G Data Mobile Security for Android

G Data’s Mobile Security provides anti-virus and security monitoring for Android smartphones and tablets. Is this really necessary, you might ask, but I think after some of the recent malware removals by Google, there’s sufficient evidence that Android will increasingly be a target for malware and virus writers. Such is life.

Mobile Security provides three main functions, on-demand scans, blacklist control and authorisation checks for installed apps, all controlled from a main home screen.

G Data Mobile Security Main Screen

Tapping on any of the four areas will show the next screen for that function. Here’s the on-demand virus scanning – no surprises there – but Mobile Security also scans apps as they are installed from the Android Market (or elsewhere presumably) which gives additional protection against malicious software.

G Data Mobile Security Virus Scanning

The Permissions area shows a set of controlled features such as calls and internet access, and by selecting a particular feature Mobile Security shows the apps that have permissions for that feature. I thought that you might be able to then select an application and revoke its permissions to, say, access the internet, but the only option is to uninstall the app.

G Data Mobile Security Permissions    G Data Mobile Detailed Security Permissions

A settings screen is accessible from the menu key which provides greater control over the behaviour of Mobile Security’s activities. Usual stuff about scan intervals and automatic scans but all good stuff.

G Data Mobile Security Settings

The Logs area shows what Mobile Security has been doing and Update simply checks that the virus signatures are current and up-to-date. Nothing unexpected here.

G Data Mobile Security Logs

Unfortunately, I didn’t have any malware to hand so I wasn’t able to test out Mobile Security’s detection and disinfecting abilities but I would imagine that G Data’s got that covered.

It’s a free download from the Android Market to try it out, but it’s £9.99 per year to get updates for new malware and viruses. Alternatively, purchases of other G Data security products such as  G Data AntiVirus include a Mobile Security licence as part of the package.

The licence for this review was provided free of charge by G Data. Thanks.

 

Happy 15th Anniversary, Download.com

download.com

download.com

Today we have application stores up the ying-yang. But 15 years ago, trying to find applications for your computer was a lot harder. We did have two decent sources: Tucows.com and download.com (a CNet company, now owned by CBS). Since then, these two sources have grown to better catalog Freeware, shareware, and paid applications. This week, we say Happy anniversary to Download.com.

While the domain was registered on February 24, 1996, Download.com will officially launch on October 23rd, 1996 (Reference via CNet article). Since then, the website sees almost 10 million downloads of software a week. The top downloads being AVG and Avast antivirus software. A long cry from Hey, Macaroni (the dancing macaroni meme), WinZip 32 and Duke Nukem 3D – which was the most downloaded in 1996. WinZip is still one of the top 5 download pieces of software on the site.

For 15 years, download.com has kept a great archive of software, weeding out the obsolete, malware producing items. They have been sued for some software downloads, most notably the free music download program LimeWire. While download.com did not promote the download of mp3 music or movies, the peer-to-peer software is another way to download legally shared items. Of course, this has always been the conundrum of file sharing.

In retrospect, TuCows has been in operation since 1994, offering the same services. Other services have come and gone, but download.com has stayed strong. So happy 15 years to a source that I’ve personally used many a time from my IT career.

Virus Infects US Drones

Predator DroneWired is reporting that a virus has infected the flight systems controlling the Predator and Reaper drone aircraft in the Middle East. The systems have been infected for about two weeks and it appears to be a keylogger-type of virus. Further, the virus has resisted attempts to disinfect the system but the military think it’s benign.

You can read the full article yourself, but as an IT professional I read it with utter horror and dismay. Here we have a (potentially) armed aircraft apparently still operating with an unknown virus in its systems. Does this ring alarm bells for anyone else?

I work in a public sector organisation and our approach to a PC with a virus infection is to pull the plug on the infected equipment and disconnect it from the network until we are able to clean the PC, regardless of whether we think its benign or otherwise. We’re concerned that data might be wiped out. You’d think that the military might have concerns about people being wiped out by a malfunctioning drone but apparently not.

And then there’s the question of how the system came to be infected. Again there seems to be a remarkable lack of knowledge. No doubt we’ll find that the USB ports were unlocked, there was no antivirus software and anybody could plug in a memory stick at will.

Looks like there’s a market opportunity for an AV company…

Malware Myths

GData has found that many people’s preconceptions about malware are wrong and are putting them at risk of malware infection. The vectors for viruses and trojans have significantly changed in the past couple of years and infections now mainly come from websites rather than emails and USB sticks. The growth of malware in the past five years has been phenomenal and since 2005, over 2 million malware threats have been identified.

GData surveyed nearly 16,000 web users in 11 countries regarding their views on internet threats. People are generally more knowledgeable now, with only 4% admitting to having no antivirus software on their computer, although 5% didn’t know. 48% of those questioned have free AV software and 41% have paid software. The survey is not entirely clear if it was Windows PCs only or any computer, including OS X and Linux.

GData identified 11 malware myths that can lead to a higher risk of infection. Here they are.

Myth 1: When my PC is infected, I will notice in one way or another (93%)
No, modern malware writers are smart and code their viruses and trojans to make sure that they work stealthily and unnoticed in the background.

Myth 2: Free AV software offers the same elements of security as paid for packages (83%)
Anyone who has bothered to compare the feature sets of free v. paid versions of security software from nearly any company will know that this isn’t true. Usually the free ones are missing features such as firewalls or anti-spam filters.

Myth 3: Most malware is spread through e-mail (54%)
As mail spam and antivirus filters have got better, malware in attachments has become rarer as it has become less effective. Consequently most spam / malware emails now only come with links to infected websites rather than payloads.

Myth 4: You can’t get infected just by loading an infected website (48%)
Sadly not true. Websites loaded with malware that take advantage of vulnerabilities in the browser and operating system can infect a PC even when the user is “just looking”.

Myth 5: Most malware is spread through downloads at peer2peer and torrent sites (48%)
Undoubtedly some malware is passed on via peer-to-peer but today websites are the prime source of infection.

Myth 6: It is more likely to encounter malware at a porn site that at a horseback riding site (37%)
Much as we might like this myth to be true, serious adult sites are professional and run to a high standard. The web site is key to their business and they make sure the sites are secured and up-to-date with patches. On the other hand, hobby websites are run by enthusiasts who are rarely IT experts and these websites are easily compromised by criminals who then upload malicious code to the site which subsequently infects visitors.

Myth 7: My firewall can protect my PC from drive-by-download attacks (26%)
Sadly, not true. Firewalls are a useful security component but because much malware is web-based and web traffic is generally allowed (because you couldn’t access websites if you didn’t), firewalls provide only limited protection against them.

Myth 8: I don’t visit risky sites, so I am safe from drive-by-downloads (13%)
This is much the same as Myth 6, but the point to take is that your trust in the website brand does not have a direct correlation to the likelihood of being infected. In the recent past, a couple of high-profile trusted sites have become vectors for malware without the owner’s knowledge.

Myth 9: If you don’t open an infected file, you can’t get infected (22%)
The emphasis in this myth is on the “you”. In a perfect world this might be true, but modern PCs and operating systems are so complex and do so much in the background that it’s possible for a malicious file to infect a PC regardless of what the user actually does.

Myth 10: Most malware is spread through USB sticks (13%)
In the past a large proportion of viruses and trojans would have been passed on using USB memory sticks and while they can still be a vector (Conficker!), now more malware is spread by websites.

Myth 11: Cyber criminals aren’t interested in the PC’s of consumers (8%)
As most people recognised, consumer PCs are definitely of interest to consumers, either to form part of a botnet or else to monitor for passwords for on-line services.

There is a natural assumption amongst Internet users that pornography sites are more dangerous than other leisure sites. This is a myth. Amateur hobby/leisure sites are often not professionally run like many pornography sites, making them much easier prey for hackers,” says Eddy Willems, G Data Security Evangelist. “In the past, malware was written by developers who wanted to show off their technical skills, meaning it was visible to infected users. Now cyber criminals design, sell and make use of malware that enables them to take control of PCs’ computing powers in such a way that users do not notice the infection. This covert approach not only puts users’ data at risk, but also allows cyber criminals to send spam e-mails and malware, and participate in DDoS attacks. Internet users must correct their misconceptions in order to stay safe online.

You can download the full report (.pdf) if you want more information on the survey itself and the myths.

So stay sharp out there. The bad guys are out to get you.

Competition Time – G Data AntiVirus 2012

G Data have kindly supplied a copy of their AntiVirus 2012 to give away to Geek News Central’s loyal UK members. I reviewed the next product up in the range, InternetSecurity 2012, a couple of weeks ago and was quietly impressed. AntiVirus 2012 comes with antivirus (obviously) plus phishing, spyware and rootkit protection for a year on the PC and on Android smartphones or tablets.

To be in with a chance of winning, simply leave a comment below saying how you think GNC could be more relevant to a British audience. Don’t forget to leave your email address and I’ll draw at random from the comments in a week’s time. Remember, this is only for people with a UK postal address.

G Data InternetSecurity 2012 Review

G Data’s 2012 range of security products cover basic antivirus through to specialised protection for laptops and notebooks. Depending on the version purchased, the features build-up from antivirus and safe surfing, through firewalls and spam protection, to backup and data recovery, with additional features in the notebook versions.

On test here is InternetSecurity 2012 which sits between AntiVirus and TotalCare and the main features are antivirus, firewall, safe surfing and spam protection. Parental controls and file shredder are included too. The graphic here shows the main differences between each version.

The software can be purchased and downloaded directly from G Data but in this instance, it was the boxed retail product. Not unexpectedly, the main contents of the box are a CD and a user manual, which generally explains the software quite clearly and simply. A bonus for people who aren’t familiar with security software and as the licence key is stuck on the back cover, it’s easier to keep safe.

A further benefit of the boxed copy is that the install disk also doubles as an emergency disk which can be booted from. This is great for those really nasty viruses which block AV software and being able to boot outside of Windows to get at them is great. If you downloaded the software rather than buying the boxed copy, there’s an option in the SecurityCenter application to create a boot disk but it’s an extra step you’ll probably forget to do.

Installation is straightforward and it’s by the numbers with clear prompts. During the install, G Data clearly explains its privacy policy when it requests permission to send data back for analysis: nothing is hidden away in the EULA. As usual, you have to register with G Data, but the software offers a quick registration of just name and email address. There’s still the option to enter fuller details if you want. As you’d expect, the installation finishes with a reboot.

On rebooting, the G Data icon is now sitting pretty in the system tray and initially InternetSecurity contacts its servers and starts downloading fresh AV signatures. This takes a few minutes but once done, you can go into the main SecurityCenter overview to see the status of the main features.

As you might imagine, each section in the SecurityCenter has further actions and settings. For example, in Virus Protection you can request scans for specific folders or drives. Or you can go into the Settings and change which of the two scanning engines are in use. Without going into every section and being thoroughly boring, all I can say is that the options are comprehensive and give the opportunity for tweaking to your particular circumstances. All of the G Data security products are available as trial downloads so you can check whether they fit your needs before buying.

Performance-wise, InternetSecurity did not seem to have a significant impact on the computer. One touch that I did like was that virus signature updates are scheduled for a particular time rather than automatically updating as soon as you log into Windows. On older computers, this allows you to get using your computer faster than you might with other competing AV products.

Not having a set of viruses handy, I wasn’t able to actually test the AV features of the product but when I did a scan of my local disk, it did pick up a trojan that I wasn’t aware of in some downloaded files. With two antivirus engines built into the product, you’d expect it to catch most of the nasty stuff as each engine takes a different approach to detecting viruses

Overall, G Data InternetSecurity is a comprehensive and competent product with lots of features and a couple of value-adds, such as parental controls. I’d be perfectly happy to entrust my on-line security to this tool.

Prices are £30 for AntiVirus, £35 for the version tested here InternetSecurity and £40 for TotalCare. There are also specialised versions for notebooks and if you have an Android phone, you get AV protection for free with any of these products. All the details are on G Data’s website.

 

G Data MobileSecurity for Android

Continuing the battle with the bad guys, G Data has released its MobileSecurity product for Android smartphones and tablets. MobileSecurity is designed to protect the data on phone from viruses, malware and spyware. Apps have to gain authorisation from the user before the app can make calls, send text messages or transfer data. Other features include app blacklisting and app checking during installation. Of course, there are regular updates to the software to keep the protection up-to-date.

Eddy Willems, Security Evangelist at G Data commented: “Malware writers are entrepreneurs: always looking for the best return on investment. According to analysts, Gartner and IDC, Android seems to be the market leader in mobile operating systems, so it is logical that cyber criminals will target the platform. Android malware can be easily spread through apps, which is another reason the platform is targeted. Not only did the beginning of 2011 see the emergence of this trend, but it also saw Android take the lead as the most targeted mobile operating systems in terms of malware. So it is the perfect time to introduce a solution for the protection of Android devices, as we expect a large increase in this area.

Marketing puff aside, as we’ve seen in the past few weeks with the Mac malware and the Gmail spearphishing, there are criminals out there working out how to attack every major platform. And f they can’t beat the platform directly, they’ll go after the user, which is often the weakest link.

G Data’s MobileSecurity is available for £9.99 from a range of Android app stores or is free with G Data’s 2012 range of security products.

G Data Offers Free Fake Antivirus Removal Tool

If you or a friend have been conned into installing one of the fake anti-virus tools that has been doing the round recently, you’ll be delighted to hear that G Data are offering a free tool to remove the most prevalent type of scareware, “System Tool”.

Many of us will have seen those pop-ups claiming that our PCs have been infected and most of us will have dismissed them for the scams that they are. However, some people are taken in and G Data has seen an increase of 35% over the past 15 months in this type of fake AV. And if you are taken in, it’s a double whammy, with the criminals getting your credit card details while your PC remains under their control for further malicious activity.

The development and deployment of scareware has become a highly profitable business. Fake antivirus programs have a double benefit for cyber criminals: they receive money from users who purchased a ‘full version’ of their useless tools and they get hold of the victims’ credit card data. To make matters worse: the fake AV programs often also put online criminals in a position that allows them to download additional malware onto their victims’ computers”, explains Eddy Willems, Security Evangelist at G Data.

The instructions for running the cleaner program is:
1. Download G Data FakeAV Cleaner from the G Data website: http://www.gdatasoftware.co.uk/support/downloads/tools.html. It’s down at the bottom of the page.
2. Run the G Data FakeAV Cleaner setup file. The G Data FakeAVCleaner “System Tool” has to be executed with the Windows user account that is infected. As the FakeAV “System Tool” shuts down all user initiated programs which do not have any kind of reserved name, like explorer.exe, winlogon.exe or svchost.exe and many more, the file name for the G Data FakeAVCleaner is svchost.exe
3. Reboot the computer to finalise the installation.

If you are interested in the background to this kind of threat, G Data have a complementary blog post discussing some of the issues and demonstrates a scareware infection.

The Helpdesk is Closed…Until Next Christmas

Regrettably, I don’t get to see my folks as much as I’d like….there’s 500-odd miles and a sea between us, so it was a rare pleasure for my parents to visit me over Christmas for a few days.

After a day or so, my dad says to me, “Could you have a look at my laptop?  Every now and then a strange Asian website keeps popping up.  I thought I had a virus but the virus scanner says all is well.”

So I had a look….and yup, he had a trojan.  Not a particularly nasty one and easily removed armed with instructions from the web.  It was  a variant of W32/Autorun-TR or Win32.Worm.Agent.QAL depending on your nomenclature.  I have to recommend Avira’s Antivir Rescue System which is a bootable CD that will scan the hard disk for infection – download from here.   It’s an essential item for every geek  – the Rescue System picked up the virus straight away.

However, what was more interesting was (a) how did he get the virus and (b) why didn’t his (corporate) anti-virus software pick the virus up?

Dad’s an MD for a specialised engineering firm, so he travels a little.  He’s reasonably technically-savvy but not an IT expert.  It transpired that he’d been in China recently and had shared a USB memory stick with a local agent.  This matched the modus operandi of the virus so that part of the mystery was solved.

What I couldn’t understand was, given the age of the virus (late 2008) and that the corporate antivirus software appeared to be working,  why it hadn’t the trojan been picked up as soon as the USB stick was plugged in?

A little further digging revealed the problem….although the AV software was working, it hadn’t successfully installed new virus signatures in over a year – the last successful update was from mid-2008.   The signatures seemed to download ok, but they never got installed into the AV engine properly. If I forced it to download updates, the activity bar would go to 100% and the window would close, so everything looked ok, but if I subsequently went to the dialog which showed the signature version, it was unchanged.

I’m not going to name which anti-virus software it was because I suspect part of the issue might be that my dad’s company hasn’t paid its annual licence and therefore isn’t entitled to updates.  However, I think it’s very poor that there isn’t a warning on startup clearly saying, “Virus signatures are now 18 months out of date – system at risk”.  If Dad had seen that 17 months ago, he would have been on to his IT dept straightaway to get the licences paid (or whatever remedial treatment is needed).  A severe virus outbreak could literally put the company out of business, so I suspect someone will be starting 2010 with an important task from the MD.

As geeks, we often get asked to provide a little free support at Christmas and other holidays.  While it may sometimes take us away from the drinks and the mince pies, it has to be our way of returning the favours that our friends and family do for us the rest of the time.

See you next year, Dad.

Panda Names Downloader.GK Worst Virus of 2004

Panda Software, a respected vendor of antivirus software applications within the technical community, has named a Trojan, Downloader.GK, as the most malicious virus of 2004. Even though Downloader.GK isn’t technically a virus, an application that independently distributes itself, the program has caused the most damage to users’ computers, according to data collected by Panda Software’s ActiveScan process.

[Read more...]