Paid vs Free: Anti-Virus Software

Recently I have encountered a few viruses on my PC in the form of constant pop ups to malicious websites every time I try to access any web page. This lead to to me running a number of deep Scans using my Paid and trusted Bitdefender. And I thought after ruining a couple of scans everything would be grand. But as it turns out the scans found no issues with my PC.

But it was apparent there was an infection, and with the recent WannaCry attack being so prominent I felt further action had to be taken to avoid any more issues causing further harm to my Computer and potentially my personal file. So the next step was to turn Bitdefender on to Paranoia mode, this essentially locks down your PC requesting permission before websites and application can connect to the web. But again the pop ups to malicious websites continued. This was rather annoying as in my opinion Bitdefender was on of the better paid Anti-Virus software on the market with a nice UI (User Interface). But it just was not finding these malicious files causing trouble on my computer.

Bitdefender UI

So after a while I decided it would be a good idea to have a second set of eyes look over it so to speak and that’s when I decide to download Malwarebytes because I had used it in the past, in its free and portable form. The download is simple and it installed right along side Bitdefender, so I decided to do my first scan, and it turned out there were a whole lot of potentially unwanted files that Bitdefender had seemingly ignored.

Now if Bitdefender was only a free package I could have understood somewhat that it was not finding everything but after 3 full system scans (bearing in mind i have about 6TB for it to scan so it took a while) But considering this application cost per year I was bitterly disappointed. And for Bitdefender to scan my system in about 5 minuets and to find a number of unwanted applications and file it was a bit of a blow to moral.

But I was genuinely impress with Malwarebytes, not only is the free application very effective and quick. But it also removed or placed into quarantine the files that where reeking havoc on my PC. It has also  lead me to think about dropping Bitdefender as my Anti-Virus software of choices and pay for the premium Malwarebytes.malwarebytes

One thing that might deter you from taking Malwarebytes as your go to Anti-Virus however could be the cost, for 1 machine for a year it will set you back about £29.99 and for a second machine the cost is £44.99. For me this is a large sum of money when it will only cover 1 machine for £29.99.

In comparison Bitdefender is only £34.99 for 5 machines for a year, it also throws in some other features that I found to be quite a nice little addition. Such as the devices tracking ability, this is accessed by a very sleek and well built web application letting you log in and not only track all of your devices but also add new devices or remove them from the account. It also offers features such as file shredding meaning that once a file is “Shredded” there should be next to no trace of it left on your machine, Bitdefender will also allow you to encrypt parts of your hard drive to securely and easily store files. And the built in password manager is just a bit of a bonus as well.

So all in all I was genuinely impress with how effectively and smoothly Malwarebytes was able to remove the harmful files that Bitdefender was missing. But will I be moving from Bitdefender? There is a strong possibility but money is one of the things keeping me drawn to it, as I currently have my Bitdefender deployed over 3 different devices, this would mean spending £74.98 to protect all of my devices and that not a little bit of money to just throw around. If anything I will get Malwarebytes for my main machine and have it run along side Bitdefender to try and maximize the protection my system has.

 

McAfee 2017 Threat Predictions: Are they right?

At the beginning of the year McAfee release a document laying out there predictions for cyber security. And with it being almost half way through the year I feel it would be appropriate to write a review on how there predictions are coming on and if they are coming true.

The initial part of the document I am going to cover is the prediction that “Ransomware subsides in the second half of 2017” For those that don’t know ransomware is a type of malware essentially take control of the users data until the demands or ransom are met. and it is becoming a much greater issues, there have even been cases of not just PC’s but also mobile devices being effected by ransomware. And although the measures to stop these types of attacks are improving the methods for delivering these attacks is also becoming an issue. This could be in the form of using multiple vulnerability to achieve the final goal.  These current point of Internets to the Ransomware attacks are:

  • Adobe Flash
  • Microsoft Internet Explorer and Edge browser
  • Java, PDS and Microsoft office
  • Windows Kernel
  • Infrastructure software
  • Virtualization software
  • Security Products

But McAfee’s prediction of ransomware reducing by the second half of the year could look to be incorrect, this is because of a recent attack that has effected the NHS (British National Health Services) There where a number of services effected including a number of Hospitals, Pharmacy’s and GP Surgery’s. The attack was encrypting data and then demanding £230 to decrypt the files. This could have had a massive effect on the health and live of real people. Usually when you see a large scale cyber attack it is on large organization and companies that do not literally have peoples lives in there hands. This attack could have lead people dying.

The attack is called WannaCry worm and how was it so effective. Well it is rumored to have used some exploits that where found when a large number of NSA documents where leaked earlier this year. These leaks where called Vault 7 that detailed a number of exploits that the NSA had been finding and collecting .

How the WanaCry worm works, is when it finds a vulnerability machine on a network  it will infect that machine and sit and wait until it can find more vulnerable machines on the network and then it will keep the processes going until as many machines as it can infect are infected. From there there could be a trigger for the attack to start or it could open up the infected machines to more complicated attacks, this could be in the form of allowing malicious files to be download to the machine or it could simply be that the worm will in fact deploy the ransomware attack.

There have been reports all over the world in the past few days about large scale attack of this nature, so is this the end or is it only going to get worse?

CIA Hacking: Apple

There has recently been a lot of ‘Data Dumped’ regarding the CIA having hacking tools that target vulnerability in Apple devices. In an article posted by the BBC it suggest that the CIA have been hacking into devices from some of the biggest manufactures and tech companies such as Apple, Samsung and Microsoft.

This all came to light after Wikileaks release a huge amount of documentation that talks about and explains the CIA’s hacking tools.  Wikileaks states that there is an entire division within the CIA that is targeting mobile devices. This is allegedly the CIA’s Mobile development Branch. This branch has reportedly been developing malware to target Apple iPhone and iPads, it then goes onto state how the CIA has a number of local and remote “zero days” exploits that it has either developed its self or has received from another cyber security agency such as GCHQ. There is also speculation that they have purchased some of these exploits from a private companies and contracts that focus on finding vulnerability or zero day faults and then selling them for a profit.

In my opinion the fact that the CIA has been hording vulnerability on devices such as iPhones and iPads doesn’t come as a surprise, if you look back to the ‘San Bernardino‘ case from last year in which apple refused to give up the password to a phone that was connected to that case. This was huge news at the time because apple told the FBI it would not help them, and a lot of companies jumped on the band wagon and supported apple. But eventually a Israeli company sold the FBI and application that would allow them to gain access to the device. So people shouldn’t be surprised when this sort of things happens, my argument would be if a private company can develop tools to compromise an iPhone then the US Government and all of its many resources will be able to achieve the same thing. Granted the iPhone password cracking is slightly different to potential monitoring and recording on a mass scale, but even if there where to have recorded all of the convocations and retrieved as much data as they possibly could from all of the devices they infected. You have to consider the fact that around 15% of the population use IOS devices that would be an extreme amount of data to processes. I would also speculate that 99% of people would have nothing to worry about because unless you were targeted directly then you would just be a possible compromised device and nothing more to the CIA.

If this all interest you i would suggest you read into it more on the Wikileaks site its self. They are  calling this data dump ‘Vault 7‘ so feel free to browse that at your own leisure but there are thousand of pages and documents in this dump.

Google Cracks SHA-1

A couple of weeks ago a report by Google came out stating they had managed to crack the SHA-1 (Secure Hash Algorithm 1) This Hash function was original developed by the NSA in 1993. And it is still used by a lot of websites today, although there are much newer versions that offers a lot more security as the maths and computing power to crack it is even greater it has not been as widely adopted.

These issue with the Hash Collision is that the idea behind SHA-1 was essentially each file would be given a unique header and in 1993 when this was first developed the for-site that there could potentially be a collision would have seemed impossible due to the amount of computing power required to even entertain this and the fact that PC and computer use was no where near as common as it is today. But although Google has managed to force a collision between 2 items having the same SHA-1 hash it did however take them 2 year with support from the university of Amsterdam. Combine the resources and computing power both a university and Google have and given it took them 2 years to achieve this means as an out-and-out security vulnerability it is not all that feasible that a hacker would be able to force a collision and potentially cause damage.

GoogleCollisionCrackImae
Source: Google Security Blog

Another reason this isn’t to much of a concern to the integrity of cyber security in my option is that SHA-2 is readily available, and already deployed meaning that even if the collision is able to be simulated again in much less time there is a very accessible upgrade path that will offer much greater security and also not lead to a time between SHA-1 is vulnerable and SHA-2 is being developed.

The Creator of both Linux and Git was warned about the possible vulnerability with SHA-1 in 2005 and proceed to continue using it for Git. This is because he felt it would be far to expensive and Git has layered security meaning that one layer might be compromised but that isn’t the end game.

In my opinion although it has been cracked in an experimental setting it would not be as accessable to do for malicious purposes unless it was a state sponsored attack because the resources and time required are not anywhere close to where hackers would feel it a useful tool. And furthermore companies such as Google and Microsoft already use SHA-256 so your average joe who uses YouTube and Gmail will have nothing to worry about in regards to their online privacy and security.

 

If you enjoyed that check out some other posts below

McAfee Cyber Threat Predictions 2017

Paid vs Free Anti-Virus Software