Jon's Network

Another discussion video by Richard Stiennon and friends (Amrit Williams, Martin McKeay and Mike Murray. Someone remarked that heuristics doesn’t work and Alex Eckleberry responded with this interesting post that heuristics do indeed work and most AV companies rely on them to some degree to keep up with the enormous amounts of daily malware. The [...]

[Read more →]

When you download UltraSurf 9.3, you get a file called u.exe. This file was submitted to Virustotal on 2/26/2009 and the results are here. Only 3 out of 38 companies identified Ultrasurf 9.3 as malware. Fortinet, Prevx1 and Quick Heal of India. Contrast that with this Virustotal scan of UltraSurf 8.8 from 3/13/2008 where 9 [...]

[Read more →]

Keith Schultz at InfoWorld tested five competing endpoint security suites. Supposedly this was an in-depth test that started last May. Sophos beat the others mainly because of better reporting and management. I went into this review without any preconceived notions as to which product would fare the best, and I was pleasantly surprised to see [...]

[Read more →]

You upload or email a file to VirusTotal and it tells you what dozens of AV engines say about it. Free utility. Virus Total

[Read more →]

How effective is antivirus software if the computer doesn’t have the latest patch updates? Secunia tested 12 Internet security suites (PDF report) and found them all wanting. Symantec came in first, but it only detected 64 out of 300 exploits. This suggests that McAfee, Norton, Windows OneCare, ZoneAlarm, AVG, CA, F-Secure, TrendMicro, BitDefender, Panda, Kaspersky, [...]

[Read more →]

Secunia doesn’t think AV and IDS vendors are writing signatures well enough and plans to remedy the situation by opening up their analyses to a wider customer base with easier “pay-as-you-go” terms. we have also realised that far too many of the other AV and IDS / IPS vendors – including the major ones – [...]

[Read more →]

If you google Sophos vs Eset the first result is this pdf document hosted at Eset’s site that is basically a common “beat sheet” that all vendors create. Most beat sheets are made for the internal sales teams or resellers and are marked something like “confidental – do not share outside of Company X”. This [...]

[Read more →]

Patchlink took my advice – sort of. I suggested changing their name to SecureLink after acquiring SecureWave and STAT, but they chose Lumension Security instead. Their tagline, “Putting Security in a Positive Light”, is a reference to their endorsement of the positive security model they inherited from SecureWave’s Sanctuary, their “application and device control” solution. [...]

[Read more →]

The AV Fight Club at LinuxWorld was an interesting AV comparison sponsored by Untangle. ClamAV, Symantec and Kaspersky came out on top at 100%…Sophos caught 94%. There were only 25 viruses in the sample set. The interesting thing is that I have seen other tests with much larger sample sets that show ClamAV near the [...]

[Read more →]

From Chris Mitchell at SophosLabs Blog: Today a piece of malware (Troj/Bancos-BDF) crossed my desk that at first did not look like a Banker Trojan at all. It eventually turned out to be one of the most nefarious and brazen Banker Trojans I have ever analysed and it managed to do it all with only [...]

[Read more →]