Who are the Players in the Antivirus Industry?

Everyone in the United States has heard of the leading antivirus vendors Symantec, Mcafee, Computer Associates, and Trend Micro. These companies have market-leading presence in the United States.  Microsoft, as well, has plans become a key player in this market.  Microsoft acquired intellectual property and technology from GeCad software in 2003, a company based in Bucharest, Romania.  They also acquired Pelican Software, which had a behavior based security as well as Giant Company Software for spyware and Sybari Software, which manages virus, spam, and phishing filtering.

Finding the Security Suite that meets your needs

Before proceeding to read this article, it is important that we state something up front.    It is essential for the reader to understand and appreciate that there is no such thing as a secure operating system or web browser.  While the use of security suites and other complementing products can significantly reduce your risks, they are not magic wands that you can wave to eliminate 100% of your risk.  Any product claiming they can do this should be viewed with great skepticism. 

With that being said, let’s talk computer security and security suites.  There are numerous ways in which the security of your computer can be breached.  The most common threats come from worms, viruses, Trojans, phishing, hackers and crackers.  Potential security breaches can come in the form of downloading unfamiliar email attachments, being monitored by spyware, maliciously attacked by malware, or probed through port scanning.

Dshield.org (www.dshield.org), a non-profit company, functions as a “dominating attach correlation engine with worldwide coverage”.  In short, they work with people and companies to track, among other things, port scanning violations.  Port scanning involves a person (referred to as a hacker or cracker) who attempts to break into you computer through the open ports in your system.  Once an open port is located, the individual attempts to collect your personal data or install a malware program into you computer.  On average, Dshield.org logs over 1.1 billion reported attempts of port scanning each month.  What is even scarier is that this is just based on their program participants.  You can imagine how many more incidents are occurring each month to the general population of computer users.

Dshield.org also reports on survival time.  Survival time refers to how long it will take before an unpatched PC is attacked or infected.  Below is a snapshot of their current operating system breakdown:

Current OS Breakdown

Category	%	Adjusted Survival Time
Windows	27.0000	128 min
Unix	0.5000	3648 min
Application	3.0000	1203 min
P2P	1.5000	1591 min
Backdoor	0.5000	5432 min

Source:  Dshield.org – Survival Time History (11/8/05)

In short, if you have a Windows-based operating system and an unpatched PC, you will be attacked or infected in a little over 2 hours.  When looked at in these terms, securing your computer becomes a mission.

Here are a few easy steps you can take to immediately protect your computer. 

1.         Don’t run unfamiliar programs on your computer. 
It sounds like common sense, but many of the most prominent attacks have involved spyware and email attachment worms such as Bagle and Netsky.  If you don’t recognize the sender, don’t download its attachments.

2.         Don’t allow unrestricted physical access to your computer. 
If you have sensitive or proprietary information on your computer, allowing other employees or family members to use your computer can lead to potential         breaches in your computer’s security.

3.         Don’t use weak passwords.
Use passwords which are difficult for someone to figure out.  People frequently use the names of children, pets, anniversary dates, or birthdays.  Because there seems to be a password needed for everything, it is not uncommon to see many people using the same password for everything.  Big mistake!  The use of only one password provides a hacker with easy access to a smorgasbord of personal information.  If you have to write your passwords down, it is best not to leave them on a post-it, attached to the screen of your computer.  You may chuckle at the absurdity, but it happens more than you think.

4.         Don’t forget to regularly patch your operating system and other applications.
Many industry experts believe that most network security attacks would be stopped if computer users would just keep their computers updated with patches and security fixes.  Too often, we forget to do this on a regular basis.  Remember that every day, new viruses, worms and Trojans are being created and distributed.  They are looking for the weaknesses in your computer system.  Having outdated software is basically the same as holding the door open and inviting them in for a visit.

5.         Don’t forget to make regular backups of important data

Always keep a copy of important files on removable media such as floppy/ZIP disks or recordable CD-ROM disks.  Store the backups in a location separate from            the computer.

In most cases, Windows desktop and screen-saver passwords provides adequate protection for normal security concerns.  However, if you feel more comfortable taking additional security measures consider obtaining a comprehensive security suite. 

Selecting a Antivirus Software

The next question is how do you pick the best product for your needs?  You start by asking yourself a series of questions.  Do you need password protection for individual files, your desktop, a network, or to block someone’s access to the Internet?  Is your computer used only by you or do multiple users have access to the computer?   How many users in total do you expect on your computer? What are your system requirements?  How much do you want to spend? 

Once you are able to answer these questions, you can begin to research which security suite will best meet your needs.  Product reviews and user statements provide a great starting point.  PCMagaine (www.pcmag.com), Zdnet.com (www.zdnet.com), and Consumer Reports (www.consumerreports.org) are just a few informative sites that offer research on various computer software products.

There are numerous security suites available on the market.  Take the time to choose the one that meets your specific needs.  As a starting point, we’ve listed a couple of the more popular programs:

1.         Kaspersky Personal Security Suite
Description:  A comprehensive protection program package designed to guard against worms, viruses, spyware, adware and other malicious programs.  The program offers five pre-defined security levels and is convenient for mobile users.  System requirements:  Window 98/2000/XP; Internet Explore 5.0 or higher, Memory: minimum of 64 MB RAM, 100 MB free on hard drive.

2.         Shield Deluxe 2005
Description:  This program provides protection from viruses, adware, spyware, and privacy threats while using very low system resources.  Additionally, the maker, PC Security Shield offers ongoing free technical support.  System requirements:  Windows 98 or higher, WinNT, WinXP, WinME; Internet Explorer 5.1 or higher, Memory:  32MB ram or higher, 65 MB free disk space.

Who are the Players in the Antivirus Industry?

Everyone in the United States has heard of the leading antivirus vendors Symantec, Mcafee, Computer Associates, and Trend Micro. These companies have market-leading presence in the United States.  Microsoft, as well, has plans become a key player in this market.  Microsoft acquired intellectual property and technology from GeCad software in 2003, a company based in Bucharest, Romania.  They also acquired Pelican Software, which had a behavior based security as well as Giant Company Software for spyware and Sybari Software, which manages virus, spam, and phishing filtering.

A lot of discussion has centered on whether Microsoft with come to own a dominant position in the antivirus market by simply bundling its technologies with its operating systems at no charge.  This is a similar technique applied in other markets such as word processing and Internet browsers.

Of course there are a number of antivirus vendors who also play in this market. There are many companies with great market presence in other countries that are beginning to become more widely known. These vendors include GriSoft out of the Czech Republic, Sophos in the united Kingdom, Panda Software out of Spain, Kaspersky in Russia, SoftWin in Romania, F-Secure in Finland, Norman in Norway, Arcabit in Poland, VirusBuster out of Hungary, and AhnLab in South Korea.

It is not clear where the industry is heading and everyone in this market faces a rapidly changing landscape. The amount of effort to find and provide fixes for viruses is staggering. Malicious programs are getting more complex and the number of them is increasing.  Many companies may find themselves without the resources to match the efforts of those truly bent on creating havoc.  Some virus companies are getting of hundreds of new samples a day! Moreover, the new viruses are getting "smarter" in that they propagate themselves quickly and they often hide themselves and are smart enough to move around in a system by renaming themselves in an effort to make it hard to remove them.

Why Do I Feel Like Somebody’s Watching Me?

Spyware is one of the fastest-growing internet threats.  According to the National Cyber Security Alliance, spyware infects more than 90% of all PCs today.  These unobtrusive, malicious programs are designed to silently bypass firewalls and anti-virus software without the user’s knowledge.  Once embedded in a computer, it can wreak havoc on the system’s performance while gathering your personal information.  Fortunately, unlike viruses and worms, spyware programs do not usually self-replicate.  

Where does it come from?

Typically, spyware originates in three ways.  The first and most common way is when the user installs it.  In this scenario, spyware is embedded, attached, or bundled with a freeware or shareware program without the user’s knowledge.  The user downloads the program to their computer.  Once downloaded, the spyware program goes to work collecting data for the spyware author’s personal use or to sell to a third-party.  Beware of many P2P file-sharing programs.  They are notorious for downloads that posses spyware programs.

The user of a downloadable program should pay extra attention to the accompanying licensing agreement.  Often the software publisher will warn the user that a spyware program will be installed along with the requested program.  Unfortunately, we do not always take the time to read the fine print.  Some agreements may provide special “opt-out” boxes that the user can click to stop the spyware from being included in the download.  Be sure to review the document before signing off on the download.

Another way that spyware can access your computer is by tricking you into manipulating the security features designed to prevent any unwanted installations.  The Internet Explorer Web browser was designed not to allow websites to start any unwanted downloads.  That is why the user has to initiate a download by clicking on a link.  These links can prove deceptive.  For example, a pop-up modeled after a standard Windows dialog box, may appear on your screen.  The message may ask you if you would like to optimize your internet access.  It provides yes or no answer buttons, but, no matter which button you push, a download containing the spyware program will commence. Newer versions of Internet Explorer are now making this spyware pathway a little more difficult.

Finally, some spyware applications infect a system by attacking security holes in the Web browser or other software.  When the user navigates a webpage controlled by a spyware author, the page contains code designed to attack the browser, and force the installation of the spyware program.

What can spyware programs do?

Spyware programs can accomplish a multitude of malicious tasks.  Some of their deeds are simply annoying for the user; others can become downright aggressive in nature.

Spyware can:

1.            Monitor your keystrokes for reporting purposes.

2.            Scan files located on your hard drive.

3.            Snoop through applications on our desktop.

4.            Install other spyware programs into your computer.

5.            Read your cookies.

6.            Steal credit card numbers, passwords, and other personal information.

7.            Change the default settings on your home page web browser.

8.            Mutate into a second generation of spyware thus making it more difficult to           eradicate.

9.            Cause your computer to run slower.

10.        Deliver annoying pop up advertisements.

11.        Add advertising links to web pages for which the author does not get paid.  Instead, payment is directed to the spyware programmer that changed the original affiliate’s settings.

12.        Provide the user with no uninstall option and places itself in unexpected or hidden places within your computer making it difficult to remove.

Spyware Examples

Here are a few examples of commonly seen spyware programs.  Please note that while researchers will often give names to spyware programs, they may not match the names the spyware-writers use. 

CoolWebSearch, a group of programs, that install through “holes” found in Internet Explorer. These programs direct traffic to advertisements on Web sites including coolwebsearch.com. This spyware nuisance displays pop-up ads, rewrites search engine results, and alters the computer host file to direct the Domain Name System (DNS) to lookup preselected sites. 

Internet Optimizer (a/k/a DyFuCa), likes to redirect Internet Explorer error pages to advertisements. When the user follows the broken link or enters an erroneous URL, a page of advertisements pop up.

180 Solutions reports extensive information to advertisers about the Web sites which you visit.  It also alters HTTP requests for affiliate advertisements linked from a Web site.  Therefore the 180 Solutions Company makes an unearned profit off of the click through advertisements they’ve altered.

HuntBar (a/k/a WinTools) or Adware.Websearch, is distributed by Traffic Syndicate and is installed by ActiveX drive-by downloading at affiliate websites or by advertisements displayed by other spyware programs.  It’s a prime example of how spyware can install more spyware.   These programs will add toolbars to Internet Explorer, track Web browsing behavior, and display advertisements.

How can I prevent spyware?

There are a couple things you can do to prevent spyware from infecting your computer system.  First, invest in a reliable commercial anti-spyware program.  There are several currently on the market including stand alone software packages such as Lavasoft’s Ad-Aware or Windows Antispyware.  Other options provide the anti-spyware software as part of an anti-virus package.  This type of option is offered by companies such as Sophos, Symantec, and McAfee. Anti-spyware programs can combat spyware by providing real-time protection, scanning, and removal of any found spyware software.   As with most programs, update your anti virus software frequently. 

As discussed, the Internet Explorer (IE) is often a contributor to the spyware problem because spyware programs like to attach themselves to its functionality.  Spyware enjoys penetrating the IE’s weaknesses.  Because of this, many users have switched to non-IE browsers.  However, if you prefer to stick with Internet Explorer, be sure to update the security patches regularly, and only download programs from reputable sources.  This will help reduce your chances of a spyware infiltration.

. 

And, when all else fails?

Finally, if your computer has been infected with a large number of spyware programs, the only solution you may have is backing up your data, and performing a complete reinstall of the operating system.