New M86 Security Labs Report Finds 60% of Malicious URLs Pass Unnoticed Through Anti-Virus Scanners and URL Filtering: M86 Security

New M86 Security Labs Report Finds 60% of Malicious URLs Pass Unnoticed Through Anti-Virus Scanners and URL Filtering: M86 Security

I'm really not surprised by these findings. The number one and biggest problem with any security software like you're typical Internet Security Suite is it's a 'Reactive' technology. This means its always behind the curve never in front of it. This means the best you can hope for in terms of detection rates is 98-99% but never with 100% certainty.

Whenever I talk with users and explain this fact they are always shocked. Why is this so surprising to people? Vulnerabilities exist because code is written by humans; therefore you will always have mistakes in code creating the smallest openings for exploitation. Security software is written by humans therefore it will never be perfect and because its a reactive technology it will never catch the latest and greatest zero day exploit.

However security software vendors can help by implementing one small change. Stop marketing their tools as the best and only tool for a safe and secure Internet experience because such marketing hype creates a false sense of security leading everyday users to believe they can do no wrong. Such false sense of security makes people complacent and not think about security. I wish government would wake up and force vendors to disclose such details. We have labeling laws for everything else why don't we have it for software or security appliances. Users should know what they're getting up front before they're taken in by all the hype and spin.

In fact I don't believe things will change anytime soon but only get worse. That is until users wake up from la-la land and become aware their actions have consequences. Ultimately the security fight will not get any better until users take responsibility for their actions and actually think about email, attachments, web sites and general computer best practices.

Until that day security software will fall farther behind and a new sucker will be born every nanosecond. We've all been taught lessons by our parents 'don't talk to strangers' type stuff. Why is it so hard for people to learn similar lessons when it comes to computers and Internet safety?

CA Internet Security Suite Win32/ASuspect False Positive

Win32/ASuspect is the latest message users of CA Internet Security Suite are seeing beginning last night February 22nd 2010.

CA is reporting wuweb.dll as a Win32/ASuspect Trojan and automatically placing it in quarantine. This file is part of Windows Update process which is now failing to execute.

I support several customers using CA Internet Security Suite and all have reported seeing this error message. I've done some checking on the web and CA Support forums have lit up like a christmas tree. However because I'm a cautious man I submitted a copy of quarantined wuweb.dll to virustotal.com and as expected results came back clean.

Looks like we have another case of CA False Positive. I'm sure CA will fix this quickly by pushing out new signatures however what worries me is the frequency because CA had a case of false positive last year in 2009 and secondly I'm not seeing much about this on their website. As a good corporate citizen I think CA should be informing their customers about such problems quickly. Consultants such as myself get these frantic phone calls from clients; then we spend our valuable time investigating such matters only to find its a false positive. It would save me much headache if CA could post a message to their Forum or website.

Come on CA I expect better from you.