Tag Archives: features

DDoS – a Nasty SOB, but Curable – with KDP.

Hi everyone!

The Russian parliamentary elections late last year and the ensuing mass protests against their alleged falsification have brought about a sharp increase in the level of polarization of viewpoints being bandied about on Russian-language social networks and online media.

Simultaneously with all this, plenty of the Russian online media were visited by a ghost – the ghost of DDoS (Distributed Denial of Service Attack) – in early December 2011. This led to brazen hacker attacks, with one after another Russian website going down, and several attacks occurring simultaneously. Some were organized using traditional criminal bot networks, but behind them, it sure seems to me, stood marginal political groups, since the victims of the attacks were the sites both of opposition groups (including the Communist Party) and also of the ruling United Russia party.

A second DDoS attack – in mid-December – was more sophisticated. To date we still don’t have any reliable information about its origin – that is, not technically (how they actually pulled off the DDoS), and not the people who ordered it. And I’m not sure we’ll ever get to the bottom of it.

But I won’t get bogged down here with theory.

Read more: Let me get straight to DDoS in action …

A Nasty Little Thing Called Spam.

So, what do you think happens 250 billion times a day? Well, OK, it’s a rhetorical question, especially if you paid attention to the title.  But every day, in total, 250 billion spam e-mails are sent to inboxes all over the world. It sounds like a lot, but let’s be honest, does that number really shock you?

Next, try to define what you think of as spam. Most people assume it’s about Viagra, Nigerian letters and other pathetic, lame scams which jam up your inbox and slow down your daily business. But here’s the thing: spam is far more than just unsolicited ads. That Viagra offer is just the tip of the iceberg, while spam as a phenomenon is a crucial part of a huge cybercrime ecosystem. And the apparent “innocence” of spam is the illusion that I will be debunking here.

The technical foundations of the cybercrime ecosystem are botnets. These are huge clusters of computers infected with special Trojans (bots) that allow cyber crooks to remotely control these computers without their owners even knowing about it. That’s why experts also call botnets zombie networks – the computers are modified to obey cyber criminals’ commands as if they are zombies. Sometimes botnets can consist of millions of computers. For example, the notorious Kido (Conficker) botnet contained 7 million bots while TDSS had around 4.5 million bots.

How do they make money from botnets? The economics is quite simple here. Cyber crooks monetize the botnets in several ways including DDoS attacks, advertising services, phishing, data theft, etc. The picture looks something like this:

Spam moneitizing through botnet

Read more: So, what is the big deal about spam?

Flickr photostream

Instagram photostream

Features You’d Normally Never Hear About – Part Three.

And so I continue with series on some of the lesser-known, fruitiest features to be found in our products. This time I’ll be concentrating on whitelisting – a completely different approach to malware protection, which at the moment is included in KIS, PURE, and the new generation of our corporate products.

So why did I choose this seemingly techie term that could frighten off a respectable non-overly-techie reader from the very beginning?

The answer is quite simple:  in a way whitelisting is pretty much revolutionary for the industry – based on a totally new paradigm, which goes far beyond traditional pattern-based technology. As a result this a great opportunity for the anti-malware industry to be one step ahead in the battle with cyber-criminals, and for you – to be better protected against unknown threats. And in fact whitelisting is not that techie – see for yourself below!

So, what is whitelisting?

A list written in correction fluid? Such a thing may exist, erm, I guess. But no, KL’s whitelisting is something a little different.

More: A technology that brings some fresh air to the anti-malware industry …

Enter your email address to subscribe to this blog

Rooting out Rootkits.

As you might guess from the title, today we’ll be talking about rootkits. At heart this is an interesting topic, but often that ‘heart’ is out of sight: in the press rootkits are rarely covered at all, and if they are the articles are filled with nothing but horror stories that have nothing in common with reality. There are of course many technical articles, but these don’t help the wider audience – the general public.

But the problem exists.

The majority of anti-virus software is making great strides towards protection from rootkits. But this isn’t necessarily a good thing, since not all of it does it properly. The ability to fight them first depends on, and is indicative of, the technological progressiveness and overall level of anti-malware expertise of the developer. And not all ‘developers’ are technologically progressive – so their so-called anti-rookit technologies aren’t up to scratch, leaving overall protection against rootkits around the world  lower than it could and should be. And let’s not forget that many botnets use rootkit technologies, and the ability to draw out this contagion is the best protection there is from cybercriminals.

So let’s go through all the salient points about rootkits in order.

More > The basics, the threat and the remedy …

Number of the Month: 70K per Day.

Anti-malware: it’s a dirty job, but someone’s got to do it. Or at least it used to be… but I’ll get to that later…

For your average Joe it can be hard to understand all the finer details of the work of an anti-malware company. But oh how we want to tell everyone about them! So we’re trying as best we can to translate them all into understandable, non-gobbledygook language – not to mention also in the English language!

The tip of the malware-fight iceberg one gets a peek at from collections of facts and figures, which illustrate the basic ins and outs of anti-malware. For example, here we have the kinds of infographics we issue on a regular basis:

anti-malware infographicanti-virus inforgraphicmalware infographicinfographic on malwareAnti-virus and malware infographicAnti-virus and malware software infographic

[click on the image to see the details]

One of the most frequently asked questions we get is: “How many viruses do you find every day?“.

See more > So, how many viruses do we find every day?

The Holy Grail of AV Testing, and Why It Will Never Be Found

So, my expectations were fulfilled. My recent post on an AV performance test caused more than a bit of a stir. But that stir was not so much on the blog but in and around the anti-malware industry.

In short, it worked – since the facts of the matter are now out in the open and being actively discussed. But that’s not all: let’s hope it won’t just stimulate discussion, but also bring the much-needed change in the way AV tests are done, which is years overdue, and is also what I’ve been “campaigning” for for years.

So, how should AV be tested?

Well, first, to avoid insults, overreaction and misplaced criticism, let me just say that I’m not here to tell testers how to do their job in a certain way so that our products come out top – to have them use our special recipe which we know we’re better than everyone else at. No, I’m not doing that, and anyway, it’s rare when we don’t figure in the top-three in different tests, so, like, why would I want to?

Second – what I’ll be talking about here isn’t something I’ve made up, but based on the established industry standards – those of AMTSO (the Anti-Malware Testing Standards Organization), on the board of which sit representatives of practically all the leading AV vendors and various authoritative experts.

See more > One don’t, one maybe and one definitely yes …

Benchmarking Without Weightings: Like a Burger Without a Bun.

Hi everyone!

With the help of my colleagues I’ve been slowly but surely getting up and running a series of posts (here and here) about key technologies – to introduce them to the public, judge the reaction, and then gather ideas. But besides singing the praises here, I’d also like to give you my opinions on comparative tests – those that inform the public how efficient these technologies are. Alas, there are not that many tests I trust and can recommend.

There are just too many shortcomings in today’s testing methodologies, meaning the tests provide only a snapshot of the tested products and miss the whole picture. But it precisely the whole picture that is what customers need. Unfortunately, the majority of tests still employ old testing practices (like on-demand testing with outdated malware collections), which don’t reflect current real-life user scenarios.

And so now let me say a few words about PassMark. This is a very respected organization and I really admire the job it does. However, its recent anti-virus performance test has at least one significant flaw, which could mislead readers and cause them to make purchases based on faulty comparisons.

See more > Performance tests revisited …

Features You’d Normally Never Hear About – Part Two.

Hi everyone!

In this post we continue to bring to light different tasty technological morsels from the lesser known nooks and crannies of our products (the first is here). Today we’ll get into the nitty-gritty of a thing we call Safe Run.

But first let me say a bit more about this whole idea of thematic posts about features before we get too far into them. Some well-intentioned folks here at KL came up with so many ideas for posts that it soon became clear that they should be organized in the form of a series or, rather, a season – in the TV sense: they will run on for a long time. Indeed, a bit like a season of The Office or 30 Rock, there’ll be many short, sharp, to-the-point installments, and no clutter.

And for those for whom this post may be their first, let me repeat that, as you’ll have guessed already by the title, they’re about the kinds of things you may never know existed, but which are in fact very useful and make life easier and better! And of course safer.

Actually choosing which features to write about first out of the multitude was pretty darn tricky – since there are that many of them. In the end I’ve gone for the “best of the best” useful features first. So, after System Watcher last time, here we are with another premium feature – Safe Run.

Kaspersky Labs Safe Run

So, what’s the nature of this beast? And does it come with rice or French fries?  Maybe couscous?

See more > An easy way to do risky things …

Features You’d Normally Never Hear About.

For different reasons, announcements of new products often never go into the finer details of those products, and leave out info on the slightly less significant though still immensely useful features that go towards making a product complete. However, thanks to our press releases and press conferences, we get the chance to delve into the tasty, lesser-known, more introverted features that might normally pass you by.

First up out of these small but irreplaceable vita-features is System Watcher, whose main function is monitoring applications’ activity on a computer.

Kaspersky Labs System Watcher

See more > What’s common between System Watcher and House M.D.?

Hybrids Are Cool. Hybrids Are Awesome. But What about Hybrid Protection?

There’s been a lot talk for quite a while now surrounding how cloud technologies can help increase protection against malware. One tendency is to fall into the trap of considering the cloud as a silver bullet that can effectively solve all security related issues at once.

I agree that cloud-based protection certainly brings many advantages – both to end users and security vendors. Yes, it permits us to detect new threats much faster and deliver necessary updates to users. However, I don’t share the euphoria that is promoting this approach as a self-sufficient technique capable of tackling security threats by itself.

Protection needs to be multi-layered, with each layer complimenting the others, contributing to the overall security level and shielding computers in any environment – and in a well-balanced manner so as to maintain top computer performance.

Kaspersky cloud protection

There are three main issues that significantly limit the scope of cloud protection being used on its own.

Read more > The three key issues