K-LOVE & KISSES 2014: REASONS TO BE CHEERFUL, PART 3.

“The person needs to be brought round to the idea that he has to part with his money. He needs to be morally disarmed, and his proprietary instincts need to be stifled.”

No, not Don Draper; this is a quote of Ostap Bender, a classic fictional hero from 1930s Russian literature. And no, there’s no relation to the other famous Bender!

Thus, it would appear that, curiously, Mr. Bender knew a thing or two about capitalism, despite being from a Communist country. Hmmm…

Anyway, what he knew is that it’s sometimes possible to make folks part with their hard-earned shekels if they are manipulated the right way – the folks, that is.

Fast-forward to today… and we find this kind of manipulation alive and well – in a modern, hi-tech, cyber kinda way: Today, folks gladly hand over their Benjamins to the crims behind blockers, aka ransomware, an especially sneaky form of computer malevolence. But have no fear, KL users: in the new version of KIS, we’ve got a nice surprise waiting for the blocking blockheads and their blockers.

Ransomware criminal market turnover made up more than $15 million, while the number of victims reached the tens of millions

The principle and tech behind blockers/ransomware are rather simple.

Using one of the various means available (for example, via a software vulnerability), a malicious program is sneaked into computer, which then displays an amusing (not) photo with scary (not – with KIS:) – text, and blocks the desktop and all other programs’ windows.

Unblocking is only possible (well, was possible – see below) by entering a unique code, which of course you can only get from the cyber-tricksters who infected the comp in the first place, and of course – for a fee, through premium SMS numbers or online payment systems. Until you pay the ransom, the comp remains kidnapped – no matter what you do (including Ctrl+Alt+Del), and no matter what programs you try to run (including antivirus); all you see is something like this:

ransomware1

The rise, the decline & the return of ransomware…

“To live is to war with trolls”*

The euphoria after our recent single-handed victory over a patent troll has died down – a little. It was real nice to read lots of different accounts of the good news (like this, this, this, this and this) and multiple encouraging  comments from users. However, the real struggle has only just begun – ahead lies a lot of hard work and hassle, albeit interesting hassle. So now’s probably a good time to sum up everything.

comment1

comment2

comment4Source

Read on: The first and main thing – never let your guard down…

K-LOVE & KISSES 2014 – PART 2: ALPHA, BETA, ZETA.

Welcome back folks!

What else new and interesting is to be found under the hood of KIS 2014, missioned to save your data from the cyber-swine? Today’s guest star is ZETA Shield technology.

ZETA Shield I think might be best described as a high-tech antivirus microscope for the detection and elimination of the most cunning of malware, which hides deep in the bowels of the inner recesses of complicated files. In short, this is our unique defense technology against future threats, one which can track down unknown cyber-contagion in the most unexpected places.

To understand the concept better, let’s take a set of traditional Russian dolls.

Antivirus should unpack the nested essence of malware like a Russian doll. But it’s not quite as simple as just that.

Open one and you find another inside, and nested inside that one – another, and so on and so on. And in terms of where troublesome programs hide, this is a pretty good analogy. Malware tries its hardest to embed itself into the very essence of its surroundings, and even uses digital ‘plastic surgery’ to change its appearance and hide from antivirus programs. It puts itself into archives, crypto-containers, multimedia files, office documents, scripts etc., etc. – the possibilities are endless. The task of the antivirus program is to delve into the actual essence of all these different objects, probe the interior, and extract the malware.

So that’s it? Well… no, it’s not quite as simple as just that.

Antivirus programs have long been able to take apart complicated files. For example, ever since the early 90s other companies have been licensing our antivirus engine in particular because of its ability to unpack archived and packed files. But unpacking is only half the job. You need an instrument that’s clever enough to not only take apart complicated files but that can also analyze these ‘Russian dolls’, understand what’s doing what in there, build connections between different events, and finally diagnose; importantly, to do that proactively – without classic signatures and updates. It’s a bit like the detective work that goes into locating potential binary weapons. Such weapons are made up of individual components which on their own are harmless, but when mixed create a deadly weapon.

And this is where ZETA Shield comes in.

And just in time too, as the number and perversity of both targeted and zero-day attacks are on the up and up. These are the very things ZETA is designed to deal with (ZETA = Zero-day Exploits & Targeted Attacks).

zeta_shield_logo

More: KIS 2014 can withstand serious assaults from tomorrow’s malware. Now you too…

Enter your email address to subscribe to this blog
(Required)

Revenge can be sweet, especially against patent trolls.

Payback can be slow – painfully slow – in coming, but thankfully, at last, it does seem to be showing signs of finally arriving and hitting some most unsavory types – patent trolls – squarely in the nether regions.

I’ve already waxed lyrical here about trolls and what needs to be done to up the fight in tackling this scourge.

Here, let me give you a quick review of what needs to be done:

  • Patent use to be limited – a ban on claims for a term preceding their acquisition;
  • Mandatory compensation of a defendant’s expenses if a lawsuit against it is either defeated in court or withdrawn;
  • A ban on patent aggregators bringing lawsuits;
  • An increase in the required detail and accuracy of patent descriptions, and mandatory technical expert examinations;
  • The main thing: not for ideas to be patented, but their concrete practical application.

Sometimes it seems like US legislators read my blog! Finally, something is getting done – and not just anywhere, but in the state of Vermont, where the first anti-troll law has come into effect!

There’s a lot of interesting stuff in this law, but what I like most in it is that now a defendant company can demand from a patent troll reimbursement of all its legal costs if it manages to prove that the troll acted not in good faith.

More: Special thanks for the law go to … a patent troll!

Magdeburg: AVant garde.

There’s a Russian saying that translates roughly something like ‘live a century, you’ll be amazed for a century’. Meaning, I reckon, that when you think you’ve seen it all, you in fact won’t have. For me, this applied to the trip I made to the city of Magdeburg recently, for it did just that – amazed.

On the whole the place is a little dull and provincial (in my opinion, that is; but then again – I do live in Moscow most of the year :). There’s the river (the Elbe, but here it’s still quite meager), the impressive banks thereof, the equally impressive walls of the castle (restored) and the gothic cathedral. There’s not a great deal besides that. Apart from one feature that makes up for all that dullness…

In the center of the city there’s a totally incongruent large residential/commercial building known as the Green Citadel of Magdeburg. Just check out the colors, shapes and patterns! You seen anything quite like it?

The artist responsible for this architectural aberration is Friedensreich Hundertwasser, a Gaudi for the late 20th century. This is just one of the many buildings he transformed into a masterpiece across central Europe – in his totally original and mind-blowing style.

This Austrian was a true maverick, so I’m a fan for sure. He believed that folks shouldn’t live in box-like houses that are all the same, and that inhabitants should be encouraged to paint or in some other way change the walls around them. And that meant interior walls too. He was also into converting disused factories into avant garde pieces of art.

Enough words. Now for some pix:

magdeburg-1

More: What were we doing here in the first place?

K-LOVE & KISSES 2014 – PART 1.

Hip, hip, hurray! Yee ha! Woo hoo! The latest incarnation of KIS has landed – everywhere (almost)!

As per our long held tradition of launching new kit during the summer months – we’ve now managed to get KIS 2014 officially released in all the main regions of the world and in all the most widely spoken languages. For those interested in KIS itself, go here to download the new version. Upgrade guidelines are here.

And as is also becoming a bit of a tradition early fall, the time has come for me to tell you all what’s in this here new version…

There’s plenty of new stuff in KIS 2014 – with a special emphasis on protection against future threats.

First thing I can say: new stuff – there’s plenty of it. So much so that there’ll be several posts covering the key new features separately, as the low-down on all of them won’t fit into one bite-sized blogpost that won’t send you to sleep…

So, here we go… with post No. 1:

Basically, KIS 2014 packs yet more punch than its already punchy predecessor – KIS 2013 – which even without all this year’s additions was unlucky for no one. The protection provided is harder, better, faster, stronger. KIS has gone under the knife for a nip and tuck complete face-lift of its interface, and the logic of its main operations has been overhauled too.

There are new features to ensure secure online money operations (we’ve beefed up Safe Money); there are new features in Parental Control; there’s integrated protection against malicious blockers; and there are various new performance accelerators and optimizers to make the protection even more invisible and unobtrusive.

kis-2014-main-screenshot-eng-1

But the best feature of all in this version is what we put most effort into: providing protection from future threats, having added to the product – much to the chagrin of cyberswine – several specialized avant-garde technologies (none of which appears to be included in competitors’ products). No, we haven’t used a time machine; nor did we track down cyberpigs and do a Jack Bauer interrogation on them to get to know about their planned mischief. We shamanized, looked into the future, came up with rough calculations of the logic of the development of cyber-maliciousness, and transferred that logic into practice in our new technologies of preventative protection.

Among the preventative measures against future threats I’d like to emphasize the souped-up Automatic Exploit Prevention – two special technologies from our corporate solutions that have been adapted for our home products – ZETA Shield and Trusted Applications mode, plus a built-in proactive anti-blocker.

So how do all these fancy sounding features actually help in daily computer hygiene? Let me start by telling you first about Trusted Applications mode – the world’s first for such technology being featured in a home product providing complex security.

More: Fighting the parcel in ‘pass the parcel’ syndrome…

The phantom of the boot sector.

My power over you
grows stronger yet
(с) Andrew Lloyd Webber – Phantom Of The Opera

In the ongoing battle between malware and anti-malware technologies, there’s an interesting game that keeps getting played over and over – king of the castle.

The rules are simple: the winner is the one who loads itself into the computer memory first, seizes control of the ‘levers’, and protects itself from other applications. And from the top of the castle you can calmly survey all around and guard the order in the system (or, if you’re malicious, on the contrary – you can cause chaos, which goes both unnoticed and unpunished).

In short, the winner takes all, i.e., control over the computer.

Cybercriminals have long taken an unhealthy interest in boot sector – the ideal way to hide the fact that the computer is infected. And they use a special strain of malware – bootkits.

And the list of applications wanting to do the boot process first begins with (as the name might suggest) the boot sector – a special section of the disk that stores all the instructions for what, when and where to load. And, terror of terrors, even the operating system sticks to this list! No wonder cybercriminals have long taken an unhealthy interest in this sector, since abusing it is the ideal way to get first out of the blocks while completely hiding the fact that the computer is infected. And the cybercriminals are helped in this by a particular class of malware – bootkits.

How your computer loads

loading_comp_en

To find out what bootkits are and how we protect you against them – read on…

More: the prosperity, the fall and the return of bootkits…

Emulate to exterminate.

First, a bit of rewind/intro…:

100% guaranteed protection doesn’t exist. You probably know that perfectly well by now. Indeed, even the most reliable antivirus sometimes gets bypassed in professional attacks. That’s bad news enough already. What’s even worse news is that inferior antiviruses get bypassed a lot more frequently.

If they want, highly professional criminals can hack into anything; thankfully, such cyber-Moriatys are few and far between. For the most part, cyber-outrages are carried out by common-or-garden programmers who seem to get their right and wrong all mixed up – seduced by greed and thinking they can get away with it (ha!). These chancers usually don’t have sufficient criminal cyber-skills to pull off hacking the most advanced mega-defenses out there, but they are more than capable of getting into computers that are either not protected at all or which have colander-protection installed. And, alas, such comps in the world are twenty a penny.

The basic logic of it all is rather straightforward:

The stronger the protection – the stronger the defenses, obviously. At the same time, the more professional the attack – the stronger the defenses it can break.

Now, with 2.5 billion Internet users potential victims out there, this logic leads to the following economics:

Criminals don’t need to go to all the bother of coming up with super-mega skeleton keys for breaking into super-mega secure vaults (especially when what is often saved in such super-mega secure vaults can be some real creepy/weird/dangerous stuff it’s best not to know about). It’s much simpler – cheaper – to break into something more down-to-earth, like a neighbor’s network, since their defenses are bound to be much, much lighter, and their stashes more realizable.

So you get the picture: for the average hacker, there’s no point going to the trouble of preparing for and carrying out mega-professional attacks. Nor is there much sense in switching their criminal focus from Windows to Mac. It’s much more effective to ‘carpet-bomb’ – affecting as many victims as possible with non-pinpointed attacks that don’t take a lot of hassle or brains to carry out.

The better the protection – the less interesting it is for the bad guys. They won’t bother going to the trouble of breaking it, they’ll just find other – more vulnerable – victims elsewhere.

Now, let me tell you more about a feature that puts cybercrims off attacking particularly your comp, and has them decide to go elsewhere where the feature doesn’t reside. Yep, it’s time for another eye-opening excursion under the hood of our antivirus and to let you know more about how the letter K in your taskbar makes you a big turn-off to the cyber-trespassers – through protection from future threats with emulation.

emulator_alert_en

More: The nearly-perfect testing tube…

One step forward, two steps back.

“Everything ought to happen slowly, and out of joint, so we don’t get above ourselves, so we remain miserable and confused”

Venedikt Yerofeev. Moscow Stations

I never thought I’d ever use this phrase when talking about the antivirus industry, but that’s what it’s come to. You know, not everything in this world progresses smoothly. Economic realities and the need for new customers often manage to lure even the best over to the dark side. This time, one of the best-known test labs in the AV industry – AV-TEST – has succumbed.

Comparative testing: A bit of background for the uninitiated

How do you go about picking the best of any particular product? And how do you know it’s the best? Well, you would probably start by looking at the results of comparative testing in a specialist magazine, or the online equivalent. I’m sure this is not news to you. The same goes for AV solutions – there are a number of test labs that evaluate and compare a huge variety of antivirus products and then publish the results.

Now, for some unknown reason (below I’ll try and guess why exactly) the renowned German test lab AV-TEST has quietly (there was no warning) modified its certification process. The changes mean that the certificates produced by the new rules are, to put it mildly, pretty useless for evaluating the merits of different AV products.

Yes, that’s right. I officially declare that AV-TEST certification of AV solutions for home users no longer allows product quality to be compared adequately. In other words, I strongly recommended not using their certificate listings as a guide when choosing a solution to protect your home PC. It would be natural to believe that two products that both have the same certification must be equal (or close to equal) in performance. With AV-TEST’s new certification standards, the onus is on the user to carefully investigate the actual results of each individual test…they may find that a product that blocked 99.9% of attacks has the same “certification” as a product that only blocked 55%.

avtest_cert_balance_blue

More: let’s take a closer look at what happened and why…