Panda Research Blog

Panda Security Compatibility with Windows 7

Pedro Bustamante — Fri, 23 Oct 2009 12:44:00 GMT

I'm happy to announce that all our consumer and most corporate products with full Windows 7 compatibility have been released. You can download them from:

http://www.pandasecurity.com/windows7

Panda Security Days in Sweden 09

Pedro Bustamante — Wed, 14 Oct 2009 00:51:00 GMT

Just as we did last year and other years before that, last week we had our Panda Security Days in Sweden. This year we started in Malmö, followed by Gothenburg and ending up in Stockholm. There were very good speakers from Panda presenting different topics; Cecilia Carlsdotter talked about Panda's corporate social responsabilities innitiatives. Sebastian Zabala talked about our different products and technologies. Daniel Nyström, Head of Tech Support in Sweden, talked about various support issues and presented his excellent team. Luis Corrons talked about the latest cyber-crime techniques, focusing on banking trojans and rogue antivirus. Petter Lautin talked about the different corporate objectives for Panda in Sweden and lastly I talked about internal statistics of Collective Intelligence and other stuff we're working on.

As I know you'll be curious about this, here's some of the Collective Intelligence stats we presented during the talks:
25 TB          Size of Collective Intelligence Database
48 million     Files hosted by Collective Intelligence
80 million     Files analyzed by Collective Intelligence
61.000         New files received daily at Collective Intelligence
99.4%         Files processed automatically every day
150 GB       Size of logs generated every day by Collective Intelligence
165 million   Files queried against Collective Intelligence every day
127 KB        Bandwith usage of each Panda Cloud Antivirus agent every day

In addition to the interesting stats I'll also leave you with some pictures of this fun week in Sweden.

Panda USB Vaccine - Version 1.0.1.4

Pedro Bustamante — Thu, 08 Oct 2009 13:13:00 GMT

We recently released version 1.0.1.4 of Panda USB Vaccine. This version includes a few bug fixes plus multi-lingual support. The MD5 of the executable is 58cc5b530fc552c8e31870f90db425ed.

As always you can get it directly from download.com:

The Perfect Antivirus!

Pedro Bustamante — Mon, 21 Sep 2009 13:45:00 GMT

From web.splesh.net.

Cool video

Pedro Bustamante — Wed, 16 Sep 2009 13:56:00 GMT

Cool dragonball-like video from our partner in Taiwan :)

http://www.youtube.com/watch?v=D_kfddS_Tyc

I specially like the part about TruPrevent.

Compatibility with Windows 7 - Part 2

Pedro Bustamante — Mon, 14 Sep 2009 22:43:00 GMT

As you may remember at the beginning of the year we released a Panda AV 2009 compatible with Windows 7. We are now releasing Windows 7 compatibility of our Panda 2010 products in a beta program. Be sure to check out http://www.pandasecurity.com/windows7 or simply download Panda Global Protection 2010 for Windows 7 directly from here.

Microsoft to disable AutoRun... maybe

Pedro Bustamante — Mon, 14 Sep 2009 22:33:00 GMT

Interesting news from Redmond:
http://www.theregister.co.uk/2009/09/14/more_microsoft_autorun_fixes/

On Friday, Microsoft announced the availability of updates to the XP, Server 2003, Vista and Server 2008 versions of Windows that removes the AutoRun popup window when some types of removable media is connected. The change doesn't affect optical media such as CDs and DVDs, a shortcoming we'll get to in a moment.
As we pointed out then, the move is a step in the right direction, but it doesn't go far enough. That's because certain types of removable drives - those made by U3, for instance - run firmware that advertises the device to Windows as a CD. Such drives will continue to automatically execute the AutoRun routine as soon as they're plugged in.
The new updates are available here. But as we've said before, given the large number of devices that are unaffected by this change, we'll continue to disable AutoRun altogether.

While we applaud the move as it shows a little more conscious security decisions in product design, it's still too little, too late.

If you want to be truly protected against AutoRun malware and make sure your USB drive is not used as an infection vector, download and use the free Panda USB Vaccine.

Panda SafeCD 3.4.3.5 Released

Pedro Bustamante — Mon, 27 Jul 2009 16:43:00 GMT

We just released Panda SafeCD version 3.4.3.5. This useful utility comes in handy when you need to clean a friend's PC (or your own) from a malware infested state. It is specially useful for detecting and disinfecting malware infections which give regular AV products running within Windows a hard time.

Automatic detection and removal of all types of malware.
Boot from CD or USB stick.
Supports using updated signature files.
Supports 13 languages.
Supports both FAT and NTFS drives.

The download consists of an ISO. You can either burn this into a CD/DVD or alternatively create a more convenient Boot USB stick by using something like the Universal Netboot Installer (UNetbootin).

In order to use a more updated signature database, the Panda SafeCD searches the registry for installed Panda applications that use the regular pav.sig file signature format. If you want Panda SafeCD to use a more updated signature file simply make sure there is an installed Panda product (normally in C:\Program Files\Panda Security) with an updated pav.sig file. If the Panda SafeCD finds a more recent pav.sig than the one included in the ISO, it will use the more updated one.

For a more recently updated signature database file download pav.sig from this blog. Remember this signature file is for tests only and updated on a "whenever-I-feel-like-it" basis, so it should not be used for production systems. For critical situations and to disinfect production systems use our regular signature file which gets updated at least once a day.

Download Panda SafeCD 3.4.3.5

Law enforcement = 0 / Bad guys = 1

Pedro Bustamante — Tue, 30 Jun 2009 09:42:00 GMT

It's a sad day for all of us when bad guys get caught, yet are allowed to walk freely.

As reported by TheReg, James Reno, involved in the creation, distribution and scams using Rogue Antivirus such as ErrorSafe, WinAntiviurs and XPAntivirus, was allowed to "walk" with just a small fine of $116K. The article suggest he scammed users out of $50 million by infecting their PCs with rogue crapware and scaring them into paying up.

http://www.theregister.co.uk/2009/06/29/scareware_settlement/

What kind of message is the FTC sending to the rest of the bad guys? "Go ahead, infect millions of users and don't worry about jail time. Just give us a small percentage and we'll let you go."

I already had small hopes that law enforcement and governments do anything useful to help protect users. But this goes beyond absurd and is sending the wrong message that cyber-crime is OK as long as they pay their dues to governments.

First Independent Test of Panda Internet Security 2010

Pedro Bustamante — Fri, 26 Jun 2009 18:12:00 GMT

As you may know we released our Panda 2010 products yesterday. In addition to the traditional Panda Antivirus Pro 2010, Panda Internet Security 2010 and Panda Global Protection 2010, this year we've also released a tailor-made product for netbooks and ultra portables called Panda Antivirus for Netbooks.

I just got word from Andreas Marx from AV-Test.org that they've put Panda Internet Security 2010 (PIS 2010) to the test today. Some conclusions from the test can be seen below, using Andreas' own words:

WildList Test. We started with a detection test against all samples from the most recent WildList 05/2009 and malware from older releases. Our test set includes 3,194 confirmed malicious and widespread samples. We tested the set with the on-demand scanner and on-access guard. In both cases, Panda was able to detect and remove these viruses, worms and bots easily.

Full Collection Test. We were able to test PIS 2010 against a larger set of about 680,000 malware samples, including ad- and spyware, trojan horses and other critters. It detected 99.6% of these files, without flagging any files in our false positive / clean file test set, which is a very good result.

TruPrevent Test. We have tested the dynamic (behaviour-based) detection with a few recently released malware samples which are not yet detected by heuristics, signatures or the "in the cloud" features and found that Panda warned in about 45% of the cases when we executed the malware sample. However, it only blocked and quarantined just a few of these tested samples. (More testing in this area needs to be performed to report statistically significant results.)

Disinfection Test. The detection and removal of an already infected PC was working properly, all active components were removed during the system repair process and just in some cases, registry keys belonging to the malware were left behind.

Rootkit Test. The detection and removal of actively running rootkits was quite impressive: all rootkits in our test were successfully identified and deleted.

As you may imagine we're very happy about the results of this test and hope other independent tests come along soon that also validate the highest level of quality provided by our most advanced ever anti-malware solutions.

For detailed testing methodology (for rootkit detection and removal, system disinfection, dynamic detection, etc.) I recommend you visit AV-Test.org Papers selection.

Other advanced testing methodologies worth reading up on can also be found at ATMSO's Document Library.

Panda USB Vaccine with NTFS Support

Pedro Bustamante — Thu, 18 Jun 2009 22:48:00 GMT

UPDATE October 9, 2009: New version 1.0.1.4 released.

First off many thanks to the hundreds of thousands of users who have downloaded, used and given us feedback on Panda USB Vaccine. Not only is it allowing us to improve this free utility for the community, it also helps protect users a little better from spreading malware infections.

Finally Panda USB Vaccine is out of beta and version 1.0.0.50 is here. Some of the most notable improvements are the following:

Support for vaccinating NTFS drives. This uses a completely different technique than the vaccination of FAT/FAT32 drives.
Executing USBVaccine.exe launches an installer which allows you to configure whether you want USBVaccine to start automatically with Windows.
Configuration option during setup to hide the tray icon.
Configuration option during setup to automatically vaccinate any new USB drives inserted into the PC.
Fixed bug on PC shutdown when USBVaccine was running in the background (Vista).
Other bug fixes reported by users on certain types of USB drives.

Some screenshots of the new Panda USB Vaccine:

As always you can get it directly from download.com:

Feedback on Morro

Pedro Bustamante — Thu, 18 Jun 2009 00:29:00 GMT

Excellent comment via pcworld regarding Morro (kudos to avdude15):

Just what we need - a security mono-culture.
If Microsoft's free av product succeeds it will knock more than a few av developers out of the market and weaken the rest. This at a time when the more innovative players are investing heavily in the infrastructure and technology to deliver protection as a service. Cloud scanning, reputation systems, sand boxes are just a few of the new technologies being rolled out by many of the AV players. So Microsoft says, "let's give away a product and kill all that innovation". Whether or not Microsoft delivers a good product or not, all of our security will suffer.

To counter some press articles, Morro is not cloud-based. It simply sends detection statistics back to MS over the Internet (encrypted over SSL so you can't see what is being sent).

Also there's nothing innovative about Morro. It requires big signature updates and doesn't use cloud-scanning. Just the same old traditional and basic AV.

What's your take on MS Morro?

Online banking

Pedro Bustamante — Mon, 08 Jun 2009 14:39:00 GMT

Don't know where I got this from. I think it's from Vey.

When the going gets tough, AMTSO gets going

Pedro Bustamante — Tue, 02 Jun 2009 00:42:00 GMT

You've probably read about this in other blogs already. At the risk of sounding like a broken record I'll post it here as well as this is really important and I think we should all help spread the word as much as possible. As you may know AMTSO is a non-profit organization made up of a lot of companies from the industry, from independent tests (such as AV-Test, AV-Comparatives, CascadiaLabs, Dennis Technology Lab, ICSA, NSS, PC Security Labs, and West Coast Labs) to antivirus vendors and academia. Visit AMTSO website to view the full member list.

Last month we attended the 5th Anti-Malware Testing Standards Organization (AMTSO) meeting held in Budapest and hosted by VirusBuster. This follows a bunch of other meetings held in Bilbao (Panda), The Netherlands (Norman), Oxford (Sophos) and Cupertino (Symantec). You can read the AMTSO Press Release titled AMTSO to start analysis of Anti-Malware Reviews for the official details.

Most of the work went into validating in a face to face meeting the different documented methodologies and processes which we've all been working on over the last few months. In all, AMTSO has now published a respectable document library about different issues concerning Anti-Malware Testing, and the list keeps on growing.

AMTSO Fundamental Principles of Testing. A high level overview which covers the 9 principle guidelines to follow while testing anti-malware products.
AMTSO Best Practices for Dynamic Testing. Probably the first document AMTSO started working on the early days of its foundation. Covers the main issues while running dynamic tests (versus static tests which consist of on-demand scans of many samples).
AMTSO Best Practices for Validation of Samples. One of the most important and most often overlooked issues of anti-malware testing. How to select valid samples for testing.
AMTSO Best Practices for Testing In-the-Cloud Security Products. Specially important for products which incorporate this latest method of protection. We were specially interested in this document as you can imagine as some of our latest products such as Panda Cloud Antivirus and Panda 2010 products include cloud-scanning.
AMTSO Analysis of Reviews Process. Viewed as one of the most important tasks of AMTSO, this document provides insight into the process that AMTSO will follow to review, based on the principles and methodologies published, the different Anti-Malware Tests that are published out there. This process is completely transparent and open to the publlic, so anybody can request a "Review Analysis" of a published test.

One of the most interesting things during these AMTSO meetings is the of openness & sharing of information between what are normally fierce competitors. It's not a very common practice to link to "competitors" sites (and I'm sure I'll get in trouble for it when/if my boss sees this), but I do recommend that you read up some of our colleagues blog posts about AMTSO progress, such as the ones from Sophos, Norman, McAfee, Trend, Avira, PC Tools, Kaspersky, ESET, and last but not least VirusBuster who hosted the event (sorry if I left someone out).

Panda 2010 Beta Now Open

Pedro Bustamante — Mon, 18 May 2009 22:42:00 GMT

Today we've officially launched the beta program for our Panda 2010 products.

As functionality-wise Panda Global Protection 2010 is the most complete product of the bunch we're releasing it as the main beta product. It includes a complete Anti-Malware Engine, Identity Theft Protection, Safe Internet Browsing filters and PC Backup & Optimization tools. More information can be found in the full functionality list.

One of the most interesting improvements this year is a 40% improvement in memory consumption, which results in a lower performance impact and better overall user experience.

You can find all the details, download link, installation details, list of known bugs and a list of recommended test at http://www.pandasecurity.com/beta.

Before you ask, Windows 7 support is not yet included in this 2010 beta. It'll be announced later on. In the meantime you can check the Panda Antivirus Pro Beta for Windows 7.