The euphoria after our recent single-handed victory over a patent troll has died down – a little. It was real nice to read lots of different accounts of the good news (like this, this, this, this and this) and multiple encouraging  comments from users. However, the real struggle has only just begun – ahead lies a lot of hard work and hassle, albeit interesting hassle. So now’s probably a good time to sum up everything.

Source

Read on: The first and main thing – never let your guard down…

Welcome back folks!

What else new and interesting is to be found under the hood of KIS 2014, missioned to save your data from the cyber-swine? Today’s guest star is ZETA Shield technology.

ZETA Shield I think might be best described as a high-tech antivirus microscope for the detection and elimination of the most cunning of malware, which hides deep in the bowels of the inner recesses of complicated files. In short, this is our unique defense technology against future threats, one which can track down unknown cyber-contagion in the most unexpected places.

To understand the concept better, let’s take a set of traditional Russian dolls.

Open one and you find another inside, and nested inside that one – another, and so on and so on. And in terms of where troublesome programs hide, this is a pretty good analogy. Malware tries its hardest to embed itself into the very essence of its surroundings, and even uses digital ‘plastic surgery’ to change its appearance and hide from antivirus programs. It puts itself into archives, crypto-containers, multimedia files, office documents, scripts etc., etc. – the possibilities are endless. The task of the antivirus program is to delve into the actual essence of all these different objects, probe the interior, and extract the malware.

So that’s it? Well… no, it’s not quite as simple as just that.

Antivirus programs have long been able to take apart complicated files. For example, ever since the early 90s other companies have been licensing our antivirus engine in particular because of its ability to unpack archived and packed files. But unpacking is only half the job. You need an instrument that’s clever enough to not only take apart complicated files but that can also analyze these ‘Russian dolls’, understand what’s doing what in there, build connections between different events, and finally diagnose; importantly, to do that proactively – without classic signatures and updates. It’s a bit like the detective work that goes into locating potential binary weapons. Such weapons are made up of individual components which on their own are harmless, but when mixed create a deadly weapon.

And this is where ZETA Shield comes in.

And just in time too, as the number and perversity of both targeted and zero-day attacks are on the up and up. These are the very things ZETA is designed to deal with (ZETA = Zero-day Exploits & Targeted Attacks).

More: KIS 2014 can withstand serious assaults from tomorrow’s malware. Now you too…

Payback can be slow – painfully slow – in coming, but thankfully, at last, it does seem to be showing signs of finally arriving and hitting some most unsavory types – patent trolls – squarely in the nether regions.

I’ve already waxed lyrical here about trolls and what needs to be done to up the fight in tackling this scourge.

Here, let me give you a quick review of what needs to be done:

• Patent use to be limited – a ban on claims for a term preceding their acquisition;
• Mandatory compensation of a defendant’s expenses if a lawsuit against it is either defeated in court or withdrawn;
• A ban on patent aggregators bringing lawsuits;
• An increase in the required detail and accuracy of patent descriptions, and mandatory technical expert examinations;
• The main thing: not for ideas to be patented, but their concrete practical application.

Sometimes it seems like US legislators read my blog! Finally, something is getting done – and not just anywhere, but in the state of Vermont, where the first anti-troll law has come into effect!

There’s a lot of interesting stuff in this law, but what I like most in it is that now a defendant company can demand from a patent troll reimbursement of all its legal costs if it manages to prove that the troll acted not in good faith.

More: Special thanks for the law go to … a patent troll!

There’s a Russian saying that translates roughly something like ‘live a century, you’ll be amazed for a century’. Meaning, I reckon, that when you think you’ve seen it all, you in fact won’t have. For me, this applied to the trip I made to the city of Magdeburg recently, for it did just that – amazed.

On the whole the place is a little dull and provincial (in my opinion, that is; but then again – I do live in Moscow most of the year :). There’s the river (the Elbe, but here it’s still quite meager), the impressive banks thereof, the equally impressive walls of the castle (restored) and the gothic cathedral. There’s not a great deal besides that. Apart from one feature that makes up for all that dullness…

In the center of the city there’s a totally incongruent large residential/commercial building known as the Green Citadel of Magdeburg. Just check out the colors, shapes and patterns! You seen anything quite like it?

The artist responsible for this architectural aberration is Friedensreich Hundertwasser, a Gaudi for the late 20^th century. This is just one of the many buildings he transformed into a masterpiece across central Europe – in his totally original and mind-blowing style.

This Austrian was a true maverick, so I’m a fan for sure. He believed that folks shouldn’t live in box-like houses that are all the same, and that inhabitants should be encouraged to paint or in some other way change the walls around them. And that meant interior walls too. He was also into converting disused factories into avant garde pieces of art.

Enough words. Now for some pix:

More: What were we doing here in the first place?

Hip, hip, hurray! Yee ha! Woo hoo! The latest incarnation of KIS has landed – everywhere (almost)!

As per our long held tradition of launching new kit during the summer months – we’ve now managed to get KIS 2014 officially released in all the main regions of the world and in all the most widely spoken languages. For those interested in KIS itself, go here to download the new version. Upgrade guidelines are here.

And as is also becoming a bit of a tradition early fall, the time has come for me to tell you all what’s in this here new version…

First thing I can say: new stuff – there’s plenty of it. So much so that there’ll be several posts covering the key new features separately, as the low-down on all of them won’t fit into one bite-sized blogpost that won’t send you to sleep…

So, here we go… with post No. 1:

Basically, KIS 2014 packs yet more punch than its already punchy predecessor – KIS 2013 – which even without all this year’s additions was unlucky for no one. The protection provided is harder, better, faster, stronger. KIS has gone under the knife for a nip and tuck complete face-lift of its interface, and the logic of its main operations has been overhauled too.

There are new features to ensure secure online money operations (we’ve beefed up Safe Money); there are new features in Parental Control; there’s integrated protection against malicious blockers; and there are various new performance accelerators and optimizers to make the protection even more invisible and unobtrusive.

But the best feature of all in this version is what we put most effort into: providing protection from future threats, having added to the product – much to the chagrin of cyberswine – several specialized avant-garde technologies (none of which appears to be included in competitors’ products). No, we haven’t used a time machine; nor did we track down cyberpigs and do a Jack Bauer interrogation on them to get to know about their planned mischief. We shamanized, looked into the future, came up with rough calculations of the logic of the development of cyber-maliciousness, and transferred that logic into practice in our new technologies of preventative protection.

Among the preventative measures against future threats I’d like to emphasize the souped-up Automatic Exploit Prevention – two special technologies from our corporate solutions that have been adapted for our home products – ZETA Shield and Trusted Applications mode, plus a built-in proactive anti-blocker.

So how do all these fancy sounding features actually help in daily computer hygiene? Let me start by telling you first about Trusted Applications mode – the world’s first for such technology being featured in a home product providing complex security.

More: Fighting the parcel in ‘pass the parcel’ syndrome…

My power over you
grows stronger yet
(с) Andrew Lloyd Webber – Phantom Of The Opera

In the ongoing battle between malware and anti-malware technologies, there’s an interesting game that keeps getting played over and over – king of the castle.

The rules are simple: the winner is the one who loads itself into the computer memory first, seizes control of the ‘levers’, and protects itself from other applications. And from the top of the castle you can calmly survey all around and guard the order in the system (or, if you’re malicious, on the contrary – you can cause chaos, which goes both unnoticed and unpunished).

In short, the winner takes all, i.e., control over the computer.

And the list of applications wanting to do the boot process first begins with (as the name might suggest) the boot sector – a special section of the disk that stores all the instructions for what, when and where to load. And, terror of terrors, even the operating system sticks to this list! No wonder cybercriminals have long taken an unhealthy interest in this sector, since abusing it is the ideal way to get first out of the blocks while completely hiding the fact that the computer is infected. And the cybercriminals are helped in this by a particular class of malware – bootkits.

How your computer loads

To find out what bootkits are and how we protect you against them – read on…

More: the prosperity, the fall and the return of bootkits…

First, a bit of rewind/intro…:

100% guaranteed protection doesn’t exist. You probably know that perfectly well by now. Indeed, even the most reliable antivirus sometimes gets bypassed in professional attacks. That’s bad news enough already. What’s even worse news is that inferior antiviruses get bypassed a lot more frequently.

If they want, highly professional criminals can hack into anything; thankfully, such cyber-Moriatys are few and far between. For the most part, cyber-outrages are carried out by common-or-garden programmers who seem to get their right and wrong all mixed up – seduced by greed and thinking they can get away with it (ha!). These chancers usually don’t have sufficient criminal cyber-skills to pull off hacking the most advanced mega-defenses out there, but they are more than capable of getting into computers that are either not protected at all or which have colander-protection installed. And, alas, such comps in the world are twenty a penny.

The basic logic of it all is rather straightforward:

The stronger the protection – the stronger the defenses, obviously. At the same time, the more professional the attack – the stronger the defenses it can break.

Now, with 2.5 billion Internet users potential victims out there, this logic leads to the following economics:

Criminals don’t need to go to all the bother of coming up with super-mega skeleton keys for breaking into super-mega secure vaults (especially when what is often saved in such super-mega secure vaults can be some real creepy/weird/dangerous stuff it’s best not to know about). It’s much simpler – cheaper – to break into something more down-to-earth, like a neighbor’s network, since their defenses are bound to be much, much lighter, and their stashes more realizable.

So you get the picture: for the average hacker, there’s no point going to the trouble of preparing for and carrying out mega-professional attacks. Nor is there much sense in switching their criminal focus from Windows to Mac. It’s much more effective to ‘carpet-bomb’ – affecting as many victims as possible with non-pinpointed attacks that don’t take a lot of hassle or brains to carry out.

The better the protection – the less interesting it is for the bad guys. They won’t bother going to the trouble of breaking it, they’ll just find other – more vulnerable – victims elsewhere.

Now, let me tell you more about a feature that puts cybercrims off attacking particularly your comp, and has them decide to go elsewhere where the feature doesn’t reside. Yep, it’s time for another eye-opening excursion under the hood of our antivirus and to let you know more about how the letter K in your taskbar makes you a big turn-off to the cyber-trespassers – through protection from future threats with emulation.

More: The nearly-perfect testing tube…

My work has me rushing all over the world, speaking at events, getting together with fellow experts to tell my own stories and listen to theirs. One day I thought, why not share them here as well? So, here are some very different “funny” (literally and figuratively) stories from the world of IT security.

Story 1. Secret files with home delivery.

More: Myths of Ancient Greece and other stories…

“Everything ought to happen slowly, and out of joint, so we don’t get above ourselves, so we remain miserable and confused”

Venedikt Yerofeev. Moscow Stations

I never thought I’d ever use this phrase when talking about the antivirus industry, but that’s what it’s come to. You know, not everything in this world progresses smoothly. Economic realities and the need for new customers often manage to lure even the best over to the dark side. This time, one of the best-known test labs in the AV industry – AV-TEST – has succumbed.

Comparative testing: A bit of background for the uninitiated

How do you go about picking the best of any particular product? And how do you know it’s the best? Well, you would probably start by looking at the results of comparative testing in a specialist magazine, or the online equivalent. I’m sure this is not news to you. The same goes for AV solutions – there are a number of test labs that evaluate and compare a huge variety of antivirus products and then publish the results.

Now, for some unknown reason (below I’ll try and guess why exactly) the renowned German test lab AV-TEST has quietly (there was no warning) modified its certification process. The changes mean that the certificates produced by the new rules are, to put it mildly, pretty useless for evaluating the merits of different AV products.

Yes, that’s right. I officially declare that AV-TEST certification of AV solutions for home users no longer allows product quality to be compared adequately. In other words, I strongly recommended not using their certificate listings as a guide when choosing a solution to protect your home PC. It would be natural to believe that two products that both have the same certification must be equal (or close to equal) in performance. With AV-TEST’s new certification standards, the onus is on the user to carefully investigate the actual results of each individual test…they may find that a product that blocked 99.9% of attacks has the same “certification” as a product that only blocked 55%.

More: let’s take a closer look at what happened and why…

Every day our valiant antivirus lab processes hundreds of thousands of files. Each single day! Admittedly, some of them turn out to be clean and honest files, or just broken code, innocent scripts, assorted scraps of data, etc., etc., etc., but mostly it’s maliciousness – a lot of which is analyzed and processed automatically (as I’ve already mentioned on these cyberpages).

But every now and again we come across some reeeaaal unusual items – something totally new and unexpected. Something that activates the little grey cells, makes the heart beat faster, and gets the adrenaline pumping. I mean things like Stuxnet, Flame, Gauss and Red October.

Anyway, it looks like we’ve found something else in this original-oddity category…

Yes, we’ve detected another malware-monster – a worm originating from the cyberstreets of the Russian Internet. What we were able to say straight off was that it surpasses in sophistication by a long way not only all known malicious programs today – including professional cyberspies and cyberweapons – but also any other known software – judging by the logic of the algorithms and the finesse of their coding.

Yes folks, this is big!

We’ve never come across such a level of complexity and perplexity of machine code with program logic like this. Analyzing the most complicated worms and Trojans normally takes several weeks – whereas this baby looked like it’d take years! Maybe several years!!! It’s just so darn elaborate and convoluted.

I don’t know a single software company that would have been able to develop such a beast. Nor any cybercriminals with their mostly primitive malware. Nor any of the secret services assumed to be behind the more artful malware that’s appeared in recent years. No. This new find simply cannot be the work of any of those three.

So… Are you sitting down? No? Change that.

I’d say it’s theoretically impossible to say that this code was written by a human being (glad to be seated now?).

This code is so infernally intricate that I fear this newly-discovered worm must have extraterrestrial origins.

But wait – there’s more…