Security suite vendor McAfee debuts its 2010 product line today, introducing an overhauled interface and new features in a bid to remain competitive. The change to its interface is as dramatic a shift as the one that Avast introduced in its 2010 suites, although McAfee's look is drastically different from any major security program currently on the market. Most of the features in McAfee AntiVirus Plus, McAfee Internet Security, and McAfee Total Protection are not new, but the presentation is so radical that the improvements are likely to be glossed over. Users of older McAfee should note that VirusScan Plus has been renamed AntiVirus Plus.
The new main interface for McAfee's home consumer programs.
(Credit: Screenshot by Seth Rosenblatt/CNET)The biggest feature update comes to McAfee's real-time defense engine called Artemis. These engines are now a commonplace feature in the better antivirus programs. First introduced in late 2008, Artemis is McAfee's blend of blacklists, whitelists, and cloud analysis. In the 2010 versions, Brian Trombley, McAfee's director of consumer product management, said, Artemis works in conjunction with McAfee SiteAdvisor to scan downloads as they occur. The scans include using real-time URL, IP address, and domain name data to evaluate downloads for threats before they land on your hard drive.
The revamped engine allows McAfee to change its threat ratings on the fly, although the procedure has an escape hatch built in, so if it falsely flags a site as malicious, users can override the rating and push through. There is no user override for malicious files. By using McAfee's labs, malware research, e-mail research, and Web research, Trombley said that "the goal is to tie together actors and sites."
The firewall has changed, too, as McAfee has upgraded its home consumer firewall to match the one the company markets to businesses.
McAfee's new interface refocuses its features in a top-down format, which stands out from the typical left-nav and tabs design. At the top of the vertical window sits a notification bar, as many other security suites have. McAfee's stands out for not only color-coding what your status is, but also adding in what that means. So the "Your computer is secure" message is bolstered by a secondary one, "No action required." This may seem like a redundant statement, but Trombley said that three years of researching, the new interface and testing the improved features concluded that the change was essential for cutting down on user confusion.
Available at any time, the security report presents all essential security data in an easy-to-read, printable format.
(Credit: Screenshot by Seth Rosenblatt/CNET)Just below the status bar are supplementary status notifications, color-coded as well for ease of use. Real-time scanning, Updates, Firewall, and Subscription status sit on the left of the interface, while the time of your next scheduled scan and a link to change it reside on the right. Click on any of the four categories and the right pane change to reveal links to drill deeper into your security status. The Real-time scanning link, for example, offers additional links to scan, change your scan settings, or adjust real-time settings. This aspect of the interface is most similar to its competitors, although the big font and simplified terminology are appreciated for streamlining tasks.
Below all the status notifications are the guts of the program. Separated into four categories are Virus and Spyware Protection, Web and E-mail Protection, and Parental Controls (on McAfee Internet Security and Total Protection). Each one opens a small group of links that open further information about your scan settings, firewall and anti-spam controls, network protections, and parent control options.
One thing that's notable about McAfee's updates is that none of the lesser products has its security features hamstrung in an effort to get more people to upgrade. What's available in McAfee Total Protection, the high-end version, is nearly identical to what's in the basic consumer McAfee AntiVirus Plus. What McAfee hopes users will find worth upgrading for is its included Mozy Online Backup, with McAfee Internet Security users getting 1GB of free storage and McAfee Total Protection users getting 2GB free; and parental controls.
The Home Network Defense feature is only available in McAfee Total Protection. It lets you see network settings of yours and other computers on your network, and to mark a computer on your home network as an intruder that will prevent it from accessing other computers on the network.
Intuitively, links on the right change as you click categories on the left.
(Credit: Screenshot by Seth Rosenblatt/CNET)McAfee has discontinued several features from its previous versions. SystemGuards has been fully replaced by Artemis, and local backup has been replaced by Mozy. The Personal Information Protection, in which a user could enter personal data such as social security numbers or credit card information and expect to have its unintended dissemination over the Internet prevented was discontinued for not being effective. The PasswordVault for securing passwords on the Web has been replaced by browser-provided password protection, and the EasyNetwork system for local file sharing has been replaced by Windows 7's file-sharing system. This anticipates data just released, that in the few months that Windows 7 has been available to the public it has taken more than 10 percent of the operating system market share.
You should note that if you are switching to McAfee from another security vendor, it doesn't play nicely with other already-installed security apps and it will demand that you remove them before completing its own installation. Somewhat politely, it provides you with links to information on how to uninstall them.
As with most program overhauls, McAfee promises faster install times, faster scan times, more effective scans and a small memory footprint. CNET Labs hasn't finished testing the performance benchmarks against McAfee's competitors, and there's no third-party efficacy data yet available on McAfee 2010, but in empirical testing, the first fast scan finished in less than 10 minutes. Because of file marking, subsequent fast scans finished in less than one minute. Its first full scan took nearly 85 minutes.
Mouse over a sub-category to reveal its status.
(Credit: Screenshot by Seth Rosenblatt/CNET)According to McAfee, the first full scan will be 55 minutes faster on the 2010 version compared with the 2009 version. Subsequent full scans should be an astounding 120 minutes faster, from 135 minutes to 15 minutes. Also, according to McAfee, users should see their computers with the 2010 version start-up 300 percent faster than with the 2009 version, and that computer shutdowns with the new version should be 30 percent faster.
The most likely reason for the massive improvement in start-up time is that, like a few other security vendors, McAfee doesn't fully load all of its processes by the time that you can start using programs on your desktop. Trombley said that this doesn't affect the security of the computer, only that the McAfee interface isn't full accessible until about 90 seconds after the system tray icons appear.
Overall, though, McAfee's 2010 products felt light and didn't interfere with heavy computer use over a half-day of testing.
A one-computer license for McAfee AntiVirus Plus 2010 costs $39.99, while a three-computer license for McAfee Internet Security 2010 retails for $69.99, but it is currently available on McAfee's Web site for $20 off. McAfee Total Protection 2010 costs $79.99 for a three-computer license, but is also discounted currently by $20 on its Web site.
Critical infrastructure networks around the world are subject to repeated cyberattacks from foreign governments and other high-level adversaries that can be damaging and costly, according to a report McAfee released Thursday.
Attacks that lead to down time can cost more than $6 million per day, and more than $8 million at oil and gas companies, the report, "In the Crossfire--Critical Infrastructure in the Age of Cyberwar," found.
Meanwhile, respondents said they worry about attacks on critical infrastructure in their countries coming from the U.S. and China more than any other potential aggressors.
For the report, which was commissioned by security firm McAfee and researched and written by the Center for Strategic and International Studies, 600 IT and security executives from critical infrastructure enterprises in 14 countries were surveyed last September. The survey was not designed to be a statistically valid opinion poll, but serves as a "rough measure of executive opinion, a snapshot of the views of a significant group of decision makers."
Attacks range from distributed denial-of-service (DDOS) attacks designed to shut down systems and stealth network intrusions to extortion and theft of service, according to the survey. The most widely reported form of attack was infection with a virus or malware, which nearly 90 percent of respondents said their company experienced.
More than half of the executives surveyed said they had experienced large-scale DDOS attacks by organized crime, terrorists, or nation-state actors. The same proportion said their companies had been targeted with stealthy infiltration attacks, and nearly 60 percent said they believed foreign governments are behind attacks on critical infrastructure in their countries.
"There are absolutely foreign entities that would definitely conduct [cyber] reconnaissance of our power infrastructure," Michael Assante, chief security officer of the North American Electric Reliability Corp., is quoted as saying in the report. "They would be looking to learn, preposition themselves to get a foothold and try to maintain sustained access to computer networks."
Executives say that not only are they in general not prepared to deal with cyberattacks, but that they foresee more attacks, and major ones, in the not so distant future.
More than a third of the respondents think the cyberthreat is growing and two-fifths of IT executives expect a major cybersecurity incident to hit their sector within the next year, while a third of the respondents said operators in their area are not prepared for an attack by high-level adversaries.
Companies unprepared
The reports on security practices were interesting given that many executives said they didn't feel prepared for cyberattacks. Only 57 percent said their organization installed security patches and updated software on a regular schedule. And only one-third said they had policies to restrict or ban the use of USB sticks or other removable media that can be used to spread viruses and other malware and steal sensitive data.
Those findings back up conclusions of a recent Deloitte study that found that many organizations are not adequately prepared to deal with cyberattacks, and that they neglect basic security precautions like patching vulnerable software.
Firms running SCADA (Supervisory Control and Data Acquisition) or Industrial Control Systems for monitoring and controlling critical infrastructure face a particular conundrum with regard to security. Connecting the systems to IP networks like the Internet can improve efficiency, but it exposes what used to be private and secured systems to attack, experts say.
Of those responsible for using industrial control systems, 80 percent said the systems were connected to the Internet or some other IP network and more than half with systems connected that way said that created an "unresolved security issue."
This graph shows the percentage of respondents naming the U.S., China, or Russia as the country of 'most concern' in relation to foreign cyberattacks.
(Credit: McAfee/CSIS) Best and worst countries
Reports of cybersecurity adoption and victimization rates varied widely from country to country. Executives in China reported by far the highest rates of adoption of security measures, including encryption and strong user authentication, followed by the U.S., Australia, and the U.K. The lowest security adoption rates were found in Italy, Spain, and India.
However, China's overall security record is not noticeably better than that of countries that aren't as diligent about securing their critical infrastructure, according to the report.
"Chinese executives report a uniquely close level of cooperation with government, as well as high levels of regulation by, and confidence in government," the report said.
Although executives in India reported the highest levels of government regulation, China and Germany were close behind, while the U.S. respondents reported the lowest regulation levels. Most respondents said that regulation leads to improved security.
India, France, Spain, and Brazil were reported to have high victimization rates. Extortion was most common in India, Saudi Arabia/Middle East, China, and France and rare in the U.K. and U.S.
About 90 percent of respondents from Saudi Arabia said their sector was unprepared, while the most confident executives were from Germany, the U.K., U.S., and Australia.
A majority of executives believe that foreign governments are involved in network attacks against their country's critical infrastructure, and listed the United States and China as the most worrisome potential aggressors, followed by Russia in a distant third position.
"IT and security executives across the world show great ambivalence toward the United States," the report said. "It is the nation most often cited as a model in dealing with cybersecurity. At the same time, executives from many nations, including many U.S. allies, rank the United States as the country 'of greatest concern' in the context of foreign cyberattacks, just ahead of China."
Timely study
The report comes at an interesting time for executives and officials in the U.S. who are trying to figure out how to respond to recent attacks on Google and more than 30 other companies that Google says originated in China. As a result of the attack, which led to theft of unidentified intellectual property at Google, and separate attacks on Gmail users who are human rights activists, the search giant is threatening to stop censoring search results there and even exit the country if the Chinese government balks. Chinese officials have denied any involvement.
About "85 percent the critical infrastructure worldwide is run by commercial enterprises," said Phyllis Schneck, a vice president of threat intelligence for McAfee in the Americas and contributor to the report, in an interview. "This global event that surrounds the initial cyberattack we heard about from Google is a warning to how vulnerable our cybernetworks are."
The Christian Science Monitor also disclosed this week that three U.S. oil firms were targeted in attacks in 2008, including one that involved a computer in China. But the publication did not directly say that China was behind the attacks.
Tracing attacks back to their origin is extremely difficult if not impossible, the McAfee report says. This allows for plausible deniability for any entities fingered in attacks.
The report explores the role the government and regulation have on security. Many governments sponsor cybersecurity cooperation among critical infrastructure operators, participation in such initiatives is generally low, the report concluded.
Attackers targeting Google and a host of other U.S. companies recently used software that exploits a new hole in Internet Explorer, Microsoft said Thursday.
"Internet Explorer was one of the vectors" used in the attacks that Google disclosed earlier this week, Microsoft said in a statement. "To date, Microsoft has not seen widespread customer impact, rather only targeted and limited attacks exploiting IE 6," the statement said.
The vulnerability affects Internet Explorer 6, IE 7, and IE 8 on Windows 7, Vista, Windows XP, Server 2003, Server 2008 R2, as well as IE 6 Service Pack 1 on Windows 2000 Service Pack 4, Microsoft said in an advisory on Thursday afternoon.
Google disclosed the attacks targeting it and other U.S. companies on Tuesday and said the attacks originated in China. Human rights activists who use Gmail also were targeted, Google said.
Source code was stolen from some of the more than 30 Silicon Valley companies targeted in the attack, sources said. Adobe has confirmed that it was targeted by an attack, and sources have said Yahoo, Symantec, Juniper Networks, Northrop Grumman, and Dow Chemical also were targets.
Microsoft said the vulnerability in IE exists as an invalid pointer reference and that it could allow an attacker to take control of a computer if the target were duped into clicking on a link in an e-mail or an instant message that led to a Web site hosting malware. "It could also be possible to display specially crafted Web content using banner advertisements or other methods to deliver Web content to affected systems," Microsoft said in the statement.
Microsoft is working on a fix but could not say whether it would address the issue as part of its next Patch Tuesday scheduled for February 9 or before.
Keeping the IE Internet zone security setting on "high" will protect users from the vulnerability by prompting before running ActiveX Controls and Active Scripting, Microsoft said. Customers should also enable Data Execution Prevention (DEP), which helps mitigate online attacks, the company said. DEP is enabled by default in IE 8 but must be manually turned on in earlier versions.
Microsoft acknowledged Google, Mandiant, Adobe Systems, and McAfee for working with the company and providing details on the attack.
Operation Aurora
Earlier on Thursday, McAfee CTO George Kurtz detailed the vulnerability in a blog post.
"As with most targeted attacks, the intruders gained access to an organization by sending a tailored attack to one or a few targeted individuals. We suspect these individuals were targeted because they likely had access to valuable intellectual property," Kurtz wrote. "These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That's when the exploitation takes place, using the vulnerability in Microsoft's Internet Explorer."
Many targeted attacks involve a "cocktail" of zero-day vulnerabilities combined with social engineering, he said. "So there very well may be other attack vectors that are not known to us at this time," he wrote.
Initially, security researchers investigating the attacks believed that a hole in Adobe Reader was a culprit, but Adobe has said that it has no evidence to suggest that a vulnerability in its technology was an attack vector.
McAfee believes the internal name attackers gave to the operation was "Aurora," which the code indicated was the directory name on the computer where the code was compiled into an executable file, said Dmitri Alperovitch, vice president of threat research at McAfee.
The attack was notable for its level of sophistication, using obfuscation techniques not typically seen in attacks on corporations, he said. It dropped about 10 different malicious files with different capabilities that were used at different stages of the infection and used crypto and other techniques to avoid detection, he added.
"The exploit itself was a piece of JavaScript code that encrypted itself and had multiple layers of encryption that got you to the executable binary code, which phoned home and then pulled an encrypted file from an external server," Alperovitch said. "That file used multiple keys for encryption and once it was decrypted it turned into an executable that dropped various modules onto the infected system."
One of the modules was a back door that phoned home to a different server and established an encrypted channel designed to avoid detection by masquerading as an Secure Sockets Layer protocol, he said. "That allowed the hackers to connect to the machine and basically take it over remotely. From then on they had a beachhead to explore the rest of the network for reconnaissance."
Asked what what type of data or areas of the network the code was programmed to look for or access, Alperovitch said "We saw the backdoor, but we did not see the capability in the malware to scan networks and locate things."
The attacks lasted about three weeks, from mid-December until January 4 and were most likely timed to coincide with the holiday season when offices would be closed or lightly staffed, he said.
In early January the command-and-control channels that the code used to receive instructions from the attackers were shut down, he said, adding, "So, we could not verify where the data was going or whether there were links to China."
He said he does not know why the command-and-control servers were shut down. They were located in Taiwan and in Texas and Illinois, he said.
"We believe this attack is a watershed moment," Alperovitch said. "We've never seen this level of sophistication on attacks targeting commercial companies that aren't affiliated with a government or the defense industrial base."
Wired initially reported the IE hole earlier on Thursday, citing an unnamed source.
Updated 7:10 p.m. PST with more details from McAfee and 3:30 p.m. PST with Microsoft advisory and details and 2:33 p.m. PST to clarify that Google, not McAfee, said attacks came from China and 1:05 p.m. PST with Microsoft comment and more details from McAfee's George Kurtz.
Red means danger. And orange offers plenty of risk, too. (Click for a larger view of the map.)
(Credit: McAfee)You may want to think twice if you hit a site with a .cm extension. That belongs to Cameroon, pegged by McAfee as the world's riskiest domain.
McAfee's third annual "Mapping the Mal Web" report, released Wednesday, looks at riskiest and safest domains across the globe. The small nation on the west coast of Africa reached the top spot this year with 36.7 percent of its sites posing a security risk. Because .cm is often a typo for .com, McAfee said, cybercrooks like to use that domain to set up typo-squatted sites to hit you with malware.
The generic and widely used .com domain itself isn't much safer, according to McAfee, jumping from ninth last year to second this year in riskiness, with 32.2 percent of its sites potentially hazardous to your PC's health.
(Credit:
McAfee)
Romania (.ro) is tagged as the riskiest domain for malicious downloads, with 21 percent of its sites delivering payloads of viruses, spyware, and adware. The information (.info) domain is seen by McAfee as the most "spammy," with 17.2 percent of its sites generating junk mail.
On the positive side, the government (.gov) is the safest generic domain with essentially 0 percent risk, while Japan (.jp) proved the safest country domain with a rating of only 0.1 percent. Last year's riskiest domain, Hong Kong (.hk) dropped to 34th place with a risk rating of only 1.1 percent, which McAfee attributed to the country's aggressive steps to stop scam-related domain registrations.
(Credit:
McAfee)
"This report underscores how quickly cybercriminals change tactics to lure in the most victims and avoid being caught. Last year, Hong Kong was the riskiest domain and this year it is dramatically safer," Mike Gallagher, chief technology officer for McAfee Labs, said in a statement. "Cybercriminals target regions where registering sites is cheap and convenient, and pose the least risk of being caught."
Overall, looking at 27 million Web sites and 104 top-level domains, McAfee found that 1.5 million sites, or 5.8 percent, were risky. That's up from 4.1 percent from the past two years, although the comparison is not direct since McAfee said it changed its rating methodology since then.
McAfee noted that cybercriminals who create domains to scam people prefer registrars with cheap prices, volume discounts, and hefty refund policies. Crooks also like registrars with a "no questions asked" policy and that act slowly or not at all when informed of malicious domains.
Retailers aren't the only ones gearing up for the holiday season. Criminals are also out in force.
To highlight the increased crime during the holidays, security company McAfee has come up with the "12 Scams of Christmas" ranging from bogus electronic greeting cards that deliver malware instead of cheer to fake charities that steal your money and your identity.
It's especially important to be extra careful this time of year, says McAfee's David Marcus. "The bad guys know people are spending more time online, they're paying more bills online so [the criminals] stand a chance of being a bit more successful this time of year.
In a podcast interview (scroll down to listen), Marcus counted down the 12 scams of Christmas starting with:
- Charitable phishing scams: Marcus warns consumers to be wary of e-mails that appear to be from legitimate charities. Not only will they take your money and deprive charities of needed funds, but they will also steal your credit card information and identity.
- Fake invoices from delivery services: During this period, scammers will send out fake invoices and delivery notifications appearing to come from Federal Express, UPS, the U.S. Postal Service or even the U.S. Customs Service saying that they were unable to deliver a package to your address. They ask you to confirm your address and give them credit card information to pay for delivery.
- Social networking friend requests: Bad guys take advantage of this social time of year by sending out authentic looking friend requests via e-mail. Marcus recommends that you not click on those links but sign into Facebook and other services and look for friend requests from the site itself. Clicking on a link could install malware on your computer or trick you into revealing your password.
- Holiday e-cards: Be careful before clicking on a holiday e-card, especially if it's from a site you haven't heard of. This is a way to deliver malware, pop-ups, and other forms of unwanted advertising. Some fake e-cards will look like they come from Hallmark or other legitimate companies, so pay close attention and make sure it's from someone you know. If you're going to send an e-card, be sure you're dealing with a reputable service lest you risk infecting yourself and your friends.
- Fake "luxury" jewelry: If you see an offer for luxury gifts from companies like Cartier, Gucci, and Tag Heuer at a price that's too good to be true, it probably isn't true. These links could lead you to malware and take your money or merchandise that will probably never arrive (or be fake if it does). Some of these sites, according to McAfee, even display the logos of the Better Business Bureau.
- Practice safe holiday shopping. Make sure your wireless network is secure and be sure you're shopping on sites that are secure. Though it isn't an iron clad guarantee, you should look for the lock icon in the lower right corner of your browser and make sure the Web page starts with https. The "s" stands for "secure."
- Christmas carol lyrics can be dangerous: Bad guys know that people are searching for holiday related sites for music, holiday graphics, and other festive media. During this time, they create fraudulent holiday related sites.
- Job search related scams: With the unemployment rate at 10.2 percent, there are plenty of job seekers looking for work. Beware of online offers for high paying jobs or at-home money making schemes. Some of these sites ask for money up front, which is a good way for criminals not only to steal your "set up fee" but misuse your credit card too. Marcus said that some "get rich quick" sites are all about money laundering, asking you to accept an inbound financial transfer and pay them.
- Auction site fraud: McAfee has observed a rise in fake auction sites during the holidays. Make sure you're actually going to eBay or whatever site you plan to deal with.
- Password stealing scams: Criminals use low-cost tools to uncover passwords, in some cases planting key logger software to record keystrokes. Once they get your passwords, they gain access to bank accounts and credit card accounts and send spam from your e-mail accounts.
- E-mail banking scams: A common type of phishing scam is sending out official looking e-mails that appear to come from your bank. Don't click on any links but type in your bank's Web address manually if you need to access your account.
- Files for ransom: Hackers use malware to gain control of your computer and lock your data files. To access your own data you have to pay them ransom.
Listen to Larry's interview with McAfee's David Marcus
Listen now: Download today's podcast
Countries armed with "cyberweapons," according to McAfee.
(Credit: McAfee)In particular, countries gearing up for cyberoffensives are the U.S., Israel, Russia, China, and France, the says the report, compiled by former White House Homeland Security adviser Paul Kurtz and based on interviews with more than 20 experts in international relations, national security and Internet security.
"We don't believe we've seen cases of cyberwarfare," said Dmitri Alperovitch, vice president of threat research at McAfee. "Nations have been reluctant to use those capabilities because of the likelihood that [a big cyberattack] could do harm to their own country. The world is so interconnected these days."
Threats of cyberwarfare have been hyped for decades. There have been unauthorized penetrations into government systems since the early ARPANET days and it has long been known that the U.S. critical infrastructure is vulnerable.
However, experts are putting dots together and seeing patterns that indicate that there is increasing intelligence gathering and building of sophisticated cyberattack capabilities, according to the report titled "Virtually Here: The Age of Cyber Warfare."
"While we have not yet seen a 'hot' cyberwar between major powers, the efforts of nation-states to build increasingly sophisticated cyberattack capabilities, and in some cases demonstrate a willingness to use them, suggest that a 'Cyber Cold War' may have already begun," the report says.
Because pinpointing the source of cyberattacks is usually difficult if not impossible, the motivations can only be speculated upon, making the whole cyberwar debate an intellectual exercise at this point. But the report offers some theories.
For instance, Alperovitch speculates that the July 4 attacks denial-of-service on Web sites in the U.S. and South Korea could have been a test by an foreign entity to see if flooding South Korean networks and the transcontinental communications between the U.S. and South Korea would disrupt the ability of the U.S. military in South Korea to communicate with military leaders in Washington, D.C., and the Pacific Command in Hawaii.
"The ability of the North Koreans to disable cybercommunications between the U.S. and South Korea would give them a huge strategic advantage" if they were to attack South Korea, he said.
There have been earlier attacks that smack of cyberwarfare too. Estonian government and commercial sites suffered debilitating denial-of-service attacks in 2007, and last year sites in Georgia were attacked during the South Ossetia war, orchestrated by civilian attackers, the report says.
The report concludes that if we aren't seeing it already, cyberwarfare will be a reality soon enough.
"Over the next 20 to 30 years, cyberattacks will increasingly become a component of war," William Crowell, a former NSA deputy director, is quoted as saying. "What I can't foresee is whether networks will be so pervasive and unprotected that cyberwar operations will stand alone."
Scammers are targeting social networks with phishing scams and relying more heavily on worms and Trojans to attack computers, according to security trend reports to be released Monday by Microsoft and McAfee.
Phishing attacks saw a big spike in May and June, primarily because of campaigns targeting social-networking sites, according to Microsoft's report covering the first half of 2009. Gaming sites, portals, and Web sites of banks and retailers were also popular targets for phishing attacks, the report said.
Trojans top the list of threats to computer security, according to Microsoft's latest Security Intelligence Report.
(Credit: Microsoft)Trojans, including rogue security software, remained the most prevalent category of threats, while Microsoft statistics show that worms rose from fifth place in the second half of last year to become the second most prevalent category, led by Conficker and followed by Taterf, which targets multiplayer online role-playing games.
During the first half of the year, Microsoft detected and cleaned rogue security software--which displays false antivirus warnings to trick people into paying for software they don't need--from 13.4 million computers. That was down from 16.8 million computers in the second half of last year.
Most of the drive-by download pages are hosted on legitimate Web sites that have been compromised by attackers through intrusion or malicious code posted to a poorly secured Web form, such as a blog comment field. The Trojan Downloaders & Droppers category was the type of malware most often delivered in drive-by attacks, according to Microsoft.
The number of total unique vulnerability disclosures across the industry was down sharply from a year ago. While browser vulnerabilities increased slightly, application vulnerabilities dropped and operating system holes were flat, Microsoft said.
Microsoft software accounted for 6 of the top 10 browser-based holes attacked on Windows XP computers, compared with only one on Vista computers. Of the top 10 browser-based holes exploited on computers running Vista, 2 targeted Adobe Reader and the most significant one targeted Adobe Flash Player. In the third spot was an exploit aimed at Internet Explorer.
Infection rates for Windows Vista were significantly lower than Windows XP, while the rate for Windows Server 2008 was less than Server 2003.
Microsoft released 27 security bulletins in the first half of the year, addressing 85 individual vulnerabilities. Of those, 11 were exploited within the first 30 days after the release of the security bulletin.
As far as computer security consciousness, the U.S. is in the middle, according to George Stathakopoulos, general manager of Microsoft's Trustworthy Computing Group. Japan is at or near the top of the list and Germany is high up too, he said.
"We are average," he added. "We are not one of the cleanest countries, we are dead on in the middle."
McAfee's report showed the U.S. as the top country when it comes to the number of compromised computers that are zombies used in botnets to do things like send spam, followed by China and Brazil. The U.S. also is the top distributor of spam and has the most servers hosting malware, McAfee said.
Spam comprises 92 percent of all e-mail. It jumped 24 percent from a year ago, McAfee said.
More midsize companies are being attacked by cybercriminals at the same time they're spending less on security, says a McAfee report released Wednesday.
Across the world, more than half of the 900 midsize businesses (51 to 1,000 employees) surveyed by McAfee for its report, The Security Paradox, said they've seen an increase in security breaches over the past year. Despite the threat, the recession has caused most of these companies to freeze their IT security budgets.
(Credit:
McAfee)
McAfee found that the costs of dealing with a security attack can be high. Over the last year, one of five midsize companies surveyed lost $41,000 in sales on average as a result of a breach. In China alone, 38 percent of the businesses questioned lost an average of $85,000 due to an attack. And more than 70 percent believe a serious data breach could put them out of business, noted the report.
(Credit:
McAfee)
But as the recession has grown, IT budgets have dropped. Almost 40 percent of the companies trimming their IT security budget plan to limit the purchase of new security products. And more than a third are switching to cheaper security software to cut expenses, even though they realize that may put them at greater risk.
"An organization's level of worry and awareness about increasing threats has not overcome the downward pressure on budgets and resources," said Darrell Rodenbaugh, senior vice president of global midmarket for McAfee, in a statement. "But this creates a vicious cycle of breach and repair that costs far more than prevention."
Midsize companies also may underestimate their risk, according to McAfee. Among companies with fewer than 500 employees, more than 90 percent believe they're protected from cybercriminals and feel they don't face the same threats that larger firms do.
But McAfee discovered that businesses with 101 to 500 people had on average 24 security breaches over the past three years, compared to 15 breaches for those with 501 to 1,000 employees.
In the long run, dealing with the aftermath of a security attack eats up a company's time and expenses. The study found that 65 percent of firms spend less than four hours a week on IT security, but around the same percentage have spent more than a day recovering from security breaches.
"Our research shows that organizations that put more effort on preventing attacks can end up spending less than a third as much as those that allow themselves to be at risk," said Rodenbaugh.
The study was conducted by research firm MSI International, which surveyed 100 midsize businesses in each of the following countries: U.S., U.K., Australia, Canada, China, France, Germany, India, and Spain. The results were compared with prior studies done in North America and Europe.
Updated 1:45am PST Tuesday with pricing information.
McAfee has released a new security suite designed to help businesses better handle security for their growing segment of Macintosh computers.
Targeting small to large companies, McAfee Endpoint Protection for Mac provides antivirus and antispyware features, and both an inbound and outbound firewall, McAfee said Tuesday.
The company is positioning the tool as a plus for IT administrators and for users. Administrators can use the same console to manage McAfee security on both Mac and Windows machines, said the company. The software lets administrators deny or control which applications can run on supported Macs. The suite's ePolicy Orchestrator tool can also generate reports of malicious activity for review.
Some have debated whether the Mac needs security software since it has traditionally been a less visible target than Windows for attack. But with Internet threats continually on the rise, few computer environments are completely immune. Even Apple has advised Mac users to protect themselves with security software.
Antivirus software for the Mac has been sold for a long time by companies such as Symantec and McAfee. But most products have been geared to the individual user.
McAfee sees its Endpoint Protection suite as filling a growing need at schools, companies, and government agencies that have adopted more Macs in recent years.
"The demand for Macintosh in the enterprise is steadily growing, yet organizations are either not using any security technology for these endpoints, or they are using a standalone, non-manageable anti-virus protection solution," Peter Lincoln, IT director at Aquent, said in a statement provided by McAfee. "The use of McAfee Endpoint Protection for Mac enables us to have complete protection on all our endpoints. Using the same integrated management console also allows us to lower our operational cost and ensure security and compliance."
A survey conducted last year by ITIC showed that a greater number of companies were planning to allow Macs into their workforce.
McAfee Endpoint Protection for Mac is compatible with the latest release of Apple's Snow Leopard as well as existing Leopard and Tiger environments. A McAfee spokesperson said the product's retail price would be $55.08 per computer for a network of 500 - 1000 computers. The pricing includes one year of Gold technical support.
With security and cloud-computing both hot-button topics, Verizon Communications and McAfee are joining forces to offer customers a combination of the two.
Verizon's business unit and McAfee announced Thursday a new joint venture to sell cloud-based security products and services to large businesses and government agencies. With more companies tapping into the "cloud" to lower costs and outsource administration, McAfee and Verizon will sell a new suite of cloud-based security products, expanding on Verizon's current lineup.
Managed by Verizon, the new cloud-based services will offer an array of security products, including firewalls, intrusion prevention, anti-malware, and Secure Socket Layer (SSL) virtual private networks (VPNs).
"This strategic agreement with McAfee enables us to drive even more complete and integrated IT solutions to enterprises across the world," said Kerry Bailey, senior vice president of Verizon Business global solutions. "Our newly expanded and next-generation cloud capabilities will enable organizations to better use security as a strategic tool and business enabler."
The team-up will also allow Verizon and McAfee to tap into each other's portfolio of products and services.
Verizon will offer its customers McAfee's entire line of security software and will soon provide McAfee's PCI (Payment Card Industry) compliance services to banks and other organizations that need to secure credit card data.
The PCI services will be targeted to "Level 4" merchants--businesses that manage up to 1 million credit card transactions each year. Verizon said this business class is at the highest risk for security breaches and accounts for one-third of all credit card transactions. In April, Verizon released a report showing that more payment card records were breached in 2008 than in the previous four years combined.
McAfee's customers will now be able to contact Verizon's network of 1,200 security professionals for assistance on setting up and managing in-house security.
Finally, Verizon will help McAfee consolidate its data centers, so that McAfee can better offer 24/7 management for its own Web hosting and cloud-based services.
Verizon and McAfee will target the new products and services to small-to-medium companies, large enterprises, and government entities.
McAfee has been pushing to grow beyond the consumer market through a series of deals and acquisitions. In July, the company said it would buy MX Logic, which provides cloud-based e-mail and other services. In May, McAfee bought white-listing vendor Solidcore.
