Editor’s note: Panda Security is offering free license keys for Cloud Antivirus Pro 1.3 to users who register using This Download Link. You’ll be required to enter your name and e-mail address to receive the license key, which is good for one year. Also note that during the registration process, the checkout cart will state at some point, “Your card hasn’t been charged yet.” This is apparently a cart template and does not affect users who are taking part in the license key giveaway.
As Immunet reaches its two year anniversary I’m extremely excited to announce the launch of Immunet Protect 2.0. The Immunet team has been hard at work for the past 9 months, building the next version of our free, fast and lightweight cloud-based antivirus product. We originally launched Immunet Protect 1.0 last August and since then have had over 275,000 people install our product. Thank you everyone for your support! Here is what you will see today:
- A re-launch of the Immunet web site which is now live at http://www.immunet.com. Nobody would argue that our site needed a facelift as our company and membership has grown!
- The release of Immunet Protect 2.0 Free, our free product now includes many of the features that you would expect in a full fledged antivirus product, including full system scan, scheduled scan, context menu scan, and gaming mode. It also contains a first for the antivirus industry – a built in Community feature that allows you to protect others and share the product with your most trusted contacts.
Immunet Protect’s integrated Community feature allows members to extend virus protection to their most trusted friends and family members. Once shared, members can view the protection status with those contacts who have also installed the product, giving them confidence when sharing links, photos, and other information online. Community members can view the total protective power of their network, indicating how many viruses they have collectively blocked; we call this their Protection Factor.
- 3. The release of Immunet Protect 2.0 Plus, an upgrade from our Free product for users who are looking for complete stand alone protection. Plus provides advanced protection capabilities including rootkit detection, offline scanning and sophisticated threat removal. The product starts at $19.95 for a one computer, one year license; a very competitive price relative to the cost of other antivirus products!
As part of our launch, CNET has covered Immunet on cnet.com with a review from Seth Rosenblatt. In addition, CNET’s download.com will be offering Immunet Protect Plus 2.0 for free through TrialPay when you take advantage of a third party offer!
Upgrade your version of Immunet Protect 2.0 today and join in the effort to protect others!
Microsoft on Monday said it is investigating a possible vulnerability in Internet Explorer after exploit code that allegedly can be used to take control of computers, if they visit a Web site hosting the code, was posted to a security mailing list.
First introduced in beta in April, Panda Cloud Antivirus graduates to a stable, public release and signifies a major security vendor taking aim at the freeware competition–instead of the other way around. Cloud Antivirus was notable on its beta release for being one of the few security options available to users that contained most of its protections in the cloud. This allowed it to protect users while consuming significantly fewer resources than many competing programs.
Panda Cloud Antivirus 1.0 is notable as a free security solution for two reasons: Panda is a reputable security vendor, and the program achieves its goal of freeing up system resources. In a press release, Panda Security CEO Juan Santana described Cloud Antivirus as a game-changer. It’s not clear quite yet that that’s the case, but at the very least the program looks to fill a niche created by resource-conscious netbooks.
As light on resources as advertised, Cloud Antivirus offers strong reputation-based protection for those who want their security program out of sight and out of mind. A third-party efficacy evaluation wasn’t available at the time of writing, but in empirical testing the program only used 9 MB of RAM while idle, and only 56 MB of RAM when scanning. Many other security programs will run scans at 150 MB of RAM or more.
Despite keeping most of its database in the cloud, Panda Security’s Senior Research Advisor, Pedro Bustamante, noted during an interview in October that Cloud Antivirus isn’t disabled just because the host computer is disconnected from the Internet. “Panda has an offline mode that uses a small cached copy of Collective Intelligence on your local drive, it’s only the most recent threats on a real time wild list.” Collective Intelligence is the name that Panda gave its cloud system when it was introduced in 2007.
When you open Cloud Antivirus, the main window lets you know whether you’re safe or not with a big red or green icon. Cloud Antivirus works as other antivirus solutions do, offering a Quick Scan and a Custom scan for specific folder, files, and drives, but its ancillary features are exceptionally light. The Quick Scan took 13 minutes on my Windows 7 Lenovo T400 laptop.
Dragging an active Cloud Antivirus window, in Windows 7 at least, will turn it translucent.
(Credit: Screenshot by Seth Rosenblatt/CNET)
You can opt out of contributing anonymous data to the cloud, but that also opts you out of automatic threat management. There’s a network connection proxy option should you need it, and a reporting feature that will show you what kind of threats have been detected and removed from your computer. You can filter the report by All, Last 24 hours, Last Week, or Last Month, and there’s a Recycle Bin pane from which you can recover a false positive, should you need it. Unfortunately, the Recycle Bin is hidden behind an obnoxious “flipping” screen that cheesily rotates when you need to access it.
If you’re familiar with the minimalist Microsoft Security Essentials, Cloud Antivirus is even simpler. I did notice some odd interface rendering around the minimize and close buttons in Windows XP, but not in Windows 7. There are other more serious concerns about the program. Most notably, it lacks a scheduler, and it removes user input from update functions. Scans are also limited: you can tell the program what to scan, but not what to look for, so forget about toggling heuristics or rootkits. Then again, the point of this kind of security is that it’s all wrapped into one.
Keeping in mind its limited feature set, and that we don’t have efficacy numbers at the time of reviewing, Panda Cloud Antivirus makes good security choice for those willing to take the plunge.
by Seth Rosenblatt from Cnet
URL shorteners may be handy for your tweets on Twitter. But they’re also known security holes since they don’t display the actual address of your destination. A free tool from security vendor AVG may provide a solution.
AVG has updated its free LinkScanner tool to detect malicious pages hiding behind shortened URLs. The company said the tool checks the actual destination of each URL link to make sure the page is legitimate.
More than a dozen URL-shortening services abound on the Net, including TinyURL and Bitly. With its 140-character limit, Twitter automatically shortens URLs in each tweet via Bitly. Other services like WordPress also include a built-in URL shortener.
But Web browsers don’t display the true address of a shortened URL, so you have no idea whether or not the destination page is safe. Hackers have easily been able to use the obscure nature of shortened URLs to conceal hazardous Web pages behind them.
“The problem with shortened links is that they usually don’t bear any resemblance to the original URLs, which means that users don’t always know what they’re clicking,” said Roger Thompson, chief research officer at AVG Technologies. “People click with the intention of going to a specific site, but the link can be easily hacked to send people to a site containing Trojans, spyware, rootkits, and other malware instead.”
AVG, formerly known as Grisoft, bought LinkScanner in late 2007 as part of a larger acquisition. The tool has already proven helpful to Web surfers by analyzing Web pages behind each link that is either clicked on or typed into the browser.
Other solutions do exist to reveal the truth behind a short URL. The Web site LongURL can display the long version of a short URL. A Firefox plug-in called LongURL Mobile Expander can also translate from short to long.
But according to AVG, LinkScanner is now the only security tool on the market that can find poisoned Web pages behind a short URL. The company says it does not rely on blacklists and instead checks each link in real time.
by Lance Whitney from Cnet
The exploit affects Microsoft Windows 98, ME, NT, 2000, XP, and Server 2003, according to Trend Micro.
“Based on our findings, the shell code (that was heap-sprayed) jumps to another shell code inside the PDF file” before extracting and executing the backdoor, Trend Micro said. The backdoor “is also embedded in the PDF file and not the usual file downloaded from the Web.”
Variants of the Protux backdoor typically provide an attacker unrestricted user-level access to a compromised machine and previously exploited vulnerabilities in Microsoft Office files, according to Trend Micro.
Adobe announced on Thursday that it would release an update to fix the hole on Tuesday, the same day as Microsoft’s Patch Tuesday.
This screenshot shows the embedded executable file in the PDF file, after it has been decrypted.
Source : Cnet (Credit: Trend Micro)
Malware posing as anti-virus software is spreading fast with tens of millions of computers infected each month, according to a report to be released on Wednesday from PandaLabs.
PandaLabs found 1,000 samples of fake antivirus software in the first quarter of 2008. In a year that number had grown to 111,000 and for the second quarter of 2009 it reached 374,000, Luis Corrons, technical director of PandaLabs said in a recent interview.
“We’ve created a specific team to deal with this,” he said, of the rogue anti-virus software that issues false warnings of infections in order to get people to pay for software they don’t need. The programs also typically download a Trojan or other malware.
PandaLabs found that 3 percent to 5 percent of all the people who scanned their PCs with Panda anti-virus software were infected. Using that and worldwide computer stats from Forrester, PandaLabs estimates there could be as many as 35 million computers infected per month with the rogue anti-virus programs.
About 3 percent of the people who see the fake warnings fall for it, forking over $50 for an annual license or $80 for a lifetime license, according to Corrons.
Last September, a hacker was able to infiltrate rogue anti-virus maker Baka Software and discovered that in one period an affiliate made more than $80,000 in about a week, said Sean-Paul Correll, a PandaLabs threat researcher.
A Finjan report from March estimated that fake AV distributors can make more than $10,000 a day.
“The general consumer doesn’t understand” the threat, Correll said. “No legitimate anti-virus vendor will start a scan automatically on your computer without your consent.”
After all the hoopla about the Conficker threat researchers seemed almost relieved that the it turned out to distribute fake anti-virus software instead of something much worse.
By Elinor Mills from Cnet
Gumblar, a new attack that compromises Web sites, has added new domain names that are downloading malware onto unsuspecting computers, stealing FTP credentials to compromise more sites, and tampering with Web traffic, a security firm said on Thursday.