Yahoo! has partnered with McAfee to integrated the security firm's SiteAdvisor technology in Yahoo! search results. That means Yahoo! will remove some of the most dangerous sites from search results altogether, and will include highly visible warning messages on search listings that force downloads, include browser exploits, or sites that send unsolicited emails.
Google offers a similar service, through a partnership with Stop Badware. But Google doesn't check for web sites that initiated automatic downloads when you load them, or sites that include links to harmful web pages. Yahoo!'s new SearchScan feature does.
SearchScan will be turned on by default for Yahoo! users in the US, Canada, the UK, Australia, France, Germany, Italy, New Zealand, and Spain. You can turn it off by visiting the SearchScan settings page.
Nothing really beats a good firewall or anti-malware program that offers real-time protection. But if something was going to come close, we'd say a tool that lets you check files against 20 different antivirus might come close. Jotti's Malware Scan is an online tool that lets you upload a file and scan it with 20 different antivirus tools including Avast, ClamAV, and Kaspersky.
Note that there's a big ole warning on the site letting users know that just because Jotti's Malware Scan says a file is clean doesn't mean it's safe to run that executable file you found on BitTorrent that promises to show nude pictures of Billy Ray Cyrus -- wait, no, that's not the person people are looking for naked photos of, is it? Anyway, this warning message was probably placed on the site to point out that the developers take no responsibility for any problems you may have with files scanned. But in general, we'd say that if you feel the need to scan a file with 20 different antivirus applications, you probably already know that you shouldn't be opening it.
We know what you want to ask, so here's the answer right away: Runscanner is not a sequel to (or, heaven help us, a prequel to) the movie Blade Runner. So what is it?
Runscanner is a free windows system utility which scans your system for all configured running programs. Runscanner will detect all programs that start automatically, including spyware, adware, and homepage hijackers. In other words, if opening your web browser makes your screen blow up like the fourth of July fireworks show, you'll probably want to download and run Runscanner.
Runscanner offers a lot in its small package: Google search integration, Authenticode signature analysis, VirusTotal integration, and FileAdvisor and CastleCops integration, which allow you to compare the MD5 hash of your files with their respective online databases.
With three modes: beginner, classic, and expert, you can wade in slowly or jump right into the deep end. The Beginner mode is particularly unique: you can't make any changes to your system when in beginner mode. However, you can save the Runscanner log files and upload them to a Forum Expert. They in turn can mark the items that need fixing, send the file back to the beginner, and have them run only the fixes the expert has designated as necessary. Creepy, but with good execution; kind of like Michael Jackson's "Thriller."
Classic mode's primary use is to eliminate malware, and offers easy one-click fixes. Expert mode includes startup tweaks, with more scanning, reporting, and filtering options.
Think you're safe online? Think again. We had no idea how vulnerable the average PC really is. Ben Feinstein of SecureWorks breaks it down for us and gives some practical tips for keeping your PC safe from the bad guys.
When Christina and I taped episode 5, Ben had way too much good stuff to talk about. Way more than would fit in a single episode. So, we decided to tape a longer interview and release it separately. Ben will scare you to death with all the nasties that are waiting on the intarwebs to hijack your beloved PC. He also offers some good tips for keeping clear of the evil side of the web.
Hiding under your bed in fear of the latest Internet threats? Fear not young digital warrior, we've got you covered. On this week's episode of The Squadcast we talk to SecureWorks security researcher Ben Feinstein about staying safe online, keeping the hackers out, and more. Plus, Grant and Christina count down our five favorite free security downloads.
Google has removed more than 40,000 sites from its index. This is a good thing, because many of those sites were pretending to offer useful information and instead viciously attacking your computer. Keep in mind, those sites are still out there, it's just that Google has removed them from its index, which hopefully means you're less likely to find them accidentally. But make sure you always download the latest security updates for your computer and web browser. What's your favorite program launcher? - Ask DLS
Launcy, Rocket Dock, Object Dock, FARR, Quicksilver, and SlickRun are just a few of the excellent program launchers Download Squad readers use. If you're looking for the fastest way to launch applications on your Windows, Mac, or Linux computer, make sure to check out the recommendations in the comment section of this post. We're always amazed at the wealth of knowledge our readers possess.
Everything you ever wanted to know about social networking and more. This week Grant and Christina teach you how to make friends and influence people with help from Facebook and Insomnia Radio's Jason Evangelho.
On Monday, Sunbelt Software's security blog revealed that thousands of malware redirects were showing up in search engine results. Network bots designed to post relevant keywords and spam links in various online forms (think forum posts or blog comments) helped attackers claim high-ranking search engine positions for various obscure and seemingly innocuous search terms. According to Sunbelt, two of the thousands of terms were "infinity" and "hospice." Yeah, that's cool. Search for hospice information for a sick friend or family member, potentially get your system infected with nasty malware.
On Tuesday, Sunbelt revealed more information about the ill-effects clicking on these fake links could have on a vulnerable system (as a reminder - ALWAYS keep your browser and Internet security tools up to date). Best case scenario - you might end up with one of those annoying toolbars and pop-up ads for fake security software. Worst case? Your computer could be used to generate false-clicks for the attacker's pay-per click programs (so they infect your system so that you can make them money), or worse still, that bot could load other malware/worms/trojans onto the unprotected system. Further investigation also revealed that these SEO-poisoning attacks were targeted at Google, although other search engines may have also been victim to the attacks.
Google has cleansed more than 40,000 of these hosting sites from their index, so for now - it looks like the biggest source of this sort of attack has been taken offline.
Fishermen may love worms, but Email readers sure dread them. Could 2007 be the year that all email viruses just stop? Highly unlikely, but they have dropped off quite a bit this year.
A study just released by a security vendor found that mass emailing worms have been declining by 5% each month since the start of this year. Users have been educated and are more aware of the way to treat un- trusted email attachments which could explain for the steady rate of decline. Companies and customers also have better security implementations that fend off any potential attackers before it even hits the inbox.
Even though there has been such a steady decline in these worms, the infection still has the ability to spike from time to time as malware designers beef up their corruption plans, and security companies scurry to fight off aggressive tactics.
What tactics do you use to fight off malware and Email worm infection?
Google is on the frontlines of fighting bad content and malicious behavior, and they are moving towards doing something about cleaning up the Web.
Google has released an API that is used both internally, and in Mozilla's Firefox for warding off phishing and malware web sites. This Safe Browsing API is a way for third party developers to integrate the abilities to check malicious sites through their own applications. Paired together with blacklists that Google maintains, developers can now have access to a powerful set of tools that could have possibly harmed their websites, blogs, or internet applications.
The Safe Browsing API is still in experimental form, but it has been assured by Google that it will still be useful to ISP's, web hosting companies and any developer that builds applications that can publish or transmit user generated links.
Looking for a better anti-virus program, but don't feel like shelling out any money? You might want to take a look at Active Virus Shield. Although this freeware bears the AOL moniker, it's basically a rebranded Kapersky Labs product.
Active Virus Shield doesn't take up much memory, runs a series of different scans, and can detect spyware as well as viruses. The downside is that up until now it was Windows XP only. Install it on a computer running Windows Vista and you'll be greeted with a BSOD, which could cause you to waste about two hours of your day using system restore and trying to uninstall/reinstall your previous anti-virus software. Not that we speak from experience.
And that's why we're not linking to the official download site right now. Because while AOL has released a new version that runs like a dream. But it's not available on the official download site. But Neowin and Softpedia seem to have the updated version. You'll also need to sign up for a free activation code. But we recommend doing that after you download the file (which should be AVS_v25.exe, not AVS.exe), just to make sure you don't accidentally download the wrong file from AOL. Of course, if you're running Windows XP, download any version you like.
You know how most anti-virus/anti-spyware software can take up to an hour to run, bogging down your computer in the process? Turns out there's a faster (if slightly less thorough) way to give your computer a quick checkup.
Panda NanoScan is a browser-based program that scans for viruses, trojans and spyware. Since the database sits on Panda's servers, there are definitions for you to download. You just need to install a 400kb plugin the first time you run NanoScan with Internet Explorer or Firefox.
NanoScan doesn't search every single file on your computer for malware. Instead it takes a look at all your active processes and a set of crucial files and folders. The result is a blazing fast inspection, which takes just about a minute to run. If you want a more complete scan, you can run Panda TotalScan, which is larger, takes longer, but performs a more thorough search.
Now the downsides. There's no support for Vista yet, although it's in the works. Also, NanoScan and TotalScan find problems, they doesn't fix them. Obviously these browser-based solutions also don't offer real time protection if you download an infected file. So they're not replacements for a PC-based anti-malware program like AVG Free.
Edit: TotalScan does have a disinfect feature. You have to register (free) in order to activate it.
Google has another aquisition under its belt and this one is a little green. Not in the environment sense, but in a secure sense.
GreenBorder, based in Mountain View, California, has developed a way to isolate each internet session from the rest of a users PC. This way threats like viruses, spyware, trojans and malware can be secluded and tossed when users close down their browser window instead of potentially infecting machines. A green border displays around safe pages, and files that are downloaded from the internet can be opened in a virtual environment so as not to infect the rest of the user's machine.
The application is available for use in both Internet Explorer and Firefox. With over 100,000 downloads since October 31st 2006, the Windows version of the software is currently available on Download.com for $29.95, but knowing Google, this will be down to free in no time at all.
There is no word yet on the final purchase price of GreenBorder.
Google released a study last week (pdf alert) suggesting that 1 in 10 web pages could contain viruses that can be forcefully downloaded to your computer. The report says that an average of 8,000 new web sites with malware were developed each week during the month of April.
The take home point here is that we're not just talking about shady websites that you wouldn't trust with your credit card information. More and more often, legitimate websites are being infected with malicious code by hackers. Simply visiting these sites could be enough to allow an attacker to find and exploit vulnerabilities in your system.
Interestingly, the report serves to scare the pants off of its readers by saying "average gumputer users have no means to protect themselves from this threat. Their browser can be compromised just by visiting a web page and become the vehicle for installing multitudes of malware" while they are unaware.
Of course, the simplest thing you can do to protect yourself is turn off JavaScript in your browser, but that could also mean missing out on many rich media features on the web. So the next best thing is to get yourself some good anti-virus/anti-spyware software and run a complete scan every day. You might want to check out AVG Anti-Virus Free and Windows Defender for starters.
Five days until Windows Vista is unleashed on the general populace. Back when we did our Vista upgrade poll, about 15% of you said you wouldn't be upgrading to Vista until after they release the first service pack. Well, good news for you: Microsoft is already laying the groundwork for Vista SP1's release. CNet says Microsoft has outlined an update with minor enhancements along the same lines as Windows XP's SP1, rather than a large overhaul like XP's SP2. "We expect Windows Vista SP1 to be a standard service pack that will include security updates and hot fixes, as well as limited other changes focused on improving overall quality," a Microsoft rep told them. Sorry, folks, that means no WinFS for you. Again. Redmond says expects Vista SP2 to be ready "in a timeframe similar to that of service packs for previous versions of Windows." Windows XP's first service pack came out 11 months after the OS' initial release.
Vista's release is no cake walk for Microsoft, owing in part to the fact that the internet is a very different animal than it was the last time Microsoft released a new OS. We now have the marvel that is BitTorrent, and as you might imagine it's as much a thorn in Microsoft's side as it is the movie industry's. Computerworld has an interesting article on the piracy challenges Microsoft is facing even before Microsoft hits retail shelves. "The pirates that cracked early copies of Vista all sidestepped Microsoft's latest antipiracy technology, the Software Protection Platform," the article goes. "SPP is supposed to shut down any copy of Vista not registered to Microsoft over the Internet with a legitimate, paid-up license key within the first 30 days." Microsoft is trying to scare consumers off pirated copies of Vista with boogey-man stories of viruses and malware, which I'd say probably isn't too effective on the sorts of people who are in the habbit of trolling BitTorrent for pirated operating systems.
And speaking of malware, Webroot Software, makers of Spy Sweeper, have issued a press release warning of "potentially ineffective blocking capabilities in Windows Defender, slow definition updates, and weak anti-virus capabilities in the default anti-spyware and anti-virus components of Microsoft's Windows Vista operating system and Live OneCare suite." Are there really scary vulnerabilities in Vista and gaping holes in its anti-malware software? Well, probably, but what Webroot is doing here ain't public service. Webroot's CTO Gerhard Eschelbeck says the company wants to help cunsumers "make informed decisions about their computing security needs," which, if he has his way, means loads of them buying Spy Sweeper for their new Vista setups.
Anti-virus maker Sophos recently released its 2007 Security Threat Report, a State of The Union for desktop security issues which, given a full read-through makes you shudder to think of the malware and nasties your PC could run afoul of any given time.
According to the report, Windows Trojans, which sometimes go undetected for long periods of time, outnumber viruses and worms by a factor of 4 to 1. Making matters worse, some malware purveyors are becoming ever-more sneaky with the ways in which they trick users. The report explains, "[Trojan writers] continue to place traditional spyware code on individual computers. However, they are also moving strongly towards a new method in which they spam out emails offering, for example, a plug-in to view videos or pornography or even offering free bogus security applications. "
I've received several trojan emails recently posing as bogus greeting cards from unnamed acquaintances but, being a jaded computer user, I'm not easily misled. With little imagination however, It's pretty easy to see how a less savvy user could be duped into inadvertently installing a trojan of doom. Like a bad one night stand, it only takes a single mistake to find yourself in the throes with some nasty creatures. It's a chilling reminder to stay vigilant and frequently run your anti-virus software of choice.
If you've spent the last week looking up good recipes for leftover turkey, here are a few of the yummy stories you may have missed on Download Squad.
On Monday, 
Five days until Windows Vista is unleashed on the general populace. Back when we did our 
Anti-virus maker 
