The Download Blog

PC Tools' Internet Security suite for 2010 gets some things right, and frustratingly drops the ball on others. It's hard not to like the feature set, which is robust, and the recent efficacy badge from Virus Bulletin. However, some of the problems in the suite are glaring and will potentially scare aware users who might otherwise find it a good security tool.

PC Tools Internet Security 2010 in pictures

The default landing page should appeal to those who like quick glances to ensure everything is running smoothly. Green checkmarks or red Xes make it easy to see if you're at risk. Drilling deeper down to the settings pages could be better, though. Too often, the plain text felt squished by the chunks of white space on the right, and made it unnecessarily hard to parse logs and fine-tuning controls like the firewall or advanced scan settings.

The performance benchmarks weren't horrible, but they didn't impress, either. Falling somewhere in the middle of its competitors, and notably slow especially on computer start-up times, the suite could be much more nimble. Also annoying is that when held up against most of its competitors, the trial version is noticeably hamstrung. You only get 15 days to make a decision with the suite, and it won't remove any threats it detects.

What PC Tools fans will like is that although two earlier tests by Virus Bulletin this year gave PC Tools Internet Security 2009 failing marks, the first test of the new version passed the test on Windows 7. So for those with new computers, PC Tools' slightly lower price point of $50 for three licenses for its premium product may stand out as a good deal. Read the full review at CNET Reviews.

You wouldn't necessarily expect it, but Avast and Google Chrome might be the next peanut butter-and-jelly combo in the software world. Google's nascent browser has paired with one of the most popular free security programs in the world so that when users run the Avast installer on a computer that has neither Chrome nor Avast, they'll be offered a chance to install Chrome simultaneously. This is the first such bundling for Avast in its 21-year existence.

The Chrome installation window in the Avast installer is cleverly polite.

(Credit: Screenshot by Seth Rosenblatt/CNET)

The Chrome option in the Avast installer does two things differently from the more familiar opt-out user experience that many programs provide in an installer in exchange for financial sponsorship. For one thing, the Chrome window only turns up if you don't already have it installed, but more importantly, it forces users to actively choose installation. Neither the "yes, install" nor the "no, don't install" radio buttons are checked by default. Of course, users are forced to check off "no" if they don't want it, but this should dramatically cut down on the incidence of accidental installations that tend to plague otherwise-similar piggybacking installs.

The Avast/Chrome combo may strike some as an odd couple, or at least more beneficial for Avast than for Chrome, but keep in mind that Avast has more than double the users that Chrome does. Google's Vice President of Product Management Sundar Pichai said Chrome had more than 40 million users at the Chrome OS press conference at the end of October, and the end of November saw NetApplications peg Chrome at 3.93 percent of the browser market, a 0.35 percentage point increase. Meanwhile, on Avast's Web site, the Czech Republic-based security vendor is preparing to fly its 100 millionth user to Prague on an expenses-paid trip.

A Google spokesman indicated that other deals might be in the works. "Users' response to Google Chrome has been outstanding, and we're continuing to explore ways to make Chrome accessible to even more people. This could potentially include distribution via a number of channels, such as the distribution we are currently doing with Avast."

CNET News staff writer Stephen Shankland contributed to this report.

An Avast virus definition file update late Wednesday accidentally marked hundreds of legitimate files as threats. The Czech Republic-based publisher Alwil responded quickly, issuing a fix less than six hours later, but some users are still dealing with the aftermath.

Restoring files improperly flagged as threats worked fine on my work computer, but not at home.

(Credit: Screenshot by Seth Rosenblatt/CNET)

Going through Avast's forums, the Avast-written guide for rescuing files falsely marked as threats should be quite simple. Force an Avast update, then from the main interface go to Menu, then Virus Chest. Right-click on the file in the chest you want to resuscitate, choose Scan to double-check that it's not a threat, then right-click on it again and choose Restore. Avast cautions that if that fails, you can choose Extract to put the file back where it came from.

For some instances of the Avast 5 beta and Avast 4.8, this doesn't work. The best solution I've found is the most annoying: run the installation file again. This certainly takes longer, but right now I've been unable to find any other solution that can be applied across the board. The one saving grace about reinstalling is that, at least for the files on my home computer that were affected, I didn't need to reconfigure any of the settings. The KMPlayer, IOBit Smart Defrag, and Find and Run Robot all retained their previous DLLs and other settings.

Keep in mind that this isn't the first over-eager definition file update. Two of the more recent ones include an incident from July that saw an update from Computer Associates flag a Windows XP system file as a virus, and last year AVG falsely identified a file from security provider ZoneAlarm as a virus.

If you're continuing to have problems from the Avast update, let us know in the comments below.

Microsoft said on Thursday that it will offer six updates for 12 vulnerabilities next week including a critical hole in Internet Explorer that affects Windows 7 and other current versions of the operating system for which exploit code has been released.

Late last month, Microsoft said it was investigating an IE vulnerability after someone released proof-of-concept code affecting IE 6 and IE 7 that could be used to take control of computers.

Microsoft described the problem in an advisory issued November 23: "The vulnerability exists as an invalid pointer reference of Internet Explorer. It is possible under certain conditions for a CSS/Style object to be accessed after the object is deleted. In a specially-crafted attack, Internet Explorer attempting to access a freed object can lead to running attacker-supplied code."

Of the six updates Microsoft will release on Patch Tuesday, three of them are critical, according to a Microsoft security bulletin advance notification.

Software affected includes Windows 2000, Windows XP, Vista, Windows 7, Server 2003, Server 2008, Office XP, and Office 2003.

(Credit: Avast)

Czech Republic-based Avast issued an update late on Wednesday to its antivirus software that mistakenly flagged hundreds of innocent files as a Trojan. It fixed the situation five and a half hours later.

Falsely labeled as malware were programs from Adobe, Realtek, sound card drivers, and various media players, among others, according to a blog post on the Avast Support Center.

The errant update had been issued around 12:15 a.m. GMT. A new update was issued at 5:50 a.m. GMT that corrected the problem. Customers who did not use their computers between that time will most likely not be impacted, the company said.

The software was identifying the good files as the Win32:Delf-MZG Trojan, according to Avast.

Avast, based in Prague, did not respond to an e-mail late on Wednesday seeking comment.

False positives happen in the industry. In July, Computer Associates' antivirus software was falsely tagging a Windows XP system file as a virus, and last year AVG falsely identified a file from security provider ZoneAlarm as a virus.

Black Friday is almost upon us, and the steep hardware discounts mean new computers for many. To help you during these tough economic times, we've refreshed the Download.com Security Starter Kit for 2010. Although nothing can replace common-sense browsing, this collection of freeware security tools will help you protect new machines and old from pernicious threats, large and small. Longtime readers will notice that in addition to changing up our recommended antivirus program, we've fleshed out the Web browsing safety category, and made other changes as well. If you're looking for more than freeware security programs, check out the CNET Download.com Windows Starter Kit for 2010.

In this year's version, you can expect to see Avast chosen ahead of AntiVir as our most favored antivirus app. Despite its odd interface, Avast scored higher than any other freeware antivirus in a third-party test, and it doesn't skimp on protection, either, with e-mail, network, rootkit, and behavioral guards along with its top-rated virus protections.

We're still recommending Malwarebytes Anti-Malware for spyware removal, but we've also added PC Tools' standalone ThreatFire as an excellent way to strengthen behavioral detections and prevent spyware from infecting you in the first place. Recent improvements to the program have made it incredibly light on resources, and in our days of empirical testing we didn't notice it slowing down our computers at all.

New this year is the expanded in-browser security category. We've recommended five browsing tools that are available as add-ons, and we took care to make sure that they applied to as many of the major browsers as possible. However, Firefox's deep add-on toolbox makes it naturally the browser with the most diverse collection of security tools, so expect to see it heavily, although not exclusively, represented.

PC Tools' ThreatFire.

(Credit: Screenshot by Seth Rosenblatt/CNET)

Firewalls used to be the forefront of security, but now they're just another tool you should have. Microsoft has made the native Windows 7 firewall impressively useful, but we realize that not everybody has Windows 7, and even those who do might want an alternative. This year, Online Armor joins Comodo on the list.

In Encryption, TrueCrypt remains the gold standard. The Thunderbird extension Enigmail joins it as a must-have tool for keeping your private e-mails as you intended them--away from prying eyes. In Parental Control, we've added OnlineFamily.Norton. It's not strictly desktop based, although to use it you must use its desktop hook, called Norton Safety Minder. Symantec has created what looks to be a unique and free approach that includes an emphasis on parental education and attempts to foster parent-child communication about how to use the Internet safely. We're of the opinion that anything that helps parents realize that browsing the Internet is far more than a TV with options is a good thing.

If you disagree with our security and safety choices for the Security Starter Kit, please let us know in the comments below.

With most computers threatened by attacks coming through Web applications, it's no surprise that security would be a key piece of Chrome OS, Google's browser-based operating system that stores data in the cloud.

In this video, Google security engineer Will Drewry explains how Chrome OS separates user data from root or system data, which makes the system more secure and easier to re-install the operating system.

(Credit: Google)

Google showed off its new lightweight operating system designed for Netbooks and cloud computing on Thursday. As anticipated, it will rely on many of the same security features and concepts used by the Chrome browser.

"The browser is the operating system. We've expanded the browser to add operating system functionality," Caesar Sengupta, a group product manager at Google, said in an interview.

Chrome OS uses a combination of operating system-level protections and exploit mitigation techniques to limit the attack surface, or amount of code that can be targeted in an attack, and to reduce the likelihood of an attack being successful. "The biggest security impact is that all applications run within the browser," Sengupta said.

Chrome relies heavily on sandboxing, keeping different processes and applications in separate partitions. This limits the interaction between applications and the OS kernel.

For example, with conventional operating systems, if an application crashes, it can crash or otherwise affect other programs that are running, Sengupta said. "But if everything is sandboxed, that becomes more difficult to do," he added.

Many systems are compromised by deceptive attacks, such as when a user opens an innocent-looking PowerPoint file which unleashes a virus or other malware that can get access to everything on the computer.

With Chrome, "applications can't just download any binary and run it," Sengupta said.

Chrome has a verified boot process that uses cryptography to ensure that the Linux kernel, the nonvolatile system memory, and the partition table are not tampered with when the system starts up, according to a security overview of Chrome. (Google security engineer Will Drewry explains the security concepts of Chrome OS in a video on YouTube.)

"Right now, on your conventional operating system, any kind of process can run, which makes it difficult to predict what any process will do," Sengupta said. "On Chrome, because the whole operating system is essentially signed by Google, there is a lot we can do to make it secure."

If an application manages somehow to break out of the browser sandbox, to get through the kernel hardening and processing infrastructure, and manages to change something on the operating system, the changes will be detected the next time the user boots up the machine. "As soon as it detects something is different and not signed by Google, it will warn the user and try to clean itself again," Sengupta said.

Cleaning up is easier than with a standard operating system, too, because the system data is separated from the user data, which includes user preferences, system settings, and a local cache of data stored on the Google servers in the cloud, he said.

All user data stored by the operating system, browser, and any plug-ins are encrypted and users cannot access each others' data on a shared device, according to the Chrome OS security page.

Meanwhile, Chrome will automatically update to get the most recent software and patches for the operating system, just like the Chrome browser updates in the background while users are online, Sengupta said. Users will not run the risk of having their system get infected or compromised before they can install updates, as happens with Windows and other software.

In addition, the antiphishing technology found in the Chrome browser will protect Chrome OS users from inadvertently visiting malicious Web sites, he said.

Google is publishing detailed design documents on Chrome OS, which will allow security experts to scour the code for weaknesses over the next year before the operating system is released to the public, according to Sengupta.

There are some security and networking technologies that are supported in other operating systems that Google is passing on, at least for now.

Google will keep an eye on biometric authentication technologies, but believes that the cost/reliability trade-off is not where it needs to be just yet, according to the security overview for Chrome OS. Smart cards and USB crypto tokens are "interesting technology, but we don't want our users to have to keep track of a physically distinct item just to use their devices," the overview concludes.

Google is likewise not interested in Bluetooth, a wireless protocol widely used in laptops and handheld devices, for authentication. "Bluetooth adds a whole new software stack to our login/screenlocker code that could potentially be buggy, and the security of the pairing protocol has been criticized in the past," the security overview says.

Updated November 24to clarify that Bluetooth is not being considered for authentication.

Amid promises to "reinvent the Web," the browser Opera debuted a new beta feature earlier this year called Unite that has been deemed stable enough to offer to all users. Opera's own hype aside, the Unite service provides people with the capability to serve files, host and stream music, and send messages to each other from inside the browser itself--a feature that is unique among the big five browsers. Opera 10.10 is available for Windows, Mac, and Linux.

Much like Opera's built-in e-mail client, Unite is basically a cloud-based, customizable server that includes multiple services, but its open API allows you to write and share your own services. The initial offering includes the default Unite Home, which is the Opera Unite Web page that is given to each user, a media player for creating your own publicly available music stream, the "fridge" for a Facebook-style message wall, an instant messenger with a public/private toggle, a photo sharing app, and file serving and Web hosting capabilities.

Besides including Unite, Opera 10.10 also includes an array of bug fixes, mostly aimed at smoothing out the Unite experience, tweaking mail, news, and chat features, and fixing three security problems. Two are relatively minor, one concerning an error message leak and the other a buffer overflow. The third error Opera is refusing to disclose at this time, but stated that it was discovered by the Google Security Team's Chris Evans. The full changelog for Opera 10.10 is available.

As I've tested Unite over the past few months, it's generally been a stable experience, with a few hiccups to be expected by the beta. However, it hasn't exactly set the browsing world on fire, either, and its target audience is still hard to define. Do you have an opinion on Unite? Let me know in the comments.

Another iPhone worm has been spotted in the wild.

Unlike the previous exploitation, which merely changed a jailbroken iPhone's wallpaper to a picture of Rick Astley of "Rickrolling" fame, this new threat allows hackers to steal sensitive information.

According to security firm Sophos, which wrote about the exploitation after a Dutch ISP spotted it late last week, the worm attacks jailbroken iPhone and iPod Touch devices only.

The worm "uses command-and-control, like a traditional PC botnet," Sophos wrote in a blog post on Saturday to warn users about the exploit. "It configures two startup scripts, one to execute the worm on boot-up, and the other to create a connection to a Lithuanian server to upload stolen data and cede control to the bot master."

Jailbreaking, which has been around for about two years, is a hack that enables iPhone and iPod Touch users to download applications unavailable through Apple's App Store.

Sophos wrote that the worm attacks users on several ISPs, including UPC in the Netherlands, Optus in Australia, and T-Mobile in several countries worldwide. Worse, the worm spreads faster on a Wi-Fi connection than a 3G connection. Users with affected devices might notice extremely short battery life while on Wi-Fi. According to Sophos, that's mainly due to the worm engaging in "so much network activity."

When a device is infected, it's assigned a unique number so that the attackers can easily pinpoint a single device. It also looks for authentication systems that use SMS, better known as mTANs. mTANs are frequently used by banks that send an SMS message with a password to mobile phones, allowing people to log in to their online accounts, Sophos wrote.

In essence, this threat is serious.

Sophos recommends that people with infected iPhones and iPod Touch devices restore them back to Apple's most recent firmware update. For now, there is no other way to fix the problem.