A first look at the new “Windows 8″ user interface. Tell us what you think. Windows has come a long way since the WindowsXP operating system. With a hard bump in the road with Windows Vista, Windows 7 has proven itself to be a hardned strong stable operating system with great tools and features. Windows 8 could be a game changer.
Is Microsoft finally showing their ability to be innovative or are they simply playing catch up to their competition? You decide.
A repost from zdnet.com but is a good read about paid vs free antivirus and how well they perform against each other. Here is the details with the link below.
How effective is free antivirus software? I had a chance to see a real, in-the-wild example just this month, and the results were, to put it mildly, unexpected. The bottom line? Microsoft’s free antivirus solution found and removed a threat that two well-known paid products missed. Here are the details. [Update: After I publlished this post, a second example appeared, courtesy of a rogue commenter in the Talkback section. See the results at the end of this post.]
I’ve had Microsoft Security Essentials (MSE) installed on my main working PC for most of the past year. Mostly, I use it for real-time protection. I typically disable the scheduled virus scans on my PCs and instead occasionally do a manual scan just to confirm that nothing out of the ordinary has snuck through. Last month I decided to perform a scan using the Full option. Because I have 2.5 terabytes of hard disk space, with roughly 40% of it in use, I knew the scan would take a long time. So I scheduled it to run while I was out running errands.
When I came back, here’s a snippet of what I found:
MSE had detected several files files that it considered malicious. One was a rigged PDF file (not shown here). The other was a single file in the Java cache folder on this system that contained three separate exploits. Using the information in the MSE history pane, I found the file and uploaded it to Virustotal.com, which is a free service that allows you to scan a suspicious file using 43 separate antivirus engines. The file, identified by a unique hash, had already been analyzed, so I got the results immediately:
Only 17 of 43 antivirus products detected this as a threat. The full results page showed the identification, if any, for each product on the list. Microsoft, Symantec, Avast, and F-Secure were among the engines that flagged the file. But the majority didn’t. That means one of two things. Either the file was a false positive, and I was about to delete something harmless and perhaps even necessary. Or it was real, and most AV programs were missing it.
To get to the bottom of the issue, I sent e-mail messages to contacts at three companies. I asked Microsoft to reanalyze the file and confirm that it was indeed malicious. I also asked McAfee and Sunbelt to look at the file; both of them had reported the file as clean, according to VirusTotal.
Microsoft had two analysts review the file. Here’s a portion of their response:
We have confirmed that the threat detection you received from Microsoft Security Essentials is indeed valid. There were more than 3.5 million reported CVE-2008-5353 attacks in Q3 2010, and Java vulnerability exploitations like these, while once a rare occurrence, have spiked this year. … [T]his exact file is something we have seen in the wild more than 40,000 times in the past six months.
This October 18 post by Holly Stewart on the Microsoft Malware Protection Center blog provides useful additional detail on why these types of attacks can be challenging for IDS/IPS vendors, as well as the steps customers should take to ensure that they are protected.
According to the scan results, this threat was first identified in definition 1.85.1774.0, which was released by Microsoft on July 9, 2010.
McAfee responded quickly to my e-mail as well. A spokesperson sent this reply:
Our Labs team took a look at the file you referenced and it is malicious. We are in the process of developing new heuristics to combat the effects from a stream of recent malicious JAR files more proactively, the file corresponding with the hash you mentioned is in the queue.
Sunbelt’s Malware Response Manager, Dodi Glenn, reported that this file was in the company’s repository and submitted it for detailed analysis. Here are the results:
This file contains a malicious java.class … that exploits the CVE-2008-5353 vulnerability. … We are currently testing our updated detection for this exploit and expect to release it shortly.
The good news is that my system wasn’t compromised in any way. The exploit in question was blocked by a Java update that I had installed last year. Likewise, the booby-trapped PDF file (which all of the antivirus programs detected) relied on the user having a very outdated version of Adobe Reader installed, and mine was fully up-to-date.
Last week, when I wrote about Microsoft’s decision to expand its distribution of Microsoft Security Essentials via Microsoft Update, McAfee complained that free software simply isn’t as good as its paid protection. Here’s what a spokesperson told me:
McAfee wants consumers to be safe online. Options that provide an elementary level of security are free products including Microsoft Security Essentials, however these mostly rely on traditional protection mechanisms. McAfee products offer not only more features but most importantly, McAfee products offer real-time protection using cloud-based Global Threat Intelligence to combat even the most sophisticated threats thus ensuring complete protection and peace of mind.
In this case, at least, that protection wasn’t as complete as the free Microsoft product it was comparing itself to.
As an aside, it’s worth noting that criticizing Microsoft Security Essentials because it’s free misses an important point. MSE uses the same scanning engine and definitions as its enterprise-grade Forefront product, which is most assuredly not free.
One certainly shouldn’t draw definitive conclusions from a single anecdotal example, but as this case shows, the gap between antivirus products isn’t as simple as free versus paid, and even the best and brightest researchers can miss a threat.
Update 15-Nov 7:00AM PST: Another real world example just dropped into my lap. A commenter in the Talkback section of this thread posted a link to a news website claiming to offer a video of the full Sunbelt report. (The malicious comment and link were deleted almost immediately.) Visiting that page (which is hosted on a legitimate website that has clearly been compromised) displayed a video window with the message “Sorry, this video cannot be played. Problem: plugin is not found.” It then helpfully included a “Download plugin” link. Here’s what the browser displayed:
Source: Microsoft vs. McAfee: How free antivirus outperformed paid
I’ve been negligent and not posting articles lately. Much of that is a reflection of how busy we have been here at AndersonPC. It has been a very exciting summer and 2010 looks to be a record setting year for growth. We are in the process of moving our offices and doubling our space. We’ve hired and expect a couple more new positions to open by years end.
To what do I attribute this growth, you ask? Here are a few thoughts.
While none of these are great secrets to any of you reading this, I think it’s important to review what works. Learn to build processes, make a good first impression through good on-boarding, manage your numbers, make it easy for people to find you and your services, and set SMART goals. Its time for a middle of the year review. Take stock in what you’ve accomplished and reset for the remainder of the year.
Good Luck.
As our market becomes more and more saturated with “Managed Service Providers” I find myself struggling to believe that a one/two-man shop can be a true managed service provider. AndersonPC has been working this business model since 2007 and has just recently felt like we’ve developed the correct infrastructure, process, procedures, and product offerings to truely call ourselves a Managed Service Provider.
I suppose the basic level of Managed Services can be defined by wikipedia:
“Managed services is the practice of transferring day-to-day related management responsibility as a strategic method for improved effective and efficient operations. The person or organization who owns or has direct oversight of the organization or system being managed is referred to as the offerer, client, or customer. The person or organization that accepts and provides the managed service is regarded as the service provider.”
To me, this definition just defines IT Outsourcing at its basic level. Is that all that MSP’s (Managed Service Providers) do? Are we just and IT Outsource provider standing under a different tent?
I suppose the question is: how do I define managed services? It seems to me its got to be much more than just IT Outsourcing.
Read the rest of this entry »
A great management concept I heard about a couple years back is the 212° Concept.
“At 211 degrees, water is hot. At 212 degrees, it boils. And with boiling water comes steam. And steam can power a locomotive. It’s that one extra degree, just one, that makes all the difference. And so many times, it’s that one extra degree of effort in business, and in life, that separates the good from the great.”
In order for this concept to take shape at AndersonPC, we have to know where we stand. Are we at 199 degrees or 211 degrees? This makes an enormous difference when deciding where to focus our team’s efforts. Our office has adopted another motto.
“IF WE CAN’T MEASURE IT, WE CAN’T MANAGE IT.”
Read the rest of this entry »
AndersonPC.com
Managed Service Provider
Recent Comments