Total Visitors

Wednesday, September 21, 2011

AVG Internet Security 2012

Greetings everyone,

AVG one of the most notable antivirus solution developing company released their latest version of it software for home user, the 2012 version. In addition to paid version of their product AVG also provides a FREE version which is basically a stripped down version of its paid counterpart.

Free version can be downloaded over here
while for paid version there are three :
  1. AVG Antivirus pro
  2. AVG Internet Security
  3. AVG Premium Security

Comparison chart
I'll be focusing on the Internet Security version as it more than enough for providing protection to users without including some non security modules like PC tuneup.

The 2011 version had received a mixed rating while the detection being excellent it also provided anti-rootkit technology and also Identity protection which can be said as file monitoring(HIPS) module for detection of unknown malware programs. But it did had some issues with memory usage and also received criticism of having an amateurish GUI. But 2012 version been just released has already getting good reviews, regarding the same. It lowered its memory usage and also has better detection. The 2012 GUI and that of v2011 is as below :

AVG Internet Security 2011
AVG Internet Security 2012

Whats new in AVG 2012(or VS v2011)
  1. Revamped GUI, to say the least this one look much better than that of v2011
  2. LinkScanner has become more intelligent and is able to detect more malicious web pages
  3. A new behavior monitoring layer that detects even the most complex and new rogue programs just by their actions
  4. AVG performance advisor
  5. AVG accelerator which AVG claims it gives better online video experiences
  6. Less impact on resources than v2011 and also they have reduced the number of processes running in taskmanager
It provides straightforward installation, and it requires a reboot. The user interface is much simpler than v2011 with just core modules in view. Other optional stuffs like PC Analyzer, AVG's LiveKive(online backup feature) are shifted to addons which can be bought separately. The scan times by AVG are really fast, my 45GB of clean windows XP image which had all basic software installed(Office, JavaRE...etc) took about 8 mins while the next subsequent scan took a little more than 3 mins.



Antivirus
The AV component of AVG is really good v2011 had excellent detection rates and the new version(v2012) excelled its predecessor. In corporation to detection it also had faster scans. One demerit of this is that it doesn't detect rootkits which AVG do provide separately. Antirootkit scan also provides two option viz full scan and quick scan.

Web Protection
Another powerful tool by AVG is the LinkScanner which has become even much better in 2012 version. LinkScanner has 3 more components
  1. Search Shield : scans all links generated by most popular internet search engines
  2. Surf Shield : protects user whilst browsing online, it detects complex threats such as Exploited websites, phishing websites and hacked sites
  3. Online Shield : recognizes common viruses and spyware and prevents user from downloading the same
Even addition of all these features doesn't lead to slow down in internet activities.

Antispam and Firewall
AVG also provides anti-spam module that integrates easily with your email application like MS Outlook. Its quite easy to configure according to user needs. It also has highly configurable firewall, it comes by default configured for most of the common users but it can be configured easily according to user demand. Firewall was never the strong point of AVG so it can't be compared to the likes of comodo firewall or PC tools firewall. But it does its job for normal users who do not want to mess with computer and just want for daily normal usage. But for more demanding power users this is a definitely a let down for them though AVG application are always targeted to normal users only.

Other Features
It also includes Identity Protection module which is similar to behavior monitoring of a running process and based on the actions performed by the process it decides whether it is malicious or not. I tested many malware programs which bypassed the AV module but many of them did got caught by its Identity Protection module.
System Tools are set of other tools that provides user more information regarding target program(malicious or non malicious). It has its own task manager that provides list of all the process running in your computer, this can be used when target malware process bypass AVG AV and stops execution of task manager. It also has other tabs like autostart(info regarding application that boot with computer), network connection(inbound and outbound activities done by process), browser extension and LSP viewer.
System Tools tab








and it also has AVG advisior that notifies the user using a popup regarding if a particular application is being using more resources than expected. And also AVG accelerator that provides better online video streaming experiences.

Bottom Line : The latest installment of AVG the 2012 version is really good, I tested on medium spec machine which had Core2Duo processor and 512MB of DDR2 Ram but I hardly noticed any slowdown. It installed swiftly and also the scan times even on a medium tier machine was respectable. If you don't want to spend money on AV product then I would recommend to install AVG Free version that doesn't include firewall and also no live support (that is included in pro versions). If you are using Win7 than its default firewall is good to go with if you don't want to mess with the firewall settings. As AVG's firewall is kinda old fashioned type but if you are using WinXP then I do recommend using some free firewall of buy the internet security version.

regards,
Ishan ;)

Monday, August 15, 2011

SARDU : Multiple boot disk builder


Hello visitors,


In my previous post I gave a brief tutorial of using a LiveCD, Most of the AV companies update their liveCDs almost often like every 3-4 hrs or after 12hrs or after 1day. Basically I am talking about the frequency of update of their virus definitions. As also NO product is 100% perfect i.e no AV can detect all the viruses that infects a computer. So it may definitely be the case where liveCD of one Antivirus may not detect a virus in your system while other may detect. So this leads to keeping multiple liveCDs.  Also it is not possible to keep multiple liveCDs in one CD/DVD just my adding all the liveCDs as it is i.e merging multiple LiveCDs into one disk will be of no use and also creating multiple CDs for the same is also not advisable.

To overcome this SARDU comes in, Basically SARDU is a free software that is capable of building multiple boot support CD,DVD and USB devices. It combines variety of features that help you in making a custom All-in-one bootable cd/dvd/usb through which you can get your system in working state post infection. It includes liveCDs of different AV companies(many of them I posted here) and in addition to these liveCDs it also includes other tools which also help you in recovering you data incase when your system is highly infected and cannot be cleaned, also it includes certain backup softwares that are used for restoring the system back to a clean state(normally when a case where system restore doesn't work properly)

Main Screen of SARDU

As above is the main GUI here there are list of liveCD that SARDU supports. If you don't have any liveCD then click on any of these liveCD buttons. SARDU will automatically download from the corresponding site.



After the download is complete you can find you ISO as /.../SARDU/ISO/kav_rescue_10.iso .It may also be possible that you already have some of the specified liveCDs with you then you can copy those ISOs in /.../SARDU/ISO folder
  
Utility Section

Windows Section



Other features :
Utility (only notable ones I have posted over here) :
NT Password : Resetting admin password.
Ultimate Boot CD : another excellent CD for recovery purposes.
Gparted : For graphically managing your disk partitions.
(Rest of other softwares like macrium reflect, Redo backuplive, trinity backup CD are good but some of them are system specific. If you know about these software then I wouldn't be required to be giving an explanation in first place)

Linux :
If you are familiar with linux then you have had known the same otherwise if you are not used to linux then this section is not for you.

Windows : 
Contains various recovery disk (for WinXP,Vista,7) and also installers for the same.

Typical boot interface of sardu
SARDU is very easy to use to creating an all-in-one ISO out of it will not be difficult.

Note : All softwares have their buttons and checkboxes i.e SARDU is able to manage only these softwares only. If a checkbox is disabled (grey) the ISO of that software was not found. Pressing the button with an application name causes SARDU to download the bootable ISO from the manufacturer's website. Downloaded make it ready for use (checkbox checked). Downloads can be done manually by disabling the function ' File -- Enable direct download'. User can update the status of the ISO folder from File -- Refresh ISO/IMA menu (Most Imp : user should refrain changing the default names of individual programs because they won't be recognized by the software.) If a checkbox is unchecked (white) the single ISO is disabled and not-active.


Well thats all for now, a very great tool for recovery purposes. If you don't know about other tools then I would just prefer using just the liveCD section. Inshort HIGHLY RECOMMENDED...!

regards,
Ishan ;)

Friday, August 12, 2011

Introduction to LiveCD contd.....

Hello visitors,

In my previous post I gave a brief idea about what actually a LiveCD(RescueCD) is and purpose of using them. Now I will provide some extra features a RescueCD provides. It varies from company to company that provides a RescueCD distribution. I am going to give a short tutorial regarding using a RescueCD. I choose Dr.Web LiveCD and AVG RescueCD (I prefer these two as the best options for post infection scenarios

Dr. Web LiveCD

It is a software product based on Dr.Web antivirus scanner. It allows to restore the system when loading the system from the hard drive becomes impossible due to virus infection. It is distributed as boot disk and is based on portable linux operating system(Gentoo Linux) and also inbuilt software(OnDemand scanner) intended for scanning, curing, deleting files from the target directory/drive.

System Requirements :
  • i386 processor(P4,dual core....etc)
  • Minimum of 256MB of RAM
  • CD/DVD drive
Download the liveCD from the link provided above, its size is approx 173MB, the downloaded file will have .iso as an extension so it can be burned directly into CD with help of any traditional CD/DVD burning software(links provided in the previous post). After burning the disk becomes a bootable disk and also do make sure that your system is set to boot from CD/DVD drive(goto BIOS setting and change the boot priority to your CD/DVD drive)
When the cd is inserted in the CD/DVD drive and system is rebooted again

 Dr.Web liveCD provides four options :
  1. Standard mode(the first option) : Load all the necessary modules with easy to understand interface.
  2. Advanced mode : Its is recommended only for exp users who are familiar with Unix based commands and so I would not recommend for first time users.
  3. Start Local HDD : It will load from your hard drive i.e as our system normally boots.
  4. Testing Memory : When your computer is unstable and restarts at random.
After selecting the default load option the liveCD will load essential modules to setup a miniOS and finally will look as shown below :
Linux based environment
It contains following basic applications :
  • Dr.Web Scanner for linux
  • Firefox browser
  • Sylpheed mail client
  • Midnight commander file manager
  • command-line terminal
  • Leafpad text editor
Basically it is just your miniOS which directly runs in RAM, The main advantage of having a miniOS is when your computer is highly infected and you won't be able to restore your system in such situations formatting your system is only the option, so this miniOS helps you to obtain copy of important files which gets deleted during formatting process.



Dr.Web Scanner in the linux environment
It is necessary(not compulsory) to have an internet connections so that Dr.Web has the latest viruses definitions. With the help of the scanner you can select the target directory/drive in your system which you wish it to be scanned. Wait for the scan to be completed and it will show you the final result whether a virus(es) is/are found or not. If found you will get an option of curing/deleting/quarantine/renaming.


Advantages for using Dr.Web LiveCD
  • Good file curing capability.
  • Small updates(but still can detect thousands of viruses)
  • Has a dedicated Linux environment for backup purposes.
Disadvantages
  • Slow scanner(can even be slower when scanned in highly infected system)
  • Virus detection is not that high but not low also.
AVG RescueCD

AVG is another company that provides antivirus solutions, its quite a known among the users as compared to Dr.Web and other solution that I named in my previous post. It provides a RescueCD that can be downloaded over here (click on the 1st download link which will download the .iso file) the file size is approx 94MB.


System Requirements :
  • Intel Pentium or equivalent processor (300Mhz)
  • 512Mb of RAM
  • CD/DVD drive
When computer is booted with AVG RescueCD inserted the welcome screen starts(after some initial loadings of modules)

Welcome screen of RescueCD


During booting the AVG RescueCD will mount all hard drives of your computer. This will make them available for scanning and editing. In most of the cases select the first option while rest of the two option are normally required when system has less resources.

Typical UI of AVG RescueCD

It is recommended that user first update to latest virus definitions. If the user does not have the internet connection she/he can copy the updates to the USB and can manually update the definitions(tutorial will be provided later)

After the update is completed perform the scan, the scan can be performed either on the directory/drive. After scan is completed the result(if infections are found) will be shown as below :

Option for directory/drive scan


When infected file is found

File handling



You can select relevant option on how to handle the file. And after the file is been deleted/renamed the system can be rebooted.

NOTE : In case of AVG RescueCD it doesn't provide a dedicated portable miniOS like that of Dr.Web so retrieving important files from your infected system is bit difficult for normal user. So I don't recommend it for user who are looking for data retrieval purposes unless they are quite familiar with the RescueCD. 

For manual Update

Download the virus definitions file from here and copy the files in USB. Now from the main UI of AVG select on Update----> Select Offline----> browse through the directory where the file(with .bin extension is stored)





Advantages :
  • Faster Scans
  • Offline update possible
  • Good detection rate

Disadvantages :
  • Difficult to maneuver if user is not familiar with keyboards
  • Backing up of files may sometimes be tedious
  • Requires system to have atleast 512MB of RAM if not then system might not respond properly
Thats all for now, hope you all might have liked my brief tutorial regarding working with LiveCDs and found helpful to you :)


Take care visitors


regards,
Ishan ;)

Thursday, August 11, 2011

Introduction to Live CDs

Hello visitors,

I have not been active in this blog for about a year, was actually busy with some other stuffs and all others things but now as I got some free time I thought of posting some essential information and tutorials that might help you ;)

So to start with, what are actually malware(or we can say a computer virus in simple terms) well these are programs that infect your computer and causes the computer to behave abnormally like a degrade in performance,  prevent execution of essential programs incl task manager or even at worst scenario won't let your computer start. For this a traditional Antiviruses can help you with the problem of removal of these viruses or even preventing them in first place. But what if a scenario comes where your Antivirus/suite misses that virus and your computer won't boot properly or even won't boot at all due to that virus.Unfortunately viruses have been evolved to an exponential level and also the severity is very high. Virus writers have become more and more intelligent regarding the technology used in developing a virus so that it becomes difficult to detect and at the same time get its work done. Some viruses are stubborn to remove in realtime hence require special expertise to remove. Also in many cases a viruses infects some important files of your system in such a way that the given virus can only be removed only when that important system file is removed which will eventually lead to instability of the system. So the straight forward solution is to format your computer but it may also be the case where your computer(preferably C drive) may contain important data which may be lost if formatted. Hence for this reasons a LiveCD(Rescue Disk) comes into picture.

A LiveCD is basically a tool that can be used when your computer isn't able to boot(startup) normally or even in a case where it won't boot at all. So a LiveCD helps you to restore you system to a stable/working state or even under certain scenarios help you to take backup of your important data prior of being formatted.

Notably all reputed Antivirus companies provide a LiveCD of their own. Basically a LiveCD consist of corresponding Antivirus manufacturer's scanner which will scan you computer during boot time and other modules(A linux distribution in most of the cases) which help in data retrieval i.e. a LiveCD can also be said as a very small operating system(mostly linux flavors...I will be explaining you in a separate post) which can run directly from the RAM so we can say it will create a miniOS from which is be help us retrieving important data from our system.

Below are the download links of LiveCDs(they are called with different names but all the names are one and the same) having .iso as an extention from different AV companies : 
Vba32 Rescue CD  ......there are many more but these are the most notable ones and free to use.

Size of the LiveCD(.iso files) range from 100Mb to 350Mb so these can be burned and can be made a bootable CDs. Once you download the .iso file burn directly with any CD/DVD burning software of your choice(Image burn, Nero Burning Lite). Once burned your CD will become a bootable CD. Now just you have to do is to change the boot priority of you computer's BIOS. This can be done while starting the computer and pressing F2(or F8,F12...depending upon the computer manufacturer) and give first priority to CD/DVD drive and then restart. Now your computer will boot from CD and there you go you can maneuver with the LiveCD and save your system from crashing or restoring it.

Well guys this was just an introduction regarding the LiveCD, In my next post I will be providing tutorial in using some of the LiveCDs(mostly Dr.Web, AVG and Kaspersky)

thanks,
Ishan ;)

Friday, July 30, 2010

Microsoft Security Essentials BETA Review

Microsoft Security Essentials(MSE) is an free antivirus software developed by microsoft that provides protection against differents types of cyber threats(trojans, rootkits, spyware, adware) for windows based workstation(WinXP,WinVista,Win7 both 32bit and 64bit) it was so developed to replace Windows Live OneCare.

MSE received positive reviews when it was first released almost a year ago and currently they have new version(v2) which is currently in BETA and I am presenting my review on this BETA version. I know that my review might not have any much impact on the final version of MSE but this is the first time I have tried MSE and thats why gave a thought of reviewing it.



Some of the new features included in this version were :

Windows Firewall integration – During setup, Microsoft Security Essentials will now ask if you would like to turn the Windows Firewall on or off.

Enhanced protection for web-based threats – Microsoft Security Essentials now integrates with Internet Explorer to provide protection against web-based threats.

New protection engine – The updated anti-malware engine offers enhanced detection and cleanup capabilities with better performance.

Network inspection system – Protection against network-based exploits is now built in to MSE (This feature is not available for WinXP platform because this feature requires Windows Filtering Platform which is only available in WinVista and Win7)

I downloaded the installer from here (you have to have a Windows Live ID/Hotmail ID so that you can download the BETA version). I installed MSE on my Win7 Ultimate 32Bit system. The installer size is about 8 MB the installation also requires you to run a genuine copy of Windows and installation takes a minute or a two to complete and requires a reboot to load the drivers. After insallation the GUI of MSE is as below


I ran an update and it downloaded about 60MB of database updates after the updates were applied I rebooted my PC(Note: Not at all required to reboot) just to make sure everything worked fine. GUI is very much user friendly I didn't find any difficulty in maneuvering through the GUI.

Main Product Features:

  • Realtime Protection : It protects your computer in real time so can also be used even as a standalone application for providing basic but sufficient protection.
  • Malware Removal : It also provides removal of the detected malwares.
  • Schedule Scanning : Provides scheduled scanning of your computer(can also be disabled if the user doesn't want to)

Perfomances:

MSE is very much light on system resources I didn't feel any slow downs while testing it on my system. I tested MSE v2 BETA on my Core2Duo processor running Win7 32bit Ultimate with 1 GB of RAM. When I saw in task manager it ran three processes

  1. msseces.exe (Microsoft Security Client User Interface)
  2. MsMpEng.exe (Antimalware Service Executable)
  3. Nissrv.exe (Microsoft Network Inspection System)

The Nissrv.exe is not be available in WinXP

Test against malware:

I collected some malware samples (68 to be precise) over the past 5 days and thought of giving it a shot against MSE. I performed the test by first copying those 68 malware samples to a Test named folder in the desktop and then turned off the realtime protection of MSE and then I scanned the folder by MSE through its custom scan. MSE was able to detect 54 out 68(79.41%) of malware samples. I gave remove as the action to be performed for the detected threats. I rescanned the same folder to make sure that it didn't missed any files to be scanned. Considering that these samples are very much zero-day it performed medicore in this test but it might detect a few more when the leftover samples would be executed in realtime. My test was just an ondemand type, no sample was executed at all.


Pros:

  • FREE
  • Low memory usage
  • Faster scans
  • Realtime protection
  • Automatic Updates
  • Good detection rates

Cons:

  • No manually quarantine option

BottomLine:

MSE is slowly gaining ground on being one of the top freeware product which was earlier ruled by likes of Avast, AVG and Avira. It is constantly performing good in recent tests like AVComparatives and many others independent test. I have been playing with this BETA for quite sometime now and I am quite impressed with it. Considering that I have fairly old computer(running Core2Duo processor) I still felt the computer was very much fast and didn't have any sortof interference in my normal routine work I even installed on one of my relatives computer running a P4 processor with 512MB of DDR1 RAM. It is very much stable and hardly found any notable bugs.

Tuesday, May 4, 2010

Emsisoft AntiMalware Review



Hi all,

Today I am going to review a new released version of Emsisoft (Earlier known as A-Squared) AntiMalware v5 . It was released some 15 days back. Emsisoft even provides free version of AntiMalware that can be downloaded from here but the free version is still v4.5 . v5 is a paid product that can be downloaded from here. The previous versions being already good in terms of malware detection so I thought to give it a test drive. The Emsisoft AntiMalware uses two engines for scanning one is the Ikarus engine and other its own one. The paid version also provides a behavior blocker that monitors changes done by a particular application and from this changes it notifies(Whether the file is malicious or not) the user about the same. This technology is used for day malware detection. The installer size is about 93MB and installation is quite simple. The user after installation will be prompted to register to Emsisoft and after that you will be provided a 30-day trial. You can also choose a 3-day free trail where there is no compulsion to register inorder to evaluate the product.

After installation the GUI of Emsisoft is as below :


The GUI is exactly identical as that of the previous versions only the name A-Squared is changed to Emsisoft and few GUI changes. But overall it looks almost identical.

Emsisoft Anti-Malware provides following features :

  1. Two scanning engines : The Emsisoft Anti-Malware and the Ikarus Anti-Virus engine.
  2. Behavior monitor : Unlike conventional protection systems Emsisoft does not only check files, but it also constantly monitors the behavior of all active programs and raises an alarm as soon as something suspicious happens.
  3. Surf Protection : Typical ways of infection are disabled in advance. Websites that try to plant trojans or spyware or that offer deceptive contents are blocked by the surf protection.
  4. Signature Updates : Signature updates at least 5 times per day, in combination with the zero-day protection of the behavior analysis this guarantees the best possible protection from new infections.
  5. Extra: HiJackFree is a detailed system analysis tool which helps advanced users to detect and remove all types of HiJackers, Spyware, Adware, Trojans and Worms.
A-Squared have been one of the top performers in most of the independent tests that have been performed. But only the False Positive was their weakness. Otherwise it is a solid product.

Saturday, April 17, 2010

Sandboxie : A new layer of Computer Security

The amount malware continued to grow at a record pace throughout 2009, primarily targeting naive computer users . On an average about 35,000 samples of malware are identified everyday the number itself is quite astonishing and it may not be possible that traditional Antivirus database would be able to detect the malware. This are termed as Zero-day threats it is very much difficult for AV to detect these Zero-day threats as their signatures are not updated to identify the malware. Malware has increased in an exponential manner, and the absolutely most persistent threat have been trojans, malicious software designed for stealing sensitive data, installing backdoors, deleting or encrypting files and downloading other malware from the internet. Hence the user's sensitive information is compromised.

Here comes the technology of sandboxing. Technically when you run a program it gets executed in real computer environment but when that same program is sandboxed it runs in an isolated environment and with some restricted privileges. It is similar to that you log on to your computer as Guest and not as admin or your username. Hence program running in isolated environment will be prevented from making changes that could be damaging to a system or which could simply be difficult to revert back.

Sandboxie
It is a freeware and the latest stable version can be downloaded from here.


The main idea behind this program is like it defines a space in your HD and executes the programs within that defined space only(preferably called as sandbox) which prevents them from making permanent changes to other programs and data in user's computer.


The red arrows indicate changes flowing from a running program into user's computer. The box labeled Hard disk (no sandbox) shows changes by a program running normally. The box labeled Hard disk (with sandbox) shows changes by a program running under Sandboxie.

The installer size is small(~1.44MB) the installation is quite easy





By default there will be a new shortcut on desktop named sandboxed web browser on double clicking it your default web browser(Mozilla or Internet Explorer) will be opened.

In order to run a program isolated right click on the program------>Run Sandboxed. When an application is run in sandbox it appears like this [#]Program Name[#]



+ points of sandboxie
  • Safe Web Browsing : Running web browsers in sandbox protects from any malicious changes as the program is in sandbox and hence all the software that is downloaded via this browser is trapped in sandbox.
  • Better Privacy : All the cookies, temporary data, browsing history are in sandbox and don't leak into Windows.
  • Safe Windows : Prevents windows getting corrupted by a certain program as that program is executed in an isolated environment.
  • Easy to use
  • FREE!!
I definitely suggest users to try this program it is easy to use and configure will also keep you protected it is very good when used in an offline computers where Antivirus signatures are not constantly updated. Sandbox is quite new technology but gaining good ground even some of the security vendors try to incorporate this technique so that even if traditional scanning misses some malware still the user is very much protected. For the average user, Sandboxie is preconfigured for optimal protection - no further configuration is needed. Users can access the internet check email and run programs from the start of this program. With the advanced options, it allows you to tweak Sandboxie as needed.

There is a paid version of sandboxie which unlocks all the limitations that are present in free version. In free mode, the program displays a pop-up prompt to register the program once 30 days have expired. In free mode, Sandboxie does not allow the Forced Programs and Forced Folders feature and does not allow for more than one sandbox to be run simultaneously.A lifetime registration for the current version and future versions is only €22 Euros (roughly $30) which is an extremely small price to pay for the security which Sandoxie provides.


To Visitors:
This is my first post in my blog so it might be possible that I may have not covered all the points regarding the topic I have started. I tried my best to make it easy to understand and be precise on the topic. Feel free to suggest any modifications that are required in the post.
Thank You for you time and have a nice day.......

-ISHAN