Which is the most popular antivirus software?

In an over-crowded antivirus software market, end and corporate users are often finding it difficult to differentiate between a value-added market proposition, next to the “me too” vendors of solutions. As in every other market segment, any scientific insight into the market share of various vendors offers an invaluable perspective into the market dynamics, what are customers purchasing, and most importantly, are they living in a world of ‘false feeling of security’.

Using a data set consisting of 120,000 data points, researchers from OPSWAT recently released an informative overview of the antivirus market, answering an important question - which is the most popular antivirus vendor?

According to their findings, that’s avast! Free Antivirus, followed by Microsoft Security Essentials and ESET NOD32 Antivirus.

Detailed market share statistics:

Avast - 17.4% worldwide market share
Microsoft - 13.2% worldwide market share
ESET - 11.1% worldwide market share
Symantec - 10.3% worldwide market share
AVG - 10.1% worldwide market share
Avira - 9.6% worldwide market share
Kaspersky - 6.7% worldwide market share
McAfee - 4.9% worldwide market share
Panda - 2.9% worldwide market share
Trend Micro - 2.8% worldwide market share
Other - 11.1% worldwide market share

Microsoft is the market leader in North America, followed by Symantec and AVG. Not surprisingly, the market leading avast! Free Antivirus is relying on the so called “freemium” business model, where the company grows and gains market share by offering a free alternative of their software, and earns revenue thanks to the successful conversion of free users to paid ones. Earlier this year, the company announced that it has 150 million active users worldwide, a clear indication of a working “freemium” business model.

What do you think? Is antivirus software still relevant in the age of Stuxnet, Duqu and Flame, the so called poster kids of the DIY targeted attack toolkits and weaponized malware releases? Do think free antivirus is offering a ‘false feeling of security’ compared to subscription based license models?

Android Malware Posing as Google+ app

A new flavor of Android malware is disguising itself as a Google+ app in an attempt to capture instant messages, GPS, location, call logs, and other sensitive data.

Uncovered by the team at Trend Micro, the new malware known as ANDROIDOS_NICKISPY.C can also automatically answer and record phone calls. To capture data, the app loads at boot-up and runs certain services that can monitor messages, phone calls, and the user's location, thereby stealing e-mail and other content.

Detailing its findings in a blog Friday, Trend Micro said it discovered that the malicious app tries to trick people by installing itself under the name Google++.

But instead of providing access to Google's new social network, the app sends its stolen user data to a remote site where presumably cybercriminals can grab it. Unlike some malware in the past that masqueraded as legitimate apps through Google's Android Market, this particular one must be downloaded by an unsuspecting user from a malicious Web site and then manually installed.

And even if installed, the app can be uninstalled from an Android device by selecting Settings > Application > Manage applications, choosing Google++ and then clicking Uninstall, according to Trend Micro.

Trend Micro gives the app a low-risk rating, but it's still something that Android owners should be sure to avoid.

Android users concerned about security can learn how to better protect themselves through Trend Micro's online guide "5 Simple Steps to Secure Your Android-Based Smartphones."

Hackers compromised 72 organizations since 2006

Security vendor McAfee published a detailed report on Tuesday about a hacking group that penetrated 72 companies and organizations in 14 countries since 2006 in a massive operation that stole national secrets, business plans and other sensitive information.

McAfee said the attackers are likely a single group acting on behalf of a government, differing from the recent wave of less sophisticated attacks from cyber activist groups such as Anonymous and LulzSec, according to the report.

McAfee did not say what country might have been working with the hackers, in contrast to companies such as Google, which as recently as last month blamed China for hacking into the Gmail accounts of several high-profile U.S. officials.

The intrusions, which McAfee called Operation Shady RAT, was discovered after the security vendor gained access to a command-and-control server that collected data from the hacked computers and logged the intrusions.

"After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," wrote Dmitri Alperovitch, vice president of threat research at McAfee, and author of the report.

Alperovitch wrote that over the past five to six years there has been nothing short of a "historically unprecedented transfer of wealth" due to the hacking operation.

The data stolen consists of everything from classified information on government networks, source code, e-mail archives, exploration details for new oil and gas field auctions, legal contracts, SCADA (supervisory control and data acquisition) configurations, design schematics and more, Alperovitch said.

McAfee declined to name most of the organizations attacked, referring to businesses such as "South Korean Steel Company," "U.S. Defense Contractor #1" and "Taiwanese Electronics Company," among others.

Those that were named include the International Olympic Committee (IOC), the World Anti-Doping Agency, the United Nations and the ASEAN (Association of Southeast Asian Nations) Secretariat. Those organizations, however, were not of economic interest to hackers, and "potentially pointed a finger at a state actor behind the intrusions," Alperovitch wrote.

The hacking group gained access to computers by first sending targeted e-mails to individuals within the companies or organizations. The e-mails contained an exploit that, if executed, would cause the download of a piece of malicious software that communicates with the command-and-control server.

In 2006, eight organizations were attacked, but by 2007 the number jumped to 29 organizations, according to the report. The number of victimized organizations increased to 36 in 2008 and peaked at 38 in 2009 before starting to fall, "likely due to the widespread availability of the countermeasures for the specific intrusion indicators used by this specific actor," Alperovitch wrote.

The duration of the compromises ranged from less than a month to up to more than two years in the case of an attack on the Olympic committee of a unnamed nation in Asia.