Which program can clean up your PC? The answer is getting complicated.

When it comes to online threats, freshness counts. In mid-December, for example, Microsoft revealed that cybercriminals had found a never-before-detected, unpatched vulnerability in its Internet Explorer browser, allowing tens of thousands of Web sites to install password-stealing software on users' PCs.

That kind of new attack--what cybersecurity researchers call a "zero-day" exploit--tests the limits of antivirus-scanning software's ability to not only filter previously detected infections but also compete with the cutting edge of cyber-fraudster innovation. And for consumers, it makes choosing the right PC protection software harder than ever.

Luckily, someone is scanning the scanners. On Thursday, the Austrian nonprofit firm AV-Comparatives released its annual report based on a year of testing the cybersecurity industry's antivirus offerings, systematically pitting each one against more than 3 million samples of malware pulled from computers around the world.

The best performers in the firm's tests? Two names most Americans have never heard of: the German company Avira and the Slovakian firm ESET. And those rankings, cybersecurity analysts say, may reflect just as much on the industry's growing pains as they do on the two firms' ability to clean up your hard drive.

In the latest AV-Comparatives tests performed last month, for instance, Avira found about two-thirds of the previously undetected malware--collected over a four-week period--installed on the machines it scanned. ESET's NOD32 program found 51%. Symantec and Microsoft, by comparison, found only 44% of those samples, while McAfee's detection rate was below 30%.

Posted by Justin Payton in Adware, Spyware and Trojans at 14:23

Researchers give the company high marks for getting a fix out fast

December 17, 2008 (Computerworld) As it promised yesterday, Microsoft Corp. today issued an emergency patch to plug a critical hole in Internet Explorer (IE) that attackers have been increasingly exploiting from hacked Web sites.

The patch, described in Microsoft's security bulletin MS08-078, fixes a flaw in the data-binding function of all available versions of the popular browser, including IE5.01, IE6, IE7 and IE8 Beta 2.

Microsoft labeled the bug as "critical," the most serious threat ranking in its four-step scoring system. Today's update was the second out-of-cycle patch from Microsoft in the past two months.

Researchers unanimously praised Microsoft for putting out the patch as quickly as it did.

"This was clearly an all-hands-on deck effort," said Eric Schultze, chief technology officer at Shavlik Technologies LLC. "The out-of-band process worked exactly as intended in this case."

Andrew Storms, the director of security operations at nCircle Network Security Inc., seconded Schultze. "This was a classic case of what we would like to happen. Microsoft acknowledged the fault, issued work-arounds, gave us advance notice that it would patch and then released the patch," he said.

Wolfgang Kandek, chief technology officer at Qualys Inc., also applauded Microsoft. "Considering the way that Microsoft is set up, I thought this was pretty quick," he said.

Microsoft first acknowledged the vulnerability a week ago today, one day after it unleashed its biggest set of security updates in more than five years. At the time, it said that only the newest production version of the browser, IE7, was at risk, but the company quickly changed its tune when additional research revealed that all versions contained the bug.

According to both Microsoft and numerous security firms, attacks have been mounting, particularly since last weekend, when hackers began hijacking legitimate Web sites and launching exploits against unwary visitors. In fact, Microsoft said it monitored a "huge increase" in attacks last Saturday.

Reports of the vulnerability and publicly-available exploit code first surfaced Dec. 9, although at least one researcher said he had found evidence of attacks starting three days before.

In any case, Microsoft was quick to respond, said researchers. "They're getting better in terms of their speed and agility to respond," said Storms. "Actually, today was very anticlimactic. Probably the biggest part of this was all the build-up."

The analysts agreed that Microsoft didn't act in a vacuum, but pushed the patch process because of the attack situation. "By late last week, Microsoft was aware that this issue was starting to infect users' systems at a faster rate than they've seen with past zero-day exploits," said Schultze in a follow-up e-mail today.

"They fixed this so quickly because [the exploit] became public," added Storms.

Posted by Justin Payton in Adware, Spyware and Trojans at 11:25