About Us

The Immunet Blog is maintained by the Immunet team as a forum for discussing news and issues related to AntiVirus, security and cloud technology.

Search
Friday
May202011

MacDefender OSX Malware

Last week Joel Esler from the Sourcefire VRT published a blog post concerning the MacDefender OSX Malware over on the VRT blog. Similar to common PC scams, this "scamware" scares users into thinking that their machines have been infected and then captures credit card data. Joel provides great background on how this scamware works, what it does, and how users can protect against it.

Please check out the post on MacDefender and its variants for more information.

Tuesday
Mar222011

Top 5 Misconceptions about ClamAV

Millions of people manage ClamAV installations everyday, and the millions of users protected by those installations reap the benefits of its protection engines as their first line of defense against malware threats. ClamAV is deployed inside numerous global ISPs, national telcos, hosting providers, and is utilized by numerous AV gateway vendors like Barracuda and OS vendors like Apple. Without specifically counting all the installations, it’s a pretty easy guess that ClamAV probably has the largest email AV presence in the entire world. I’d even go as far as saying it’s the de-facto standard in gateway AV technology. The main reason for this, based on feedback, is that ClamAV is easy to deploy, works with just about all the MTAs (Sendmail, PostFix, etc), provides pretty darn good protection, is easy to customize, and it’s cheap, heck it’s free.

Whenever I talk to people about ClamAV I always hear the same thing - great mail gateway AV, easy to setup, easy to customize, and it just works. I also always hear the same misconceptions. I think the price of being an ubiquitous technology is people think you do one thing, do that thing really well, and whatever that thing is, you still do it the same way and never evolve. This always leads me to long conversations about things people just don’t know about ClamAV - its engine, the technology, and the people who build it.

The Top 5 Misconceptions about ClamAV:


  1. It’s only a Mail Gateway Scanner. ClamAV is actually a framework. At the core of that framework is what we call libClamAV, this is where all the actual detection happens. This library can be used anywhere that can link to it, so if any application wants to use the power of ClamAV and its detection capabilities the application just needs to link against it. The rest of the framework is all the supporting applications that ClamAV comes with for connecting and running ClamAV in different settings. For instance the ClamD service allows for fast full system and single file scans, clamscan allows for simple on-demand scans, ClamAV-Milter allows for simple integration with MTAs, and freshclam handles keeping everything up to date.

    This framework concept makes plugging ClamAV’s detection capabilities into any application really easy and is one of the main reasons ClamAV is used everywhere.

  2. It’s just a bunch of Open Source hippies writing code in their spare time. Sourcefire acquired ClamAV in 2007, and retained the entire ClamAV team, eventually the ClamAV team became part of the VRT. These guys are top notch, and do one hell of a job banging out code for ClamAV. The ClamAV feature set has not remained static. On the contrary, in 2010 alone these guys cranked out 6 feature-packed releases, adding tons of new detection features, optimizations, and signature language improvements. On the release front, to put it in context, commercial AV products in the enterprise space get released once every 1 - 2 years.

    On top of that we crank though 100s of thousands of new malware samples every day with our automated sandboxes and malware evaluation systems. If you think ClamAV is just an Open Source project, without the same type of systems, data feeds, and technologies in the back office that other AV vendors have, you’d be grossly underestimating our capabilities.

    Additionally, the VRT is well known for kicking ass, taking names, and chewing bubble gum in 3rd party validation tests like NSS (where we have consistently come out on top). This industry excellence isn’t limited to Sourcefire’s IPS.

  3. ClamAV only has a simple content based signature language. The ClamAV detection engine is multi faceted - heuristics, support for numerous archivers (Zip,Rar,OLE,etc,etc), tons of unpacking support (UPX, PeTite, NSPack, etc), and several different content inspection engines. These content inspection engines range from the simplistic (basic hashing signatures), to the extremely complex (ByteCode engine). In the middle are numerous content matching signature types that support everything you would expect from wildcards, character sets, Boolean logic, and negation. Support for PDF files, Javascript, and HTML files is also included in the engine, along with Mach-O binary support for all the shiny Apple devices out there. With all that support the ClamAV detection engine has everything necessary to detect today’s malware threats, exploits, adware, Trojans, spyware, keyloggers, and much more.

    Sometimes detecting those threats requires some real heavy lifting. If that’s the case, the ByteCode engine allows a signature writer to do just about anything they can imagine. Need to implement a quick unpacker for that new piece of malware? Easy. Need to implement a new archiver to unpack something unique? Trivial. Have to do something complex with PDF files? No problem.

    The other great thing about ClamAV is that the signature language is open, easy to use, and anyone can add new signatures to their ClamAV installs. If you’ve got something you need to do, and you need to do it now, cause your boss told you to, or the world is ending, it’s pretty darn simple to write your own signatures and add them to your setup.

    Also we’ve got some pretty aggressive new features heading out for 0.98 later this year. More on those in the next blog post.

  4. ClamAV only runs on Unix. ClamAV has traditionally supported just about every Unix variant on the planet, but as a fully integrated engine in Immunet Protect 3.0 (http://www.immunet.com/), we’ve moved to officially supporting Windows. If you’d like to learn a bit more about Immunet and ClamAV on Windows check out the other posts on the ClamAV blog here.

    Immunet Protect adds some additional detection capabilities on Windows platforms including but not limited to:
    1. Real-Time cloud based protections - No need to download AV updates when running Cloud only protection mode.
    2. Advanced Machine-Learning detection capabilities.
    3. Community based protections - Share protection with other members of your Immunet community.

  5. ClamAV just can’t be as good as a commercial AV engine, it’s Open Source. This perception doesn’t surprise me anymore, it’s something we’ve had to deal with since the early days of Snort. There are still a lot people out there that truly believe if it’s a commercial product it’s better than an Open Source product. Normally, this is where the Open Source guys trot out the hundreds of examples of solid Open Source software that have proven they are as good, or better, than commercial offerings. Let's just start with DNS, just about every look up for any Internet request, such as a website, starts out with a DNS query, and those DNS queries are predominately answered by BIND, a solid Open Source Nameserver. Then it’s pretty easy to say MySQL or PostgreSQL run a large portion of your favorite Internet destinations. This list could probably go on for hundreds of paragraphs, just naming all the really excellent Open Source tools that compete for market share with commercial offerings every day.

    At the end of the day, though, it’s really not about market share. When you try and compare commercial and Open Source solutions, it’s about effectiveness in solving the problem you, the end user, have. To draw a corollary with Snort, it’s all about detection of the latest network threats. If Snort doesn’t do this correctly, it definitely won’t solve the problem people are expecting it to solve. The only real way to get a handle around this is third-party testing and evaluation, and Snort has done exceptionally well in this area, earning honors for best overall detection at NSS two years running, and certified by ICSALabs in their IPS testing methodology.

    When it comes to third-party evaluation of ClamAV, there are a couple of tests to look at. MRG did a third-party evaluation of Immunet Protect (uses ClamAV as one of its engines) where it outscored 15 other leading AV vendors and was the ONLY product that had a 100% detection rate. Additionally, ShadowServer does daily evaluations of numerous AV technologies; while ClamAV doesn’t come in number one, we do beat out numerous commercial AVs on a daily and yearly basis. Here are the stats for the last year: http://www.shadowserver.org/wiki/pmwiki.php/Stats/VirusYearlyStats.
I always find that after going over the above, people have a new outlook on what ClamAV does, how it works, and what it’s capable of doing. In addition, I always find it interesting that lots of people just don’t know that ClamAV is developed by Sourcefire, and that the ClamAV engine, signatures, and infrastructure are all part of the VRT. I guess that is the problem with technology that “just works,” if it is “just working” then people just keep running it, and don’t spend much time thinking about it. Just like no one ever thinks about all the technology in the power grid, because when you flip the light switch it “just works.” The VRT will try our best to keep it that way for the millions of people the ClamAV technology protects, because “just works” is a pretty excellent label in my opinion. Hopefully, now that you’ve read this article, when you think about “just works” you’ll also think about how ClamAV is way more than just a simple AV mail gateway scanner.
Tuesday
Mar152011

And the Winner is…Drum Roll, please…Marc Allard

First let me thank everyone who participated in our Collective Immunity Contest! We launched the contest on January 12 to promote the value of friends, family and neighbors banding together to protect their PCs from Internet-born viruses and other malware. 

This contest garnered international participation and I’m happy to report that our winner hales from Canada! Ottawa-resident Marc Allard has won 50 one-year subscriptions of Immunet Protect Plus to share with his Personal Online Community and $100 cash reward to line his own pocket.

Congratulations, Marc!

We asked Marc about his impressions of Immunet’s Collective Immunity™ initiative. Here’s what he told us:

“I’ve been the victim of virus attacks in the past and, so far, I just love the service Immunet provides. I’m very excited to be able to offer free upgrades of the paid version to all of my friends, because I really do believe that the secret to fighting PC viruses is to group our efforts.”

Clearly, Marc and Immunet think alike when it comes to PC protection.

Immunet’s Collective Immunity™ technology uses the power of the Internet (the “Cloud”) to create a network protection effect that keeps your PC and the computers of your friends and family safe online from more than 21 million Internet-based threats. When Immunet detects a threat, everyone in the Immunet Community is immediately protected, simply by having Immunet installed.  Each time a virus is blocked on one computer in the Immunet Community ALL other computers are instantly protected from the same virus, increasing the speed and level of virus protection with each new member.  This collaborative approach uses “strength in numbers” that grows smarter with each new community member.  Contrast this to traditional anti-virus software that requires the latest download of anti-virus signatures, which can take days to become available after the threat appears.

Over One Million People Depend on Immunet Protect:  It’s Lightweight, Fast and Compatible with Other Security Software

Immunet Protect Free is today’s most innovative cloud-based anti-viral software for protecting your PC and social network against cyber threats from around the world. Within seconds of downloading it, you gain the protection produced by every other PC in the Immunet Community around the world—now over a million strong, including Vatican City. Even CNET is singing its praises, giving it at 4.5 star rating (out of 5) and saying it provides “…an extra dose of peace of mind” in a June 2010 review.  Immunet Protect is up to 35 times lighter than traditional antivirus solutions, which take up between 100 and 350 megabytes of disk space and causes performance slowdowns. In contrast, Immunet Protect uses only 10 megabytes of space, to keep PCs running at optimal speeds.

Immunet Protect Plus provides everything that Immunet Protect Free provides, plus a host of advanced antivirus capabilities, including enhanced virus removal, the ability to schedule virus scans, offline scanning that protects PCs even when they’re disconnected from the Internet, and more for just $19.95.

Once again, Marc, thanks for taking the Immunet PC Anti-Virus Community Challenge. We’re sure your friends will be thanking you, too!

Friday
Mar112011

How to create custom signatures for Immunet 3.0, powered by ClamAV

Immunet 3.0 is Sourcefire’s new cloud-based desktop anti-malware solution for Microsoft Windows. For best performance, an Internet connection is recommended. Additionally, Immunet 3.0 is powered by ClamAV, which allows users to stay protected even when not connected to the Immunet cloud. ClamAV built its reputation over the years on the UNIX platform as being a robust and capable enterprise-level anti-malware solution, which allows the advanced user to create their own signatures to complement the ones supplied and updated several times a day by Sourcefire. Why is being able to use your custom signatures a great feature? Well, it’s because you can make your anti-malware program look for threats that you are the first to see or that you will be the only one to see (e.g. Advanced Persistent Threats, or APT). Or, you could have found that an older version of a proprietary program that's running on your network is vulnerable and you want to make sure that users only run the latest version. Writing a custom signature that targets the older program, can help you enforce that policy. Here's how to get started on writing your own custom ClamAV signatures for Immunet 3.0. Download the ClamAV command-line Signature Tool, sigtool (MD5:838f6b4ea87199b86f04e9efb96241c3). Now let’s say that test.exe is the file you want to create a signature for. To create a signature that will match only that file, use the --md5 option of sigtool (in this example, I am redirecting the output from sigtool into a file with a .hdb extension):

sigtool --md5
Pic.1: Signature using full MD5 hash of file.

Now, in this case the signature will match on only one file. You may want to write something that matches on multitple files. For example, in the case of executable files you may want to write a signature that will match a particular PE-section, and all files that have the same PE-section. To do so, break up your executable into its different PE-sections either manually or by using tools, identify the one you want to write a signature for (typically the sections are labelled .text, .rdata, .data, .idata, etc..) and use the --mdb option of sigtool (in this example I am redirecting the output from sigtool into a file with a .mdb extension):

sigtool --mdb
Pic.2: Signature using the hash of the PE-section of an executable.

Another way to have ClamAV detect a file is to base your signature on a hexadecimal fragment contained within the body of the file. Let's say you have a text file that contains the text I look like a benign file but actually I am a bad script and I will pwn your machine, if you don't pay attention. We decide that our detection will be based on detecting the phrase I am a bad script in any text files. To write a signature, we can start by echoing I am a bad script into sigtool --hex-dump (this time I'm not redirecting output into a file just yet):


Pic.3: Signature using the a hex fragment of a file.

Then I'm going to create a signature that has the format Name:TargetType:Offset:HexSignature and redirect it to a file with a .ndb extension, like I did at the end of the example above. You'll notice that I did not include the line break 0d0a in the hex signature. For more in-depth information on how to create signatures, check out the documentation on Creating Signatures for ClamAV. There is also a webcast on the topic as well as a blog entry on how to create logical signatures for ClamAV. Well, all that is good and I've created signatures, how do I load them into Immunet 3.0? You may very well ask. First things first: Make sure that the ClamAV detection engine is turned on. Open Immunet 3.0, select “Settings” and switch the ClamAV “on”. Click on “Apply”.


Pic.4: Making sure that the ClamAV engine is turned on.

Optional (but highly recommended): Back in the main pane, click on “Update Now” to download the latest official ClamAV signatures.


Pic.5: "Update Now" to get the latest official ClamAV signatures.

Next, launch SigUI from Start->All Programs->Immunet 3.0->Custom Signature Tool.


Pic.6: SigUI's interface.

SigUI is a graphical user interface used to configure a back-end tool called Freshclam, which is used to download ClamAV signatures. Under the "Updater configuration”tab, you can enter proxy settings if you access the Internet using a proxy. To ensure that the settings have been entered properly, click on "Run freshclam to test configuration". Upon successfully accessing the Internet, Freshclam will exit without error (“Freshclam exited with code: 0”) (see Pic. 7):


Pic.7: Freshclam running.

Next, from the pull-down menu "Download Official Signatures from mirror", select where you want to download official ClamAV signatures from. By default, official signatures will be fetched from db.local.clamav.net. Although this works well most of the time, you may get better performance by using a server closer to your location. Mirrors are in the form db.XY.clamav.net, where XY is a two-letter country code. Alternatively, you can manually enter a hostname, such as your own server if that is where you are hosting the official ClamAV signatures. This completes the configuration for the automatic retrieval of official signatures. To deploy your own signatures (or signatures provided by third-parties), you can either: - specify their full URI (URL or UNC path) under Custom signatures URLs (see Pic. 6). The signatures can be in any format that ClamAV understands - add the signatures file(s) under the "Local signature management tab" (see Pic. 8). At that point the signature aren’t yet installed. You must click on Verify and Install signatures to test the new signatures (see Pic. 9). The ones that pass verification will be installed and ClamAV will load them at the next database update


Pic.8: SigUI's "Local signature management" tab



Pic.9: Signatures installed after verification

Your custom signatures will be copied to the ClamAV signatures folder and loaded the next time the system is idle. Voila! You now know how to write and deploy your own ClamAV signatures. You can also load third-party signatures written in the a format that ClamAV understands the same way you would your custom signatures. Again, you don't have to write your own signatures, but you can if you want and that is a powerful feature at your disposal. Feel free to contribute your signatures to our online forum. Feel free to post your questions to our mailing list. Additionally, you will find someone to answer your questions in the IRC chat room #clamav on irc.freenode.net.
Monday
Feb072011

Version 3.0 - The next step in Anti-Malware protection.

 

Introduction to 3.0

On February 9th we will be releasing our version 3.0 with some notable changes and improvements.

Before I detail what's new from a feature perspective I should also note that we are changing the name of the product with this release, the new name is going to be Immunet 3.0 - Powered by ClamAV. The new product will look like this screenshot here:

 

In addition to our name change, you will also note a change in the icon we use in your tray. The new icon is the 'star burst' in white and blue, it should like like this in your tray:

 

The name change is the result of the acquisition of Immunet Corp by Sourcefire Inc. This acquisition has brought both the Immunet and ClamAV teams under the same roof to deliver our 3.0 release and future products.

New Features

Our 3.0 release was primarily intended to sharpen our focus on malware detection and to provide comprehensive protection to users who are not always connected to the cloud. Some of the features we have added are cutting edge and allow both advanced and basic users of our software to benefit from much higher detection rates. Our new features are detailed below.

Complete Offline Protection

The 3.0 release will now ship with an 'Offline' engine. This engine (which is ClamAV .97) once enabled will automatically pull down our latest detection sets and allow for complete detection coverage, even when you are not connected to the Internet. We are creating detections for 'hot' threats, prevalent on the net, so that you will be protected from current 'in the wild' threats and their variants. With our Offline protection we now also have several complex engines for detection native to the desktop and have support for file formats such as .DOC, .XLS, HTML etc. as well as strong unpacking support.

If you are installing fresh, you will have the option to install this engine turned 'On' by default. If you are upgrading from ClamAV for Windows this engine will be turned off be default. The screenshot here shows how to enable it from the 'Settings' feature on the front the User Interface.

 

 

Cloud Recall

One of the advantages of a Cloud model for hunting and identifying threats is that we are able to retain and analyze vast amounts of data about what our community is seeing at any given time. Unlike traditional Anti-Virus, or even other Cloud Anti-Virus we constantly reconsider all the data we see or have seen in our community. This allows us to evaluate every decision we have made about a file in our community and see if we still agree with that decision as time advances. If we find that our position has changed about the security of a file in our community because of new information on that file we can now seamlessly act on it. To put this in practical terms if you look up a file today and we do not know it's malicious yet and tonight or tomorrow we discover it is malicious we will alert your system to find the file and remove it, all without you needing to download a single definition update. This 'Cloud Recall' ensures that your security is advanced with every new piece of information we become aware of. You will always know as much as we do, when we do.

Custom Signature Creation

Something which has been missing in modern Windows Anti-Virus products is a feature which allows advanced users to craft and deploy their own signatures or detection capabilities. With 3.0 we now offer the first Windows Anti-Virus product which allows our users to write their own detections with our engines just as we would.

Users can now hunt threats (or Advanced Persistent Threats if you like) by creating signatures which range from simplistic (straight MD5 matches) to complex (logically chained expressive signatures w/ offset support and wild carding). Signature management is done with the new SigUI tool which is available in Start -> All Programs -> Immunet 3.0 and looks like this:

 

Documentation for the SigUI may be found here and our manual for creation of signatures can be found here. We encourage you to write your signatures and post them to our online Forum.

All in and all this represents the most ambitious release we have ever done. The beta program for this version has been full of very positive feedback and we are excited by it's general release.

If you have any feedback about this release or questions, please do not hesitate to email me at ahuger @ sourcefire.com .

 
Wednesday
Feb022011

Immunet Protect now offered in Google Pack

We are really excited to announce that Google started including Immunet Protect as part of Google Pack suite of essential software. What is Google Pack? From their web site:

"Google Pack is a free collection of essential software from Google and other companies. The software in the Google Pack helps you browse the web faster, remove spyware and viruses, organize your photos, and more."

We like to think that Immunet Protect will  be a good new addition to Google Pack. Our cloud and community-based approach to protecting PCs against modern malware attacks is very much in sync with Google's approach to making the internet easier to use.

You can find us in Google Pack at:

http://pack.google.com/intl/en/pack_installer.html

Wednesday
Jan122011

Friends, Family, Neighbors Unite to Fight Digital Virus Pandemic!

Here at Immunet we think a lot about how to protect people against the potential harm to cherished digital photos, memories and personal information stored on PCs belonging to the more than 750,000 moms, dads, kids and other Immunet community members worldwide. Because of this, Immunet Protect is designed to work most effectively with the way in which you interact with your friends, family and others on the Internet. Our approach, called Collective Immunity™, uses the information about a person’s community and the viruses that their community is exposed to in order to provide better protection for that community.  What this means is, your protection against viruses is better the more people that you interact with who are also protected by Immunet Protect.

And to drive home the point we’re sponsoring a Collective Immunity Contest aimed at getting you and your entire Personal Online Community—your neighbors, friends and family members—to band together to protect your PCs with Immunet Protect Free. Think of it in the same way as when your neighbors, school and community work together to prevent a dangerous illness from spreading. Immunet is the inoculation your digital community needs to stop the pandemic of millions of viruses and other nasty stuff infecting the Cloud, poised to strike vulnerable PCs everywhere!

Here’s how it works:

All you have to do is download Immunet Protect Free at http://get.immunet.com and then ask everyone in your personal online community—that’s everyone you Facebook with, Twitter with, email to or chat with—to download it too. During installation of Immunet Protect Free, there is a prompt to Share via Facebook. To enter the contest, select this option and add your name at the beginning of the pre-populated text in the dialog window to be entered instantly into the contest to ….wait for it…

Win up to 50 one-year subscriptions of Immunet Protect Plus …and a $100 cash award.

…for you and your friends. Think of it as a collective online community effort to achieve Collective Immunity! The winner will be announced March 2, 2011 on the Immunet website.

What is Collective Immunity™ and how does it protect PCs better, you ask?

Both are reasonable questions. Let me go back a few years to explain. Remember when desktop computers were mainly used for doing work and using them to communicate was largely limited to sending an email? The web was around but you didn’t spend a lot of time there. In those days, hackers—mainly smart, misguided kids—could wreak havoc on PCs and business networks by attaching a virus to a bogus email. Entire hard drives could be wiped out and networks taken out for hours or days just by opening one of these attachments.

The industry responded, in part, by developing anti-virus software that you installed on your hard drive. Every so often the anti-virus vendor would issue updates with protection for new viruses and other threats like worms and Trojans. That strategy still works, but not quite as well as it used to.

Here’s why:

We’re spending a whole lot more time on the Internet and it’s grown to be huge. We use it as a primary way to keep in touch with our family and friends. We Facebook. We Twitter. We blog. We instant message. Our parents, grandparents and children are doing it too. We shop online. We play games online. And we entertain ourselves online watching Internet TV and movies or YouTube.

All of this is not lost on the cyberpunks who have now grown into full-blown cyber criminals. What used to be pranks have turned into criminal acts aimed at stealing credit card numbers and identities. In other words, it’s big business. These guys are smart and they’re fast at adapting their malicious code to wreak the most havoc. Waiting days for your anti-virus vendor to develop and package new anti-virus signatures can be too late. These threats strike quickly and can mutate before you receive protection.

That’s why you need “real-time” protection to keep your PC safe. That’s what Immunet’s Collective Immunity is all about.

Unlike traditional antivirus products, which reside on PC hard drives, and take between one and 14 days to gather, analyze and deliver updates—often after the threat has mutated, Immunet identifies viruses in real-time and continually delivers antivirus protection via an Internet connection to its community of Immunet Protect users as soon as they’re identified.

Immunet’s Collective Immunity™ technology uses the power of the Internet (the “Cloud”) to create a network protection effect that keeps your PC and the computers of your friends and family safe online from more than 18 million Internet-based threats. Each time a virus is blocked on one computer in the Immunet Community ALL other computers are instantly protected from the same virus, increasing the speed and level of virus protection with each new member. This collaborative approach uses “strength in numbers” that grows smarter with each new community member.

Immunet protects your PC and the PCs of your personal online community — your friends, family and neighbors, who also happen to be the most likely sources of a virus infection. When Immunet detects a threat, everyone in the Immunet Community is immediately protected, simply by having Immunet installed. Contrast this to traditional anti-virus software that requires the latest download of anti-virus signatures, which can take days to become available after the threat appears.

Three-Quarters of a Million People Depend on Immunet Protect:  It’s Lightweight, Fast and Compatible with Other Security Software

Immunet Protect Free is today’s most innovative cloud-based anti-viral software for protecting your PC and social network against cyber threats from around the world. Within seconds of downloading it, you gain the protection produced by every other PC in the Immunet Community around the world—now nearly 750,000 strong, including Vatican City. Even CNET is singing its praises, giving it at 4.5 star rating (out of 5) and saying it provides “…an extra dose of peace of mind” in a June 2010 review.  Immunet Protect is up to 35 times lighter than traditional antivirus solutions, which take up between 100 and 350 megabytes of disk space and causes performance slowdowns. In contrast, Immunet Protect uses only 10 megabytes of space, to keep PCs running at optimal speeds.

Immunet Protect Plus provides everything that Immunet Protect Free provides, plus a host of advanced antivirus capabilities, including enhanced virus removal, the ability to schedule virus scans, offline scanning that protects PCs even when they’re disconnected from the Internet, and more for just $19.95.

Win Protection for Your Personal Online Community — Take the Immunet PC Anti-Virus Community Challenge Today

Wednesday
Jan052011

Immunet Acquired by Sourcefire

As we ring in the New Year, I’m also very happy to announce that Immunet begins an entirely new and exciting stage in our company and product’s life.

Immunet has been acquired by Sourcefire, Inc.  (NASDAQ: FIRE). While this event means that Immunet as a separate company no longer exists, the heart and soul of our great product will endure and continue to grow as a very important and well supported group within Sourcefire.

Over the past 2½ years the team here at Immunet has built an amazing cloud platform to deliver next generation security technologies and raise the bar for AntiVirus protection.  As a result, we’ve built a product that is 35 times smaller than our nearest competitor using an entirely new approach to fight today’s rapidly spreading threats – our Collective Immunity™ technology.  After growing to over 750,000 users in just over a year, we have reached a stage in our company’s life where we needed to put our pedal on the gas and spread Immunet to the entire world.

We're taking a huge step forward today in accelerating our technology, and expanding our market by becoming a part of Sourcefire.  Sourcefire allows us to continue developing our technology as we do now, with a large amount of autonomy, but also exposes us to millions of users who already rely on their products today.  Sourcefire is a great match for us from a technological, cultural, and philosophical standpoint - that was one of the reasons why this acquisition made so much sense. They are a well-respected company with deep roots in security solid products such as Snort, the most well known network Intrusion Prevention System on the market today.

The next year will be very exciting – Sourcefire is committed to fully supporting Immunet products moving forward (Immunet Protect Free and Immunet Protect Plus), and we, as the newly formed Cloud Technology Group, within Sourcefire will be there to do it.  We’ll be the same team, just in a larger company.

We’ll continue to do everything that we can to make Immunet the best AntiVirus product on the market and to make the Internet a safer place.  Our relationship with you, our community members, will not change.  Thanks to all of you who have supported us to date. Your recommendations, concerns, and bug reports have really allowed us to reach this next stage.

Tuesday
Dec142010

More tips for safe online shopping from Comcast

Jay Opperman, Senior Director of Security and Privacy at Comcast offers some tips for safe online shopping  that I have summarized below.  The link to Jay's post is:

http://blog.comcast.com/2010/12/tis-the-season-to-shop-safely.html

Tip 1: Use anti-virus and anti-phishing software and tools -- Install active and up-to-date reputable anti-virus software on all computers to detect and remove viruses and keyloggers that can steal your identity when using credit cards or banking online. Make sure to also install anti-phishing software to ensure you don't get tricked by these kinds of online scams. Some Internet Service Providers, like Comcast, provide free anti-virus software...

Tip 2: "S" means "secure" -- When shopping on the Web, be sure you see "HTTPS://" (the "S" stands for "secure") at the beginning of the URL for any site where you plan to enter financial information. Look for a lock or a similar icon in the browser indicating that you are connected to a secure site.

Tip 3: Secure your wireless network -- It's important to secure access to home or personal networks with a password to make sure that others cannot access any personal information by hopping on to your wireless network. Remember, strong passwords have eight or more characters that combine numbers, symbols and letters.

Tip 4: Be careful on what you click -- If you receive an unsolicited commercial e-mail, do not open any attached file whose name ends in ".exe." Clicking on such files could activate a virus that could infect your computer. In addition, don't click on links in e-mails for online retailers instead type the URL directly into your browser.

Tip 5: Above all, be skeptical -- If an online offer seems too good to be true, it could be a scam which is why you should shop from the online retailers that your trust.

Wednesday
Dec082010

Shopping Safely Online - Cyber Security Tip ST07-001

This tip was just published on the US Computer Emergency Readiness Team web site just in time for the holiday shopping season.  This year is shaping up to be a record year for ecommerce so the advice is even more important than ever.  

Many of the tips, including "Use and maintain anti-virus software..."  are things we know, but a it's a good idea to refresh our memory.

"Online shopping has become a popular way to purchase items without the hassles of traffic and crowds. However, the internet has unique risks, so it is important to take steps to protect yourself when shopping online."

Read the full article with all the tips here:

http://www.us-cert.gov/cas/tips/ST07-001.html