Various information on antivirus related products

Untangle – a cool open source TMG for your lan

, , ,

In these days Internet security is more important than ever, would it not be neat if you could run all your Internet traffic through a big filter to filter out all those nasty viruses, malware and privacy concerns!?   Well, if you happen to have an old PC lying around or as I have a server running MS-Hyper-V then you actually can fairly simple (and free)..

Ok, you may have heard about such solutions as; Smoothwall, monowall and others like them?  These are basically routers/firewalls, and could with a PC (and two nics) replace your broadband router, they contain complex firewall capabilities and maybe even VPN connect possibility.  All very cool and quite easy to setup and use..

Untangle go a step further than this, to the basic router capability is added firewall, vpn, antivirus scanning, privacy filter, ad filter, spam filter, captive page and much much more.  The best part is that most of this is free, you can download a bunch of apps and install these (this is point and click, so no linux knowledge is required).

So how does it work, is it a proxy or is it a gateway or what?  Well once installed you set the LAN nic IP as the default gateway and viola all traffic is now filtered against malware, virus, spam, privacy concerns and what not..

I setup my Untangle box as a Hyper-V machine on my Windows 2008R2 server, gave it 640mb ram and two cpu’s and a 120gb hard drive (of which it is now using aprox 6-7gb).

Once installed you configure everything via the web-interface (not on the box itself if you use Hyper-V, but on you own pc);

So a few notes on installing the app as a hyper-v virtual server;

  • Obvious disadvantages, you will never be able to install the Hyper-V additions into the Linux box, thus no mouse ever which leaves the user interface on the installed box useless.
  • I had to run the installation 4-5 times before I succeded, dont know why it failed but it was as if the installer just stalled during the installation, thus I suggest you take a snapshot once you manage to install the basic system (now you can always revert to here).

Ok, let me just give you the quick tour of installing the thing, it is not a complete guide
(so no screenshots and some obvious steps may be omitted, but if you know a bit of Hyper-v’ing it should not be too hard);

1. Download the Untangled install cd from; http://www.untangle.com/Downloads/Download-ISO

2. Create a new Hyper-V machine (I suggest 640mb ram, 2 cpu’s), replace the NIC with two legacy NIC’s (required to work), an IDE drive – I used a dynamic drive of 120gb but I think performance may be better if you set a static drive of perhaps 20gb, mount the downloaded ISO as the CD rom. Tweaks; you can stick to one legacy NIC if you do not plan to use the box as a firewall (eg. if you have a HW firewall in your ISP router etc), some things will not work with only one nic but most will.

3. Start the system and select the Text based installer (as you have no mouse in hyper-v), I seemed to have better luck with the advanced installer..  You should set static IP’s so decide on two IP’s before getting started.

4. Once the installation is complete switch to your browser and connect to the IP you set as the LAN side during install

5. Take a snapshot of your of your Hyper-V machine.

6. Now download the “open source pack”, on the left of the interface.

7. Configure the different modules, I suggest you disable/turn off the firewall, anti spam, PG, intrusion prevention features (unless you plan on using the device as your main router) as this will speed up performance.

8. Now set the LAN NIC IP as your default gateway on your pc (or on your DHCP server)

You can even set up a captive page, this will require people to have a password in order to access the Internet quite cool – sadly it does not support limiting bandwidth, download ratios etc. but well it’s still cool.

Don’t worry if your first or second install fails, as mentioned I had to do multiple installs before it succeeded, but now it runs fairly smooth.  I have experienced that the web-interface was unavailable (network still worked, but I could not reach the interface), but after a reboot everything was back online.

Read more here; www.untangle.com  –  http://wiki.untangle.com/index.php/Untangle_Server_User’s_Guide

/3 Comments/by

Trinity rescue Kit – Malware cleanup disk

,

I just learned of a new antivirus/malware cleanup CD/iso, with support for NTFS and more.

Trinity Rescue Kit can be obtained from here;
http://trinityhome.org/Home/index.php?wpid=1&front_id=12 or http://trinityhome.org/

It sounds like a cool CD with numerous cleanup utilities, definitely worth a visit.  I for one is going to download a copy and check it out.

/by

Forefront Client Security – problems updating

,

ffcsI have just had a few servers that somehow has failed to update their Forefront Client Security client software 🙁  The problem seem to be that Forefront cannot seem to stop the FCSAM service while updating, the service is stuck on “Stopping” and neither taskkill og any other utility seem to be able to kill it.

The errors in the eventlog go something along these lines;

Microsoft Forefront Client Security Antimalware Service
Error 1921. Service  'Microsoft Forefront Client Security
Antimalware Service' (FCSAM) could not be  stopped.

I have tried uninstalling, rebooting and reinstalling but this did not help.

The workaround suggested is to set the service FCSAM to manual, reboot, upgrade and then setting the service back to automatically – however this only works for now and thus only postpones the problem.

I have found this article on a similar problem which I will try tomorrow, this includes some additional cleanup steps;
Eg. issuing the command; sc delete fcsam

I will also try to slipstream the installation of Forefront Client Security before I retry the re-installation, description on how to do here (mind you use the latest update and not the one the article refer to);

/by

AV slowdown comparison

,

AV comparison, www.av-comparatives.org has made a rather interesting comparison of how much different AV products slow down your machine, besides the technical comparison they also offer some general advices on how to optimize your experience with AV products in general..  Interesting reading, get their PDF here

A summery of their findings (higher is better);

  • AVIRA AntiVir Premium 9.0 – 199 point
  • Kingsoft Antivirus 9 Plus – 196 point
  • F-Secure Anti-Virus 2010 – 195 point
  • Kaspersky Anti-Virus 2010 – 193 point
  • Sophos Anti-Virus 9.0.1 – 193 point
  • Microsoft Security Essentials 1.0 – 190 point
  • avast! Free 5.0 – 188 point
  • Symantec Norton AntiVirus 2010 – 188 point
  • ESET NOD32 Antivirus 4.0 – 183 point
  • McAfee VirusScan Plus 2010 – 174 point
  • Norman Antivirus & AntiSpyware 7.30 – 169 point
  • AVG Anti-Virus 9.0 – 164 point
  • BitDefender Antivirus 2010 – 154 point
  • G DATA AntiVirus 2010 – 152 point
  • eScan AntiVirus 10.0 – 137 point
  • Trustport Antivirus 2010 – 125 point
    • /by

    Avast amok

    ,

    The popular Avast antivirus went amok yesterday after a bug in a definition file, it started detecting hundreds of files as infected with Win32:Delf-MZG.

    For cleanup instructions and explanation go here;
    http://forum.avast.com/index.php?topic=51647

    /by

    F-Secure antivirus boot cd 3.11

    , ,

    fsceureWhen trying to get rid of a virus it often a good idea to scan using a boot CD, some viruses / rootkits bury themselves so deep that even the best antivirus cant detect them.  Sadly very few CD’s are commercially available, and most often requires regular updates to always have the latest definitions.

    A friend of mine Mr. Grøn, Torben pointed out that he had just stumbled across;

    http://www.f-secure.com/linux-weblog/2009/09/22/rescue-cd-311/

    Now this is interesting, F-Secure is an old player on the AV marked and usually makes good stuff, and it would appear this is no exception.  It is a Linux boot CD that can scan NTFS partitions, and the clever part is that it actually downloads the latest definition files before it begin scanning – clever..  One minor “issue” though, it will rename file extensions to .virus if a file is infected, and this is also true for system files – thus you can ‘damage’ your windows installation and make it non bootable which can be a problem for novice users.

    Other than that it offer some extra recovery utilities for pictures etc.  Absolutely worth a look.

    Update;
    You may also want to give this a spin, I just learned about this;
    http://trinityhome.org/Home/index.php?wpid=1&front_id=12

    /by

    Panda Cloud Antivirus. Version 1.0 is finally here!

    ,

    From Panda’s Cloud Antivirus blog

    cloudav-10

    First of many thanks to the millions of beta testers and specifically to those who have given us feedback and helped improve the product. We think we have fixed all the issues you have reported.

    If you have any of the previous versions installed (Beta1, Beta2 or Beta3) do the following:
    1- Uninstall your current version.
    2- Reboot your computer.
    3- Download version 1.0 from http://www.cloudantivirus.com and install.
    4- If you already have an account from Beta3, you can use the same one. Otherwise the installer will prompt you to create a Cloud Antivirus account.

    As a reminder, don’t forget to use the Panda Cloud Antivirus Technical Support Forum for posting any issues you might experience.

    Thanks again for helping us create this great free antivirus !!!

    /by

    Microsoft Security Essentials – LMHost file

    Just a quick update on my previous posting regarding “Microsoft Security Essentials”. It has been brought to my attention, that there is a minor issue during the installation process. – During the “Microsoft Security Essentials” installation the LMHost file is replaced with a new one, now most users will never notice this – but if you made additions to your LMHost file (for security or anti commercial wise) you might find this annoying and might have spend some time debugging before you found this (your original lmhost.ini is renamed to lmhost.bak btw).

    Nothing major, just something to think about.

    /1 Comment/by

    Microsoft Security Essentials – Final version released

    ,

    Microsoft-Security-EssentialsThe long awaited “Microsoft Security Essentials” is released 🙂  and as the beta looked promising and the company I work for has been using “Forefront Client Security” (the corporate version) for a year now, I was looking forward to trying this out…

    I fired up my browser and went to “http://www.microsoft.com/security_essentials/“, however as I live in Denmark I was met by this message;

    Not available in your country or region
You appear to be in a country or region where
Microsoft Security Essentials is not available.
Thank you for your interest in Microsoft Security Essentials.

    Shown in 9 languages (of cause not in Danish), well bummer…   However as I have access to a US proxy I just changed the proxy settings and things brightened up 🙂  So I am now the happy ‘owner’ of “Microsoft Security Essentials”, the thing about this is it’s free 😀

    Should you want to check this product out, just direct your browser to; http://www.microsoft.com/security_essentials/

    And should you get the same annoying message stating that it is ‘Not available in your country’, then you might want to take a look at; www.torproject.org  TorProject is mostly an anonymity solution that allows you to browse without being tracked by IP etc, however they also offer the possibility to select which breakout/proxy you wish to use, and here you can select a US breakout and you can fool the MS server into letting you download all the same – you may also need to modify your IE settings to show a US regional code etc. but it should all be possible..

    Want more details and maybe a review?
    Visit here; http://www.winsupersite.com/win7/mse.asp

    Enjoy.

    Update!
    You may be able to download MSE from here even if you are not in the US 🙂

    /by

    FCS Tamper Protection ++

    If you are using Forefronturing  Client Security you know that it is not big in the corporate configuration department, much can however be done using GPO’s and general AD management..  Yes I also prefer having these options in a management console, but atlas it is still possible..

    Read this article to get the low down.
    Every Anti-Virus has a mechanism called tamper protection that helps administrator keep users from mishandling there antivirus settings and services. Forefront Client Security only offers basic control over what the user can or cannot do with the FCS Client Console on his client machine. What the FCS System doesn’t provide is a built-in mechanism to protect FCS services from being stopped or prevent FCS from being removed by the user.

    It’s true that some of these are possible to prevent by not giving administrative privileges on the client workstation, but some of us don’t have that luxury.

    Windows Group Policy has built-in settings that allow you both protect your services and disable removal by unauthorized users. This is how it’s done.

    Protecting Forefront Client Security Services

    http://blogs.microsoft.co.il/blogs/yanivf/archive/2009/01/09/temper-protection-in-forefront-client-security.aspx

    /by