Tuesday, March 3, 2009

Best Antiviruses

Best Antivirus Software - Editor's Choice
#1 Trend Micro Antivirus Internet Security 2009
Review date: 02.26.2009

Description:

Trend Micro Internet Security 2009 provides comprehensive and easy to use protection from viruses, intruders, and other Internet-based threats. Inexpensive product received excellent scores in our performance tests.

Screenshots

Price:

$49.95


Advanced Features:

  • Comprehensive Virus Detection
  • Spyware and Adware Protection
  • Computer Scans
  • Automatic Virus Pattern Updates
  • Enhanced Software History Cleaner
  • Blocks Image Spam
  • Effective Antivirus Protection
  • Excellent value

Review:

Best of all, the anti-virus engine protects against computer viruses, worms, Trojan horse
programs, and related security threats.
  • You can track unauthorized changes to your operating system
  • Automatically download the latest signature updates. Quarantined File Recovery
  • Real-time Protection. You can run scheduled and manual scans
  • Remote File Lock safeguards your private files in case your laptop is lost or stolen.
  • Free phone, email and chat support, with your annual subscription.
  • Automatic updates immunize you against new computer virus outbreaks.
  • Protect your privacy by getting rid of records listing Web sites and files recently opened.
Powerful anti-spyware technology guards your personal information and privacy against spyware, rootkits and other malicious software. Trend Micro Internet Security 2009 covers the basics, providing antivirus, antispyware, antiphishing, antispam, two-way firewall, and, unlike other Internet Security suites, includes parental controls.

#2 Norton Antivirus 2009
Review date: 02.25.2009

Description:

Norton AntiVirus 2009 provides fast, responsive defense against all types of malicious software. The new Norton Protection System employs a multilayered set of security technologies that work in concert to detect, identify, and block attacks.

Screenshots

Price:

$39.99


Main Features:

  • Advanced antivirus with anti-spyware
  • Up-to-the-minute protection
  • File access protection module
  • Automatic Virus Pattern Updates
  • Defends against Web-based attacks
  • Real-time Monitoring
  • Scans all Internet traffic in real time
  • Free Technical Support

Review:

The most trusted Symantec Norton Antivirus have updates their latest product Norton Antivirus 2009, have released and gives a faster and better performance of your pc against Viruses and spywares.
  • Light weight and very fast
  • Different scan options
  • Nice interface, broad range of features, reasonably easy to use
  • Free phone, email and chat support, with your annual subscription.
  • Monitors all processes and registry changes
  • Blocks browser exploits and protects against infected Web sites.
New Norton Internet Worm Protection blocks certain more sophisticated worms (such as Blaster and Sasser) before they enter your computer. A good product for keeping your computer safe from viruses. All regular telephone technical support calls are free.

#3 Panda Antivirus Pro 2009
Review date: 02.24.2009

Description:

Panda Antivirus features a new ultraFast scan engine, 30% faster than its predecessors, Panda's exclusive SmartClean technology. In a nutshell, a good antivirus solution for Windows, that keeps your computer protected from any Internet threats.

Screenshots

Price:

$49.95


Main Features:

  • Automatically eliminates viruses
  • Anti-Malware Protection
  • On-demand scanning
  • Automatic Virus Pattern Updates
  • Technical support service
  • Scans Internet traffic

Review:

Anti-Rootkit Technology detects and removes silently-installed rootkits used by
malware or intruders to evade traditional antivirus products.
  • You can run scheduled and manual scans
  • Identity protection: Anti-Phishing Filter, Anti-Banking Trojans Engin
  • Personal Firewall protects you against Internet-borne worms and hacker attacks
  • Remote File Lock safeguards your private files in case your laptop is lost or stolen.
  • Protect your privacy by getting rid of records listing Web sites and files recently opened.
Panda 2009 products offer a better customer experience than before, thanks to the new registration process and the new user interface. The scanning features have been sped up and the new interface is a clean and modern take on a time-tested product. The 2009 products incorporate TruPrevent, Panda's engine for behavior-based malware detection.

#4 ZoneAlarm Anti-virus 2009
Review date: 02.24.2009

Description:

New engine delivers the best virus protection with significantly enhanced detection and removal capabilities. A configuration wizard leads you through setup, making it easy for everyday users to secure their systems fast.

Screenshots

Price:

$19.95

Software Summary:

The ZoneAlarm online forums are active, with users worldwide eager and willing to answer your question.


Main Features:

  • On demand scanner interface
  • Advanced proactive detection
  • E-mail scanning
  • Advanced antivirus, spyware removal protection

Review:

Enhanced detection and removal capabilities stop even the latest and most aggressive viruses before they infect your PC.
  • Pre-loaded security settings provide easy, instant protection
  • Easy setup includes a new interface and pre-scan
  • Automatic update notification keeps Internet security current
Easy-to-Use Security:
Auto-Learn is a system that automatically configures security settings based on a user's unique computer environment and behavior, making the initial set-up virtually silent.

#5 PC Tools Antivirus
Review date: 02.23.2009

Description:

PC Tools AntiVirus will thoroughly scan and protect your PC from virus attacks.

Screenshot

Price:

$29.95

Software Summary:

Designed for Windows® Vista 32-bit, XP and 2000. Size: 22,906 KB.


Main Features:

  • Detects, destroys viruses, trojans, worms
  • Automatically checks for frequent updates
  • System restore

Review:

PC Tools AntiVirus program is easy to use and navigate.
  • Protects you against the most nefarious cyber-threats attempting to gain access to your PC and personal details
  • Provides protection, with rapid database updates, IntelliGuard real-time file
  • New improved scan engine, smaller memory footprint
  • Designed to work silently in the background
On average, PC Tools updates their virus definitions on a daily basis.

Latest Scares


Latest 10 virus alerts
3 MarTroj/Banloa-EE
3 MarTroj/DwnLdr-HOX
3 MarTroj/Fakevir-KN
3 MarTroj/FakeVir-KT
3 MarTroj/Mdrop-BZZ
3 MarTroj/PDFJs-AC
3 MarTroj/PWS-AZF
3 MarW32/AutoRun-ZX
3 MarTroj/Agent-JCC
3 MarTroj/Agent-JCD
Source: Sophos
Add this info to your website

Top 10 viruses in February 2009
1Troj/Invo-Zip
2W32/Netsky
3Mal/EncPk-EI
4Troj/Pushdo-Gen
5Troj/Agent-HFU
6Mal/Iframe-E
7Troj/Mdrop-BTV
8Troj/Mdrop-BUF
9Troj/Agent-HFZ
10Troj/Agent-HGT
Source: Sophos
Add this info to your website

Top 10 virus hoaxes
1Hotmail hoax
2A virtual card for you
3Meninas da Playboy
4Olympic torch
5MSN is closing down
6Bonsai kitten
7Justice for Jamie
8Budweiser frogs screensaver
9Bill Gates fortune
10Heart attacks and warm water
Source: Sophos
Add this info to you

Cryptography

Government agencies, banks, and many corporations now routinely send a great deal of confidential information from one computer to another. Such data are usually transmitted via telephone lines or other nonprivate channels, such as the Internet. Continuing development of secure computer systems and networks will ensure that confidential information can be securely transferred across computer networks.

In the early 1970s, Horst Feistel, a scientist at International Business Machines Corporation (IBM Corporation), developed LUCIFER, a computerized cryptosystem that used both substitution and transposition.

In 1977 the United States National Bureau of Standards (now the National Institute of Standards and Technology [NIST]) developed a cryptographic technique called the Data Encryption Standard (DES). DES was based on LUCIFER and made use of the computer binary code (converting plaintext to bits, or binary digits of 1s and 0s). DES transformed 64-bit segments of information into 64-bit segments of ciphertext using a key that was 56 bits in size. Each user randomly selected a key and revealed it only to those persons authorized to see the protected data. DES was broken in 1998.

In 1978 three American computer scientists, Ronald L. Rivest, Adi Shamir, and Leonard Adleman, who later founded the company RSA Data Security, created the Rivest-Shamir-Adleman (RSA) system. The RSA system uses two large prime numbers, p and q, multiplied to form a composite, n. The formula n = pq, capitalizes on the very difficult problem of factoring prime numbers. See also Encryption; Number Theory.

As more and more information is transferred over computer networks, computer scientists continue to develop more secure, complex algorithms. In 1997 the NIST began coordinating development of a replacement for DES called Advanced Encryption Standard (AES). AES will use a more complex algorithm, based on a 128-bit encryption standard instead of the 64-bit standard of DES. This 128-bit algorithm will make AES impossible to decrypt with current technology.

Another encryption system based on 128-bit segments is called International Data Encryption Algorithm, or IDEA. The Swiss Federal Institute of Technology developed the IDEA standard in the 1990s. Computer scientists have also proposed alternatives such as public-key cryptosystems (PKCs), which use two types of keys, a public key and a private key. The public key encrypts data, and a corresponding private key decrypts it. The user gives the public key out to other users, and they can use the public key for encrypting messages to be sent to the user. The user keeps the private key secret and uses it to decrypt received messages. An example of a PKC is the RSA system, described above.

CRYPTANALYSIS

Cryptanalysis is the art of analyzing ciphertext to extract the plaintext or the key. In other words, cryptanalysis is the opposite of cryptography. It is the breaking of ciphers. Understanding the process of code breaking is very important when designing any encryption system. The science of cryptography has kept up with the technological explosion of the last half of the 20th century. Current systems require very powerful computer systems to encrypt and decrypt data. While cryptanalysis has improved as well, some systems may exist that are unbreakable by today’s standards.

Today’s cryptanalysis is measured by the number and speed of computers available to the code breaker. Some cryptographers believe that the National Security Agency (NSA) of the United States has enormous, extremely powerful computers that are entirely devoted to cryptanalysis.

The substitution ciphers described above are easy to break. Before computers were available, expert cryptanalysts would look at ciphertext and make guesses as to which letters were substituted for which other letters. Early cryptanalysis techniques included computing the frequency with which letters occur in the language that is being intercepted. For example, in the English language, the letters e, s, t, a, m, and n occur much more frequently than do q, z, x, y, and w. So, cryptanalysts look at the ciphertext for the most frequently occurring letters and assign them as candidates to be e, s, t, a, m, and n. Cryptanalysts also know that certain combinations of letters are more common in the English language than others are. For example, q and u occur together, and so do t and h. The frequency and combinations of letters help cryptanalysts build a table of possible solution letters. The more ciphertext that is available, the better the chances of breaking the code.

In modern cryptographic systems, too, the more ciphertext that is available to the code breaker, the better. For this reason, all systems require frequent changing of the key. Once the key is changed, no more ciphertext will be produced using the former key. Ciphertext that is produced using different keys—and frequently changed keys—makes the cryptanalyst’s task of code breaking difficult.

what is a virus

Virus

I

INTRODUCTION

Virus (computer), a self-duplicating computer program that spreads from computer to computer, interfering with data and software. Just as biological viruses infect people, spreading from person to person, computer viruses infect personal computers (PCs) and servers, the computers that control access to a network of computers. Some viruses are mere annoyances, but others can do serious damage. Viruses can delete or change files, steal important information, load and run unwanted applications, send documents via electronic mail (e-mail), or even cripple a machine’s operating system (OS), the basic software that runs the computer.

II

HOW INFECTIONS OCCUR

A virus can infect a computer in a number of ways. It can arrive on a floppy disk or inside an e-mail message. It can piggyback on files downloaded from the World Wide Web or from an Internet service used to share music and movies. Or it can exploit flaws in the way computers exchange data over a network. So-called blended-threat viruses spread via multiple methods at the same time. Some blended-threat viruses, for instance, spread via e-mail but also propagate by exploiting flaws in an operating system.

Traditionally, even if a virus found its way onto a computer, it could not actually infect the machine—or propagate to other machines—unless the user was somehow fooled into executing the virus by opening it and running it just as one would run a legitimate program. But a new breed of computer virus can infect machines and spread to others entirely on its own. Simply by connecting a computer to a network, the computer owner runs the risk of infection. Because the Internet connects computers around the world, viruses can spread from one end of the globe to the other in a matter of minutes.

III

TYPES OF VIRUSES

There are many categories of viruses, including parasitic or file viruses, bootstrap-sector, multipartite, macro, and script viruses. Then there are so-called computer worms, which have become particularly prevalent. A computer worm is a type of virus. However, instead of infecting files or operating systems, a worm replicates from computer to computer by spreading entire copies of itself.

Parasitic or file viruses infect executable files or programs in the computer. These files are often identified by the extension .exe in the name of the computer file. File viruses leave the contents of the host program unchanged but attach to the host in such a way that the virus code is run first. These viruses can be either direct-action or resident. A direct-action virus selects one or more programs to infect each time it is executed. A resident virus hides in the computer's memory and infects a particular program when that program is executed.

Bootstrap-sector viruses reside on the first portion of the hard disk or floppy disk, known as the boot sector. These viruses replace either the programs that store information about the disk's contents or the programs that start the computer. Typically, these viruses spread by means of the physical exchange of floppy disks.

Multipartite viruses combine the abilities of the parasitic and the bootstrap-sector viruses, and so are able to infect either files or boot sectors. These types of viruses can spread if a computer user boots from an infected diskette or accesses infected files.

Other viruses infect programs that contain powerful macro languages (programming languages that let the user create new features and utilities). These viruses, called macro viruses, are written in macro languages and automatically execute when the legitimate program is opened.

Script viruses are written in script programming languages, such as VBScript (Visual Basic Script) and JavaScript. These script languages can be seen as a special kind of macro language and are even more powerful because most are closely related to the operating system environment. The 'ILOVEYOU' virus, which appeared in 2000 and infected an estimated 1 in 5 personal computers, is a famous example of a script virus.

Strictly speaking, a computer virus is always a program that attaches itself to some other program. But computer virus has become a blanket term that also refers to computer worms. A worm operates entirely on its own, without ever attaching itself to another program. Typically, a worm spreads over e-mail and through other ways that computers exchange information over a network. In this way, a worm not only wreaks havoc on machines, but also clogs network connections and slows network traffic, so that it takes an excessively long time to load a Web page or send an e-mail.

IV

ANTI-VIRAL TACTICS

A

Preparation and Prevention

Computer users can prepare for a viral infection by creating backups of legitimate original software and data files regularly so that the computer system can be restored if necessary. Viral infection can be prevented by obtaining software from legitimate sources or by using a quarantined computer—that is, a computer not connected to any network—to test new software. Plus, users should regularly install operating system (OS) patches, software updates that mend the sort of flaws, or holes, in the OS often exploited by viruses. Patches can be downloaded from the Web site of the operating system’s developer. However, the best prevention may be the installation of current and well-designed antiviral software. Such software can prevent a viral infection and thereby help stop its spread.

B

Virus Detection

Several types of antiviral software can be used to detect the presence of a virus. Scanning software can recognize the characteristics of a virus's computer code and look for these characteristics in the computer's files. Because new viruses must be analyzed as they appear, scanning software must be updated periodically to be effective. Other scanners search for common features of viral programs and are usually less reliable. Most antiviral software uses both on-demand and on-access scanners. On-demand scanners are launched only when the user activates them. On-access scanners, on the other hand, are constantly monitoring the computer for viruses but are always in the background and are not visible to the user. The on-access scanners are seen as the proactive part of an antivirus package and the on-demand scanners are seen as reactive. On-demand scanners usually detect a virus only after the infection has occurred and that is why they are considered reactive.

Antivirus software is usually sold as packages containing many different software programs that are independent of one another and perform different functions. When installed or packaged together, antiviral packages provide complete protection against viruses. Within most antiviral packages, several methods are used to detect viruses. Checksumming, for example, uses mathematical calculations to compare the state of executable programs before and after they are run. If the checksum has not changed, then the system is uninfected. Checksumming software can detect an infection only after it has occurred, however. As this technology is dated and some viruses can evade it, checksumming is rarely used today.

Most antivirus packages also use heuristics (problem-solving by trial and error) to detect new viruses. This technology observes a program’s behavior and evaluates how closely it resembles a virus. It relies on experience with previous viruses to predict the likelihood that a suspicious file is an as-yet unidentified or unclassified new virus.

Other types of antiviral software include monitoring software and integrity-shell software. Monitoring software is different from scanning software. It detects illegal or potentially damaging viral activities such as overwriting computer files or reformatting the computer's hard drive. Integrity-shell software establishes layers through which any command to run a program must pass. Checksumming is performed automatically within the integrity shell, and infected programs, if detected, are not allowed to run.

C

Containment and Recovery

Once a viral infection has been detected, it can be contained by immediately isolating computers on networks, halting the exchange of files, and using only write-protected disks. In order for a computer system to recover from a viral infection, the virus must first be eliminated. Some antivirus software attempts to remove detected viruses, but sometimes with unsatisfactory results. More reliable results are obtained by turning off the infected computer; restarting it from a write-protected floppy disk; deleting infected files and replacing them with legitimate files from backup disks; and erasing any viruses on the boot sector.

V

VIRAL STRATEGIES

The authors of viruses have several strategies to circumvent antivirus software and to propagate their creations more effectively. So-called polymorphic viruses make variations in the copies of themselves to elude detection by scanning software. A stealth virus hides from the operating system when the system checks the location where the virus resides, by forging results that would be expected from an uninfected system. A so-called fast-infector virus infects not only programs that are executed but also those that are merely accessed. As a result, running antiviral scanning software on a computer infected by such a virus can infect every program on the computer. A so-called slow-infector virus infects files only when the files are modified, so that it appears to checksumming software that the modification was legitimate. A so-called sparse-infector virus infects only on certain occasions—for example, it may infect every tenth program executed. This strategy makes it more difficult to detect the virus.

By using combinations of several virus-writing methods, virus authors can create more complex new viruses. Many virus authors also tend to use new technologies when they appear. The antivirus industry must move rapidly to change their antiviral software and eliminate the outbreak of such new viruses.

VI

VIRUS-LIKE COMPUTER PROGRAMS

There are other harmful computer programs that can be part of a virus but are not considered viruses because they do not have the ability to replicate. These programs fall into three categories: Trojan horses, logic bombs, and deliberately harmful or malicious software programs that run within a Web browser, an application program such as Internet Explorer and Netscape that displays Web sites.

A Trojan horse is a program that pretends to be something else. A Trojan horse may appear to be something interesting and harmless, such as a game, but when it runs it may have harmful effects. The term comes from the classic Greek story of the Trojan horse found in Homer’s Iliad.

A logic bomb infects a computer’s memory, but unlike a virus, it does not replicate itself. A logic bomb delivers its instructions when it is triggered by a specific condition, such as when a particular date or time is reached or when a combination of letters is typed on a keyboard. A logic bomb has the ability to erase a hard drive or delete certain files.

Malicious software programs that run within a Web browser often appear in Java applets and ActiveX controls. Although these applets and controls improve the usefulness of Web sites, they also increase a vandal’s ability to interfere with unprotected systems. Because those controls and applets require that certain components be downloaded to a user’s personal computer (PC), activating an applet or control might actually download malicious code.

A

History

In 1949 Hungarian American mathematician John von Neumann, at the Institute for Advanced Study in Princeton, New Jersey, proposed that it was theoretically possible for a computer program to replicate. This theory was tested in the 1950s at Bell Laboratories when a game called Core Wars was developed, in which players created tiny computer programs that attacked, erased, and tried to propagate on an opponent's system.

In 1983 American electrical engineer Fred Cohen, at the time a graduate student, coined the term virus to describe a self-replicating computer program. In 1985 the first Trojan horses appeared, posing as a graphics-enhancing program called EGABTR and as a game called NUKE-LA. A host of increasingly complex viruses followed.

The so-called Brain virus appeared in 1986 and spread worldwide by 1987. In 1988 two new viruses appeared: Stone, the first bootstrap-sector virus, and the Internet worm, which crossed the United States overnight via computer network. The Dark Avenger virus, the first fast infector, appeared in 1989, followed by the first polymorphic virus in 1990.

Computer viruses grew more sophisticated in the 1990s. In 1995 the first macro language virus, WinWord Concept, was created. In 1999 the Melissa macro virus, spread by e-mail, disabled e-mail servers around the world for several hours, and in some cases several days. Regarded by some as the most prolific virus ever, Melissa cost corporations millions of dollars due to computer downtime and lost productivity.

The VBS_LOVELETTER script virus, also known as the Love Bug and the ILOVEYOU virus, unseated Melissa as the world's most prevalent and costly virus when it struck in May 2000. By the time the outbreak was finally brought under control, losses were estimated at U.S.$10 billion, and the Love Bug is said to have infected 1 in every 5 PCs worldwide.

The year 2003 was a particularly bad year for computer viruses and worms. First, the Blaster worm infected more than 10 million machines worldwide by exploiting a flaw in Microsoft’s Windows operating system. A machine that lacked the appropriate patch could be infected simply by connecting to the Internet. Then, the SoBig worm infected millions more machines in an attempt to convert systems into networking relays capable of sending massive amounts of junk e-mail known as spam. SoBig spread via e-mail, and before the outbreak was 24 hours old, MessageLabs, a popular e-mail filtering company, captured more than a million SoBig messages and called it the fastest-spreading virus in history. In January 2004, however, the MyDoom virus set a new record, spreading even faster than SoBig, and, by most accounts, causing even more damage.


Contributed By:
Eddy Willems