Virus Bulletin publishes first web filter test report

Virus Bulletin publishes first web filter test report

Posted by   Martijn Grooten on   Feb 19, 2016

[Original Post:]

After a lot of preparation, Virus Bulletin is proud to have published the first “VBWeb” comparative web filter test report, in which products’ ability to block web-based malware and drive-by downloads was tested. Fortinet’s FortiGuard appliance was the first product to achieve a VBWeb certification.

Virus Bulletin publishes first web filter test report

Virus Bulletin has been testing security products for more than 18 years, and in recent years, we have had many requests from product developers asking us to test their web security products. After all, whether malicious software is downloaded directly from websites or through sneaky drive-by downloads, the web remains an important infection vector.

In response to those requests we have built a new test suite to add to our existing VB100 and VBSpam tests.

The new test, called VBWeb, measures products’ ability to block malware spreading through HTTP. The test’s current focus is (corporate) gateway solutions that run on the network as an implicit or explicit proxy. We are looking to extend the test in the future to on-desktop and in-browser solutions.


Given how quickly web-based threats change, and given how many of them actively attempt to frustrate researchers (something we have also frequently run into), building a web security product is not a trivial task, and submitting such a product to a public test isn’t something vendors do without serious consideration.

In this test, while there were several participants, the developers of Fortinet‘s FortiGuard appliance were alone in agreeing for their product to be tested publicly. Their confidence in the product proved to be well founded: it blocked all but a few out of hundreds of malicious downloads, as well as a significant number of live exploit-kits.

Indeed, with an 83% catch rate –  well over the 70% threshold required for VBWeb certification – FortiGuard is a clear and deserved winner of the very first VBWeb award.


You can read the full report here in HTML format, or download it here as a PDF. The report describes the testing methodology in full detail.

From now on, VBWeb will be run every second month. Product developers who are interested in submitting a product for the test (publicly or privately) can contact Virus Bulletin‘s Editor Martijn Grooten at

VBSpam report has good news for users of email security solutions

Of course, HTTP isn’t the only infection vector systems administrators have to be worried about. But in the case of email, there is good news: all 16 participating full solutions achieved certification in the latest VBSpam test, which saw record catch rates. Ten products even achieved a VBSpam+ award, after blocking more than 99.5% of spam while also avoiding false positives.

You can read the full report here in HTML format, or download it here as a PDF.


IBM Invents ‘Resistive’ Chip That Can Speed Up AI Training By 30,000x

IBM researchers, Tayfun Gokmen and Yurii Vlasov, unveiled a paper in which they invented the concept for a new chip called a Resistive Processing Unit (RPU) that can accelerate Deep Neural Networks training by up to 30,000x compared to conventional CPUs.

A Deep Neural Network (DNN) is an artificial neural network with multiple hidden layers that can be trained in an unsupervised or supervised way, resulting in machine learning (or artificial intelligence) that can “learn” on its own.

This is similar to what Google’s AlphaGo AI has been using to learn playing Go. AlphaGo used a combination of a search-tree algorithm and two deep neural networks with multiple layers of millions of neuron-like connections. One, called the “policy network,” would calculate which move has the highest chance of helping the AI win the game, and another one, called the “value network,” would estimate how far it needs to predict the outcome of a move before it has a high enough chance to win in a localized battle.

Many machine learning researchers have begun focusing on deep neural networks because of their promising potential. However, even Google’s AlphaGo still needed thousands of chips to achieve its level of intelligence. IBM researchers are now working to power that level of intelligence with a single chip, which means thousands of them put together could lead to even more breakthroughs in AI capabilities in the future.

“A system consisted of a cluster of RPU accelerators will be able to tackle Big Data problems with trillions of parameters that is impossible to address today like, for example, natural speech recognition and translation between all world languages, real-time analytics on large streams of business and scientific data, integration and analysis of multimodal sensory data flows from massive number of IoT (Internet of Things) sensors,” noted the researchers in their paper.

The authors talked about how in the past couple of decades, machine learning has benefited from the adoption of GPUs, FPGAs, and even ASICs that aim to accelerate it. However, they believe further acceleration is possible by utilizing the locality and parallelism of the algorithms. To do this, the team has borrowed concepts from next-generation non-volatile memory (NVM) technologies such as phase change memory (PCM) and resistive random access memory (RRAM).

The acceleration for Deep Neural Networks that is achieved from this type of memory alone reportedly ranges from 27x to 2,140x. However, the researchers believe the acceleration could be further increased if some of the constraints in how NVM cells are designed were removed. If they could design a new chip based on non-volatile memory, but with their own specifications, the researchers believe the acceleration could be improved by 30,000x.

“We propose and analyze a concept of Resistive Processing Unit (RPU) devices that can simultaneously store and process weights and are potentially scalable to billions of nodes with foundry CMOS technologies. Our estimates indicate that acceleration factors close to 30,000 are achievable on a single chip with realistic power and area constraints,” said the researchers.

As this sort of chip is only in the research phase, and because regular non-volatile memory hasn’t reached the mainstream market yet, it’s probably going to be a few years before we begin to see something like it on the market. However, the research seems promising, and it may raise the attention of companies such as Google, which wants to accelerate its AI research as much as possible. IBM itself is also interested in solving Big Data challenges in healthcare and other domains so the company’s own businesses should benefit from this research in the future.


Source: Toms hardware,31484.html

Is MacKeeper Really A Scam?

Is MacKeeper Really A Scam?

Is MacKeeper Really A Scam?


[Original Post:]

[ ]

MacKeeper gets a bad rap, but what’s really behind the controversy?
MacKeeper is a strange piece of software. There may be no other app as controversial in the Apple world. The application, which performs various janitorial duties on your hard drive, is loathed by a large segment of the Mac community. Check out any blog, site or forum that mentions it, and you’ll find hundreds of furious comments condemning MacKeeper and Zeobit, the company behind it. We discovered this ourselves earlier this month, when we offered a 50%-off deal on MacKeeper. Look at all those furious comments on the post.

The complaints about MacKeeper are all over the shop: It’s a virus. It holds your machine hostage until you pay up. It can’t be completely removed if you decide to delete it. Instead of speeding up your computer, it slows it down. It erases your hard drive, deletes photos, and disappears documents. There are protests about MacKeeper’s annual subscription fees. Zeobit is slammed for seedy marketing tactics. It runs pop-under ads, plants sock-puppet reviews and encourages sleazy affiliate sites, critics say.

But what’s really strange is that MacKeeper has been almost universally praised by professional reviewers. All week I’ve been checking out reviews on the Web and I can’t find a bad one.

All the reviews praise the software for being well designed and easy to use. Macworld magazinecalls it “a gem.” TUAW gives it a favorable review. Dave Hamilton of Backbeat Media, a Mac industry veteran, recently talked it up at Macworld Expo. None of the professional reviewers complain of slowed-down machines or deleted data.

Given the comments on our deals post, I started researching Zeobit and MacKeeper. (Our deals, by the way, are determined by our partners, StackSocial.) I was alarmed that Cult of Mac might be promoting malware, but quickly became curious why such well-reviewed software gets such bad reviews from users. I reached out to Zeobit and Symantec, which publishes anti-virus and security software under the Norton brand.

Jeremiah Fowler, Zeobit’s PR Director, said Mac security companies get a bad rap because Apple users generally believe there is no need for anti-virus products. The Mac is immune to malware, according to users, and therefore any company that sells security software is by definition a scam.

“I personally believe it is just the nature of the business in the age of internet trolling and it is so easy for anyone with too much time on their hands to trash businesses or products online anonymously and with no repercussions,” he wrote in an email. “We have 150 employees and really do care about the products we make and the people who use them.”

Symantec’s Mac Product Manager, Mike Romo, said the same thing: the company is criticized for the very idea of selling security products for the Mac. Users think they are utterly unnecessary and ruin the frictionless experience of OS X. “It’s a great community but it’s very vocal,” Romo said in a telephone interview. “It would be a lot easier to make a painting program or something.”

Romo, who describes himself as a hard-core Mac user, said users voice similar complaints to those heard by Zeobit. However, he says the criticisms are like an urban myth — they are based on rumor and hearsay. “I ask them if they have used our product,” he said. “Ninety-nine percent of the time, they have not.”

“We’re used to getting the hate,” he added,” but we love and believe in what we are doing.”

Zeobit’s Fowler said the company has become a “forum punching bag” thanks to four things: a negative PR campaign from a rival company; Zeobit’s aggressive advertising tactics; out-of-control affiliates; and confusion among users between MacKeeper (legit software) and MacDefender (a Trojan). (See Fowler’s full note below.)

While looking into Zeobit last week, I came to some of these same conclusions myself. Zeobit has earned a lot of notoriety for its advertising practices. It’s a very active and aggressive marketer. It runs online ads everywhere, including sneaky pop-unders. It parades scantily-clad booth babes at Macworld. The company also runs an affiliate program that appears to be widely abused. According to Fowler, the sleaziest Zeobit marketing comes from third parties that it has no control over.

Some of the wilder accusations — that Zeobit is a hacker outfit that makes an insidious virus — are way off. The company was one of the sponsors of Macworld, which is as mainstream as a trade show gets. Apple sells a lite version of MacKeeper called 911 Bundle through the official Mac App Store, which is carefully vetted for malware.

Likewise, Cult of Mac does not offer malware through our Deals program. As far as I can tell, MacKeeper is a legit piece of software run by a company whose sales and marketing tactics rub many in the Mac community the wrong way. It may not be for everyone, but MacKeeper is not a virus or a scam. And right now, it’s 50% off ;-).

Here’s is MacKeeper’s PR Director Jeremiah Fowler’s full statement to Cult of Mac:


Hello Leander,

Thanks for your message and I will be happy to contact a 3rd party user about speaking with you. With the bad comments we are all too aware of them and they actually fall under a few different categories of why people are anti-MacKeeper. Just to give you an idea of what we face on a daily basis, here is a short breakdown of the key reasons people complain.

Also, as a general rule look at some of the other companies who are in the business of Mac security and see the search results for example if you search Google for norton+mac+sucks you will get about 18,700,000 results… We know that Norton is not a bad company, right? You may not like them or their products but you know they are not scammers and their software is not malware, but the internet is loaded with thousands of results saying the opposite. The results are the almost the same for nearly every industry leading software that offers Mac Security. I personally believe it is just the nature of the business in the age of “Internet Trolling” and it is so easy for anyone with too much time on their hands to trash businesses or products online anonymously and with no repercussions. We have 150 employees and really do care about the products we make and the people who use them. You can see some of our real customers and industry professionals talking about MacKeeper on our YouTube Channel here.


1) Black PR

We were the victim of a massive black PR campaign by a small competitor who is now cloning our apps one at a time:
The story was featured here: EXCLUSIVE: MacKeeper Says “Unethical Competitor Trying to Tarnish Our Reputation”

These guys were running Google ads saying we were scammers selling malware and anything else bad that they could create, we got those ads suspended for violating Google’s ad terms and the fine folks at Google 100% confirmed exactly who was the competitor running them against us. So, what this did was trigger a kind of “Band Wagon Effect” of others who were like “Yea we hate them”. They actually hired people in their office who used forum spam, link spam, blogs and paid articles to slander us in ways we are still feeling a year later. As mentioned in the article instead of wasting our time and energy doing the same back to them, we have decided to focus only on making our product better and listening to our real users. We think that focusing on our products and service instead of forum trolls, is a far better business model in the long run.

2) Those Who Hate MacKeeper Ads:

Legitimate Mac Users who are annoyed or tired of our advertising campaigns or partner’s campaigns. Do we advertise? Yes! Do we advertise aggressively, I would not like to use that term but we do have a massive advertising presence online! We have had 15,000,000 downloads of MacKeeper and have a less than 3% refund rate. The reality is that many people are truly happy with the product even if they hate the advertising (and unfortunately some do). The bad part is some people take their hatred for advertising to a level where they dedicate hours of their lives to making MacKeeper a “Forum Punching Bag”… In a perfect world there would be no advertisements on radio, TV, billboards or the internet, but this is not a reality. As long as there are ads, there will be people who hate them.

We believe that we have a great product and we want people to know about it and the only way to do this is to explore every medium of advertisement. It is like investing everything in to a great restaurant and hiring the best chefs, buying the best food only to hide the location somewhere in the woods and then tell no one about it. Then wondering why no one comes to your restaurant? We are discussing phasing out our ads and trying to please the vocal minority, but we realize that pleasing everyone is impossible.

3) Affiliates Gone Wild:

We have suspended many affiliate accounts for violating our terms and while these guys were trying to make a fast income they were trashing our image in the process. The problem is that although we suspend their account, the effects of their actions fall on us and cause serious harm to our reputation in the process.

4) Rogue software (with similar name)

In May 2nd 2011, a rogue security program called “MacDefender” (also known as Mac Protector, Mac Security, Mac Guard, and Mac Shield) was identified. This fake antivirus software had nothing to do with nor had any affiliation with MacKeeper or ZeoBit LLC, but used a similar name to MacKeeper. This also caused a lot of confusion and created a huge problem of Mac Users who were not familiar with MacKeeper.

Please let me know if you have any additional questions and I will be happy to help you.

Also please check out some of the real users on our YouTube Channel.

VB2015 paper: Mobile Banking Fraud via SMS in North America: Who’s Doing it and How

Though SMS may have been claimed dead many time, it is still very much alive, and quite popular among mobile phishers. At VB2015, Adaptive Mobile researcher Cathal Mc Daid presented a paper various mobile phishing campaigns targeting North American banks.

VB2015 paper: Mobile Banking Fraud via SMS in North America: Who’s Doing it and How

While SMS has been declared dead many times, the service remains frequently used – and abused.

In a paper presented at VB2015 in Prague, Adaptive Mobile researcher Cathal Mc Daid looked at fraudulent SMS campaigns, in particular those targeting banking users in North America.

He showed how these campaigns tend to target specific banks and specific regions, especially those on the East Coast, and also looked at how, similar to what we have long seen in email spam, the messages keep changing in subtle ways, to stay one step ahead of detection.

You can read his paper “Mobile Banking Fraud via SMS in North America: Who’s Doing it and How” here in HTML format or hereas a PDF, and find the video on our YouTube channel, or embedded below.


Are you interested in presenting your research at the upcoming Virus Bulletin conference (VB2016), in Denver 5-7 October 2016? Thecall for papers is now open.

Posted by   Martijn Grooten on   Mar 2, 2016

Nissan Leaf Cars Can Be Hacked Through A Web Link

Troy Hunt, a security researcher uncovered a vulnerability in the NissanConnect app, which can allow attackers to connect to a car if they know their car’s ID number. After that, they can hijack the car’s air conditioning and heating systems. The fault lies in the complete lack of authentication for the application that enhances the car’s dashboard with Internet-connected features.

The vehicle identification number (VIN), which is written on each Nissan Leaf’s windshield, can be copied by anyone that passes by that car. However, the VIN is composed of characters that refer to the brand, make of car, and the country where it was manufactured. Only the last five digits vary between different Leaf cars in the same region, so someone could just build a script to attack all of the Nissan Leafs in a given region.

“There’s nothing to stop someone from scripting a process that goes through every 100,000 possible cars and tries and turn the air conditioning on in every one,” said Troy Hunt. “They would then get a response that would confirm which vehicles exist.”

The security expert also noted that attackers don’t even need to use the NissanConnect app, because they can deliver the attack through a web browser by spoofing the app. The Australia-based researcher tested this on a Nissan owned by his friend Scott Helme, who lives in the U.K.

“As I was talking to Troy on Skype, he pasted the web address into his browser and then maybe 10 seconds later I heard an internal beep in the car,” said Helme. “The heated seat then turned on, the heated steering wheel turned on. And I could hear the fans spin up and the air-conditioning unit turn on.”

Hunt said that the test didn’t work when the car was in motion, but it did show the owner’s registered username, which could help reveal their identity. Times and distances of recent journeys were also revealed.

When Helme unregistered the app, Hunt’s attack no longer worked. This is why Hunt suggested that this vulnerability could be easily fixed if the company disables the ConnectNissan service.

The researcher said that although this isn’t a life-threatening attack, it could be used in ways that could put the cars’ owners in danger. For instance, if the attackers hijack the car this way, they could see over the course of a week where the driver goes to work, and then they could drain the car’s battery to make it so the driver can’t get back home.

Hunt alerted Nissan about the flaw a month ago, but so far he hasn’t gotten a proper response about it, so he decided to make it public to force the company to fix the issue. He said he has already seen some Canadian Leaf owners share information about this vulnerability online, so the issue is already out there, whether he would’ve kept it a secret or not.

This is why sometimes security researchers, who discover vulnerabilities in some products, can’t wait for the companies to provide a fix if it takes longer than a few months and it looks like they are dragging their feet. Usually, it’s not just one person that finds that vulnerability, but many others, who exploit it for their own purposes; therefore allowing the company to drag the process of fixing the issue doesn’t mean that others aren’t taking advantage of that vulnerability during that time.

This case also shows that although most car manufacturers are rapidly trying to build connected cars, electric vehicles that are almost completely controlled by software, and even self-driving cars, where the danger of software insecurity is even bigger, they aren’t taking security all that seriously.

Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs

Software security in these modern cars should be treated at least as seriously, if not more so (because software security is so hard), as any other safety mechanism in a car. A software feature that could slightly increase the owner’s convenience in using such a modern car could be turned into something that’s used to crash that car. That’s why car manufacturers need to think very carefully about each new software feature that they add to their cars, and it always needs to be written in a context of high security.


Source: Toms Hardware,31275.html

USB Encryption Goes Mainstream As Kingston Completes IronKey Acquistion

USB Encryption Goes Mainstream As Kingston Completes IronKey Acquistion

Kingston’s $4.25 million acquisition of the IronKey assets from Imation was a rare occurrence, as the fairly conservative company is not known for merger and acquisition activity. Kingston tends to favor internal development of new technology and products, and the company has met with resounding success in its efforts thus far. However, Kingston decided to procure the USB technology and assets when the IronKey portion of the Imation portfolio became available, but sold the IronKey external HDD business. This choice makes sense, as Kingston is a company built upon its core flash competency.  

Kingston offered its own FIPS 140-2 Level 3 (the highest level) encrypted USB products for 12 years, but its encrypted USB products appealed more to the general client market and tended to be pricey. Kingston did not attain the traction that the IronKey brand gained with lucrative business and government customers. Kingston will integrate the full breadth of IronKey products into its portfolio, and the company will offer all of the existing and future IronKey products under “Kingston IronKey” branding.


Kingston bucks the long-held, and mostly accurate, industry predictions that indicate fab-less SSD vendors will fall to the wayside. It is incredibly hard to compete with firms that produce their own NAND, but according to the Trendfocus CQ2015 Total SSD Market report, Kingston still holds a commanding presence in the global SSD market. Surprisingly, its 10.1% share of the total global SSD market outweighs several of its fab-enabled competitors, such as Intel, Micron, Toshiba, SK Hynix and SanDisk.

Kingston innovates by staying on the cutting edge of NAND technology – it procures NAND wafers and processes and packages the raw NAND into packages, thus ensuring cost efficiency that allows it to compete with the fabs. NAND fabs are beholden to their own NAND, but Kingston has the flexibility of procuring NAND from a number of sources. This helps ensure that it has access to the best performance and price for each successive NAND generation.

Imation built its IronKey products on an older hardware platform. In the encryption market, reliability and security typically outweigh performance and cost considerations. In fact, Imation did not actually produce its own products; it sub-contracted that aspect of its business out to third parties. Kingston’s extensive experience and technology will allow it to upgrade the current IronKey products to new and more cost–effective controllers and NAND. This will allow Kingston to offer the IronKey products at lower prices, which should help foster wider adoption in diversified market segments beyond the core Imation business and government contracts.

The majority of Kingston’s purchase centers on the IronKey IP. Imation had no dedicated production facilities due to its third-party production model. Kingston will continue to use the third-party manufacturing for a short time as it spins up its own facilities. The manufacturing transition will obviously be a top priority, as it will lower cost and allow Kingston more control of the supply chain.

The hardest part of any M&A activity always centers on the successful melding of the different cultures inside each respective company, but Imation had laid off a number of IronKey staff in December of 2015, and it did not keep any full time employees. This unfortunate fact should help Kingston integrate the two companies quickly.

DataLocker procured the IronKey management service assets, which is an integral portion of the IronKey product portfolio. Kingston and DataLocker had an extensive working relationship in the past, and Kingston signed a three-year contract with the company to provide the software piece of the puzzle. This move makes sense, as Kingston wishes to focus on its own core capabilities, thus leaving the software piece to the software company. Kingston also divested the IronKey HDD assets to DataLocker.

There was a thirty-day transition period signed into the Kingston/IronKey contract that has already expired. Kingston is now shipping the full breadth of IronKey products under its own branding. Kingston will maintain its encrypted DataTraveler products for customers who do not require the extra brick wall of FIPS 140-2 level encryption.

Melding the Imation IronKey technology portfolio with Kingston’s deep NAND experience, design expertise and manufacturing prowess should be a win for the consumer. Imation had a reputation for high-priced products, which Kingston’s scale should help remedy.

Kingston plans to extend its full global sales and support mechanism to all existing IronKey customers, and the promise of newer and more cost-effective solutions will bolster the long-term prospects for Kingston’s security-conscious USB products.


Source: Toms IT Pro,1-3182.html

Contact us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Questions, issues or concerns? I'd love to help you!

Click ENTER to chat