You know that thing you trust to accept untrusted data...

Subject: Editorial, General Tech | May 21, 2013 - 10:53 PM |
Tagged: antivirus, antimalware

They might be a good means of guarding you from momentary lapses of judgment, but security is not equivalent to antivirus packages. You always need to consider how much your system is exposed to untrusted and even unsolicited data. Any software which accepts untrusted data has some surface with potential vulnerability to attack.

This, inherently, includes software which accepts data to scan it for malware.

security-essentials.png

Last week was host to Patch Tuesday, and one of its many updates fixed a vulnerability in Microsoft's Malware Protection Engine (MPE). The affected code is only present in applications which run the 64-bit version of the engine. For home users, these applications are: Microsoft Security Essentials (x86-64), Microsoft Malicious Software Removal Tool (x86-64), and all varieties of Windows Defender (x86-64). For enterprise users, MPE is also a part of Forefront and Endpoint applications and suites.

Despite the irony, I will not beat up on Microsoft. As far as I know, these vulnerabilities are semi-frequently patched in basically any antimalware application. At the very least, Microsoft declares and remedies problems with reasonable and appropriate policies; they could have just as easily buried this fix and pushed it out silently or worse, wait until it becomes actively exploited in the wild and even beyond.

But, and I realize I am repeating myself at this point, the biggest takeaway from this news: you cannot let the mere presence of antivirus suites permit you to be complacent. No scanner will detect everything, and some might even be the way in.

Microsoft Security Essentials Gaining Popularity

Subject: General Tech | March 17, 2012 - 11:01 AM |
Tagged: opswat, software, mse, antivirus

OPSWAT, a company founded in 2002, has released it's latest quartlerly report on software market share. The new report indicates that as of March 2012, the free Microsoft Security Essentials antivirus application has made the biggest gains in users this year.

MSE_GUI.PNG

Microsoft Security Essentials is a free antivirus program developed by Microsoft that has been on the market for just over 2 years (since September 2009). Despite not having the best detection rates, it is a program that is non-intrusive and lightweight on resources. Because of the automatic updating (via Windows Update) and being essentially "set it and forget it," it has garnered quite the following from tech enthusiasts that use it on their computers along with a bit of common sense browsing to stay safe. In addition, it makes for a good choice for family members as it is easy to install and requires little maintenance along with not costing any money. Also, If you have a friend or relative that refuses to pay for AV yet also refuses to stop visiting certain areas of the web, having some kind of free antivirus is better than nothing!

Specifically, the Microsoft software has managed to snag 10.08% of the worldwide antivirus market, putting it under the three big A's of antivirus: Avast with 16.26%, Avira with 11.65%, and AVG Technologies with 10.96%. Close behind Microsoft is ESET antivirus with 10.06%. Microsoft has increased their worldwide market share to 10.08% from 7.27% a year ago. They are further ahead of Symantec who holds 9.97% of the market.

Worldwide Vendor Market Share - March 2012
Vendor Market Share
AVAST Software 16.26%
AVIRA GMBH 11.65%
AVG Technologies 10.96%
Microsoft Corporation 10.08%
ESET Software 10.06%
Symantec Corporation 9.97%
Kaspersky Labs 7.75%
McAfee Incorporated 4.74%
Panda Software 3.77%
Trend Micro, Incorporated 2.22%
Others 12.54%

 

In terms of the North American market, Symantec actually pulls ahead of Microsoft, and holds the number one position at 16.09%. Microsoft then holds the second position in North American market share with 14.92%. The MS software saw big gains from last year, moving from fourth position to second position and 9.94% to 14.92% respectively. AVG holds third place at 13.22% while Avast has 11.96% of the North American market and fourth place. You can see the remaining top 10 vendors' market share in North America below.

North American Vendor Market Share - March 2012
Vendor Market Share
Symantec Corporation 16.09%
Microsoft Corporation 14.92%
AVG Technologies 13.22%
AVAST Software 11.96%
ESET Software 7.06%
McAfee Incorporated 6.76%
AVIRA GMBH 4.41%
Kaspersky Labs 4.03%
Panda Software 3.49%
Trend Micro Incorporated 3.10%
Others 14.96%

 

Drilling down beyond vendor market share to the specific programs' market share Microsoft Security Essentials holds 14.58% of the North American market as of March 2012. Also, MSE holds 9.96% of the worldwide market in March 2012. In terms of ranking, the individual software that is MSE is is number one in North America and second place worldwide. Microsoft Security Essentials holds 14.58% in North America and 9.96% globally, putting it just under AVAST! Free Antivirus which is the number one AV product worldwide with 11.91% of the market. These numbers are a bit more telling, as they indicate Microsoft is doing pretty darn well with their AV program, and it is really helping them (market share wise) to have just one main SKU/program in their lineup.

Interestingly, their report indicates that the top 10 antivirus makers hold the great majority of the market with 87.46% of worldwide market share. Of the top 10 (listed in chart 1) global AV vendors, only Trend Micro is a new addition at number 10 thanks to overtaking PC Tools with a total of 2.22% market share. The top 10 has further gained more of the total market compared to last year. In 2010, the top 10 vendors held 86.57% of the market, and they now hold 87.46%. Individual product wise, the top 10 companies' applications hold 64.94% of the worldwide market and 63.08% of the North American Market (this is for specific programs only, while the previous total numbers are for top 10 AV companies as a whole).

Further, OPSWAT states that the free offerings continue to dominate the charts with the most number of installations and market share. In North America, they identified 81 antivirus companies and 257 antivirus software applications. Globally OPSWAT detected 87 vendors and different programs. That makes the fact that the top 10 vendors hold approximately 87% of the market even more impressive.  More information on the recent OPSWAT report is availabe in the PDF format here.

Source: OPSWAT

Windows Defender at risk of antitrust for Windows 8?

Subject: Editorial, General Tech | February 20, 2012 - 10:21 PM |
Tagged: antivirus, windows 8

Imagine if it were illegal for a dominant homebuilder to sell a house with locks on the door to be fair to the market of locksmiths?

The legality of Microsoft’s planned upgrades to its Windows Defender security suite has been questioned in an article up at ZDNet Asia. While the article itself is very correct in its analysis of the situation it does implicitly ask at what point a market should be obsolete.

Does it really protect consumers to intentionally unbundle security from a core application? Is it better to unbundle security to promote an industry worth of companies with products designed to successfully do little more than alert you when a breach has occurred?

Defender.png

Industry status - Not Protected

Despite the wording of the above three paragraphs, the answer actually is not simple. There is a lot of merit to disallowing the bundling of internal security applications and protect the antivirus industry.

Ponder this, what if Microsoft’s system was really bad? Would promoting competition ultimately drive for a stronger and more secure product in the end? Or alternatively, would the pressure from the attackers themselves be sufficient competition to not need to protect antivirus companies?

It really is an interesting problem when you look into it. What do you think? The comments await, and registration is not required to voice your opinion.

Source: ZDNet Asia

Antivirus effectiveness report: Microsoft Security Essentials behind its peers

Subject: General Tech | May 4, 2011 - 02:28 PM |
Tagged: mse, Malware, antivirus

One of the major drawbacks of having general purpose computation devices is malware. Your computers are designed to manipulate and store instructions and information and they do that amazingly. Your computers, however, cannot tell who gave what instruction; they follow a set of instructions until it links to another, which they follow, ad infinitum. When someone who wants to use your computer can get their series of instructions run by your computer: that is when you got a problem.

Antivirus software is designed to detect when a bundle of bits on your computer could translate to a likely attack. The big question is how effective are each antivirus package at doing just that.
 
MSE.png
Oh is it reeaaaalllllyyy?
 
The firm AV-test.org tests antivirus software and assigns it with a score based on various factors. They recently published their findings for this quarter and found Microsoft Security Essentials was the second-least effective at preventing infections from occurring according to their scoring metric. Their report (PDF) shows that while Microsoft is effective at blocking recent malware it has difficulty with 0-day attacks.
 
Despite the ranking it should be noted that antivirus software should be just a guard looking over your shoulder monitoring what you do. Keep your computer and all programs on it that receive data up to date, be careful of what you run, and keep a minimum number of ports forwarded to your PC. Then and only then will an Antivirus package help protect you against what is left.
 
Lastly, if you happen to suspect that your computer has an infection: back up your data, reinstall your operating system, and enjoy a speedy virus-free computer. That method is free and more effective than hoping an Antivirus package reversed all the damage the virus did because you have no method of knowing otherwise.
Source: av-test.org