    No noticeable computer lag-time was detected during full system scanning. My browsers responded normally without much delay. Real-Time protection resource usage is kept within acceptable parameters, about 52.61 MB. 

  • Quick Heal TS 2011 also took 354 MB of hard-drive space for installation.

    So overall resource usage was average and needs some improvements.

    Effectiveness: (Virus/Malware Detection)

    Regarding the detection level of Quick Heal Total Security 2011, at this moment it is close to average. During my testing Quick Heal TS 2011 left many threats behind, detecting 5,118 out of the 7,006 (73.05% detection rate). 

    While on-access testing, it managed to block 38 malwares out of 52. I have also used some malicious links to test its browsing protection and to my surprise it was able to block 16 links out 22. I am impressed.

    Looking on the other bright side, Quick Heal TS 2011 managed to complete scans in record time, getting through over 3 GB of malware samples in less than 10 minutes.

    Support

    Quick Heal Total Security 2011 license includes software and pattern updates and Quick Heal support for one year, as before. Users have access to all the relevant services after they activate their software or register their Security product. These services includes automatic program updates, the facility to submit suspicious files and support for technical e-mail queries.

    The email support and knowledgebase are free, but Quick Heal offers no Chat support. While email support is easy to access, having no chat tech support is a major blow to Quick Heal’s score. I’ve found that solid, free chat support is crucial for customer satisfaction and antivirus security.

    Quick Heal has Toll-free Phone Support in India only. International users have to use non-toll free number, but they’ll still get 100% free support for Anti-Virus 2011, Internet Security 2011 and Total Security 2011 as well.  

    Value for Money

    The latest Quick Heal Total Security 2011 is offered as a box as well as download version with a recommended retail price of US $52 (1 PC/Yr.) which is a good value for money.

    The Good

    The latest Quick Heal Total Security 2011 provides incredible easy to use interface which does not hold any complicated functions or options. It is unobtrusive and pretty miserly on resources and does not intrude on your work. Everything that can be set up in this program is only two or three mouse clicks away.

    The bunch of tools offered in the security suite, although not advance and complex, but all of them makes important elements of protection. Handling any of the tools available is done with absolutely no difficulty.

    The Bad

    I really wished if this review section remain blank, but I know that it won’t be possible. The malware used during my testing does not contain 0Day samples, yet QHTS 2011 managed to detect 5,118 out of 7,006. Although its an average detection rate but I was expecting more than that.

    Secondly, the scan mode does not provide an estimation for scan completion. All you have is the duration of the scan as it is running..

    The  Truth

    The software is is easy to handle and it should not pose any problems, no matter if you are an experienced user or a novice user. The help file thoroughly explains every option in the program.

    Oddly enough,  Still there’s plenty of room for improvement, especially with the protection against all forms of malware and their detection.

    Homepage:- http://www.quickheal.com/


    Coranti Antivírus 2010

    Stay safe with an Anti-Virus that protects your system using four different technologies of defense against IT insects.

    Since thousand of new viruses keep popping out each day, I think it’s the right time for a new review of an Anti-Virus product. So my today’s choice is Coranti Antivírus 2010, a program with multi-scanning engines that offers you the most comprehensive protection against malwares. So, I got it right here, right now.

    So let’s stop wasting the precious time and get straight to the product overview and  its features..

    Overview and Features

    You have probably heard that using more than one antivirus on the same computer can cause several problems, especially conflicts between the two security software. To counter this problem and provide more security to their users, Corantí Inc, company based in Yokohama, Japan comes out with their Multi-Engine Anti-Virus & Anti-Spyware that integrates four scanning engines, so you can rest ãssured about the infestation of viruses and spyware.

    Coranti Antivírus is designed to protect your computers in real-time against Viruses, Trojans, Spyware, Rootkit, Worms, Adware and other types of malware using the industry’s top rated anti-virus & anti-spyware scan engines such as BitDefender, Norman, F-Prot and Lavasoft. The program provides more than just a malware protection:

    • Real time protection against known and unknown threats.
    • Extensive Malware Recognition of viruses, Trojans, backdoor programs, worms, etc.
    • Provides email protection for MS Outlook, Outlook Express, Mozilla Thunderbird, or The Bat.
    • Automatic incremental updates of anti-virus signatures, engine and entire software.
    • Highly customizable and easy to use.
    • User friendly interface.

    Installation and System Requirements

    Coranti 2010 Multi-Engine Anti-Virus & Anti-Spyware was made available in several different languages which supports to Windows XP/Vista or Windows 7 operating systems (32 bit/64 bit). It requires 1.3GHz Intel Pentium IV processor or compatible and up to 800 MB hard disk space with atleast 1 GB of RAM. But i would suggest you to have about 2 or 3 GB of RAM for optimal performance.

    The installation kit of the Coranti Anti-Virus has a little over 45MB and the setup process is pretty straight-forward, user friendly and ends quickly. Right after installing the program, it starts automatically to update its signature database, which is good enough for me because it spares me from some additional mouse clicks…

    Installation Window

    Custom Installation Window

    But soon it started its update process, i have noted that the update is about 308 MB which is HUGE in my opinion. But let’s not forget that it uses four different scanning engines to provide you the BEST.

    Update Process..

    One thing which impresses me after the installation process that it does not require a system restart to start protecting your computer system.

    Features & Ease of use

    The interface is as clean cut as can be, containing a menu bar at left side of the main interface and a toolbar menu at the top with 9 buttons each leading to a page that handles a specific task, the icons are of good-quality and the design looks up to date.

    Easy access to all of them is the defining trait of Coranti.

    Main Interface

    The page that comes up when you open the main interface is the first one, called Current Security Status. Here, you can check the state of the Anti-Virus; you can also find how old the current database is, update it if needed, product version and even about your license information.

    Scanner Interface

    Moving on, i find the Anti-Virus Scanner module. The most common scan tasks are already defined, such as My Computer Scan, Fixed Disks Scan, Removable Disks Scan, Network Disks Scan and My Documents Scan. You can also manually adjust the levels of scanning, heuristic settings and depth of scanning as per your needs. In every area that has settings to change, you’ll find that most things you can think of are covered, which is good to know, so let’s continue our trip now.

    Anti-Virus Scanner Setting

    Leaving the Anti-Virus scanning module behind, i move on to the next work area, that handles the Real time file system monitoring that takes care of your computer all the time and keep viruses away from your system. In this page you can adjust your Real-Time Anti-Virus monitor setting according to your needs.

    Real-Time Monitor Setting

    Anti-Virus Monitor Settings

    It also have an Anti-Spyware scanning as well as Anti-Spyware monitoring module which is powered by Lavasoft anti-spyware. It have almost the same set of features/modules, so I’ll only cover other features that deserve mentioning.

    The E-Mail scanner is the one that takes care of viruses that can arrive attached to emails straight into your Inbox.

    The Quarantine box contains all the baddies that was detected during the on-demand or on-access scan and you did not want to delete in the first place. Here all the items will be displayed beginning with their source/path, date-time, and type of infection. The options above the quarantined items’ window permit the user to restore or delete them.

    There’s one thing that I don’t like about Coranti Anti-Virus that it does not provides you to add suspicious file into Quarantine box. What If I have a folder with 100 files that I suspect of being infected with a polymorphic virus that can’t be detected yet, what can I do to add them to the Quarantine box?

    Scheduling is an excellent addition to any anti-virus, and Coranti Anti-Virus has this topic covered. New jobs can be easily created, using the wizard that’s at your disposal for this task.

    Performance

    A good Anti-Virus program should not only protect your computer from nasties but also not slow down the Performance of your computer system too much by using up your computer’s resources and this is where Coranti Anti-Virus needs some improvement.

    During my testing i have found that Idle Memory Usage of Coranti was about 145.03 MB and the Peak Memory Usage was about 430 MB which is HUGE in my opinion. Coranti also added an additional 1.406 seconds on average to launch a web browser.

    Coranti also took 627 MB of hard-drive space for installation.

    So all in all, this is the area where Coranti Anti-Virus needs to make improvements.

    Effectiveness: (Virus/Malware Detection)

    One of the most important function of an Anti-Virus program is to keep your system free from Viruses and other Malware. So in order to test Coranti Anti-Virus 2010, i decided to perform an On-Demand scanning test on my malware database of 3180 samples which i have collected from various sources during the period 10.09.2010 to 15.10.2010.

    It did well in my testing, scoring a 95.6% rate of success in detecting and eliminating threats and the real-time guard did prevent malware from being downloaded or activated on my test machine.

     

    On-Demand Scanning..

    During On-Demand Scanning test, CPU usage peaked at 98% but the average was at around 65%. RAM was also heavily employed and it went up-to 176 MB. These values were recorded on a Single Core Processor at 2.4 GHz with 2 GB of RAM running Windows XP Professional SP3.

    Support:

    The Coranti Anti-Virus 2010 license includes software and pattern updates and Coranti support for one year, as before. Users have access to all the relevant services after they activate their software or register their Security product. These services includes automatic program updates, the facility to submit suspicious files and support for technical e-mail queries.

    Value for Money

    The latest Coranti Anti-Virus 2010 is offered as a box as well as download version with a recommended sale price of Euro 39.99 (1 PC/Yr) which is a good value for money.

     

    What’s Good

    The application has a head start in that it is easy to use, given the fact that handling any of the modules available is done with absolutely no difficulty. Highly customizable, well designed and effective. Last but not least do not forget about its Multi-Scanning engines which provides you the the most comprehensive protection against malwares.

    What’s Bad

    The first thing that comes into my mind is.. Resource usage. This is the only one big thing where Coranti needs to improve. Whenever I run a scan on my computer I would like to know an estimation of the time the anti-virus takes to verify my files. I also forget to mention that i have also faced few false positives during my small on-access scanning test, but that’s normal, because these days every anti-virus produce false positives.

    The Truth

    The application is extremely robust, offering the user the flexibility in setting up the desired level of protection. To make it a big leaguer, the price needs to be dropped.

    All in all, the software did a very great job and provides the protection every home user needs.

    Homepage:- http://www.coranti.com


    Highly recommended!