Yahoo! has partnered with McAfee to integrated the security firm's SiteAdvisor technology in Yahoo! search results. That means Yahoo! will remove some of the most dangerous sites from search results altogether, and will include highly visible warning messages on search listings that force downloads, include browser exploits, or sites that send unsolicited emails.
Google offers a similar service, through a partnership with Stop Badware. But Google doesn't check for web sites that initiated automatic downloads when you load them, or sites that include links to harmful web pages. Yahoo!'s new SearchScan feature does.
SearchScan will be turned on by default for Yahoo! users in the US, Canada, the UK, Australia, France, Germany, Italy, New Zealand, and Spain. You can turn it off by visiting the SearchScan settings page.
There's nothing special about Windows Mobile, Palm, or Symbian devices that make them virus-resistant. It's just that for the most part malicious hackers haven't tried to target mobile devices because there hasn't been that much information worth stealing. But as people put more and more valuable data on their cellphones and PDAs, those devices are becoming more attractive targets.
And so we probably shouldn't be surprised that McAfee released an alert this week that a virus targeting the Windows Mobile operating system is making the rounds. The WinCE/InfoJack trojan has been packaged with several Windows Mobile programs, including a version of Google Maps, and a game collection.
McAfee has traced the program back to a single web site, whose maintainer says it was designed to track what type of devices people are using to run applications. But it has a ton of properties of a virus. For example, if it's on a memory card it will automatically install itself on a Windows Mobile device when that memory card is inserted. It backs itself up to protect itself from deletion. It installs itself as an autorun program, and allows unsigned applications to install without asking for permission first.
While there are a handful of anti-virus applications for Windows Mobile out there, something tells us we're about to see a lot more of them soon.
The anti-virus software is still free, although you'll need an AOL screen name in order to download the program. The McAfee suite includes a firewall as well as anti-virus features. But if you're running Windows XP or Vista, you might as well just use your operating system's firewall.
Oh yeah, and don't expect to install McAfee Virus Scan Plus on top of your existing anti-virus software just to take it for a test run. When we tried that, we were told it couldn't run without uninstalling AVG Free.
How good are you at spotting a scammer web site? Sure, it's easy enough to do when you can take a look at the URL or scroll your mouse over links to see where they really lead. But can you tell just by looking at an image of a web site or email message whether it's the real thing?
McAfee has a little 10 question quiz to test your web savvy. Bet you don't get all 10 right. We scored a 9 out of 10, which is pretty good - but it only takes one wrong move to have your identity stolen.
Of course, McAfee's trying to get you to download their SiteAdvisor product, but it's a free download anyway.
Got Vista? Read on. Just released data from Virus Bulletin shows that in a test of 15 anti-virus packages certified for Windows Vista, four packages fail to identify a test suite of common viruses in current circulation. The four packages receiving failing marks were Microsoft's Live OneCare, McAfee VirusScan Enterprise Edition, G DATA AntiVirusKit 2007, and Norman Virus Control.
While Microsoft pledged to improve Live OneCare, McAfee representatives expressed skepticism about the test and its validity, claiming that Virus Bulletin's researchers were not using the most recent McAfee updates.
It seems like the world of search is getting a bit safer after all. SiteAdvisor has reported that search engines linked to 12% fewer sites that showed risky content, as deemed by McAfee. The report also found that search results by Google, AOL and Ask are far less likely to contain risky leads like MSN and Yahoo!. Some surprising results, though, were that paid results in search engines were actually responsible for linking out to 8% of risky content. McAfee SiteAdvisor used numbers and searches from a May 2006 survey, and completed the same search last month and found that AOL took the safest honors, while Ask showed the biggest improvements.
McAfee and Symantec, among others have accused Microsoft of not cooperating with them by giving them access to Windows Vista's core so it can be tested and new products created to help secure it from the third party vendors. Microsoft's stigma is always that they are involved in anti-trust activities, which McAfee and Symantec could be trying to exploit here. Anti-Virus company Kaspersky doesn't think so. McAfee's open letter to Microsoft pretty much accuses them of wanting world domination over both the computing and security markets, but Kaspersky says Microsoft has remained cooperative despite McAfee and Symantec's whining. I don't doubt Microsoft's desire for maniacal dominance of the world, but every other company starts out wanting the same thing, so this is nothing new. Are they cooperating or not?
Former Download Squad co-lead Marc Perton wrote in to tell us about a bit of controversy stirred up by his current employer, Consumer Reports, which recently conducted one of the most comprehensive tests of anti-virus software to date. The controversy is that for the test Consumer Reports hired a firm to create 5,500 new variants of existing viruses to see how antivirus software reacted to new threats. And, not unexpectedly, the antivirus companies threw a fit. Here's what McAfee's Igor Muttik had to say about it: "Creating new viruses for the purpose of testing and education is generally not considered a good idea." Consumer Union's Evan Beckford defended the test, saying, "We need to anticipate how antivirus software will react to future threats. This is the only way we know to do it. We think the benefits far outweigh the risks." SANS Institute's Alan Paller agrees, saying, "extremely valuable because a great weakness of most leading antivirus tools is that they are slow in detecting new viruses," adding that creating viruses in a lab isn't wrong--distributing them is.
Among the antivirus software tested, McAfee's scored in the middle of the pack, which was led by offerings from BitDefender and Zone Laps. McAfee denies that its criticism of Consumer Reports' methods was not motivated by its score. You can read Consumer Reports' report on how the tests were conducted here.
So, what do you think? Is creating thousands of new virus variants playing with fire, and do all of us stand to get burned as a result, or are tests like this essential to staying ahead of new threats before they're created?
What's the best anti-virus solution? Well, I dunno, but CNet does-it's running a review round-up of six major anti-virus apps: AVG Anti-Virus 7.1 Professional, CA eTrust EZ Antivirus 7.1, F-Secure Internet Security 2006, Kapersky Internet Security 6, McAfee VirusScan 2006, and Trend Micro PC-cillin 2006. The results may surprise you (I always wonder if I should put spoiler warnings on these things): PC-cillin comes out on top with a score of 7.8/10, followed by Kapersky and F-Secure in the low sevens. McAfee is surprisingly low, coming in fifth with a 6.0, and AVG brings up the rear with a 5.8. Head over to CNet to see full reviews for each product.
McAfee Anti-Virus
thinks that Excel is a virus. That and hundred of other files that definitely aren't. SANS is reporting that a virus
definition update released by McAfee on Friday mistakenly identifies many, many important files as infected with the
W95/CTX virus. Among them are executables from Microsoft, Adobe, Macromedia, MySQL, and more (PDF). If you're lucky or clever enough to have McAfee set
to quarantine infected files, they've released instructions on
restoring those files, but if you had it set to delete and don't have a recent backup, you're out of luck.
Veteran security and
anti-virus company McAfee has agreed to pay a $50 million fine for inflating its revenues
by $622 million between 1998 and 2000—131% in 1998 alone. According to Red Herring, "McAfee consented to pay
the multimillion-dollar penalty to the SEC without admitting or denying the allegations of the complaint." The SEC
will distribute the fine among investors.
There are a variety of great, free anti-virus programs out there, including 
Got Vista? Read on. Just released data from 
