Archive for June, 2010

A comment on my own AMTSO article

June 29, 2010 1 comment

I feel I need to make a comment about the article Anti Malware Testing Standards Organization: a dissenting view. There is a war of words in the comments; which is a good thing. But I’m afraid that my own message might get lost in all this. It is:

  • the anti-malware industry is a good and necessary thing to keep us as safe as possible on the internet
  • I have the highest regard for the technical people in that industry: no-one can doubt that the internet is a safer place for the work of people like Mikko Hypponen, Chet Wisniewski, David Harley, Luis Corrons, Graham Cluley, Rik Ferguson and all the others
  • my concern is the way in which that industry markets itself
  • use of the WildList in testing allows the industry to claim 100% success against viruses; and this is dangerously misleading and should be stopped
  • the anti-malware testing industry is a parasite (I mean this biologically, not insultingly) on the anti-malware industry
  • I do not believe that the anti-malware testing industry can tell us very much about the anti-malware products
  • the declared intention of AMTSO, to put trust and confidence and accuracy into anti-malware testing, is good
  • the structure of AMTSO, an incestuous relationship between most vendors and most testers with no inclusion of users, is bad: it is too open to abuse and misuse
  • the argument between Sophos and NSS is irrelevant; if not them now, it will be other protagonists in the future: this is inevitable
  • AMTSO should be dissolved. A new organization with user companies at the heart, funded by the anti-malware industry and with the same intent, should be deployed. The anti-malware industry and the anti-malware testing industry should have representation on that new organization, but no controlling influence.

Categories: All, Security Issues

Anti Malware Testing Standards Organization: a dissenting view

June 27, 2010 46 comments

On June 15 I posted the article AMTSO: a serious attempt to clean up anti-malware testing; or just a great big con? The purpose of the article was to look at AMTSO, the Anti Malware Testing Standards Organisation; and I invited AMTSO members to justify themselves. Now I want to give a dissenting view, largely my own, and to look at AMTSO from outside of the tent. I shall be asking two principal questions:

  • is AMTSO serious about improving the value of anti-malware testing?
  • who does AMTSO serve?

Is AMTSO serious about improving the value of anti-malware testing?
I recently blogged about two new threats discovered in the wild by M86 Security: Asprox returns: fast-flux SQL injection attack; and Skype: old vulnerability, new exploit – in the wild. In both cases, M86 ran the malware they had discovered against VirusTotal (a respected site you can use to see what anti-malware products make of any submitted file). For the former, VirusTotal showed that only 7 out 42 anti-malware products detected the Asprox malware; while for the latter, only one AV product out of the 42 detected the Skype malware.

Caution: one of David Harley’s ‘common mistakes’ in How to Screw Up Testing is “Using VirusTotal or a similar service to check the samples and assume that any product that doesn’t report them as malicious can’t detect them. This will once again give the advantage to scanners that flag everything as “suspicious”, and will also disadvantage scanners that use some form of dynamic or behavioural analysis. It’s certainly not a real test, and it’s a form of pseudo-testing that VirusTotal itself discourages.”

M86 Security agrees with David Harley in a test environment, but comments: “The value in using VirusTotal is that it reflects what a lot of organizations will be using in live environments rather than a test lab.”

VirusTotal adds: “Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. You may become a victim of misleading advertising, if you buy such a product under those premises.”

This would seem at odds with all of those marketing claims we see from the anti-malware industry, which state that their particular product detects between 97 and 100 per cent of all malware in the wild. An example is the VB100 award issued by VirusBulletin, one of the leading anti-malware test organisations. In VB’s own words:

The VB100 award was first introduced in 1998. In order to display the VB100 logo, an anti-virus product must have demonstrated in our tests that:

  • It detects all In the Wild viruses during both on-demand and on-access scanning.
  • It generates no false positives when scanning a set of clean files.

The product must fulfil these criteria in its default state.

I cannot think of a single anti-malware product that doesn’t boast similarly high scores, if not from VB, then from ICSA or West Coast Labs. But Virus Bulletin and VirusTotal cannot both be right. Well, the explanation is in the Virus Bulletin statement ‘in the wild’. It contains a link to this:

The WildList Organization collects monthly virus reports from anti-virus experts around the world. The data from the reports are compiled to produce The WildList – a list of those viruses currently spreading throughout a diverse user population. A virus that is reported by two or more of the WildList reporters will appear in the top-half of the list and is deemed to be ‘In the Wild’.

In recent times, the list has been used by Virus Bulletin and other anti-virus product testers [such as ICSA and West Coast Labs] as the definitive guide to the viruses found in the real world.

So, ‘in the wild’ is actually a sub-set of the viruses that are actually ‘in the wild’: it means only those viruses that are included in the WildList’s list of those viruses it has found in the wild. It gets worse.

  • the WildList requires submission of a virus sample from at least two separate researchers
  • many of the researchers are the anti-virus companies themselves
  • in-built latency within the process can mean that it can take  3 months from the detection of a new virus to its inclusion within the WildList being used in a test
  • this latency means that, almost by definition, the Wild List includes little, if any, of the biggest threat to end-users: zero-day malware
  • members of the WildList Organization get to see the WildList when it is published; and yes, that includes the majority of AV companies

So what does this all mean? It means that the WildList is not a list of viruses in the wild, but a list of the majority of viruses that were in the wild several months ago. It means that the anti-virus test is against a set of viruses that the anti-virus companies already know about. It means that anything less than 100% success against the WildList is probably down to incompetence in the anti-virus company. It means that the average anti-virus buyer is being conned about the true situation.

So the answer to my first question, is AMTSO serious about improving the quality of anti-malware testing, is ‘no’. It would not allow the use of a test process, by its own members, that so clearly misleads the public if it were.

Who does AMTSO serve?
Let’s not prevaricate: the question is ‘does AMTSO serve the anti-malware user, or itself, the anti-malware industry?’ To answer this question I’m going to look at two things: the AMTSO Fundamental Principles of Testing, and the application of those principles by its Review Board.

The very first principle, headlined Testing must not endanger the public, includes the categoric statement: “In addition, new malware must not be created for testing purposes.” Why not? How can you test the true heuristic behavioral capabilities of an AV product without testing it against a brand new sample that you absolutely know it has never experienced before? To include this restriction under the banner of not endangering the public is also misleading: there is nothing essentially incompatible between developing a new virus and keeping the public safe.

I am not alone in being puzzled by this. Ed Moyles from SecurityCurve is similarly surprised:

Yes, yes…  it’s terrible to create new malware – completely unethical.  Yup, under any circumstances.  Even if it doesn’t leave the lab, even if it doesn’t replicate, and even if it doesn’t have a hostile payload.  Yep – still terrible.  We know this because shady, fly-by-night organizations like Consumer Reports, University of Calgary, or Sanoma State are always springing up like mushrooms.  Their clear intent is to bring down the Internet, wreak havoc, and otherwise mock everything that is just and holy… Sigh.  I just can’t get my head around the argument.
SecurityCurve, June 16th, 2010

The problem for AMTSO is that there is one very obvious reason that comes to mind. Could it be that inclusion of new samples would increase the number of ‘fails’ in the test, and thereby lower the success rate so beloved by the industry for marketing purposes? AMTSO could respond that it isn’t a real ‘fail’ since the malware doesn’t actually exist; but as a user I would reply that it is more important to get an idea on how the product might respond to zero-day threats. So is this an example of AMTSO looking after itself?

Let’s move on to the Review Board. There are at the time of writing just two reviews: one on a Dennis Technology Labs test report, and one on an NSS Labs report. One AMTSO review is favourable and the other is not. I do not know enough about either of the testing companies or their test methodologies to comment on the reports themselves, but I think it is illuminating to compare the framework of the AMTSO reviews.

Dennis Technology Labs is a member of AMTSO. The testing was paid for by Symantec, a member of AMTSO. Symantec performed very well in these tests. The review of the report by AMTSO was requested by Dennis Technology Labs. The review was favourable. The test report is effectively endorsed.

Click for full-size image

Summary Table from the DTL Report

NSS Labs is not a member of AMTSO (although it used to be). The testing was paid for by NSS independent of any anti-malware vendor (in the hope of recouping the cost via sales of the report). Sophos performed very badly in the report. The review of the report by AMTSO was requested by Sophos. The review was not favourable. The test report is effectively dismissed.

Click for full-size image

Summary Table from the NSS Report

What does this look like? To me it looks like a duck; and If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck. AMTSO has its say about the NSS test report in its published review. I asked Rick Moy, President of NSS Labs, for his view of the AMTSO review. On AMTSO itself, he commented, “I have had drinks and long discussions with 90% of the folks in AMTSO. There is some very old-school thinking afoot, and a fair amount of protectionism. While they have good intentions, there is probably just too much business interest being represented.”

But what about their review of his test report?

Every vendor reviewed the methodology before. In fact I had sent it to them in 2008 and solicited comments before running the test. Every vendor but Sophos cooperated and gave us software and reviewed settings of the products. None complained about the methodology… But when the results came out, folks from AVG, ESET, Symantec and especially Sophos went crazy.

I cooperated for months of craziness. They all essentially demanded we give them free consulting and tear through samples to find what was wrong with our test. Well, it was a real-world test of fresh malware that had not been shared around amongst the vendors, that simple. Sophos even made brazen false claims that we had not contacted them. After much harangue, we produced email correspondence with the chairman of AMTSO and Lab Director at Sophos showing that we had, multiple times, and even reversed samples with them to help them troubleshoot. No sanctions or reprimand was made. Instead they redoubled their efforts to discredit the test.
Rick Moy, President, NSS Labs

So the answer to my second question, who does AMTSO serve, is that it serves the anti-malware industry: it is self-serving. In fairness, it rarely claims to be in the best interests of the user (except when it is trying to justify its guidelines). There are no user members, and it is not open to users: “AMTSO membership is open to academics, reviewers, publications, testers and vendors, subject to guidelines determined by AMTSO.”  But in that case, it should keep itself to itself, and not send out press releases nor make its website nor its judgments available to users.

There are three main conclusions I draw from this look at AMTSO.

Firstly, the biggest problem I have with AMTSO is that it declares itself to be the sole arbiter of what is good in anti-malware testing: it is the prosecutor, judge and jury. I find this intensely arrogant. The sole judge of a test should be the user. The tester has to prove to the user that the tests are valid. If the vendor objects, he has to prove to the user that the tests are invalid. The idea that the vendor has only to prove his case to other vendors with identical vested interests is patently absurd and would be dismissed in any other industry.

Secondly, if AMTSO was serious about setting and maintaining testing standards for anti-malware products in accordance with its own charter, it would ban the WildList in its current form. WildList testing is dangerous. Users who buy security on the basis of ‘detects ALL viruses in the wild’ are likely to believe that they are completely safe from viruses when they most certainly are not, and might consequently behave less carefully on the internet.

And thirdly, AMTSO should immediately recuse itself from the purpose of setting anti-malware testing standards until, and unless, an open, independent, user-centric body can be established. To this body, the vendors should have every right to make representation; and to this body, the testing industry (separately) should have every right to make representation. Only then are we likely to have anti malware testing standards that are independent, valid and trustworthy.

I have no beef with any of the anti-malware companies. They are essential to our security; and we all, every one of us, must have at least one of their anti-malware products installed on our computers for our security. I have no beef with any of the individuals within AMTSO. They all have far greater knowledge of threats and solutions on the internet than do I. My beef is with AMTSO itself. It is, in its present form, a stain on an otherwise excellent industry.
Kevin Townsend

Categories: All, Security Issues

Asprox returns: fast-flux SQL injection attack

June 25, 2010 Leave a comment

Bradley Anstis, VP, Technical Strategy at M86 Security

A few weeks ago M86 Security noted that the Pushdo botnet effectively appeared to be recruiting for the Asprox botnet. A couple of years earlier Asprox had been involved in a SQL-injection fast-flux attack, but has since been, if not quiet, at least under the radar.

A couple of weeks ago, however, M86 started to receive reports of large numbers of infected IIS/ASP websites; and they began to suspect that Asprox had returned. This was confirmed when they discovered a new version of Asprox launching both SQL injection and spam attacks. Once again, Asprox is using fast-flux domains to deliver the malware; and M86 discusses the new attack in some detail on its blog. It works like this: an Asprox bot downloads an encrypted XML file that includes a list of potential target websites along with data that would allow a Google search for other potential targets. It also, of course, includes the SQL code to infect the target sites. The aim is to infect those sites so that they in turn will infect visitors to the infected pages.

“When we originally drafted that blog entry,” Bradley Anstis, VP, Technical Strategy at M86 Security, told me, “we identified around 1000 sites that had already been infected or injected with the script. But by the time we were going through our review process, we checked again, and it had gone up to 2000; and when we actually posted the report, it was at 5000. Early this morning when I checked, it had risen to 11,000 and it’s growing extremely quickly.” As we spoke I asked him to check again and was told that it had now reached 13,800 infections. By the time you read this, it will be considerably more.

Asprox searches for its next targets

“It all comes down to a spambot called Asprox which we first reported on in 2008. Then it, well, went to sleep; it wasn’t even registering in our email traps. But back in May this year we noticed activity – it was like someone had found this thing and plugged it back in to see what it did. And all of a sudden we started seeing traffic starting up again from the Asprox spambot.” At the moment, we can only conjecture about what’s going on. Has a new gang taken over Asprox? Did they hire Pushdo, “which,” adds Bradley, “has to be the most prevalent spambot we’ve ever seen”, to help increase the size of their botnet? Is the same gang now behind both botnets? Certainly something has changed. “Before,” says Bradley, “Asprox was primarily a spammer. Now it’s infecting websites, and that’s a big difference in terms of how serious a botnet really is.”

I asked Bradley to explain the significance of fast-flux. “In this context,” he said, “fast-flux is one particular domain name which is being continuously administered to different IP addresses. To find a domain, you need to know the IP address which points to a particular server. With fast-flux, it’s cycling around administering different IP addresses very quickly. That makes it very difficult for a security researcher to locate the problem: we find an IP address to look at, but as soon as we do, the problem has moved on to a different address. We need to catch up if we want to work out what’s going on; and the only chance we have is if we can get a complete list of all the IPs that are on the fast-flux list, and then examine all of those IPs at the same time.” To make things even more difficult, the fast-flux list can be changed by the gang, on the fly.

What’s the danger of this new Asprox outbreak?
The danger is that they’re infecting thousands of new websites every hour. The infected websites are then delivering a payload, which can be changed by the gang whenever it likes, to unprotected visitors to that site. “The last time we analysed the payload,” says Bradley, “it was a combination of back-door downloaders which meant they could download whatever they liked to the infected computers, and keyloggers, and scareware.”

At the time of writing, few AV packages would detect Asprox

Worryingly, when M86 located the malware it checked with VirusTotal and found that only 7 out of the 42 anti-malware products could detect this threat.

And the solution
So what can we do to protect ourselves? Firstly, we must have an anti-virus package installed. There is a lag between new malware being discovered and the AV packages learning how to detect it. That doesn’t negate the necessity of AV – it just means that we need to be aware of this lag and use other methods to fill the gap. Common sense is one tool: simply do not visit what might be a suspicious website. But that alone is not enough: some very mainstream websites have been infected over the last couple of years. My own preferred solution is to use the Firefox web browser and to install the NoScript add-on. This is all free; but it means that when I visit a new site, NoScript stops any code (apart from html) from running. If the site is infected, the infection is blocked: I cannot be infected.

M86 Security

Categories: All, Security News

Metropolitan Police definitely support McDonalds and might be investigating Google

June 23, 2010 Leave a comment

Top news at Privacy International today was that, following their complaint, the Metropolitan Police have launched an investigation into Google’s WiFiGate:

Crime reference number 2318672/10 was today issued by London’s Metropolitan Police, marking the commencement of investigations into Google for alleged criminal interception of Wireless communications content. Privacy International, which brought the complaint, has been briefed by police on the likely path the investigation will take.
Privacy International

Top news at the Met was Officers support Capital Clean Up:

POLICE OFFICERS from Hackney Central Safer Neighbourhoods team and Hackney Council’s Environmental team recently took part in McDonalds’ Capital Clean Up Campaign.

The event began in McDonalds in the Narroway, at the top of Mare Street, E8. Young people from Mossbourne Academy were given a talk about environmental issues and comprehensive look into how the council recycle.
Metropolitan Police

Now, I know we have a cockeyed view of privacy in this country (we give it away to Facebook but guard it through the Courts), but I really do believe there is something wrong here. Personally, I would prefer the law enforcement agents we pay to enforce the law to actually do that; and I would prefer the educational officers we pay to educate to do that. I’m really not keen on police officers telling us that they support McDonald’s, but not telling us they are investigating Google.

Categories: All, General Rants

PwC on security awareness; good advice but with a hidden danger

June 21, 2010 1 comment

PricewaterhouseCoopers LLP (PwC) has published a new report: Security awareness: Turning your people into your first line of defence. Our current strategy, says PwC,

has been very strongly biased to improving protection, reducing risks and mitigating issues by further investment in technology; solving what is perceived to be a technical issue with a technical solution.

But it clearly isn’t working since

Click the image to get the report...

PwC’s Security awareness: Turning your people into your first line of defence

financial losses due to cyber-crime continue to grow and despite major steps forward in technical defences such as anti-malware and authentication systems, credit card fraud and online fraud continue to increase and identity theft is an everyday occurrence.

So PwC starts to look elsewhere, and its eye falls on the user:

According to the Computer Security Institute’s Computer Crime and Security Survey as much as 25% of respondents said more than 60% of financial losses came from accidental breaches by insiders, not external hacks. The survey also identified that less than 1% of security budgets are allocated to awareness training.

This, then, is the solution:

What is required is a new approach in which an investment in understanding and influencing the behaviours of all those concerned is balanced against the continued investment in technology and processes…

…Your people are your first line of defence and with their full support, as part of a balanced programme of protective measures, you will be well placed to mitigate the information risks facing your organisation.

Well, you won’t get any argument here! See


This latter article adds an additional argument to PwC’s thesis:

It is not that security professionals cause break-ins, but there is little doubt in my mind that, by raising the bar, we are cultivating smarter, more sophisticated and more effective forms of attack. Much as the excessive and inappropriate use of antibiotics often results in more virulent drug-resistant microbes, so we are seeing the growth of highly-professional technically-brilliant attackers against systems that have been well protected against earlier malware.
C. Warren Axelrod

In other words, being reliant on technology for your security solutions is like chasing your own tail: you’ll just end up going faster and faster getting nowhere. Nevertheless, there is a hidden danger in PwC’s report. It is this: many security experts simply do not believe that it is possible to educate users sufficiently for them to behave securely. Consider this tweet from one of the world’s leading security researchers, Dancho Danchev:

Years ago, I was rock solid that the end user can become security-aware. Today, I think he has to be protected from himself.

But seriously. If you don’t believe that your users can regulate their own behaviour, what is left? You do it for them. You restrict them. You monitor them. You control them. You protect them from themselves.

You can justify this because they are your employees paid by you and working for your company. But just like the society that New Labour created all around us is a mirror of 1984, so this route will be 1984 writ small within your own organization. You may gain a little security but it will be at the cost of the staff sense of liberty and empowerment that leads to content, innovation, active involvement, happiness, and a low staff turnover. And it won’t really work; because you’ll be reverting to that very technological solution that hasn’t worked yet.

So the message you must take from the PwC report is exactly the one they suggest: empower your staff to behave securely; but never shackle them into it.

UPDATE (20 May 2015)
Edited to remove an image of Dancho Danchev at his request.

Panda: anti-virus, cloud and free

June 19, 2010 Leave a comment

On 3 June, Luis Corrons, the technical director at PandaLabs, blogged about Panda’s Cloud AntiVirus: a new version means that it is coming out of beta. The traditional route is ‘beta = free’ -> ‘full release = paid for’. But Panda has chosen a different route: Panda Cloud AntiVirus remains free. Instead, Panda has also released Cloud AntiVirus Pro, a paid-for version of the same antivirus, but with ‘VIP support’ and other tweaks to appeal to the commercial user.

All of this begs two questions, one technical and one commercial: does cloud-based anti-virus work; and is giving away your software a viable business model? I turned to Petter Lautin, Panda Security’s UK and Ireland managing director, for answers.

Petter Lautin, MD for UK and Ireland, Panda Security

Does cloud-based anti-virus work?
Panda developed its cloud strategy before Cloud became a buzzword. It was a solution to an IT problem rather than a marketing strategy. “The problem is the sheer size of the malware threat,” explains Petter. “We’re currently receiving 70,000 new malware samples every day; and it’s still growing, rapidly. The question is how can you handle numbers like this? You don’t have to be a skilled hacker to create and use viruses or even build botnets to spread them – I think the Mariposa botnet proves that.” (See A chat with Luis Corrons, technical director at PandaLabs for comments on Mariposa.)

“Back in 2006 we knew we would have to do something different,” he continued. “We created a system called Collective Intelligence, which is basically a server park full of terabytes of memory and hard disk space where we have now, I think, around 40 million classified malware samples — and growing.” But the concept wasn’t just another central sample depository: the idea was to develop an automated way of collecting, analysing and storing the malware. “It’s all automated – 97 to 98 percent of new samples will be dealt with automatically, and the signatures will be created automatically. It’s only the brand new malicious code, the top tiny percent, that our lab technicians will deal with manually – but it means that they can dedicate all of their time to that, and can very quickly come up with a contra attack or signature, and deal with it.” Other companies, that haven’t gone down this route, he points out, sometimes have to employ hundreds or even thousands of technicians, sometimes in low labour-cost countries, to do the same thing. “Then the whole cloud thing happened, and we realised, well, actually that’s what we’re already doing – we just don’t call it that. So we started to build our endpoint solutions, corporate as well as consumer, so that everyone could take advantage of Collective Intelligence through the internet instead of being dependent on having huge local signature files. We moved to the cloud before the cloud became a buzzword.”

OK. so that’s the signature database, and it’s ‘in the cloud’. But how does Cloud Antivirus work, and is it effective?

“Where you have traditional anti-virus,” explained Petter, “you install it on your computer, it will take megabytes of disk space and memory space – and then you have to install the signature definition file which is growing and growing and growing. It’s a huge footprint on both your disk and your RAM. And then, of course you have to update it. It’s all very intrusive. A lot of people still don’t bother, while others do it perhaps once a week when it should be done at least once every day. That’s a typical traditional solution.” Sound familiar?

“But with Cloud AntiVirus,” he continued, “all you have is the tiny memory footprint of a 15Mb signature file to protect you when you’re not online – and that will be constantly updated with the latest information when you are online. You get 15 megabytes of current threats rather than the 500Mb of historical threats with a traditional solution. In use, you don’t need to update it, that happens all the time automatically; and it has a minimal performance hit on your day-to-day computing.” Once Cloud AntiVirus is installed, only a new program or code is checked; firstly locally against the current active threat database and the local heuristics, and then, only if it fails these, is it sent to Collective Intelligence to be dealt with. “Cloud AntiVirus will look at the code locally. It will say, this is unknown – we need to know what it is; and it will send a tiny hash up to the cloud taking 125 kb, the same performance impact you get when you click on a URL. It will be dealt with by Collective Intelligence, which has something like 40 million malware samples sitting in the Cloud. It will come back with an immediate response and you have almost real-time protection. And if you are the lucky one to be the first to be attacked by something brand new, it will be quarantined by CAV on your laptop; it will be dealt with by Collective Intelligence in our Labs; and you’ll get an update within hours with a signature for that new threat. On top of this, all the other users of Collective Intelligence around the world – and we now have 10 million free CAV users – will immediately get the benefit of that new knowledge.”

In short, Cloud AntiVirus reduces the performance overhead on your own computer, eliminates the intrusiveness of continual signature updates, minimizes the zero-day period of zero-day threats, calls on the largest possible malware sample database, uses the herd intelligence of millions of other Panda users – and is free.

Free. What sort of business model is that?
“Two points,” says Petter. “Firstly, a Morgan Stanley survey in America has shown that 46% of consumers rely on free security software, and that’s expected to increase to nearer 60%. I’d be surprised if things in Europe are very different; so that’s a fact of life we can’t ignore. Secondly, believe it or not, there are many people out there who are still not using any anti-virus product at all. For them, this is a perfect way to start because it gives you the basic anti-malware protection that everyone needs to have. From there we can start to talk about what you should have rather than must have: a firewall, ID theft protection and all sorts of things on top of that. Which is what you get with our Internet Security Suite. So we have three reasons for doing it this way:

  • we’re building a brand – the more people we get using our free software, the more people know about us.
  • it’s also about the data collection for Collective Intelligence – we have 1000s of customers who pay for our protection. We want to ensure that they get the best detection rates possible. All the free users connected to Collective Intelligence enormously increase the value of Collective Intelligence. The more users we have, the more samples we get, the better the quality of the service – for all of our users.
  • yes, we also want capitalize commercially via Cloud AntiVirus Pro – but it is easier to convert a free user into a full paying customer than to sell Panda Pro to a brand new customer.

I’ve said it before, but I’ll say it again: I love the straight-talking, no bullshit, this is the way it is you get from Panda.

Cloud AntiVirus (free): download

Categories: All, Security Issues

Click here to encrypt the web!

June 18, 2010 Leave a comment

Today [well, yesterday] EFF and the Tor Project are launching a public beta of a new Firefox extension called HTTPS Everywhere.
Peter Eckersley, EFF

HTTPS Everywhere was inspired by Google’s encrypted search option.

If you're using Firefox, go ahead and do it!

We wanted a way to ensure that every search our browsers sent was encrypted. At the same time, we were also able to encrypt most or all of the browser’s communications with some other sites:

  • Google Search
  • Wikipedia
  • Twitter and
  • Facebook
  • EFF and Tor
  • Ixquick, DuckDuckGo, Scroogle and other small search engines
  • and lots more!

There is more work to be done – but this is such a good start. I’ve got mine already.

EFF blog entry

Categories: All, Blogs, Security Issues