Tag Archive | antivirus protection

Surge in Grabbing Unauthorized Access

Authorization, an access control system, is all about administering and providing sensitive system access to a process or an application or a class of users based on their privilege level. Privacy and security concerns arise when system resources are accessed by an unauthorized process, application, or user.

Application and system developers always strive to incorporate secure authorization systems in their software. On the other hand, hackers come forth with new exploit techniques to elevate the access privilege associated with a specific process, system, or user. Many of the attacks start with an entry into the targeted systems with limited privileges and then an attempt to elevate privileges by exploiting a vulnerability in the OS itself or in third-party installations.

We conducted a short piece of research work on Elevation of Privilege (EoP) vulnerabilities using publicly available information on vulnerabilities discovered in operating systems, desktop applications and browsers. Interestingly the data indicates a significant rise in EoP vulnerabilities over the past two–and-half years.

From our research set on Microsoft Windows operating system vulnerabilities found over the time period mentioned earlier, we found that out of 700 vulnerabilities, 115 vulnerabilities were Privilege Escalation vulnerabilities, i.e. approximately 16%. It is clear from the research data set that attackers or malware writers are focusing more on EoP vulnerabilities to carry out their malicious attack as silently as possible.

Standalone exploitation of EoP vulnerability might not be sufficient for the attacker to achieve the required destructive behavior thus forcing the attacker to look for yet more vulnerability in the system to exploit.

The following is a list of commonly exploited Windows components:

The Group Policy Service
Windows kernel-mode driver (Win32k.sys)
Cryptography Next Generation kernel-mode driver (cng.sys)
WebDAV kernel-mode driver (mrxdav.sys)
TS WebProxy Windows component
Windows User Profile Service (ProfSvc)
Microsoft IME
TypeFilterLevel Checks
Windows audio service component
Windows TCP/IP stack (tcpip.sys, tcpip6.sys)
Kerberos KDC
FASTFAT system driver, FAT32 disk partitions
Message Queuing service
.NET Framework
Windows Task Scheduler
Windows Installer service
DirectShow
Ancillary Function Driver
On-Screen Keyboard
ShellExecute API
TypeFilterLevel checks
Group Policy preferences
NDProxy component
Local Remote Procedure Call
Windows audio port-class driver (portcls.sys)
Hyper-V
USB drivers
Windows App Container
DirectX graphics kernel subsystem (dxgkrnl.sys)
Service Control Manager (SCM)
NT Virtual DOS Machine (Ntvdm.exe)
asynchronous RPC requests handling (Rpcss.dll)
TrueType font files handling
Windows Print Spooler (Win32spl.dl)
NTFS kernel-mode driver (ntfs.sys)
Windows CSRSS (cmd.exe)
Remote Desktop ActiveX control (mstscax.dll)
Windows USB drivers

We see that the attackers often aim at a relatively highly destructive attack by exploiting privilege escalation and code execution vulnerabilities together.

Techniques employed by malware writer constantly evolve to achieve the desired privilege escalation undetected. There are many privilege elevation techniques publicly available online, such as:

  1. METHOD OF PROVIDING A COMPUTER USER WITH HIGH LEVEL PRIVILEGES, PATENT 7,945,947
  2. Exploiting The Known Failure Mechanism in DDR3 Memory referred to as Row Hammer to gain kernel privilege with the only “patch” being a replacement of the DRAM!

Sometimes it is simply not possible to patch a vulnerability.

Elevation of Privilege is not limited only to operating systems but is also witnessed in desktop applications, browsers, web applications and even in hardware. With the increasing popularity of Internet of Things across devices everywhere, the effect of exploiting an  Elevation of Privilege vulnerability in just one of the links in Internet of Things could give the attacker complete control of the whole system.

Image courtesy of: tompattersontalks.blogspot.in

Priyal Viroja, Vulnerability Researcher, K7TCL
Re-published by K7 Computing Ireland

K7 Computing webistes:

K7 Computing Ireland: www.k7computing.ie, K7 Computing UK: www.k7computing.co.uk

Editor of World-Renowned Security Magazine Appreciates K7 Speakers

November 7th, 2014

In a nice gesture, the editor of the acclaimed Virus Bulletin magazine has blogged about the presentation of our reserve speaker duo who were meant to present a paper and a short demo, in the event of an absent speaker at the 2014 Virus Bulletin International Conference held recently in Seattle, USA.

VB2014 has already been discussed, highlighting the presentation by K7’s Gregory Panakkal. Nevertheless, this post is dedicated to the reserve speakers from K7 Threat Control Lab, Samir Mody, Senior Manager and V.Dhanalakshmi, Senior Threat Researcher.

Their paper, “Early launch Android malware: your phone is 0wned”, demonstrates the difficulties in
removing an active Android ransomware, “’Koler/Simple Locker”, infection that prevents a user from
uninstalling it. It also proposes a new framework which Google could induct to help mobile security vendors defeat Android malware strategies.

View the full presentation and demo at K7 YouTube channel.

Archana Sangili
Content Writer

K7 Computing Ireland: www.k7computing.ie

K7 Computing UK: www.k7computing.co.uk

K7 Enterprise Security and Enterprise Antivirus new version release

K7 Computing is happy to announce latest version 2.5 of K7 Enterprise Security.

New upgrades and improvements in compatibility with Windows Server operating systems K7 Enterprise Security and K7 Enterprise Antivirus are all types of Microsoft Server OS using now only one installation file to deploy K7 security console and endpoints.

What’s new in K7 Enterprise Security (2.5)

  • Database storage size has been increased to 10 GB
  • ‘Allow’ option is introduced for blocked applications under Application Control
  • New Desktop icon introduced for Admin Console
  • Short cut icon removed for endpoints, but sys-tray icon and start menu icon will remain
  • Detection and Removal added for more 3rd Party AV products

What’s new in K7 Enterprise Security (2.4)

  • Activity Log – The recent update and scan status of a computer can be viewed from Clients » Computer Details.
  • Notification (email & Dashboard) for schedule scan interruption.
  • Password protection for device control
  • Enhancements on Task Details – Scan Summary and Update Summary added.
  • Purging introduced to remove Not Reported computers, older Applications & Tasks automatically.
  • Subnet search on Clients filter.
  • Subscription expiry notification through email and Dashboard (Paid License: 30 days, 15 days & 3 days interval, 30 days Trial License: 15 days, 10 days & 3 days).
  • Multiple selections now allowed to remove the Quarantined files, if the files are not required.
  • Client’s computers list can be exported as a Report.

K7 Enterprise Security and K7 Enterprise Antivirus are available for trial at:

K7 Computing Ireland or K7 Computing UK

_JZ_

K7 Computing IE

K7 released new version 14.2 for home edition antivirus products

K7 Computing has released new version 14.2 of it’s home edition antivirus products K7 Antivirus Plus, K7 Total Security and K7 Ultimate Security.

New improvement includes faster scanning speed and easier integration with new Windows 8.1 operating system. This was a challenging task for K7 developers, due to the remarkable K7 speeds in previous versions.

Products also received improved scan of other AV products prior installation with option to automatically uninstall them. This prevents possible conflicts and system performance and instability problems.

New version has been also tested by Softpedia with very good results: Full article in Softpedia

For free trial visit:

United Kingdom: Free 30 day trial

Ireland: Free 30 day trial

K7 Ultimate Security 2014 options

-JZ-

K7 Computing Ireland and UK August 2014

K7 Total Security secured yet another VB-100 award

K7 Total Security 13.1 product has earned the latest VB100 award for the Windows XP SP3 platform.

VB-100 awardWe are pleased to say that we have passed yet another VB-100 award. Constant research and development for K7 antivirus products are gaining on recognition among the professionals and end -users.

Latest K7 Total Security in a version 13.1 reached higher positioning among the previous testing results.

The test result shows that:

  • K7 have made big improvements in proactive and reactive detection rates for antivirus protection.
  • The Virus Bulletin organisation has praised the new look and feel of K7 Total Security.
  • K7 Total Security is rated as ‘Solid’ which is the best rating for product stability.

Full test results: https://www.virusbtn.com/vb100/archive/test?recent=1

K7 Computing Releases a New Version 13.1 of the K7 Antivirus and Security Product Line

K7 Computing antivirus and security products have been updated to version 13.1

This new version brings improvements to the installation and security modules, especially new firewall and improved antivirus engine performance.

In the newest build 13.1 K7 has updated Firewall module and antivirus engine performance. Speeding up even still unbeatable installation time averaging in less than a minute. On a new PC/Laptop can be achieved in less than 25 seconds.

The scanning speed of the antivirus engine is the most-kept secret in K7, which makes your computer run faster than before. The program’s performance speed does not slow down processes and, therefore, you won’t notice any slowdown of your computer. Unobtrusive but complete PC protection is the key factor for K7 security products.

Latest 13.1 versions of K7 Antivirus Products:

  • K7 Antivirus Plus
  • K7 Total Security
  • K7 Ultimate Security

K7 Ultimate Security
Every installation of K7 is automatically upgraded to the latest release, with new features and modules, therefore K7 customers don’t have to worried about an old version being installed on their PC.

K7 Computing takes a different approach at the software version names and as of Q3 of 2012, is not using any prefix for the software version. Builds that reflect new features and improvements are identified as the year they are released and the update version, E.g.,  12.2, 13.0 and newest version is 13.1

For more information, including a free 30 day trial, please visit:

K7  Computing UK site: http://www.k7computing.co.uk/download.php

K7 Computing Irish website: http://www.k7computing.ie/download.php

 

Additional links:

Twitter: https://twitter.com/K7ComputingUK

Google+: https://plus.google.com/111225020590246781521/posts

Facebook: https://www.facebook.com/k7computing.co.uk

K7 Enterprise Antivirus released

 

K7 Computing is pleased to announce the product release of K7 Enterprise Antivirus.

K7 Enterprise Antivirus complements existing K7 Enterprise Endpoint security software for business K7 Enterprise Security and K7 Mail Security for Microsoft Exchange.

K7 Enterprise Antivirus offers endpoint protection built on the award winning K7 Antivirus engine with the best performance by AV Comparatives for 2010 and 2011, and features protection for endpoint computers and servers for SMBs and Enterprise clients with a built in Web Management console providing administrators with easy access to Endpoint management via any web browser.

K7 Enterprise AntivirusBusinesses and organizations of all sizes are in constant risk by malware infiltration from the internet and USB media. To minimize possibility of malware attack, K7 Enterprise Antivirus secures workstations and servers by Antivirus protection with multi-layer security that prevents and blocks known and unknown malware threats:

–          Zero Day protection: prevents client from PDF and browser based exploits

–          Behavioral blocking: blocks and removes any new malware based on behavioral analysis undetected by traditional Antivirus approach

–          Drive-by-download blocking: detects and block zero-day browser exploits and rogue AV downloads.

K7 Enterprise Antivirus Features:

  • Antivirus & Antispyware
  • Comprehensive email scanning
  • External device access control
  • Rootkit scanner
  • USB vaccination

 Web based Management Console

Single web console for endpoints and server control and management. Enterprise Antivirus has active directory support for endpoints installation offering multiple ways to install endpoint protection remotely. Provides email notifications and easy access to security events reporting. Console allowing admins to trigger events on the clients, group clients and assign policies, restrict USB and external media access and overview the network security status.

Business antivirus with easy implementation, and the lowest system resources used to protect endpoint, that’s K7 Enterprise Antivirus.

Secure your free 30 day trial at www.k7computing.ie, or contact any approved K7 reseller for further information.

K7 Enteprise Security 1.2 released

K7 Enterprise Security 1.2 release.

K7 Computing is happy to announce release of the newest version of K7 Enterprise Security 1.2 – antivirus endpoint protection.

New version brings upgraded features and improved performance and reporting.

K7 Enterprise Security 1.2 provides the latest security protection technology for endpoints protection.

With the fastest antivirus engine from K7 Computing and two-way firewall with in-office and out-of-office settings, K7 Enterprise Security assures that clients are well protected on the company’s network as well on the public networks. Additionally the product providing for security administration Web Control access and Application control for the endpoints. USB and Media access control is a must for any business and K7 Enterprise Security offers multiple settings for the intrusion prevention.

K7 Enterprise security is managed through web console with fast graphic interface and low system resources. Web access allows connecting to the administrators console from PC, Mac, tablets or smartphone via any web browser.

Console providing tools to manage clients, remotely deploy clients, application control monitoring, custom reports and 360 degree information about security protection.

K7 Enterprise Security 1.2

Products release notes::

  1. New Enterprise Product without Firewall (AV + Antispyware + Behavior protection + Device Control only)
  2. Product Backup and restore to support server box migration
  3. Detailed Report (The earlier report was summary only)
  4. Web Filtering enhancement to block https sites over IE, Firefox and Chrome browsers (Client update 11.1.0128)
  5. Importing bulk URLs to add into Allow / Block lists
  6. Indicating Security status of clients (Green / Red / Orange / Blue) in the client list
  7. Manual update at any time (earlier it was only auto update by fixed schedule)
  8. Update settings UI (Internet availability timing can be configured by administrator)
  9. Dashboard widgets rearrangement (by drag and drop)
  10. Website / URLs can be searched through Search Box to know whether its been blocked
  11. Dashboard performance optimization for quick loading of Widgets
  12. SSL SMTP Notifications

Current K7 Enterprise Security clients will be upgraded automatically within upcoming weeks.
For a more information and free trial visit: www.k7computing.co.uk or www.k7computing.ie