Esegui 
Changelog Non disponibile (al momento):
- Risolti i Bug principali.
- Rimosso (temporaneamente) il supporto a Windows 8.
- Tastiera Virtuale migliorata.
- Safe Banking migliorato.
Maggiori Informazioni:
Windows 8: Kaspersky Lab is ready for new features and new threats
The arrival of Windows 8 Consumer Preview has given a wide audience its first glimpse of the future of personal and mobile computing from Microsoft, the world’s leading software vendor. Some of the changes in the user interface, designed with tablets and touch screens in mind, are nothing short of revolutionary. Microsoft has also presented a number of new security features designed to better protect end users. This white paper concentrates on the most significant security-related changes in the upcoming new version of Windows OS and the corresponding solutions from Kaspersky Lab.
Defending Metro-Style Applications
The rise of tablet devices has had the most noticeable impact on the development of the next Windows OS. Microsoft’s answer to this growing trend is two different interfaces – a more or less classic one for traditional Windows applications with good old mouse-and-keyboard interaction, and a new interface designed specifically for couch surfing with a lightweight tablet device or a traditional but touch-enabled laptop. This offers end users the opportunity to share the same experience on different devices – PC, laptop or tablet – that all run the same Windows OS. Metro-style apps have a number of unique security characteristics, compared to traditional software. Each application can be in one of four states – operating normally, having an invalid license, modified or tampered. The last two states may point to malware infection. But with these new apps there is no need to remediate the application. Windows 8 can automatically reinstall a clean copy from its own applications store, Windows Store. To make this work, effective antivirus solutions need to know the difference between normal and metro-style apps, and then alert the system of any infection to trigger reinstallation. This functionality is implemented in the upcoming version of Kaspersky Internet Security, which can effectively scan metro-style apps and toggle the “Tampered” flag for those found to be infected by malware.
Early-Launch Anti-Malware System
Early-Launch Anti-Malware (ELAM) is a new concept to protect the entire Windows environment from malicious activity. This is another brand new addition to the Windows operating system and it allows a certified anti-malware product to launch itself before other third-party software components. Together with Measured Boot, which gives the antivirus solution detailed information on all Windows components launched during the boot process, this new concept aims to make the whole Windows environment more secure. This system is especially important because it helps to detect and block complex malware, such as rootkits, quite efficiently.
Kaspersky Lab fully supports ELAM in its new Kaspersky Internet Security solution, with a number of important additions. Not only can Kaspersky Internet Security check system and software integrity during startup, it can also remediate any active infection. At the same time, internal testing by Kaspersky Lab shows that under normal operation the early-launch driver has minimal impact on performance and startup time, introducing a delay of just a few milliseconds.
Built-In Anti-Malware Solution and General Security
Apart from new protection technologies, Microsoft is enhancing the traditional protection components of Windows 8. According to the manufacturer, the upcoming operating system will include “mitigation enhancements that further reduce the likelihood of common attacks”. In other words, Microsoft’s changes to various core system components render a large number of currently available exploits obsolete and make it harder for cybercriminals to develop new ones. These changes affect the Windows kernel with an improved PatchGuard functionality, updated Address Space Layout Randomization Technology and Internet Explorer browser.
To keep malicious code away from the user’s system, Microsoft is also enhancing its Windows Defender component, which is expected to be more efficient at detecting and blocking malware. At the same time, Microsoft believes that “all Windows 8 users should be protected by traditional anti-malware software”. Deep analysis of core enhancements of Windows 8 by Kaspersky Lab’s experts indicates that, while some changes make this operating system more secure, they still cannot be treated as a “final solution”. A good example of that is the updated PatchGuard – a feature that prevents tampering with the system kernel. Despite the improvements, it can still be circumvented – while for legal vendors, like security software companies, certain protection methods will become unusable.
The Kaspersky Lab view
Overall, the enhancements presented in Windows 8 make this system more secure against existing threats, and make it easier for security vendors to track down and block new malicious code.
New metro-style apps can be automatically reinstalled from the app store if they are infected, but a third-party solution is still needed to check software for malicious infections. Kaspersky Lab’s product supports this functionality in full.
The new ELAM system, along with support for the Trusted Platform Module, provides better protection from complex malware by granting security software vendors early access to the system during startup and allowing them to check core system components.
Further enhancements in the system reduce the possibility of infection by existing malware.
New malicious code is blocked to some extent by the enhanced Windows Defender, but it still provides only basic protection.
In addition, Windows 8 has introduced strict requirements for software performance, including third-party security solutions. A number of new technologies developed by Kaspersky Lab address these requirements as well, increasing overall performance of the system and security software in particular.
The arrival of Windows 8 Consumer Preview has given a wide audience its first glimpse of the future of personal and mobile computing from Microsoft, the world’s leading software vendor. Some of the changes in the user interface, designed with tablets and touch screens in mind, are nothing short of revolutionary. Microsoft has also presented a number of new security features designed to better protect end users. This white paper concentrates on the most significant security-related changes in the upcoming new version of Windows OS and the corresponding solutions from Kaspersky Lab.
Defending Metro-Style Applications
The rise of tablet devices has had the most noticeable impact on the development of the next Windows OS. Microsoft’s answer to this growing trend is two different interfaces – a more or less classic one for traditional Windows applications with good old mouse-and-keyboard interaction, and a new interface designed specifically for couch surfing with a lightweight tablet device or a traditional but touch-enabled laptop. This offers end users the opportunity to share the same experience on different devices – PC, laptop or tablet – that all run the same Windows OS. Metro-style apps have a number of unique security characteristics, compared to traditional software. Each application can be in one of four states – operating normally, having an invalid license, modified or tampered. The last two states may point to malware infection. But with these new apps there is no need to remediate the application. Windows 8 can automatically reinstall a clean copy from its own applications store, Windows Store. To make this work, effective antivirus solutions need to know the difference between normal and metro-style apps, and then alert the system of any infection to trigger reinstallation. This functionality is implemented in the upcoming version of Kaspersky Internet Security, which can effectively scan metro-style apps and toggle the “Tampered” flag for those found to be infected by malware.
Early-Launch Anti-Malware System
Early-Launch Anti-Malware (ELAM) is a new concept to protect the entire Windows environment from malicious activity. This is another brand new addition to the Windows operating system and it allows a certified anti-malware product to launch itself before other third-party software components. Together with Measured Boot, which gives the antivirus solution detailed information on all Windows components launched during the boot process, this new concept aims to make the whole Windows environment more secure. This system is especially important because it helps to detect and block complex malware, such as rootkits, quite efficiently.
Kaspersky Lab fully supports ELAM in its new Kaspersky Internet Security solution, with a number of important additions. Not only can Kaspersky Internet Security check system and software integrity during startup, it can also remediate any active infection. At the same time, internal testing by Kaspersky Lab shows that under normal operation the early-launch driver has minimal impact on performance and startup time, introducing a delay of just a few milliseconds.
Built-In Anti-Malware Solution and General Security
Apart from new protection technologies, Microsoft is enhancing the traditional protection components of Windows 8. According to the manufacturer, the upcoming operating system will include “mitigation enhancements that further reduce the likelihood of common attacks”. In other words, Microsoft’s changes to various core system components render a large number of currently available exploits obsolete and make it harder for cybercriminals to develop new ones. These changes affect the Windows kernel with an improved PatchGuard functionality, updated Address Space Layout Randomization Technology and Internet Explorer browser.
To keep malicious code away from the user’s system, Microsoft is also enhancing its Windows Defender component, which is expected to be more efficient at detecting and blocking malware. At the same time, Microsoft believes that “all Windows 8 users should be protected by traditional anti-malware software”. Deep analysis of core enhancements of Windows 8 by Kaspersky Lab’s experts indicates that, while some changes make this operating system more secure, they still cannot be treated as a “final solution”. A good example of that is the updated PatchGuard – a feature that prevents tampering with the system kernel. Despite the improvements, it can still be circumvented – while for legal vendors, like security software companies, certain protection methods will become unusable.
The Kaspersky Lab view
Overall, the enhancements presented in Windows 8 make this system more secure against existing threats, and make it easier for security vendors to track down and block new malicious code.
New metro-style apps can be automatically reinstalled from the app store if they are infected, but a third-party solution is still needed to check software for malicious infections. Kaspersky Lab’s product supports this functionality in full.
The new ELAM system, along with support for the Trusted Platform Module, provides better protection from complex malware by granting security software vendors early access to the system during startup and allowing them to check core system components.
Further enhancements in the system reduce the possibility of infection by existing malware.
New malicious code is blocked to some extent by the enhanced Windows Defender, but it still provides only basic protection.
In addition, Windows 8 has introduced strict requirements for software performance, including third-party security solutions. A number of new technologies developed by Kaspersky Lab address these requirements as well, increasing overall performance of the system and security software in particular.
SAN FRANCISCO--Ever click a link to a Web site and discover that while it looks like your banking site, or Facebook, the URL didn't match your expectations? That's called phishing. Kaspersky revealed a new feature at a reviewer's conference here yesterday that the company says can stop such credential-stealing attacks before you get hooked.
Automatic Exploit Prevention, as the feature is called, is expected in the Kaspersky 2013 security suites due in August. The premise behind it is simple: Phishing attacks are on the rise, due in large part to the plummeting cost of entry to the malware market, so stopping those attacks from reaching you has become the focus of the upcoming software update.
The BlackHole exploit kit, a server-side polymorphic attack, is the source of 95 percent of the phishing attacks in the world, said Oleg Ishanov, antimalware research director for Kaspersky.
"Exploit packs cost a couple hundred to a couple thousand dollars," said Roel Schouwenberg, a senior antivirus researcher at Kaspersky and founding member of the Anti-Malware Testing Standards Organization. The Eleonore exploit pack, for example, will run you around $2,200, he said, and includes 14 kinds of exploits. Another exploit pack, the Java-specific Sparky, is a cloud-based service and will set you back only $25, he said.
The profits far outstrip the amount of money the bad guys have to spend to get into the malware game, Schouwenberg said. "Online banking Trojans are huge profits for bad guys," noting that news reports of recent successful banking breaches can score anywhere from $3 million to more than $220 million.
"The security in U.S. online banks is much lower than in the European banks. I wonder why they even bother attacking the European banks, it's so easy relatively over here. It's like the late '80s, early '90s," in terms of online banking security, he concluded.
A big part of the Automatic Exploit Prevention (AEP) tool is an updatable anti-phishing engine, not unlike the antivirus and behavioral engines that currently power the better security suites.
Ishanov outlined the existing approach that Kaspersky takes: the suite offers its antivirus, URL filtering, a file scanner, and a system process guard. AEP will add a layer of "forced Address Space Layout Randomization" to its protection. Already available in Apple's operating systems and in limited form in Windows, Kaspersky's forced ASLR extends broader protections to your computer's processes by moving them around in the memory. Microsoft has said that Windows 8 will come with a much more advanced version of forced ASLR, but that's little comfort to people still using Windows 7 and earlier.
"The new tech in Automatic Exploit Prevention blocks 100 percent of BlackHole" exploits, Ishanov said.
There are other changes planned for Kaspersky's 2013 suites, including improved "safe banking" features that fold previous Safe Run features into a new, online banking-specific toolset called Safe Money. These include a new method for validating trusted certificates, which is a response to certificate-faking scandals; an improved virtual keyboard for circumventing keyloggers that now has a secure browser connection; and hooks to AEP's anti-phishing engine.
Windows 8 is expected to be released a few months after Kaspersky 2013, and the suites will work on Microsoft's new operating system. Kaspersky representatives were light on specifics, although they did say that it will offer protection for apps in Metro; that the suites will meet Redmond's tougher standards for boot-time impact; and that they will work with secure boot and early-launch antimalware technology.
Ishanov also said that Kaspersky will not work on Windows RT, Microsoft's more restricted version of Windows 8 for ARM-powered tablets -- at least, not yet.
Automatic Exploit Prevention, as the feature is called, is expected in the Kaspersky 2013 security suites due in August. The premise behind it is simple: Phishing attacks are on the rise, due in large part to the plummeting cost of entry to the malware market, so stopping those attacks from reaching you has become the focus of the upcoming software update.
The BlackHole exploit kit, a server-side polymorphic attack, is the source of 95 percent of the phishing attacks in the world, said Oleg Ishanov, antimalware research director for Kaspersky.
"Exploit packs cost a couple hundred to a couple thousand dollars," said Roel Schouwenberg, a senior antivirus researcher at Kaspersky and founding member of the Anti-Malware Testing Standards Organization. The Eleonore exploit pack, for example, will run you around $2,200, he said, and includes 14 kinds of exploits. Another exploit pack, the Java-specific Sparky, is a cloud-based service and will set you back only $25, he said.
The profits far outstrip the amount of money the bad guys have to spend to get into the malware game, Schouwenberg said. "Online banking Trojans are huge profits for bad guys," noting that news reports of recent successful banking breaches can score anywhere from $3 million to more than $220 million.
"The security in U.S. online banks is much lower than in the European banks. I wonder why they even bother attacking the European banks, it's so easy relatively over here. It's like the late '80s, early '90s," in terms of online banking security, he concluded.
A big part of the Automatic Exploit Prevention (AEP) tool is an updatable anti-phishing engine, not unlike the antivirus and behavioral engines that currently power the better security suites.
Ishanov outlined the existing approach that Kaspersky takes: the suite offers its antivirus, URL filtering, a file scanner, and a system process guard. AEP will add a layer of "forced Address Space Layout Randomization" to its protection. Already available in Apple's operating systems and in limited form in Windows, Kaspersky's forced ASLR extends broader protections to your computer's processes by moving them around in the memory. Microsoft has said that Windows 8 will come with a much more advanced version of forced ASLR, but that's little comfort to people still using Windows 7 and earlier.
"The new tech in Automatic Exploit Prevention blocks 100 percent of BlackHole" exploits, Ishanov said.
There are other changes planned for Kaspersky's 2013 suites, including improved "safe banking" features that fold previous Safe Run features into a new, online banking-specific toolset called Safe Money. These include a new method for validating trusted certificates, which is a response to certificate-faking scandals; an improved virtual keyboard for circumventing keyloggers that now has a secure browser connection; and hooks to AEP's anti-phishing engine.
Windows 8 is expected to be released a few months after Kaspersky 2013, and the suites will work on Microsoft's new operating system. Kaspersky representatives were light on specifics, although they did say that it will offer protection for apps in Metro; that the suites will meet Redmond's tougher standards for boot-time impact; and that they will work with secure boot and early-launch antimalware technology.
Ishanov also said that Kaspersky will not work on Windows RT, Microsoft's more restricted version of Windows 8 for ARM-powered tablets -- at least, not yet.
Download Link:
Kaspersky Antivirus
Kaspersky Internet Security
![[MLI]](http://www.megalab.it/forum/images/smilies/mli.gif "MegaLab.it")
Power User.
