Home Tags Baidu

Tag: Baidu

DAILY VIDEO: TRITON attack targeted critical infrastructure, a security firm says; AMD racks up cloud server wins with Baidu and Microsoft; Amazon will resume sales of Google Chromecast video streaming devices; and there's more.
It has been reported the three media giants are under investigation by the Cyberspace Administration of China following concerns over 'disruptive' content.
Go, Googlersquo;s open source, concurrency-friendly programming language, has soared to new heights with developers, cracking the top 10 in the Tiobe index of language popularity for the first time.With an all-time high rating of 2.363 percent, Go ranks as the 10th most popular programming language in this monthrsquo;s index, ahead of languages such as Perl, Swift, Ruby, and Visual Basic.

The Tiobe Programming Community index assesses language popularity using a formula based on frequency of searches for the languages in popular search engines such as Google, Bing, Baidu, and Wikipedia.[ Also on InfoWorld: Tap the power of Google's Go language. | The best Go language IDEs and editors. | Keep up with hot topics in programming with InfoWorld's App Dev Report newsletter. ]Tiobe called Gorsquo;s latest rise an important landmark and pondered what was next. “Is Go really able to join the big stars in the programming language world and leave languages such as JavaScript and Python behind? We will see.” The language was ranked in 55thnbsp;place in the index a year ago.

Gorsquo;s previous high score was a 2.325 percent rating in January, when it placed 13th.To read this article in full or to leave a comment, please click here
PaddlePaddle, Baidu's open source framework for deep learning, is now compatible with the Kubernetes cluster management system to allow large models to be trained anywhere Kubernetes can run.This doesn't simply expand the range of systems that can be used for PaddlePaddle training; it also provides end-to-end deep learning powered by both projects.[ Find out which machine learning and deep learning frameworks are for you with InfoWorld Test Center's comparison of TensorFlow, Spark MLlib, Scikit-learn, MXNet, Microsoft Cognitive Toolkit, and Caffe. | Get a digest of the day's top tech stories in the InfoWorld Daily newsletter. ]Training with the Big K Deep learning frameworks must be trained on a given data set to produce results.

The training process can be processor-intensive and time-consuming, so spreading it out across a cluster of machines speeds up the process.

Baidu created Paddle (short for "PArallel Distributed Deep LEarning) to run across a cluster of machines to train models for tasks like machine translation and search-result ranking.

The company then turned to Kubernetes to manage those clusters, with help from Kubernetes contributor CoreOS.To read this article in full or to leave a comment, please click here
1,280 Wi-Fi networks have fallen victim to the Switcher Hackers have brewed up a strain of Android malware that uses compromised smartphones as conduits to attack routers. The Switcher trojan does not attack Android device users directly. Instead, the malware uses compromised smartphones and tablets as tools to attack any wireless networks they connect to. Switcher brute-forces access to the network's router and then changes its DNS settings to redirect traffic from devices connected to the network to a rogue DNS server, security researchers at Kaspersky Lab report. This server fools the devices into communicating with websites controlled by the attackers, leaving users wide open to either phishing or further malware-based attacks. The attackers claim to have successfully infiltrated 1,280 wireless networks so far, mainly in China. The tactics in play are similar to those employed by a DNS Changer variant spotted by security researchers at Proofpoint last month. That nasty spread through JavaScript code in malicious ads, whereas Switcher uses a different mode of attack. The infection is spread by users downloading one of two versions of the Android Trojan from a website created by the attackers. The first version is disguised as an Android client of the Chinese search engine, Baidu, and the other is a counterfeit version of a popular Chinese app for sharing information about Wi-Fi networks. "The attackers have built a website to promote and distribute the Trojanised Wi-Fi app to users," according to Kaspersky Lab. "The web server that hosts this site doubles as the malware authors' command-and-control (C&C) server. Internal infection statistics spotted on an open part of this website reveal the attackers' claims to have compromised 1,280 websites – potentially exposing all the devices connected to them to further attack and infection." A write-up of the Switcher malware can be found on Kaspersky Lab's Securelist blog here. ® Sponsored: Customer Identity and Access Management
A new Android Trojan uses a victims’ devices to infect WiFi routers and funnel any users of the network to malicious sites.

The malware doesn’t target users directly – instead its goal is to facilitate further attacks by turning victims into accomplices. Researchers at Kaspersky Lab, who discovered the malware and dubbed it Switcher Trojan, claim they’ve seen two versions of the malware.

Attackers have used both iterations to commandeer 1,280 wireless networks, most of them in China, according to Nikita Buchka, a mobile security expert with the firm. One version of the malware mimics a mobile client for the Chinese search engine Baidu.

Another passes itself off as a version of an app used for locating and sharing WiFi login information. Once a victim has downloaded one of the versions, it gets to work attacking the router. The malware does so by carrying out a brute-force password guessing attack on the router’s admin web interface. Once in, Switcher swaps out the addresses of the router’s DNS servers for a rogue server controlled by the attackers along with a second DNS, in case the rogue one goes down. This makes it so queries from devices on the network are re-routed to the servers of the attacker, something that can open victims to redirection, phishing, malware and adware attacks. “The ability of the Switcher Trojan to hijack [DNS] gives the attackers almost complete control over network activity which uses the name-resolving system, such as internet traffic,” Kaspersky Lab said Wednesday, “The approach works because wireless routers generally reconfigure the DNS settings of all devices on the network to their own – thereby forcing everyone to use the same rogue DNS.” The creators of the Trojan were a little sloppy when it came to crafting parts of its command and control website however; they left a table complete with internal infection statistics publicly viewable.

According to Buchka, who has reviewed the site, the attackers boast to have infiltrated 1,280 WiFi networks over the last several weeks. In a Securelist post on the malware posted Wednesday Buchka cautioned users to review their routers’ DNS settings for the following rogue servers:,, and He also took the opportunity to encourage users – although for many it goes without saying – to verify that they’ve changed their routers’ default login and passwords. Several weeks ago a handful of router users in Germany fell victim when a variant of Mirai, the nasty malware that’s become synonymous with internet of things vulnerabilities, took hold of their devices. While those routers didn’t suffer from a hardcoded username/password vulnerability, they did have port 7547, usually used by internet service providers to remotely manage the device, open. The behavior of Switcher is somewhat similar to that of DNSChanger, malware that’s been repurposed as an exploit kit as of late. A recent campaign observed by Proofpoint was targeting wireless routers and changing DNS entries in order to steal traffic. In that instance routers made by D-Link, Netgear, Pirelli and Comtrend were vulnerable.

According to Buchka, the hardcoded names of input fields and the structures of the HTML documents that the Switcher Trojan tries to access suggests it may work only on web interfaces of TP-LINK Wi-Fi routers.
Recently, in our never-ending quest to protect the world from malware, we found a misbehaving Android trojan.

Although malware targeting the Android OS stopped being a novelty quite some time ago, this trojan is quite unique.
Instead of attacking a user, it attacks the Wi-Fi network the user is connected to, or, to be precise, the wireless router that serves the network.

The trojan, dubbed Trojan.AndroidOS.Switcher, performs a brute-force password guessing attack on the router’s admin web interface.
If the attack succeeds, the malware changes the addresses of the DNS servers in the router’s settings, thereby rerouting all DNS queries from devices in the attacked Wi-Fi network to the servers of the cybercriminals (such an attack is also known as DNS-hijacking).
So, let us explain in detail how Switcher performs its brute-force attacks, gets into the routers and undertakes its DNS-hijack. Clever little fakes To date, we have seen two versions of the trojan: acdb7bfebf04affd227c93c97df536cf; package name – com.baidu.com 64490fbecefa3fcdacd41995887fe510; package name – com.snda.wifi The first version (com.baidu.com), disguises itself as a mobile client for the Chinese search engine Baidu, simply opening a URL http://m.baidu.com inside the application.

The second version is a well-made fake version of a popular Chinese app (http://www.coolapk.com/apk/com.snda.wifilocating) for sharing information about Wi-Fi networks (including the security password) between users of the app.
Such information is used, for example, by business travelers to connect to a public Wi-Fi network for which they don’t know the password.
It is a good place to hide malware targeting routers, because users of such apps usually connect with many Wi-Fi networks, thus spreading the infection. The cybercriminals even created a website (though badly made) to advertise and distribute the aforementioned fake version of com.snda.wifilocating.

The web server that hosts the site is also used by the malware authors as the command-and-control (C&C) server. The infection process The trojan performs the following actions: Gets the BSSID of the network and informs the C&C that the trojan is being activated in a network with this BSSID Tries to get the name of the ISP (Internet Service Provider) and uses that to determine which rogue DNS server will be used for DNS-hijacking.

There are three possible DNS servers –, and; with being the default choice, while the others will be chosen only for specific ISPs Launches a brute-force attack with the following predefined dictionary of logins and passwords: admin:00000000 admin:admin admin:123456 admin:12345678 admin:123456789 admin:1234567890 admin:66668888 admin:1111111 admin:88888888 admin:666666 admin:87654321 admin:147258369 admin:987654321 admin:66666666 admin:112233 admin:888888 admin:000000 admin:5201314 admin:789456123 admin:123123 admin:789456123 admin:0123456789 admin:123456789a admin:11223344 admin:123123123 The trojan gets the default gateway address and then tries to access it in the embedded browser. With the help of JavaScript it tries to login using different combinations of logins and passwords. Judging by the hardcoded names of input fields and the structures of the HTML documents that the trojan tries to access, the JavaScript code used will work only on web interfaces of TP-LINK Wi-Fi routers If the attempt to get access to the admin interface is successful, the trojan navigates to the WAN settings and exchanges the primary DNS server for a rogue DNS controlled by the cybercriminals, and a secondary DNS with (the Google DNS, to ensure ongoing stability if the rogue DNS goes down).

The code that performs these actions is a complete mess, because it was designed to work on a wide range of routers and works in asynchronous mode. Nevertheless, I will show how it works, using a screenshot of the web interface and by placing the right parts of the code successively. If the manipulation with DNS addresses was successful, the trojan report its success to the C&C So, why it is bad? To appreciate the impact of such actions it is crucial to understand the basic principles of how DNS works.

The DNS is used for resolving a human-readable name of the network resource (e.g. website) into an IP address that is used for actual communications in the computer network.

For example, the name “google.com” will be resolved into IP address
In general, a normal DNS query is performed in the following way: When using DNS-hijacking, the cybercriminals change the victim’s (which in our case is the router) TCP/IP settings to force it to make DNS queries to a DNS server controlled by them – a rogue DNS server.
So, the scheme will change into this: As you can see, instead of communicating with the real google.com, the victim will be fooled into communicating with a completely different network resource.

This could be a fake google.com, saving all your search requests and sending them to the cybercriminals, or it could just be a random website with a bunch of pop-up ads or malware. Or anything else.

The attackers gain almost full control over the network traffic that uses the name-resolving system (which includes, for example, all web traffic). You may ask – why does it matter: routers don’t browse websites, so where’s the risk? Unfortunately, the most common configuration for Wi-Fi routers involves making the DNS settings of the devices connected to it the same as its own, thus forcing all devices in the network use the same rogue DNS.
So, after gaining access to a router’s DNS settings one can control almost all the traffic in the network served by this router. The cybercriminals were not cautious enough and left their internal infection statistics in the open part of the C&C website. According to them, they successfully infiltrated 1,280 Wi-Fi networks.
If this is true, traffic of all the users of these networks is susceptible to redirection. Conclusion The Trojan.AndroidOS.Switcher does not attack users directly.
Instead, it targets the entire network, exposing all its users to a wide range of attacks – from phishing to secondary infection.

The main danger of such tampering with routers’ setting is that the new settings will survive even a reboot of the router, and it is very difficult to find out that the DNS has been hijacked.

Even if the rogue DNS servers are disabled for some time, the secondary DNS which was set to will be used, so users and/or IT will not be alerted. We recommend that all users check their DNS settings and search for the following rogue DNS servers: If you have one of these servers in your DNS settings, contact your ISP support or alert the owner of the Wi-Fi network. Kaspersky Lab also strongly advises users to change the default login and password to the admin web interface of your router to prevent such attacks in the future.
Korean chap finds flaws in moments, scores $100k apiece for fun Power of Community If Jung Hoon Lee is not the world's best hacker, he can't be far from the top of the dais: the 22 year-old South Korean better known as Lokihardt has an uncanny knack for finding zero-day exploits in the world's most popular and most secure systems. Lee is a fixture at global hacking competitions like Pwn2Own and PwnFest where he and rival vulnerability testers find and exploit zero day flaws in systems ranging Google Chrome, to Apple Safari, to Windows 10. Each new hack Lee cooks up for the regular contests earns him more than US$100,000 from sponsoring technology companies and he often drops two to three zero days at each competition. He usually develops his exploits in the weeks before a contest and them demos them live. He needs to be good: winning means exploits need to work against the newest fully-patched browsers, operating systems, and phones, without any user interaction, and do their worst within less than a few minutes. Most take mere seconds. The demure hacker, who spoke to The Register at the Power of Community security conference in Seoul, does not want to showcase his contest winnings, but he is sure to have earned millions of dollars. "I don't have a job," Lee says laughing. "I worked for Samsung for a little while, but not anymore." Lee's success is one a cadre of young highly talented hackers around the world are discovering thanks to the boom in lucrative hacking contests and private bounty bounties. He earnt almost US$300,000 at the PwnFest hacking competition here in Seoul for two zero day vulnerabilities in Microsoft Edge and VMWare Workstation, the first time the latter application has ever been compromised. Lee's breach of the latest version of Redmond's Edge showcased just how good a hacker he is. After drawing the short straw and competing to hack the browser after Qihoo 360's Vulcan PC-hacking team, Lee had by coincidence used the same zero day exploit as his rivals. This disqualified the hacker from earning the US$140,000 prize, or it would have, had he not right then and there found and used a new zero day exploit. He discovered it by deleting a single line of code from a Microsoft patch. Jung Hoon Lee (left) hacking Windows Edge in Seoul. Image: Darren Pauli / The Register. Hackers laugh and shake their heads when this reporter talks of the stunt. He has earnt the respect of rivals of the likes of China's Qihoo 360, Tencent, and Baidu, and talented hackers like Pinkie Pie, GeoHolt, and MWR Labs from the UK, the US, and across Russia and Europe. Lee began looking for bugs as an 18 year-old in 2012, rising to breach the world's best platforms in the ensuing four years. But despite breaking systems built by billion-dollar companies, Lee praises their state of security. "A lot of these vendors try hard to improve their security," Lee says. "Microsoft is putting in a lot of effort to add new mitigations that make it harder to exploit even if you find bugs." He says Google is doing excellent work developing Chrome's sandbox which takes the wind out of many memory corruption and other vulnerabilities. Which platforms are failing? "Flash, of course," Lee says giggling. Yet for a man who appears to have the ability to hack anything, Lee is not a security spook. He uses a Mac and an iPhone, not out of opinion that those platforms are more secure, but because of design and form factor. "I don't have preference for how secure something is, or how easy it is to hack it, I just like OS X." "But", he says, "sometimes I worry I've been hacked." ® Sponsored: Customer Identity and Access Management

Quick Heal AntiVirus Pro 17

Quick, name three popular antivirus products.
If your list included Baidu, Qihoo 360, or Quick Heal, you're probably in China.

These vendors are huge in China but much less famous in the west. My last review showed that Quick Heal, at least, deserved its obscurity.
I'm happy to say that Quick Heal AntiVirus Pro 17 is much better than the version I reviewed nearly two years ago.

Even so, there are areas and features that could use even more enhancement. I've observed lately that the going rate for a one-device one-year antivirus license seems to be around $39.95. On that basis, Quick Heal's $30 subscription is a bargain.

For $60, you get a three-license subscription. Anybody can download a 30-day trial of the program.

The initial download is just a stub that downloads the latest version of the actual software, automatically choosing 32-bit or 64-bit as appropriate.

To upgrade to a paid version, you enter your license key on the About page. Quick Heal wants to know quite a bit about you.
In addition to an email address, it wants your full name, a phone number, and your country, state, and city. Picking your country and state from a drop down list is common, but I was surprised when choosing California caused the next entry to display a list of every city in California. Immediately after installation, you're prompted to connect with Quick Heal Remote Device Management. You create an online account, with your email address and a password, and enter the product key again.

Then you turn on the feature within Quick Heal, which gives you a one-time password that must be entered back in the online console.

This complicated handshake might be a bit daunting for the neophyte user.
In any case, the Remote Device Management account is only truly useful for mobile devices. The components of the program's main window haven't changed, but they're colored and arranged slightly differently. You still see a big banner reporting the system's security status above four panels representing Files & Folders, Emails, Internet & Network, and External Drives & Devices.

A News panel now appears at the bottom, with links to educational articles on security. Mixed Lab ResultsWhen I reviewed the previous version of Quick Heal, it appeared in almost none of the lab tests I follow.

Things have changed for the better since then. Quick Heal received certification for malware detection from ICSA Labs.

This sort of certification is different from scored lab tests.
If a vendor's product doesn't initially achieve certification, ICSA Labs helps the vendor remediate any problems and attain certification. Quick Heal is now also on the radar of the experts at AV-Test Institute, who evaluate antivirus products three different ways. Naturally they measure how effective the antivirus is at protecting against malware infestation.

They rate its effect on system performance.

And they calculate a usability score that's highest when the product exhibits the fewest false positives (valid programs or websites flagged as malicious).

A product can earn 6 points in each category; Quick Heal got 5.5 in each, for a total of 16.5 points.

That's decent, but in this same test Bitdefender Antivirus Plus 2017, Kaspersky, and Trend Micro Antivirus+ Security earned a perfect 18 points. Quick Heal also now participates in four of the five tests by AV-Comparatives that I follow.

A product that simply passes one of this lab's tests earns Standard certification.

Those that go above and beyond the minimum needed to pass get certified at the Advanced or Advanced+ level. Quick Heal earned Advanced+ in the performance test and the static file detection test.
In a test that measures how thoroughly products clean up malware that all of them detect, Quick Heal took an Advanced certification.

And in the important whole-product dynamic test it was certified at the Standard level. These aren't bad scores, but Avira Antivirus Pro 2016 took an Advanced+ rating in all four of the same tests.

Bitdefender and Kaspersky Anti-Virus did the same in all five of the tests that I follow. Overall, though, Quick Heal made a much better showing than when I reviewed it last. Scan ChoicesA full scan of my standard clean system took Quick Heal just 36 minutes.

That's pretty quick, given that the current average is 45 minutes.
It finished a second scan in just 7 minutes, demonstrating some form of optimization during the first scan.
Some products take that optimization even further.

For example, a repeat scan with F-Secure Anti-Virus 2016 finished in just two minutes. You can choose to just scan for malware in memory, or to scan a specific drive or folder, if you prefer.

For malware that manages to resist the normal scan, you can choose a Boot Time Scan instead, either a full scan or a quick scan of areas where malware commonly lurks. When you reboot the system, the text-only Boot Time Scan goes into action at the very beginning of the boot process, before rootkits and other persistent malware types have had a chance to load. It's always possible that malware could render your PC unusable, either accidentally, due to bad coding, or on purpose, locking you out until you pay a ransom. Quick Heal does offer screen locker protection in the form of a special keystroke that can break you free from certain screen locking ransomware types.

But sometimes you just can't run Windows, or can't run Quick Heal.

That's where the Emergency Disk comes in. As soon as you install Quick Heal, you should click the Tools menu and click Create Emergency Disk.

A wizard guides you to download the latest content for the disk, and then handles the task of creating a bootable USB or CD/DVD.
I had some trouble booting my test system from the Emergency Disk, which is not surprising given that I test on a virtual machine.
It did boot, but then rebooted over and over.
I did see enough to know that it boots in to a portable Windows environment, not a Linux variant. Also on the Tools page is a separate AntiMalware scanner that focuses on edge cases like spyware, adware, fake antivirus, and so on. When I ran this scan it finished in a trice, reporting no malware found. Some Slipups in Malware RemovalI continued my testing by opening the folder that contains my current set of malware samples. Quick Heal started picking them off right away, eliminating 58 percent of the samples on sight. Others have done much better at this stage of testing.

For example, Check Point ZoneAlarm PRO Antivirus + Firewall 2017 killed off 81 percent of the samples on sight, and Trend Micro whacked 94 percent of them. Next, I launched each sample that survived the initial purge.

Every single one of them launched and at least started to install.

That's quite different from my experience with McAfee AntiVirus Plus, which so thoroughly quashed execution for most of the samples that it freaked Windows out, causing a "file not found" error. Quick Heal did detect almost all of the samples during installation, for a total detection rate of 94 percent. However, it allowed half of those it detected to plant one or more malware executables on the test system.

Those executable files dragged its malware blocking score down to 8.5. For a different look at Quick Heal's ability to protect against malware attack, I started with a feed of malware-hosting URLs from MRG-Effitas, URLs no more than a day old.
I launched each and noted whether Quick Heal steered the browser away from the URL, eliminated the malware download, or sat idly doing nothing. Out of 100 verified malware-hosting URLs, Quick Heal blocked 92 percent, almost all of them by keeping the browser from ever reaching the URL.

That puts it among the top few contenders in this test.
Symantec Norton AntiVirus Basic blocked 98 percent of its challenge URLs, and Avira blocked 99 percent. So-So Phishing ProtectionThe same Web-level protection that fends off malicious URLs also serves to steer naïve users away from phishing sites, frauds that try to steal login credentials by imitating financial sites or other secure sites.
In fact, the warning page that appears in the browser is precisely the same for a malicious URL as for a fraudulent one. However, Quick Heal wasn't quite as effective against the frauds. Phishing websites are ephemeral, because they quickly get blacklisted and shut down.

That doesn't bother the fraudsters; they just open another fake site.

But it does mean that I need the very newest phishing URLs for testing.
I scrape phishing-oriented websites to capture URLs that have been reported as fraudulent but that haven't yet been analyzed. The phishing URLs are different each time, and different fraud styles come and go. Rather than report hard detection-rate numbers, I report the difference between product's protection rate and Norton's. Why Norton? For ages it has consistently done a really good job detecting the very latest phishing frauds.
It beats almost all the competition; Bitdefender, Kaspersky, and Webroot SecureAnywhere AntiVirus are the only recent products to outperform Norton. Quick Heal didn't join those products in the top tier.
In fact, it lagged 32 percentage points behind Norton, and 24 points behind the protection built into Chrome.
It eked out a 5 percentage point advantage over Internet Explorer and handily drubbed Firefox. On the plus side, the previous edition of Quick Heal didn't even offer phishing protection, so this is a big step up. Uneven FirewallThe first challenge for any third-party firewall is that it must protect the system at least as well as the built-in Windows Firewall. Quick Heal fell down at this step. While it stealthed almost all of my test system's ports, it left the all-important HTML port 80 wide open.
In addition, one of my Web-based tests revealed that it let the system respond to what's called a ping echo, a technique used by malefactors to troll the Internet for victims.

That's not a good start. Program control is the other main feature of most third-party firewalls.
In Quick Heal this feature is a bit simplistic.
Some settings are extreme.

At the Low level, the firewall just allows all traffic.

At the Block level, it blocks all traffic, including Quick Heal's own.

There's also a mode to only allow Internet access for known and trusted programs. When I turned on this mode, trying to go online using my hand-coded tiny browser didn't trigger any kind of warning.
It just displayed an error message. In between all these extremes are firewall levels Medium (the default) and High.

At the Medium level, the firewall displays a message when it detects suspicious incoming network traffic.

At the High level it warns of suspicious incoming or outgoing traffic.
I ran a handful of leak test utilities, but just one of them proved suspicious enough to trigger a warning. The Intrusion Prevention System is considered a separate feature from the firewall, though they have similar tasks.
I didn't see it spring into action when I hit the test system with 30 exploits generated by the CORE Impact penetration tool. However, the antivirus component eliminated the malware payload for almost half of the exploits, identifying most of them by name. While the firewall's protection may not be top-tier, it's tough, at least.
I couldn't find any way a malware coder could disable its protection.
Significant values in the registry are protected against tampering.
I couldn't find any way to kill its 12 distinct processes. Likewise, all of the nine essential Windows services associated with this program were hardened against anything I could do. Browser SandboxAccording to the help system, the Browser Sandbox "applies a strict security policy for all untrusted and unverified websites" and can "isolate any possible infection." I had trouble seeing just how this feature works during my last review, but I gamely dug in again, hoping to gain understanding. This feature is turned off by default, and turning it on requires a reboot.

By default, it displays a green border around any Chrome, Firefox, or Internet Explorer border that it's protecting. You can turn the border off, but seeing it is a good reminder.

Also by default, it opens downloaded documents in a sandboxed environment. You can up the protection level by banning the browser from any access to folders you define as confidential, and you can also prevent any browser-related process from making changes in protected folders.

For testing, I defined the Desktop folder as confidential and set it to protect the Documents folder. I uploaded a tiny text editor that I wrote myself to Dropbox, then tried to download it to the desktop on the test system.
I got an Access Denied warning—Browser Sandbox at work! I downloaded the file to the Downloads folder instead, then launched it and edited a text file in the Documents folder.
I thought Quick Heal should prevent that, but it didn't. My contacts at the company explained that Browser Sandbox very specifically manages code running in the browser itself, for example, a malicious browser extension or drive-by download.
It didn't let the browser download a program to the protected folder, but once the program was downloaded, it wasn't under observation or control by Browser Sandbox.

This feature might protect you in some situations, but it's not the same as the hardened browser feature in Bitdefender, Avast Pro Antivirus 2016, and others. See How We Test Security Software Bonus FeaturesI mentioned the AntiMalware scanner and the Emergency Disk earlier.

The Tools page contains several other items that can be helpful, starting with Hijack Restore.
It's not uncommon for malware to tweak your system settings in ways that make removal harder, or reset your browser home page and other defaults to unwanted value. Hijack Restore puts back the defaults for browser settings.
It can also fix a raft of malware-induced configuration problems, restoring access to Control Panel, Windows Update, Regedit, Task Manager, and other useful tools. Track Cleaner deletes traces of computer usage such as most recent file lists, along with cookies, cache files, history, and other traces of Web surfing.
It wipes MRU lists for 7-Zip, Acrobat, and Microsoft Office programs, among others.

And it sweeps away browsing traces for Chrome, Internet Explorer, Edge, Opera, and Safari (but not Firefox). Almost all modern malware spreads via the Internet, but there are still some that use infected USB drives as a primary or secondary mode of infection. Quick Heal's USB Drive Protection modifies a USB drive so that, although a malware process can still copy itself to the drive, it can't configure itself to launch automatically when the drive is plugged in.

The USB Vaccine feature in Panda Antivirus Pro 2016 and K7 Antivirus Plus 15 works in much the same way. Disabled by default, Anti-Keylogger claims to prevent capture of your keystrokes.
In testing, I found it did not work.
I turned off antivirus protection in order to load a popular free keylogger.
I typed some random search terms in my browser.

And I found that the keylogger totally captured what I typed.
In any case, keystroke capture is just one feature of these spy programs.

The one I chose also captures screenshots, logs chat activity, records the websites you visit, notes which programs you launch, and more.
I'm not impressed with this feature. Diagnostic ToolsThe remaining three tools aren't for you.

Don't mess with them unless you're an antivirus expert.

These are present so a Quick Heal support technician who's remote-controlling your system can use them to get information. System Explorer displays all running processes, a bit like Task Manager, and it can kill processes like Task Manager.

The main difference is that it offers plenty of detail about the selected process. When you drag the crosshairs from Windows Spy onto a visible window, you get a detailed property list for the application that owns that window.

And support agents can exclude specific file instructions from the product's scan for troubleshooting purposes. A Big ImprovementQuick Heal AntiVirus Pro 17 is much better than version 16.
It earned decent scores from the independent labs and did well in some, but not all, of our hands-on tests.
Its bonus firewall didn't test well, though, and while it offers quite a few bonus features, they're not all top-notch. I track almost four dozen antivirus products, and from that crowd I've identified five worthy of being designated Editors' Choice.

Bitdefender Antivirus Plus and Kaspersky Anti-Virus consistently get top ratings from the independent labs.
Symantec Norton AntiVirus Basic does well too, and offers an impressive Intrusion Prevention System.

An unusual behavioral detection system makes Webroot SecureAnywhere Antivirus the smallest antivirus around, and it aced my hands-on malware-blocking test.

And while it doesn't test out quite as high as the rest, McAfee AntiVirus Plus lets you protect every device in your household, across multiple platforms. One of these will surely be the right antivirus for you. Back to top PCMag may earn affiliate commissions from the shopping links included on this page.

These commissions do not affect how we test, rate or review products.

To find out more, read our complete terms of use.
For every website and service simplifying how we get information, complete a transaction, or communicate with others, there's a growing number of web-based threats intent on compromising user safety and privacy.
Securing all web content over HTTPS is n...
Now that's a little rude A web browser developed by Chinese company Maxthon has allegedly been collecting telemetry about its users. Polish security consultancy Exatel warns [PDF] that Maxthon is phoning home information such as the computer's operating system and version number, the screen resolution, the CPU type and speed, the amount of memory installed, the location of the browser's executable, whether ad-block is running, and the start page URL. The Maxthon browser collects this data without the knowledge or consent of surfers, we're told.

This information could be used to tailor attacks against a particular target, according to Fidelis Cybersecurity, the firm that supplied the tools used in Exatel's analysis. On the other hand, the data is either benign or the kind of information handed over to every web server by browsers in their HTTP request headers. Exatel researchers said they came across the issue after looking into the source of suspicious traffic in a customer's environment. Maxthon's cloud-connected browser is the sixth most popular form of web surfing software in both Poland and China (occupying 0.3 per cent and 2.6 per cent market share, respectively). Beijing-based Maxthon claimed its browser – available as freeware for Windows, OS X and Linux PCs – offers surfers a safe haven from the prying eyes of America's NSA and its PRISM program while seemingly spewing information about them over the web. El Reg asked Maxthon to comment. No one was available to talk to us. Back in February, Canada's Citizen Lab claimed a web browser made by China's top search engine Baidu leaked all sorts of sensitive information. The Android version of Baidu's browser exposed unencrypted GPS coordinates, search terms and URLs visited.

The Windows version was rated as even leakier, sending out search terms, hard drive serial numbers, network MAC addresses, the title of all webpages visited, and the GPU model number, apparently. ® Sponsored: 2016 Cyberthreat defense report