Wednesday, December 30, 2009

Microsoft's free antivirus application


when it comes to PC Security with all the over blowing virus stories it is hard to feel safe online. Security is still not a significant concern for majority of online users. An average/normal user will find no time to worry about the firewall checklist , outbound rules, security updates at every time he get to use his computer. And more over humans are more prone to mistakes by clicking the bad links, downloading an unknown files and executing it without scanning it, getting malware from other computer with pen drive, and example can be many to say.
[ad#Google Adsense-1 Add Links]
So it's no harm to learn about various options that we have in-order to choose a best antivirus software for our need also having an extra layer of protection isn't completely pointless. Along with PC tools firewall +, Online armor, PC spyware doctor, Comodo Internet security there is another antivirus application from Microsoft and its completely free!! Yeah its a good news for Microsoft lovers. Microsoft has released their Security Essentials pack that has advantages in the landscape of antivirus software. It provides free protection against viruses, spyware and other malware without compensating the system performance like many other firewall applications does. When it comes to speed and routines, installing or running Microsoft's security essential shows very small disruptions. Even when i tried to download some virus, it immediately identified and blocked them from causing harm.  So its worth trying,  give it a go and feel free to pass your comments if you need more info on how to install them or bugs to report

Microsoft security Essential pack review 

Given said few positives about Microsoft security essentials, its time to decide whether uninstall our other antivirus program that we are currently running or not.  Because it will ask you at the time of installation. But its a quiet simple installation process . Have a look at this video and have your say.
[ad#Google Adsense Horizondal banner 468-60]

Tuesday, December 29, 2009

Instapper, a very usefull iphone application!!


Do you ever had a situation when are you well into a  blog or lengthy article but find no time to read when you first found them? Instapper is a cool Application that serves the purpose. Simply download the application to your iphone, add a bookmark to your browser's toolbar on your PC, mac or Linux  and when you see an article that you would want to read later , select the bookmark and Instapper will save the web page. Do not forget to sync your application while you have internet access.
You will find this application very useful when on a plane, driving through an area with limited or no data connection or on the subway you still be able to read the article.
Just log on to instapper and create a account to get it running. You can also customize your setting with amazon kindle gadget and enjoy reading.

Monday, December 28, 2009

Browser Security - 2


In my last review i have posted some basics in choosing the right web browser for use. But web security threats are more than just choosing the right browser, so in here we will see the next step in safe browsing. Current day threats are very dangerous, simple mistakes like as one visit to malware site or clicking a loaded shareware to install can affect your computer performance and usage.  Some of the consequences are like annoying pop-up screens with advertisements, your browsers home page will be changed, default search engine will be altered. Some time the intruders who hacked your computer will blackmail you for money or personal gain  or even worse of stealing your money from bank account could happen. Having  an antivirus installed is not enough with the amount of virus and spyware it is very hard for firewall vendors to keep in time. Ofcorse, there are few free firewall vendors like PC tool, Avast, Avira, Comodo internet security, Online Armour to provide free version of their internet security tools suites,  anti-spyware tool and firewalls  to ed. But it is necessary  to learn different approach to overcome these threats.
[ad#Google Adsense Square 250 250]

Sanboxing:

In computer security world, sandboing is a mechanism used to separate running programs. Using it for tasks like executing untested code, running untrusted programs from unverified third parties and untrusted users. Given that open source and distributed computing getting more popular, sandbox concept will be very useful mode of protection from unwanted hacking. Sand box typically provides tight control over the untrusted program even if anything goes wrong the impact will not affecting your computer or its resources.
To get a sand boxed environment we can use a free program called Sandboxie which is available for windows OS later than Win 2000. Downloading this piece of software creates a sandbox like environment on your PC. Startup is just like normal other browser other than the inconvenient nag screen that pops until the application opens.  Browsing inside Sandboxie gives you greatest protection by isolating the browser from portions like your OS, hard drive, memory locations, altering registries, OS sessions. So what ever browsing or downloading you do will be within the box and will not affect your PC. Upon downloading and saving a file, Sandboxing comes with an option asking whether to save it permanently or not. Better option will be to add your default downloads folder to the Quick recovery settings so all files saved there will automatically saved in your hard drive which avoids you manually copying the files into real hard drive.
Say for instance if you have downloaded a virus or Trojan by mistake, you close the browser and right-click to delete all its files and processes by doing so will get your PC back to normal state as it was before starting the session. Latest version comes with advanced option like in-depth defense, blocking access to your personal files, allowing us to choose what program to run and not. Some other advanced features also helps us protecting from Key-loggers. Overall it protects us from viruses, Trojan software, ad-ware, spyware and other malware that could infect your PC from web (internet).

Online Armour:

To Make browsing more safer there is another option available from a company called Online Armor and they give us free firewall protection as well us an option called "Run Safer".  Run Saver works with privileges. All files, process and programs running in OS will have at-least two level of permission one with read only access and second as full access ( read, write, change). Users with admin login credentials will typically bound to have full access and users with normal login credentials will  have low-level access so that they cannot make any harm. Typical home users will use his admin log on for all day-to-day tasks he do in his/her machine as it convenient. But it is not safer to do so- if a dangerous program happen to get into your computer it will be also convenient for the virus/trojan/malware to crash or take control of your computer.
Online Armor's run safer option helps protect against this by automatically "stepping down the rights" that your web browser or any other program you run has to a limited user. You may claim any one can do this but the tool does it with transparency. This way you can make your web browsing  more safer.

PC Tool Firewall +

PC tool Firewall plus a very useful personal firewall that provides Host based intrusion Prevention system (HIPS) through enhanced security mechanism. It relies on list of programs and attempts check for valid digital signatures and alerts the users if it identifies any possible malicious behavior. It gives us protection as its commercial equivalent does in regards with performance. Simple installation and very user friendly in its default settings and produce fewer popups for common tasks. Some key highlights are
  • Hides your PC from Internet hackers.
  • Fine-grained control over inbound and outbound traffic.
  • Easy to use. Designed for both novice and expert users.
  • No interruptions when playing full-screen games.
  • Optional password protection for rules and settings.
  • Best of all it’s FREE. No catches, limitations or time-limits.
Additional features include "full screen mode, mode to suppress all alerts, password protection, automatic updates. For detailed list of its more features click here . So over all its a free good firewall option for home users. Paid version gives enhanced features for 49 dollars which is relatively cheaper than its costly counterparts.

PC Tool's Spyware Doctor:

PC tool's Spyware doctor with antivirus which is again an awesome tool to keep you away from infections. This is more corrective measure while earlier discussed options were more preventive methods. I own McAfee paid version installed in my computer but when my computer slows with adware and spyware infections its spyware doctor who rescued my brainfold (my PC). It's full scan almost detects and destroys all unwanted virus, Trojans, ad-wares and spyware in its best and quick possible way.  I will strongly recommend you to try installing the spyware doctor from PC tool, compare the scan with your paid protection and find the difference yourself.
Conclusion: In this post i discussed some intermediate level techniques in keeping home computer safer from exploits (attacks). Our first option is to have a sand box software installed and if you are not sure about what you are downloading try downloading it with sand box browser. Second option is also preventive option by turning safer run option ON (Online Armour) which avoid any harm to our computer by maintaining least privilege. PC tools firewall and spyware doctor are preventive and corrective measures respectively to combat from virus, Trojans, Ad-ware and Spyware infections. I hope this post is informative for home users .  Thank you again for your time if you need any further clarification or assistance in selecting any above mentioned methods please comment i will get back to you.

Avatar search, beware of spam


When  i Google to know more about avatar i came across this spam which after a single click delivered some adware and spyware into my computer. When i tried running windows defender it came up with zero infection. Thankfully i had installed free version of PC tools Spyware doctor while ran a scan it discovered 39 fixes that needed my attention just by clicking the site once. Further information about the spam is as follows

If you google with avatar review as search term you will find it in top 5 results and it comes under name Jamaica observer with 2510 related.
I am not dared to try clicking again in my primary machine, but certainly will try it with sandbox and discover further. At this stage I am not certain about typing this site as spam or not, but just a caution to make viewers aware before it causes any harm.

For general audience, in future to avoid such spams from website i would recommend trying McAfee's free site advisor and openning any new page with their advice or try no-script if you using Firefox. Microsoft site advisors image:

Saturday, December 19, 2009


Open source

Open source is a development method and the creative practice of appropriation and free sharing of information/invention.  This method enhances the power of distributed or autonomous behavior.  This way improves the transparency and promises better quality, flexibility, reliability, and availability. Good part is our standards body are maintaining this open source concepts for good of the community. This way makes any one can be a developer, reviewer or even a hacker (both in better and bitter way).
There are numerous open source projects like source-forge, open office, Linux, Ubuntu, ruby and many others available to us and wonder how many of us know about their existence and value they bring in comparison to their costly counterparts.  It became my interest to explore open source ad make reader aware of it.  Thus i am going to use this space in my page to talk about the source projects, their benefits and unique features they bring along ...

Open source web
In general Open source software is whose source code is freely published and made available to any one and they can choose to edit, discover something new or even redistribute it without paying royalties.  Though said, it is not an easy task , it requires dedication ,involvement and community cooperation.  Few of those open source products are:
  • Linux:  Open source operating system based on Unix
  • Apache:  HTTP web server
  • MySQL: Most popular open source database.
  • Tomcat: provides pure java HTTP web server environment for Java code to run.
  • Eclipse: Open source software framework for rich client applications.
  • Mozilla Firefox: Worthy IE competent with rich plugins and customizable browser.
  • Ruby on Rail: Full stacked, web application framework optimized for building and publishing application for free.
  • Open Office.org:  Very useful MS office counterpart with built-in word, spreadsheet, power point and many..
  • MediaWiki: Knowledge base and the software that runs Wikipedia
  • Drupal/Joomla: Open source content management systems
  • Coffee Cup: Very useful HTML/CSS editor and website content developer.
  • PHP/Perl/Java: Handy scripting or programming languages that available for anyone to learn and master.
  • GIMP: Logo, website design and theme creator
Note: Majority of discussion will be around computing and internet technology oriented products..

Funny open source conversation
funny open source conversation

[ad#Google Adsense Horizondal banner 468-60]

Thursday, December 17, 2009

Browser Security 1


Web browsers:

Web browsers are software applications operate between your computer and web server. Computer browser contacts web server and requests information or resources, web server then locates the web page and send the information to the web browsers located in our computer. There are various sorts of information like applications, programs, animations and similar materials created with programming languages (Java, Active X) scripting languages (php, Perl, Java scripting) and AJAX a browser has to interpret and display in our computer a browser interpret . The most commonly used web browsers are Internet Explorer (70%, Firefox (20%), Chrome (5%), Opera(5%), Safari (5%), Konqueror (1%). So the theory is, more popular a web browser is, more successful it got attacked in the past.  I am planning to write about Microsoft IE browser security as a separate column as it got lots to talk about. So you may not find IE browser content in this page.
Web browser security became one the hot topic in information security industry not choosing the right browser and not updating it may lead you to variety of problems like spy-ware being installed, intruder taking control of your computer and many. The software attacks that take control of browser vulnerabilities are increasing much and hence it is significant for users to choose browsers that well address our needs.   Unauthorized disclosure of content stored in the computer running the web browser is a major threat needed to be addressed. For example, Apple fixed a flaw on their 2009-001 security updates which allowed access to files on local hard drive due to execution of arbitrary javascript in the local computer. Trend micro 2008 threat information indicates that more than half of thee most common infections were due to direct downloading from  the internet. Attackers can do this in low-cost way with focus will be to take control of your computer, steal your information, destroy your files and also can be used to attack other computer by using yours as a proxy. Some of the common factors that leads to browser exploit are as follows
  • User tend to click on links without thinking about the risk and consequences it could bring
  • Not running the updates.
  • Web browsers are configured for increased functionality without worrying about security
  • clicking the links that takes you to malicious site
  • Configuring computer systems with additional softwares without knowing its functionality and that increases the number of vulnerability that may be attacked.
  • Third party software that has no mechanism to receive software updates
  • Some websites requires additional features or install more software putting our computer at risk.
And as a result exploiting vulnerabilities in web browser has become a famous way to attackers to compromise security.  I thought of putting together an article to emphasize the balance between usability and security of web browser.
Some software features that provide functionality to a web browser, such as ActiveX, Java, Scripting (JavaScript, VBScript, etc), may also introduce vulnerabilities to the computer system. These may stem from poor implementation, poor design, or an insecure configuration. For these reasons, you should understand which browsers support which features and the risks they could introduce. Some web browsers permit you to fully disable the use of these technologies, while others may permit you to enable features on a per-site basis. You may have multiple web browsers installed in your system. software applications on your computer, such as email clients or document viewers, may use a different browser than the one you normally use to access the web. Also, certain file types may be configured to open with a different web browser. Using one web browser for manually interacting with web sites does not mean other applications will automatically use the same browser. For this reason, it is important to securely configure each web browser that may be installed on your computer. One advantage to having multiple web browsers is that one browser can be used for only sensitive activities such as online banking, and the other can be used for general purpose web browsing.  This can minimize the chances that a vulnerability in a web browser, web site, or related software can be used to compromise sensitive information
[ad#Google Adsense Horizondal banner 468-60]

Google Chrome:

  • Chrome Mailer: Chrome Mailer is an add-on for Google Chrome which automatically opens and composes a Gmail message whenever you click on a mailto: link. Windows' default mail client is bypassed in favor of Google's Web-based offering, making this a very useful addition for those who favor Gmail when working within their Chrome browser. Toggling this behavior on and off is as simple as clicking a button within Chrome Mailer's interface. Support for Google Apps users with domains other than gmail.com" is also included."
  • Incognito Surfing: Lets you surf the web with relative anonymity, means details of your web surfing are not retained. This can be useful when browsing on public systems like library and school PC's. With Incognito the sites you open and files you download are not logged in the browser history and all new cookies are removed when the session closes.
  • Sand Box type: While other browsers run one instance of the browser engine with multiple associated processes google chrome run in a sandbox like functionality. Which means even if one  or more browser windows or tab crashes, it will not crash the web browser engine and will not take down other tab/process running. Malware or issues in one tab can not affect other open browser instances, and the browser is unable to write to or change the operating system in any way- protecting your PC from attack.
  • Safe Browsing: This feature mainly relies on certificates to verify the authenticity of the server that connected to. Google Chrome compares the information provided in the certificate with the real server being connected to and alerts you if the information doesn't jive. If Chrome detects that the address specified in the certificate and the actual server you connect to are not the same, it issues this warning "'This is probably not the site you are looking for!" .
While there have been a couple security flaws and vulnerabilities identified, no web browser is perfect and in Google's defense Chrome is still in Beta testing.Chrome does have a variety of innovative features and a unique interface that many users have quickly come to prefer over Internet Explorer and Firefox. Many users also report that it is faster at loading pages than other web browsers. The more security controls should prove valuable in helping you surf the Web safely. Google Chrome is definitely worth taking a look at.
Overall : Google Chrome is best suited for ever day causal browsing where usability comes first. If you want a browser to open fast, look simple and help you browse fast i guess Google chrome can be your best option. In Chrome, Google utilises tabbed browsing and in its version the tabs have individual processes with sandbox capabilities which restrict privileges for third-party apps,Additionally, Chrome uses a blacklist that alerts users of ‘bad’ sites and has an ‘incognito’ mode for private browsing. Fully customizable and supports huge amount of languages .  It has more than 70 language including Tamil to choose from. More over i love it because it can be translate into Tamil!!

Mozilla Firefox:


Mozilla Firefox supports many features of the same features as Internet Explorer, with the exception of ActiveX and the Security Zone model. Mozilla Firefox does have the underlying support for configurable security policies (CAPS), which is similar to Internet Explorer's Security Zone model, however there is no graphical user interface for setting these options.
  • Firefox protection: Firefox protects your computer by not loading Active X controls. It also has huge variety of features specially designed for security to protect your privacy and personal information. Firefox are configured to cut pop-up ads from web browsing which is a major inconvenience with windows. Firefox seems to be more secure by default and, being open source, any issues that might arise should be addressed and patched more quickly.
  • Anti-Virus Software: Firefox integrates elegantly with your anti-virus software. When you download a file, your computer's anti-virus program automatically checks it to protect you against viruses and other malware, which could otherwise attack your computer.
  • Anti-Malware: Firefox protects you from viruses, worms, Trojan horses and spy ware. If you accidentally access an attack site, it will warn you away from the site and tell you why it isn't safe to use. Firefox checks every part of a Web page before loading it to make sure nothing harmful is sneaking in the back door.
  • Anti-Phishing: Shop and do business safely on the Internet. Firefox gets a fresh update of web forgery sites 48 times in a day, so if you try to visit a fraudulent site thats pretending to be a site you trust (like your bank), a browser message—big as life—will stop you.
  • Down-loadable Fonts: View a wider variety of fonts on Web sites while you surf. Site designers and developers can create custom fonts that will be displayed and rendered properly even if you don't have the font installed on your computer
  • Developer Tools: If you're a Web developer, Firefox's developer tools will make your life easier. The Mozilla Add-ons site offers many tools to streamline the development process, including Firebug to edit, debug, and watch CSS, HTML, and JavaScript live in any Web page, Tamper Data to view and change HTTP/HTTPS headers and POST parameters, and the DOM Inspector to check any HTML or CSS element with a simple right-click.
  • Organic software:  Firefox, is created by an international movement of thousands, only a small percentage of whom are real employees. They are motivated by promoting openness, innovation and opportunity on the web and not business concerns like profits or the price of our stock .
  • Outdated Plugin Detection: Some web pages needed to install small applications called plugins to watch videos, play games or view documents. These plug-ins are written by other companies, and it can be hard to make sure they're always up to date. Since outdated plugins are a security risk, Firefox will let you know when you have a plug-in that's vulnerable to attack and direct you to the right site to get the updated version.
  • Private browsing: As Google chrome, Firefox supports under hood browsing , with this feature enabled you won't leave a single browsing fingerprint behind for others to discover. 
Overall: I would say Firefox is best suited for heavy users and users who carry on sensitive tasks very often and who gives security top priority than usability. Fully customizable and supports huge amount languages .  It has more than 70 language including tamil to choose from.

Opera Browser:

pera is my third favorite browser with faster and safe web browsing experience. Opera takes less space to install and makes our browsing experience more efficient. It has many unique features like Opera unite (share content in quick and easy way), Opera Turbo (speed booster), Visual tabs, customizable speed dials, mouse gestures, Trash can (reopening closed tabs ). Many of these features can be seen in Firefox or chrome but opera has these features with unique identity.  As far as security is concern opera provides features like

  • Content blocking: Block images, pop-ups, and plug-ins you do not want to see. Right-click and choose “Block content” to disable annoying elements selectively. To make Web pages load more quickly, or to avoid offensive content, temporarily turn off images by pressing the image button. In Opera, smart pop-up blocking is turned on by default.
  • Auto Update: Opera makes it easier than ever to stay up-to-date with the latest version. With auto-update you can choose to have completely automatic updates or to be notified when an update is ready for you install. As always with Opera, it is your choice
  • Delete private data: Opera can be configured to clear the history and cache when exiting, to protect your privacy. Any kind of private data can easily be erased
  • Security Bar: Opera displays security information inside the address bar. By clicking on the yellow security bar, you get access to more information about the validity of the certificate.
  • Encryption: Opera supports Secure Socket Layer (SSL) version 3, and TLS. Opera offers automatic 256-bit encryption, the highest available security of any Web browser.
  • Fraud protection: Fraud Protection is enabled by default, automatically detecting and warning you about fraudulent Web sites. Fraud Protection is powered with phishing information from Netcraft and PhishTank and malware protection from TRUSTe. In addition, Opera supports Extended Validation certificates (EV). This provides added assurance and trust for secure Web sites. Read more about Opera Security.

Apple Safari:

Safari is another content rich web browser from apple.  After iphone release safari gained its popularity more than ever before due to the fact it comes inbuilt with iphone . iphone sales were 245% by 2009 and think about the number of users who uses safari.  It is designed to emphasize browsing more than the browser. Its browser frame is a single pixel wise and scroll bar are noted only when needed. IT comes with many features like , you can hide almost the entire interface, removing almost every distraction from the browser window. Safari gives an enjoyable browsing experience regardless of platform.  The first browser to deliver the “real” Internet to a mobile device, Safari renders pages on iPhone and iPod touch just as you see them on your computer. But this is more than just a scaled down mobile-version of the original. It takes advantage of the technologies built into these multi-touch devices. The page shifts and reformats to fill the window when you turn it on its side. You zoom in just by pinching and extending your fingers. Of course, no matter how you access it, Safari is always blazing fast and easy-to-use.
  • ARIA: Safari supports Accessible Rich Internet Applications (ARIA). The ARIA standard helps web developers make dynamic web content more accessible for people with disabilities. With ARIA, sites taking advantage of advanced technologies like AJAX and JavaScript can now easily interoperate with assistive technologies.
  • Next gen standards support: Safari continues to lead the way, implementing the latest innovative web standards and enabling next-generation Internet experiences. With support for HTML 5 media tags, CSS animation, and CSS effects, web designers can create rich, interactive web applications using natively supported web standards. A standards-compliant browser, Safari renders current and future web applications as they were meant to be seen.
  • Acid 3 compliance: Apple claims that safari is the only browser to be acid 3 compliant Acid 3 tests a browser’s ability to fully make pages using the web standards used to build dynamic, next-generation websites, including CSS, JavaScript, XML, and SVG.
  • Database: Safari is the only browser that includes tools for managing the offline databases that will be part of the next generation of websites. The Databases pane in Safari 4 allows you to view tables and databases and even execute SQL queries.
  • powerful mac like tools for windows: Apple has brought its ability in Mac OS X and iPhone development tools to the web. Safari 4 includes a powerful set of tools that make it easy to debug, tweak, and optimize a website for peak performance and compatibility. To access them, turn on the Develop menu in Safari preferences

Internet Explorer:

Internet explorer 8 has got some security mechanisms that update it for the current threat environment. They have Smart-Screen Filter to help you avoid socially engineered malware phishing Web Sites and online fraud  when you browse.
  • Smart Screen Filter:  Checks Web sites against a dynamically updated list of reported phishing and sites, Checks software downloads against a dynamically updated list of reported malicious software sites, Helps prevent you from visiting phishing Web sites and other Web sites that contain malware that can lead to identity theft.
  • XSS Filter: Helps to prevent inclusion of target ed site by a frame. The Cross-Site Scripting Filter event is logged when Internet Explorer 8 detects and mitigates a cross-site scripting (XSS) attack. Cross-site scripting attacks occur when one Web site, generally malicious, injects (adds) JavaScript to otherwise legitimate requests to another Web site. The original request is generally innocent, such as a link to another page or a Common Gateway Interface (CGI) script providing a common service (such as a guestbook). The injected script generally attempts to access privileged information or services that the second Web site does not intend to allow. The response or the request generally reflects results back to the malicious Web site. The XSS Filter, a feature new to Internet Explorer 8, detects JavaScript in URL and HTTP POST requests. If JavaScript is detected, the XSS Filter searches evidence of reflection, information that would be returned to the attacking Web site if the attacking request were submitted unchanged. If reflection is detected, the XSS Filter sanitizes the original request so that the additional JavaScript cannot be executed. The XSS Filter then logs that action as a Cross-Site Script Filter event.
  • Data Execution protection: Data Execution Prevention/No Execute (DEP/NX) option in Internet Explorer 8 prevents code from running in non-executable memory. When a violation occurs, the browser stops responding instead of running malicious code. When Internet Explorer 8 has recovered from a crash caused by DEP/NX, this event is logged. Typically, DEP/NX failures occur due to attempts to exploit the browser or its add-ons. But it is possible that a browser add-on is not compatible with DEP/NX, and failures occur even without malicious content.
  • In-private browsing: As like Firefox, IE also comes with in-private browsing enabling reduced storage of browsing history information.

Conclusion:

Currently the threat to web browsers is severe. Flaws in the browsers and plugin's are numerous and high impacting. In my opinion IE 8 got some security mechanism to face vulnerability but all these features make the a heavy weight browser and hence it impacts the browsing experience.  For mac and iPhone apple's safari is a competent browser. Other than its frequent crash Opera is well customizable browser with rich content experience. Mozilla has some enterprise level lock-down capability and its security posture is substantially enhanced by the No-script add on. In my view light weight browser Google Chrome inches ahead with tabbed browsing and in its version the tabs have individual processes with sandbox capabilities which restrict privileges for third-party apps,Additionally, Chrome uses a blacklist that alerts users of ‘bad’ sites and has an ‘incognito’ mode for private browsing. smooth, fast and crash free browsing experience.

Friday, December 11, 2009

Fake Antivirus Software list nov 2009


Now a days it has become more common for a computer users to receive  pop up from a legitimate website alerting them of a virus or trojans and offering anti-virus software to remove the virus, even though it is not. These pop us are actually created by skilled programmers turned hackers and cyber criminals for personal gain or just few extra bugs.These programs neither scan nor clean computers, and they are actually designed to persuade users that their computers are at risk and scare them into buying the "antivirus" product. They will insist us to install the solution they offer either for free or fewer bugs.
These type of fake antivirus program are widespread and are mostly used by internet criminals. According to Kaspersky labs they have identified more than 20,000 samples in the first half of 2009.  Anti-virus company "Symantec" have claimed to found 250 varieties of scam security software with legitimate sounding names like Anti virus 2010 and SpywareGuard 2008, and about 43 million attempted downloads in one year but did not know how many of the attempted downloads succeeded"  [Source: Symantec]
If we think how do these rouge programs end up on victim machines. Tailored Trojan horse can be used to download such rouge programs, or when a user visit a exploited website can perform a drive by download.  More often either by mistake or by enticement from cyber criminals this programs get into users computer. Criminals raising this software manages to hide the IP address of the page from which malware downloads and installs.
Kaspersky Lab has recently identified a technique used for the dynamic download of rogue antivirus programs. Here's an example: a script on ********.net/online-j49/yornt.html generated a redirect address, http://******.mainsfile.com.com/index.html?Ref='+encodeURIComponent (document.referrer). The address generated depended on how the user arrived at the page containing the script (done with the help of document.referrer), or, in other words, which site the user had previously viewed. In this case the redirect led to http://easyincomeprotection.cn/installer_90001.exe, a page hosting a new rogue antivirus program, FraudTool.Win32.AntivirusPlus.kv.
Once after downloading the program below are some symptoms and actions made to threaten the users
  • IF your computer is infected you will probably receive high number of fake warning alerts with increased pop-ups and hijack of your homepage. You can see your computer being usually slow compensating the performance.
  • Sometimes, to make it more convincing, a fake infected file will be installed on the computer together with the rouge antivirus and later the same fake infected file will be detected during the scanning.
  • Then the software will provide us with a recommendation to clean the virus (though you may not have one) in your computer for some money in return to their solution.
  • If user by any chance click the "remove virus" button then a new window will open asking them to purchase their fake product. If you made a choice to buy that software, different payment method like paypal, Amex, Visa  and bank accounts will be shown as if they were legitimate.
Some basic steps that users can take to prevent from more problem are
  • Rouge antivirus infection will not damage users machine, they are used by cyber criminals to make money from inexperienced users.
  • To not to get trapped, Google the antivirus name that comes up and check whether the name has an official site, technical support or phone support.
  • Beware that legitimate anti-virus companies (both commercial and open source) will not scan your computer for money. Never click the button "install"if you don't know what the pop up says.
If you choose to get rid of the problem by yourself here are some basic steps  to identify the anti-virus and delete them. Uninstall the suspected anti-virus program using Add/Remove utility in the control panel. After removing the utility, restart your computer in safer mode. Then launch Microsoft security essential or firewall vendor of your choice to run a scan against system files and folders to remove the suspected applications. At situations you may need to remove it manually. Make sure to back up your important files. Press Ctrl + Alt + Del to bring up the task manager. Click on the fake anti-virus image name and choose to stop it from running. Go to Start, Run. Type regedit to start the Registry Editor, where you will drop the entries for WinAntiVirus. Browse to the Hkey_Local_Machine\Software folder from the My Computer folder and delete the series of Registry entries that are described under the fake anti-virus thread. Google and try to get as many as information about that virus and try to manually delete it from your windows folder, but make sure to stop the file processes in the task manager before you actually delete them.

PC Manufactures solution:

To protect your computer, try installing and running an up-to-date anti-virus product such as Microsoft Security Essentials, from microsoft ( look at my earlier article on Microsoft free Anti virus software), MSE provides real time protection against virus, trojan, spyware and adwares. Another option is to run a virus scan with the WindowsLive OneCare safety scanner.  Microsoft's Windows  defender can also be used to remove spyware and other potentially unwanted software from your computer.

Latest list of Rouge Antivirus softwares from Microsoft

Microsoft have released a list of significant threat that AV rogues had posed for our users this year.  Besides the prevalent rogues covered by the MSRT, the following is a longer list of AV rogues detected by Microsoft AV products such as Microsoft Security Essentials, Forefront Client Security, etc.

FakeXPAWinfixerFakeSmokeSpywareSecure
FakePowavFakeScantiSpyguarderIEDefender
MalwareBurnCleanatorAntivirusGoldMalWarrior
UnSpyPcMalwareCrushSystemGuard2009Malwareprotector
DriveCleanerPrivacyChampionWorldAntiSpySpywareSoftStop
DocrorTrojanSystemLiveProtectYektelAntiSpyZone




Antivirus2008WinwebsecFakeSecSenFakeRean
PrivacyCenterFakeRemocVirusRemoverAntivirus2009
SpyLockedSpywareStormerPrivacywarriorAntiSpywareDeluxe
TrojanguarderSecurityiGuardPrivacyProtectorSearchanddestroy
MyBetterPCDoctorCleanerSpyBlastAlfaCleaner
NeoSpaceUniGrayFakeFreeAVWebSpyShield




InternetAntivirusWinSpywareProtectFakeSpyproAntiSpywareExpert
AntivirusxpFakerednefedFakeCogVirusRanger
ErrorGuardAntispyware2008AntiVirGearSpyDawn
SpyCrushEZCatchVaccineProgramUltimateFixer
FakeavEvidenceEraserTrustCleanerWinHound
SpyawayVaccine2008SearchSpySpyshield




SpySheriffFakeVimesFakeIAAdvancedCleaner
AntispycheckPCSaveAntispyStormFakePccleaner
SpywareIsolatorPSGuardAntivirustrojanSpywareQuake
SpyFalconSpywareStrikeXDefWareOut
PrivacyRedeemerNothingvirusAntiSpywareSoldierKazaap
VirusConstAVCleanAdsAlertSystemDefender




FakeSpyguardFakeinitSpyAxe
SpyHealAntiVirusProAwola
VirusBurstCodeCleanMyNetProtector
VirusRescueSpybouncerFakeWSC
TitanShieldMalwareWarDoctorAntivirus
EasyspywarecleanerVirusHeatUltimateDefender
Source: Microsoft fake security Anti virus run up

This list from Microsoft has  new and recent rogues such as FakeXPA, FakeSecSen and FakeRean. It also contains some older rouges that are dated since 4 years such as Winfixer and SpySheriff.

Conclusion:

Unfortunately this programs are getting more common. Microsoft encourages PC users run a complete up to date Antivirus products such as Microsoft Security Essentials to protect their computers from these rogues.  Don't believe any pop-ups other than Google search on your own. Awareness of the threat is very important. Have a look at some of these threats, get familiar with some of the names, screen shots and pass on the word to your friends and families.