Arovax Software

SmartHide Release!!!

2007-08-29T02:39:00.000-07:00

Online Security and Privacy solutions company Arovax LLC is glad to announce the final release of its innovative and future-oriented software – Arovax SmartHide.
It was designed to provide you with the most important defence on the web – anonymity. SmartHide will keep your IP address hidden, encrypt and compress your traffic, secure all the protocols on your PC (E-mail, Web-browsing, IM, P2P, etc) and even more.
Great changes and upgrades have been made to its beta-version to adjust SmartHide to the needs of our main experts – our clients!
The hole program has been renewed and a few features have appeared.

Unique proposition!
Now each registered user can invite three friends to join SmartHide users’ community and try the program on their own. They can test and enjoy the program for free!
In SmartHide Release 433 (SSL) port has been closed to prevent Internet criminals from using it to cheat banks and processing services. Paid version of SmartHide won’t have this limitation.

Other modifications and add-ons are the following:

Accelerated network session authorization and startup.
Available individual authorization - now every user can get his/her personal copy of SmartHide.
News section has been added - follow the latest news of Arovax SmartHide changes and road-maps without going to the website. SmartHide official website also has been updated.
FAQ page has been added to help the beginners who only start using SmartHide as a security protection tool.
Also our support system has been modified. Now every registered user can contact our support team and ask any question he or she is interested with.

All beta-testers can enjoy free limited version of Arovax SmartHide by receiving an Invitation code upon request to the admin's PM on the forum.

If you have any questions or inquiries, please contact Arovax Company:
mailto:info@arovaxcompany.com

Product Page:
http://www.smarthide.com

Arovax Community:
http://forum.arovax.com

Arovax Antispyware Signature Database update from 08/22/2007:

2007-08-22T23:33:00.000-07:00

We would like to inform you that Arovax Antispyware Signature Database has been updated.
Full information about updates you can find at this forum thread>>>

How to Read Virus Names

2007-08-22T06:14:00.000-07:00

Antivirus vendors generally assign virus names consisting of a prefix, the name, and a suffix. Not all vendors follow this convention, however, and even those who do may sometimes use different designators. When attempting to find information about a particular virus, it can be helpful to understand how the names are formed.

The prefix
The prefix (when used) identifies the type of virus or malware it is. W32 or Win32, for example, denote that it is a Windows 32-bit infector and thus impacts Windows 95, 98, 2000, 2003, XP, Me, NT 4.0. Those that impact only Windows 95/98 often have prefixes of W95. Other vendors apply prefixes that are more indicative of the type of threat, rather than the platform it infects. For example, a TROJ prefix implies the file is a Trojan Horse, an I-Worm prefix indicates it is an Internet/email worm, and OM signifies that it is a Microsoft Office macro virus.
W97M, WM, X2KM are other examples of macro virus prefixes that denote both the fact that it is a macro virus and provides clues as to what versions of Office (or products within Office) are impacted. The prefix is usually separated from the name by an underscore, a period, or a slash.

The name
Following the prefix is the actual name of the malware. For example, W32/Bagle has a prefix of W32 and the worm itself is dubbed Bagle.

The suffix
Many viruses belong to the same family but are slightly different. To differentiate between these variants, antivirus vendors assign an alphabetical suffix. The original virus (or worm, Trojan, etc.) generally does not have a suffix assigned until after further variants of the same threat are discovered. For example, W32/Bagle became W32/Bagle.A after the 'B' variant was discovered. Subsequent variants are assigned descending letters of the alphabet, i.e. Bagle.A, Bagle.B, Bagle.C through to Bagle.Z. When the end of the alphabet has been reached, the count starts over. This will repeat as many times as necessary. As of October 2004, the prolific Gaobot variants had reached W32/Gaobot.BOW.

The modifier
Some vendors also add a modifier after the suffix that further describes what type of malware it is. For example, @mm signifies a mass-mailing email worm and @dl is used by some to designate a downloader. Using the above information, we can quickly see that W32/Bagle.BB@mm is a Bagle variant that is a mass-mailing email worm impacting Windows 32-bit systems.

Arovax Antispyware Signature Database update from 08/15/2007:

2007-08-16T04:32:00.000-07:00

We would like to inform you that Arovax Antispyware Signature Database has been updated.
Full information about this you can find at this forum thread>>>

One Virus - Different Names

2007-08-14T05:52:00.000-07:00

A group of security experts known as the Computer AntiVirus Researcher Organization (CARO) first attempted to develop a standard virus naming scheme in the form of the 1991 New Virus Naming Convention" (NVNC '91). But a great amount of new types of Internet infections had appeared since then and different AV laboratories began to name them creating criterias and categories on their own. This results in that different vendors assign different names to the same virus.

Costin Raiu illustrated this situation in a sipmle but popular way:
"If we were to name every new virus with some word derived from its payload, like "March6", "January Friday 13th" or "CrashWindows" the fictional exchange illustrated below could become commonplace:
(A1 - Analyst1, works for the respectable AV company C1)
(A2 - Analyst2, works for the most respectable AV company C2)
(A3 - Analyst3, works for the (even more) respectable AV company C3)

A1: "Hey A2, have you seen that new beast, the 'Newyork' virus?"
A2: "You mean the one which fills all the files on disk with 'New York'?"
A1: "No, that's the 'NYFiller' virus, I mean the one which shows a message box with the text 'New York New York'"
A2: "Could be, I remember having seen two of them, one was a macro virus and the other one infecting Linux ELF files"
A1: "Hm, the 'Newyork' I was thinking of actually infects Windows PE files"
A2: "Ah, but I think I know what you mean, however, the one I've seen shows a message box stating 'New Orleans New Orleans'. We are calling it 'NewOrleans', of course."
A1: "Hm, that must be a new version of our 'NewYork' virus with a modified message. I think you should rename your 'NewOrleans' virus to something like 'NewYork(version:Orleans)'."
A2: "Hey, wait a minute, why not rename _your_ virus to 'NewOrleans(York)'?"
A3: "Hey guys, have you seen the new virus which fills all the files on disk with 'New Delhi'? We're calling it 'NewDelhi', of course."
A1: "Arghhh..."
A2: "Who designed this stupid payload-based naming scheme anyway...?"

Keyloggers Know What You Have Written

2007-08-07T05:13:00.000-07:00

About keyloggers
Keylogger is a software program or hardware device that is used to monitor and log each of the keys a user types into a computer keyboard. The user who installed the program or hardware device can then view all keys typed in by that user. Because these programs and hardware devices monitor the keys typed in a user can easily find user passwords and other information a user may not wish others to know about.
Keyloggers, as a surveillance tool, are often used by employers to ensure employees use work computers for business purposes only. Unfortunately, keyloggers can also be embedded in spyware allowing your information to be transmitted to an unknown third party.

Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. A keylogger normally consists of two files: a DLL which does all the work and an EXE which loads the DLL and sets the hook. Therefore when you deploy the hooker on a system, two such files must be present in the same directory.

There are other approaches to capturing info about what you are doing.

Some keyloggers capture screens, rather than keystrokes.
Other keyloggers will secretly turn on video or audio recorders, and transmit what they capture over your internet connection.

Keyloggers types
1. Hardware Keyloggers. These are small inline devices placed between the keyboard and the computer. Because of their size they can often go undetected for long periods of time - however, they of course require physical access to the machine. These hardware devices have the power to capture hundreds of keystrokes including banking and email username and passwords.
2. Software using a hooking mechanism. This type logging is accomplished by using the Windows function SetWindowsHookExe that monitors all keystrokes. The spyware will typically come packaged as an executable file that initiates the hook function, plus a DLL file to handle the logging functions. An application that calls SetWindowsHookExe is capable of capturing even autocomplete passwords.
3. Kernel/driver keyloggers. This type of keylogger is at the kernel level and receives data directly from the input device (typically, a keyboard). It replaces the core software for interpreting keystrokes. It can be programmed to be virtually undetectable by taking advantage of the fact that it is executed on boot, before any user-level applications start.

Preventing keystroke capture

On the web application side, one method to avoid keystroke capture is to use a virtual keyboard for entering the username and password. A virtual keyboard is analogous to a graphical keypad where a user clicks on the characters rather than types them on the keyboard. This approach may not be practical for every user, for obvious reasons. However, it can be still be useful for very sensitive applications. Note however that even this approach is not completely secure, as some keyloggers are designed to capture screenshots on every mouse-click.
Another method of avoiding keystroke capture is to ask the user to enter the characters of the password randomly. For example, an application can ask the user to enter the 1st, 3rd and 5th (odd placed) characters of the password and then the characters in the even places. However this sequence has to change every time or else anyone capturing the password can easily reconstruct the original password - and additionally, the application must support this approach.

Arovax SmartHide Open Beta-Test and Wishlist

2007-08-02T05:17:00.000-07:00

Dear Arovax Community!

Before the upcoming release of new Beta-version of Arovax SmartHide we are starting an open beta-test of the previous version of Arovax SmartHide Beta.

Arovax SmartHide is a perfect solution for the biggest online problem - Complete Anonymity.
This unique program will keep your IP address (and your identity) hidden; secure all the protocols on your PC (E-mail, Web-browsing, Instant Messaging); provide full encryption of your traffic while working in Internet, and a lot more.

Being extremely user-friendly, Arovax SmartHide secures the data you send over Internet. You also get compression of all your traffic, so you can pay less to your internet providers!

Everyone who wants to test the previous version of Arovax SmartHide - please visit this thread of our forum for further instructions.

Arovax Antispyware Signature Database update from 08/01/2007:

2007-08-02T05:16:00.001-07:00

We would like to inform you that Arovax Antispyware Signature Database has been updated.
Full information about this you can find at this forum thread>>>

Botnets: What are They?

2007-08-01T05:43:00.000-07:00

A botnet (also known as a zombie army) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet.
Any such computer is referred to as a zombie - in effect, a computer "robot" or "bot" that serves the wishes of some master spam or virus originator. Most computers compromised in this way are home-based.
According to a report from antivirus labs, botnets - not spam, viruses, or worms - currently pose the biggest threat to the Internet. An average of 57,000 active bots was observed per day over the six months of 2006.
An attacker usually gains control by infecting the computers with a virus or other malicious code that gives the attacker access. Your computer may be part of a botnet even though it appears to be operating normally. Botnets are often used to conduct a range of activities, from distributing spam and viruses to conducting denial-of-service attacks.
The main problem with botnets is that they are hidden and may stay undetected unless you are specifically looking for certain activity.

What can you do to protect yourself?

Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage.
Install a firewall - Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer and limiting the traffic you send.
Use good passwords - Select passwords that will be difficult for attackers to guess, and use different passwords for different programs and devices.
Keep software up-to-date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities.
Follow good security practices - Take appropriate precautions when using email and web browsers to reduce the risk that your actions will trigger an infection.

Arovax AntiSpyware Roadmap (Updated 30.07.2007)

2007-07-30T04:20:00.000-07:00

This roadmap lists features that are planned for the future. It is not complete and it is not final and it will change with time. We just would like to give you an overview of where Arovax AntiSpyware development is standing and what can you expect in the coming releases.

Current Version: 2.1.143 release!

Features on the Wall
These features get our attention right now and are planned for the nearest release.
Last edited: July 30, 2007

* Three scan modes: quick, full and optional
* Incremental database update
* Automatic software update
* Open format of the language file
* System scanning right after database update

Arovax Antispyware Signature Database update from 07/18/2007:

2007-07-19T02:10:00.000-07:00

We would like to inform you that Arovax Antispyware Signature Database has been updated.
Full information about this you can find at this forum thread>>>

How to Learn About the Penalties for Violating Computer Virus Laws

2007-07-18T07:14:00.000-07:00

Everyone involved in e-commerce and digital intellectual property should understand the penalties for violating Computer Virus Laws in order to gain a full appreciation of this new problem.

How To Do Just About Everything proposes a few steps to learn about the penalties for these violations:

Step One
Look over the Computer Fraud and Abuse Act of 1984 on the Department of Justice website (see Resources below). This piece of legislation makes it illegal to sell passwords, utilize computer systems without proper authorization and steal information from a financial institution's computers.

Step Two
Contact your state's consumer protection department in order to help stop computer viruses. Most states have a consumer protection organization that has a series of ongoing campaigns, including technology and intellectual property issues. A good example of a consumer protection agency on the state level is the New York State Consumer Protection Board (see Resources below).

Step Three
Learn about computer virus laws from a qualified criminal attorney. Contact the American Bar Association to get in touch with pro bono attorneys who deal with criminal and intellectual property law (see Resources below).

Step Four
Inquire about computer viruses and ways of violating computer systems from an information technology (IT) expert. A better understanding of computer viruses violating your computer can help you develop a larger picture of your legal case. Your local university will typically have an IT department that can answer public questions.

Warning: Somebody's Phishing You!

2007-07-10T04:51:00.000-07:00

Phishing is the term coined by hackers who imitate legitimate companies in e-mails to entice people to share passwords or credit-card numbers. Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by phishers include PayPal, eBay, MSN, Yahoo, BestBuy, and America Online. A phishing expedition, like the fishing expedition it's named for, is a speculative venture: the phisher puts the lure hoping to fool at least a few of the prey that encounter the bait.

Phishers use a number of different social engineering and e-mail spoofing ploys to try to trick their victims. In one fairly typical case before the Federal Trade Commission (FTC), a 17-year-old male sent out messages purporting to be from America Online that said there had been a billing problem with recipients' AOL accounts. The perpetrator's e-mail used AOL logos and contained legitimate links. If recipients clicked on the "AOL Billing Center" link, however, they were taken to a spoofed AOL Web page that asked for personal information, including credit card numbers, personal identification numbers (PINs), social security numbers, banking numbers, and passwords. This information was used for identity theft.

Potential uses of your information: Control of victim's financial accounts, open new bank accounts, transfer bank balances, apply for loans, credit cards and other goods/services, luxury purchases, hide criminal activities, receive government benefits or obtain a passport.

Tips on how to avoid phishing:

If you receive an unexpected e-mail saying your account will be shut down unless you confirm your billing information, do not reply or click any links in the e-mail body. For example, PayPal will never ask you in an email: Credit and debit card numbers, Bank account numbers, Driver's license numbers, Email addresses, Passwords, Your full name.
Look for misspellings and bad grammar. While an occasional typo can slip by any organization, more than one is a tip-off to beware.
Beware of the @ symbol in a URL. Most browsers will ignore all characters preceding the @ symbol, so this Web address -- http://www.respectedcompany.com@thisisascam.com -- may look to the unsuspecting user like a page of Respected Company's site. But it actually takes visitors to thisisascam.com.
Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It means your information is secure during transmission.
If you are uncertain about the information, contact the company through an address or telephone number you know to be genuine.

Arovax AntiSpyware 2.1.143 is released!!!

2007-07-07T02:13:00.000-07:00

New version of Arovax Antispyware became much better. Now database update and system scan can be scheduled. We also fixed some errors and improved user interface. These are the main changes in the version 2.1.143:

New: "Scheduler: scheduling database updates and scans"
New: "Arovax Company news panel"
New: "Full compatibility with Windows Vista"
Fixed: "Bug with sending reports with last scan log"
Fixed: "Bug with counter during files scan"
Fixed: "Bug with scanning files with restricted access"

Please download the latest version of Arovax Antispyware here>>>

Arovax Antispyware Signature Database update from 07/04/2007:

2007-07-06T05:37:00.000-07:00

We would like to inform you that Arovax Antispyware Signature Database has been updated.
Full information about this you can find here>>>

Internet Worms

2007-06-27T04:22:00.000-07:00

People use e-mail more than any other application on the internet, but it can be a frustrating experience, with spam and especially e-mail worms filling our inboxes.
Worms can spread rapidly over computer networks, the traffic they create bringing those networks to a crawl. And worms can cause other damage, such as allowing unauthorized access to a computer network, or deleting or copying files.

History
The first incarnations of internet worms weren't the malevolent threat they are today. These early worms (developed in 1982 at Xerox's Palo Alto Research Center by John Shock and Jon Hepps) were in fact, designed to perform useful tasks within a network.
Despite the evident usefulness of these programs it was also clear that, in the wrong hands they could quite easily be turned to malevolent uses.
The first true Internet worm (and probably the most famous) was released on 2nd November 1988 by Robert T. Morris. It attacked Sun and DEC UNIX systems attached to the Internet and within 24 hours had invaded 4,000-6,000 machines.
The Melissa Worm was first recognized on 26th March 1999, it was the first major mail worm - a form of worm which was to become hugely prevalent. Melissa was written by David L. Smith and named after a lap dancer he met in Florida.
Melissa contained a Word macro virus but unlike previous viruses of this type it could spread in a semi-active manner. It attacked Microsoft's Outlook and Word programs (Any time an infected user attached a Word document to an email, this email sent to the first 50 addresses in the recipients' address book if they use Outlook as the mail client).
In 2001 active worms made a return to prominence. The first of these worms to be noticed was called Code Red. Code Red was a relatively simple worm which affected computers running Microsoft's Internet Information Server (IIS) web server. It infected over 350,000 servers in just over 12 hours. Once it infected a system Code Red waited for 20-27 days to launch denial of service attacks on several fixed IP addresses. (Including the IP address of the White House).

How do they spread?
A worm is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. When you receive a worm over e-mail, it will be in the form of an attachment, represented in most e-mail programs as a paper clip.
If you click on the attachment to open it, you'll activate the worm, but in some versions of Microsoft Outlook, you don't even have to click on the attachment to activate it if you have the program preview pane activated.
The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line. Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding.
Other worms can use multiple methods of spreading. The MyDoom worm, which started spreading in January 2004, attempted to copy infected files into the folder used by Kazaa, a file-sharing program. The Nimda worm, from September 2001, was a hybrid that had four different ways of spreading. According to Computer Economics, the associated damage from Code Red and Nimda came to $3.72 billion.

How to protect your computer?

Make sure you visit Windows Update site frequently.
Most antivirus programs also provide a feature that allows you to update their definitions automatically – make sure you enable that as well.
Remove Spyware and Adware.
Prevent Spam.
Basically there is no one absolute defense from anything – use a combination of software and hardware protection.
Don’t run files from unknown sources, and confirm with the sender the authenticity of any unexpected attachment, especially an executable file (*.exe, *.scr, *.bat, *.com, *.vbs, *.cmd, etc).

Strong Passwords: Tips

2007-06-21T01:29:00.000-07:00

One of the problems with passwords is that users forget them. Different networks, sites and applications have their own password requirements and more classified or personal information merits stronger, more unique authentication.
It is difficult when your employer requires a password of at least 8 characters that must include at least one number and one special character, but your bank requires a password of at least 6 characters that must include at least one uppercase, one lowercase and oner numerical character. Then, one web site you visit only allows a 4-character password, all numbers, and an application you use requires an 8-character password, but doesn't allow numbers or special characters.
In an effort to not forget them, users indicate simple things like their dog’s name, their son’s first name and birthdate, the name of the current month - anything that will give them a clue to remember what their password is.
For the curious hacker who has somehow gained access to your computer system this is the equivalent of locking your door and leaving the key under the doormat. Without even resorting to any specialized tools a hacker can discover your basic personal information- name, children’s names, birthdates, pets names, etc. and try all of those out as potential passwords.
To create a secure password that is easy for you to remember, follow these simple steps:

1. Do not use personal information.
You should never use personal information as a part of your password. It is very easy for someone to guess things like your last name, pet's name, child's birth date and other similar details.

2. Do not use real words. There are tools available to help attackers guess your password. With today's computing power, it doesn't take long to try every word in the dictionary and find your password, so it is best if you do not use real words for your password.

3. Mix different character types. You can make a password much more secure by mixing different types of characters. Use some uppercase letters along with lowercase letters, numbers and even special characters such as '&' or '%'.

4. Use a passphrase. Rather than trying to remember a password created using various character types which is also not a word from the dictionary, you can use a passphrase. Think up a sentence or a line from a song or poem that you like and create a password using the first letter from each word.
For example, rather than just having a password like 'yr$1Hes', you could take a sentence such as "I like to read the About.com Internet / Network Security web site" and convert it to a password like 'il2rtA!nsws". By substituting the number '2' for the word 'to' and using an exclamation point in place of the 'i' for 'Internet', you can use a variety of character types and create a secure password that is hard to crack, but much easier for you to remember.

5. Use a password management tool. Another way to store and remember passwords securely is to use some sort of password management tool. These tools maintain a list of usernames and passwords in encrypted form. Some will automatically fill in the username and password information on sites and applications.
Arovax TraySafe password manager was created specially to relieve computer users of headaches about lost passwords, typing usernames, passwords and storing securely valuable information.

Using the tips above will help you create passwords that are more secure, but you should still also follow the following tips:

Use different passwords. You should usea different username and password for each login or application you are trying to protect. That way if one gets compromised the others are still safe. Another approach which is less secure, but provides a fair tradeoff between security and convenience, is to use one username and password for sites and applications that don't need the extra security, but use unique usernames and more secure passwords on sites such as your bank or credit card companies.
Change your passwords. You should change your password at least every 30 to 60 days. You should also not re-use a password for at least a year.
Enforce stronger passwords: Rather than relying on every user of the computer to understand and follow the instructions above, you can configure Microsot Windows password policies so that Windows will not accept passwords that don't meet the minimum requirements.

Secure your Credit Card information

2007-06-06T06:22:00.000-07:00

Internet Fraudsters keep on finding new methods of using the Internet to scam innocent consumers and online users, which is said to be the common targets. This fraud is very popular because of its anonymity and less risk involved. Added to the fact that not so many countries are already ready to face this disaster and have strong policies and law to pursue the case against the suspected fraudster.
Fraud on the Internet includes, but is not limited to: fraudulent or fake web sites, untrustworthy websites, phishing (fishing) for personal information with fraudulent emails, Online auction frauds - buyers and sellers, increased Nigerian 419 Advance Fee Fraud, Lottery Advance Fee Scams, Business Opportunities & Work from Home Scams, International Modem Dialing and Cramming, and credit card fraud.

Take the first 8 digits of a standard 16-digit credit card number. Search for them on Google. Since the 8-digit prefix of a given card number is often shared with many other cards, about 1/4 of credit card numbers in my random test, turned up pages that included other credit card numbers, and about 1 in 10 turned up a "treasure trove" of card numbers that were exposed through someone's sloppily written Web app.

Protect from what?
The most common and most successful frauds are done through the use of stolen credit card information, which was obtained in many ways:

Worms that contains malicious code to extract information from the infected computers. In the past, worms were designed primarily to propagate. Now, many of the significant worms are designed to steal sensitive information such as credit card numbers, social security numbers, pin codes, and passwords and send the information to the attacker for nefarious purposes including identity theft. Unfortunately, attackers have become very adept at circumventing traditional defenses such as anti-virus software and firewalls. Arovax Shield detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them.
Frauds can get access to information about your online credit card payments through your PC in case you ever used online services for purchasing something from the sites that are not secured.
Installation of keyloggers and monitoring software of the users’ computers. Keyloggers are a form of spyware that tracks person's keystrokes and then sends the information to someone who can translate and exploit it. This can copy the keystrokes on e-mail, instant messenger, and any other Internet activity. The person collecting the information can get information such as credit card numbers, user names and passwords, and more. These handy little devices have been around for sometime but the increase of spyware has brought them out to the front and center. It is easy to infect a computer with this type of software and very common. A user can easily go to the wrong web site and get infected or someone can manually place this on the computer, as well.
Using privacy leaks in your system, frauds get such information about you as your name, your street address or your email, masquerade as a trustworthy person and send you an apparently official email trying to find out your credit card pin and number. Your IP address or "Internet Address" can be used to trace your location and personal information. With Arovax SmartHide whenever you visit websites, your real IP address is not provided to the other people involved in the transaction. Most hacking is based on using your real IP address, which the hacker won’t be able to get, without that they have no idea where to hack into.

Electronic mail (email) is also vulnerable. This is because, like the real post, it spends a lot of time being stored and awaiting delivery: for instance, if a telecommunications link fails, then email that would have used that link will stay, waiting, until the link is restored. It is in principle possible for someone to bribe a computer operator at one of the mail servers and thus somehow gain access to all undelivered mail. A sophisticated program might then be able to extract anything that looked like a credit card number.
Remember, the amount of risk in giving out a credit card number is limited by two important factors:

Anyone taking card numbers from that Web site and trying to use them before they were cancelled, would have put him/herself in a very difficult position. To use a card number and expiration date, without a physical card, to purchase tangible goods by phone or over the Web, you need to give an address to which the merchandise will be delivered, which makes the transaction very traceable. Cash advances require PIN numbers which you never give to online retailers. So the thief would be limited to paying for on-line memberships or buying "soft goods," such as software, content, and music, that can be dowloaded directly from a Web site; and companies in that business tend to take extra precautions to prevent credit card fraud because of their unique vulnerability.
The credit card company limits your liability. Federal law limits your liability to $50 if someone makes unauthorized charges to your account, and most credit card issuers will remove them completely if you report the problem promptly. There are new technologies, such as “substitute” credit card numbers and password programs, that can offer extra measures of protection from someone else using your credit card.

Your level of comfort in using your credit card on the World Wide Web is a personal matter.

How to decrease risks?

Know who you’re dealing with. If the seller or charity is unfamiliar, check with your state or local consumer protection agency and the Better Business Bureau. Some Web sites have feedback forums, which can provide useful information about other people’s experiences with particular sellers. Get the physical address and phone number in case there is a problem later.
Be aware that no complaints is no guarantee. Fraudulent operators open and close quickly, so the fact that no one has made a complaint yet doesn’t meant that the seller or charity is legitimate. You still need to look for other danger signs of fraud.
Don’t believe promises of easy money. If someone claims that you can earn money with little or no work, get a loan or credit card even if you have bad credit, or make money on an investment with little or no risk, it’s probably a scam.
Understand the offer. A legitimate seller will give you all the details about the products or services, the total price, the delivery time, the refund and cancellation policies, and the terms of any warranty.
Resist pressure. Legitimate companies and charities will be happy to give you time to make a decision. It’s probably a scam if they demand that you act immediately or won’t take “No” for an answer.
Be cautious about unsolicited emails. They are often fraudulent. If you are familiar with the company or charity that sent you the email and you don’t want to receive further messages, send a reply asking to be removed from the email list. However, responding to unknown senders may simply verify that yours is a working email address and result in even more unwanted messages from strangers. The best approach may simply be to delete the email.
Beware of imposters. Someone might send you an email pretending to be connected with a business or charity, or create a Web site that looks just like that of a well-known company or charitable organization. If you’re not sure that you’re dealing with the real thing, find another way to contact the legitimate business or charity and ask.
Guard your personal information. Don’t provide your credit card or bank account number unless you are actually paying for something. Your social security number should not be necessary unless you are applying for credit. Be especially suspicious if someone claiming to be from a company with whom you have an account asks for information that the business already has.
Beware of “dangerous downloads.” In downloading programs to see pictures, hear music, play games, etc., you could download a virus that wipes out your computer files or connects your modem to a foreign telephone number, resulting in expensive phone charges. Only download programs from Web sites you know and trust. Read all user agreements carefully.

Arovax AntiSpyware roadmap is updated!

2007-05-18T13:47:00.000-07:00

News Tab like the one in Arovax Shield;
Database download Scheduler;
Scan Scheduler;
All the files which are written to HDD should be written to the Application Data folder;
Windows Vista compatibility.

You can always stay up on all the latest news and updates visiting Arovax Community Forum.

Arovax Shield roadmap is updated!

2007-05-18T13:44:00.000-07:00

Current public version: 2.1.103

This roadmap lists features that are planned for the future. It is not complete and it is not final and it will change with time. We just would like to give you an overview of where Arovax Shield development is standing and what can you expect in the coming releases.

• New, completely remade Graphical User Interface;
• More reliable System Registry Monitoring level;
• Protection from modification of Executing files;
• Rules creation for access to Registry and File system for each separate application;
• Two levels of control over system activity: Normal and High;
• More advanced Events Log.

Arovax Antispyware Signature Database update from 05.05.2007:

2007-05-06T15:02:00.000-07:00

We would like to inform you that Arovax Antispyware Signature Database has been updated.
Full information about this you can find here>>>

Long-awaited Arovax AntiSpyware 2.0.113 is released!

2007-04-27T11:16:00.000-07:00

Dear friends!

The time has come and we have released the first big update among planned by Arovax Team on our softwares.

New Arovax Antispyware has become even more reliable and effective. Arovax Antispyware Spyware Database is completely updated, a lot of trusted applications and registry keys were added which allows to discover malicious software and to distinguish it from the legal software.
All found malicious software are now automatically checked for removing, and those items which will be marked as unknown can be sent to the Arovax lab for the further research and analysis.
Latest release of Arovax Shield is completely compatible with Windows Vista. New version includes fixes to the bugs which lead to AS failure. One of the most important features of the new update is the implemented regular Signature database update. Arovax AntiSpyware is now able to completely secure your system from the most latest viruses, trojans, spyware, etc.

These features were implemented in this release:

New: Full compatibility with Windows Vista.
New: Single package of installation for Windows 2000/XP/2003/Vista.
New: Database now contains records about “Good” programs (White list)
New: Automatical selection of malicious records
New: Much faster working with the registry and file system.
Fixed: Sometime Arovax Shield is crushed when user is installing ActiveX components or IE toolbars.
New: If Arovax Antispyware discovered unknown records during the scan – you can send them to the Arovax lab for the research
Fixed: Bug with counter during files scan

Please download the latest version of Arovax Antispyware here>>>

Arovax Shield v2.1.95 is released

2007-03-05T11:27:00.000-08:00

In this release startup folder monitoring problems and hosts file monitoring problems in automatic mode have been fixed. In addition much faster IE cookies scan has been implemented.

Arovax SmartHide 1.0.256 beta version!

2007-03-05T09:47:00.000-08:00

Dear Beta-testers!

A new version of Arovax SmartHide 1.0.256 has been uploaded to the Download section of your Beta-Tester Members Area.
SmartHide 1.0.256

Please download the latest version and test it thoroughly.

The cnages include complete re-writing of the program kernel and code, implementation of the new approach where all the traffic goes through anonymous server both UDP and TCP.
Right now you do not need to play with Ports, ALL your traffic is automatically encrypted, compressed and anonymous.

For the rest members of Arovax Community I want to remind, that you can still apply for Beta-testing registering here and waiting for our approvement.

Arovax Shield 2.1.90 beta version is released!

2007-02-13T21:25:00.000-08:00

New version has a number of features:

New: Much faster Firefox cookies scan.
New: Now Arovax Shield defines the process which tries to change the hosts file.
New system of monitoring files and folders. Now it works on kernel mode.
New: Now Arovax Shield is saving the settings after update.
New: New technology "SDT-Antipatch".
New: Arovax Shield is now fully compatible with Windows Server 2003 on the x86 platform.
Fixed: Startup folder monitoring problems in Windows 2000.
Fixed: "Problems with Terminal Service.
Fixed: "Crash while exiting Arovax Shield in Windows 2000.
Fixed: "Problems during moving the files to startup folder.

If your copy of Arovax Shield does load your CPU too much during work with Firefox - please try this version of AS.

Download Arovax Shield for Windows 2000/XP!
Download Arovax Shield for Windows Server 2003!

Arovax Shield is updated!

2006-06-03T08:11:00.000-07:00

A very useful feature "Autoset Rule" was added. With the latest version Arovax Shield is able to "remember" user's choices and will automatically allow/block registry writing attempts. Now you do not have to worry about giving same commands to Arovax Shield over and over again. With the new feature - only one click and your choice is remembered and will be used in the future.

You can download Arovax Shield v.1.3.4 on our website Download Page>>>

Everything You Should Know About SPAM. Part II

2006-03-14T05:44:00.000-08:00

The Damage
Mailing doesn't cost anything for a spammer, but SPAM can cause serious damages for a receiver. SPAM makes the work of informational systems and resources difficult, as it creates useless loading. Moreover, Network users have to spend much time on filtration of useless advertisements. In order to avoid this, users need to install anti-SPAM filters which can also delete important e-mails recognizing them as a SPAM. SPAM can also be used as ‘black PR’ and to spread computer viruses.

How to Fight SPAM
Perhaps the most effective way to fight SPAM is not to let spammers know your e-mail address. This can be hard to perform but some precautionary measures can be taken.
• Do not show your e-mail address on web sites and in Usenet groups without necessity.
• Do not register on suspicious sites. If a useful site requires registration you can point a temporary e-mail address that you won’t use again.
• Never answer SPAM and never visit included links. If you do it you will confirm using this e-mail address and will receive more SPAM.

There is special software developed for automatic SPAM defining (the so-called SPAM filters). It is developed for both end users and server usage. This software works according to two main principles:
1. A letter’s content is analyzed and the conclusion is made whether the letter is SPAM or not. If the letter is classified as SPAM it can be marked, placed into other folder or deleted. Such software can work on both a server and client’s PC. Using this approach you will not see the filtered SPAM, but you will have some expenses, because anti-SPAM software receives every SPAM-letter (spending your money) and only then decides whether to show it or not.
2. The second principle is to detect the sender as a spammer without checking the content of the letter. This software can work only on the server that receives letters directly. This approach can lessen the costs as the money is spent only on communication with spammer mail programs (i.e. on the rejection of receiving letters) and addressing other servers (if required) during the check. But the profit will be not that big as you may expect. If a receiver refuses to receive a letter spammer programs try to avoid the protection and send letters in a different way. Every such attempt is to be repelled separately, which enlarges the load on the server.
The place of the installation of the anti-SPAM software (a end user’s PC or for example provider’s mail server) defines who will be responsible for the SPAM filtration expenses. If an end user filters SPAM he is responsible for expenses as he will receive all letters including SPAM. If the server filters SPAM, the user is not responsible for expenses because he receives only useful letters, and all the expenses are to be done by the server’s owner.

Black Lists
Black lists include IP-addresses of those computers which are known to spread SPAM. Lists of PCs which can be used for the mailing (‘open relays’ and ‘open proxies’), as well as ‘dialup’ lists are also available. One can use a local list or a list which is supported by somebody else. Those black lists the inquiry to which is performed via the DNS service are widely popular. They are called DNSBL (DNS Black List). Today this method is not very effective. Spammers find new PCs for their purposes faster than they are included into black lists. Besides, a couple of computers that send SPAM can compromise the whole mail domain and thousands of law-abiding users will not be able to send e-mails to those servers that use such black lists.

Mail Servers Authorization
There are many different ways to confirm that the PC that sends letters ‘has the right’ to do it (Sender ID, SPF, Caller ID, Yahoo DomainKeys). However, these technologies sometimes limit mail servers’ functionality:
• Forwarding letters automatically from one mail server to another (SMTP Forwarding) can be impossible.
• Providers follow such a policy, according to which clients can perform SMTP-connections with provider servers only. In this case mail servers’ authorization is impossible or hard to perform.

Grey Lists
The ‘grey lists’ method is based upon the fact that the software signed to send SPAM ‘behaves’ differently from common mail servers: spammer programs do not try to repeatedly send e-mails if a temporary error occurs, as it is required by SMTP protocol.
At first all unknown servers are placed to the grey list and letters from them are not received. The temporary error code is sent to the sender’s server, that is why common letters (not SPAM) are not lost, but the delivery of them is delayed (they stand in the line and are delivered with the next try). If the server acts as it is expected to, it is automatically placed to the white list and all next letters are received without any delays.
Due to this method up to 90% of SPAM is filtered without much risk to lose important letters. However, it is not perfect.
• Some letters that do not fulfill SMTP protocol requirement can be removed from servers by mistake.
• The delay with the delivery can be up to half an hour (and even more), which can be unacceptable in case with urgent correspondence.
• Big mail services use several servers with different IP-addresses. Moreover, there can be the situation when a number of servers try to send one and the same letter in turn. This can cause very long delays when sending letters.

Statistic Methods of SPAM Filtration
These methods use the statistic analysis of the letter’s content for making the decision whether it is a SPAM letter. The biggest success was achieved with the help of algorithms, based on Bayes theory. Statistic Methods of SPAM Filtration requires ‘teaching’ filters. It means using sorted manually letters in order to define the statistic peculiarities of common letters and SPAM. This method can remove up to 95-97% of SPAM.

Other Methods
• Common toughening of the requirements to letters, for example the refusal to accept letters with wrong sender address (letters from domains that do not exist), the examination of the domain name using IP-address of the computer from which the letter is sent, etc. These measures are in fact history and are not taking seriously today. They filter only the most primitive SPAM – very low percentage.
• “Call-Answer” types of systems, etc.

Everything You Should Know About SPAM. Part I

2006-03-14T05:41:00.000-08:00

SPAM involves sending nearly identical messages (usually advertisements) to thousands of recipients.

Most Common Kinds of SPAM

Advertising
Advertising is most common and popular among spammers. Some companies that provide legal business advertise their product or service using SPAM. Such advertising is relatively cheap and targets many potential customers. If the advertising delivery is properly organized, SPAM can increase the sales effectiveness without harming users.

Advertisements for Illegal Goods
Such products as pornography, small-lot production medicine, stolen information (e.g. database), etc. are often advertised with the help of SPAM.

‘Nigerian Letters’
SPAM is also used to swindle some money from the receiver. Such letters are called ‘Nigerian Letters’ due to their origin. They involve the following principle: the receiver is informed that he can get a big sum of money and the sender can help with it. Then the sender asks to give him some money for paper work, opening the account, etc. If the receiver gives this money he will never hear a word from the sender again.

Phishing
Phishing is the spammer’s attempt to swindle the recipient’s credit card numbers or passwords for access to his online payments. These letters are usually masked as an official notification from the bank administration. They ‘inform’ the receiver that he must confirm his personal data; otherwise his account will be blocked. A site address (which belongs to spammers) and the form that is to be filled are included.

Other Kinds of SPAM
• Delivery of religious letters;
• Mass mailing in order to knock-out mailing system (denial of service)
• Mass mailing on behalf of another person with the aim to give rise to negative attitude to this person.
• Mass mailing of computer viruses (for their initial spreading)

There are two types of Mass mailing that are not considered SPAM because they are not deliberate. However, they cause the same (if not more serious) problems for network administrators and final users.
• Computer viruses of definite type (mail worms) are spread with e-mails. When such a worm infects a PC, it searches e-mail addresses and sends itself to these addresses.
• Mail worms put accidental e-mail addresses (from those found on the infected PC) in the field ‘From’. Badly tunned antivirus programs on other PCs send notification about a found virus to this address. As a result lots of people receive notification that they spread viruses, but in reality they do not.

Ways of Spreading SPAM
SPAM is spread mostly via e-mails. Today, the share of viruses and SPAM in the general e-mail traffic is about 85-95 percent.
Spammers pick up e-mails with the help of a special robot or manually (seldom), using web pages; conferences Usenet; lists of mailings; guest books; chats, etc. A program-robot is able to pick up thousands of addresses per hour and create a database for further SPAM mailing. Some companies send their clients e-mails to spammers. Another way to get a list of valid e-mail addresses is to generate a huge random list of e-mail addresses (from a thousand to million) according to the defined templates and then to check for their validity with a special validation program.
SPAM is sent from badly protected PCs, connected to the Internet. These can be:
• Servers that are mistakenly set in such a way that they permit free mail (open relay, open proxy);
• Web mail servers that permit anonym access or access with simple new users registration (which can be done by special program-robots);
• Computers-zombie. Some spammers use known vulnerabilities in software or computer viruses in order to control a great number of connected to the Internet computers and use them for mailing SPAM.
To avoid automatic SPAM filtration, the messages are often distorted – figures or Latin symbols are used instead of letters, spaces are added, etc.
Different tricks are used to be sure that the message is delivered and read by the recipient:
• Inquiry to confirm delivery. Some mail clients can send it automatically.
• Letters that include pictures downloading from the spammers controlled sites.
• Links to web pages that offer some additional information.
• The offer to refuse subscription for this mailing by sending an e-mail to the defined address.
If spammers receive notification that the e-mail is really used, the SPAM flood can increase enormously.

Usenet
Many news groups Usenet (especially non-moderated) were abandoned by users and currently include advertisements mostly. Instead of them other moderated conferences were developed.

Instant messagers
The development of instant messaging delivery services, such as ICQ, AIM, etc. encouraged spammers to use them for their own purposes. The majority of these services offer lists of users, which can be used for mailing SPAM.

Blogs, Wikis
Today there are web sites that can be freely edited – blogs and wikis. For example, Wikipedia is developed using this technology. These pages are open for free editing, therefore they may contain SPAM.

SMS-messages
SPAM can be spread not only via the Internet. Advertising messages that are sent to mobile phones with the help of SMS-messages are especially unpleasant as it is more difficult to protect from them. Moreover, sometimes the receiver has to pay for them. This can be a solid sum, especially if the receiver is in roaming.

Internet Explorer 7 Public Beta: Pros and Cons

2006-02-22T07:51:00.000-08:00

Microsoft has finally presented its new version of Internet Explorer, IE 7. Bill Gates noted: “What we've decided to do is a new version of Internet Explorer, this is IE 7, and it adds a new level of security.”
IE 7 is only available for Windows XP with Service Pack 2 (SP2), Windows XP Professional x64 Edition, and Windows Server 2003 with Service Pack 1 (SP1) users. IE 7 was originally scheduled only for inclusion in Windows Vista (codenamed Longhorn). So the Windows Vista version will enclose some of its features.

Installation
In order to install the newest Internet Explorer, users need to download file of 11MB in size from Microsoft website . The installation is done in the invisible mode, which minimizes user’s interference.

Below you can find some features that the new browser offers:

New Interface
Internet Explorer 7 has a completely new interface. It is better compound and has additional abilities of adding web sites to Bookmarks, search in the Network, one-click history deletion, "Shrink to Fit" and other printing improvements. The new design includes an improved Address Bar, new menu elements, decreased in size, more convenient icons and diminished tool bar.

Tabbed Browsing
Microsoft included tabbed browsing in IE 7. New tabs can be opened or closed with one middle mouse button click. Tabs of IE 7 are slightly different from those of Firefox. One of the distinguishing features is the ability to show the list of open pages vertically. This can be very useful as Microsoft decided not to use multi-rowed tabs. Tabs dragging is not included into IE 7. But this function is not used very often and can hardly be a weak point.

Below you will find the description of how tabs work. When opening Internet Explorer 7, on the top of the browser window, below the tool bar, two tabs are displayed: your current page and a smaller, blank tab. The blank tab is shown below, surrounded by the red oval.

After you click on the blank tab and then select – or input – a destination you'll have two named tabs, as shown below.

Easy Search
Another feature that was included into IE 7 is ‘Easy Search’. The search bar window is always in plain view; moreover, users can choose the search engine which will process their inquiries and post search results in a separate tab.

RSS-feeds
The new Internet Explorer enables its users to read RSS-feeds. When you enter a page the browser finds them and signals about it with an Red sign or with a sound.
In theory things are as follows: when clicking on this sign you go to the page that contains latest notes and a link to subscribe RSS-feeds. The subscription implies the moving of the feed to ‘Bookmarks’, where it can be read with other feeds. The practice shows somewhat different picture.
First, not all of RSS-feeds can be read. Perhaps the reason is that a feed must exactly correspond to the commonly accepted standards. Major up-to-date programs for reading RSS can avoid most known feed defects or fix them in the auto mode.
Second, we failed to find the mode which would enable all feeds to be seen in one window, sorted out chronologically. However, notes in a separate feed can be sorted out by time, author or name.
Third, we also failed to create something similar to Firefox’es “Live Bookmarks” that would include folders keeping the list of latest notes.

Focusing on Security
IE 7.0 consists, mostly, of security-oriented features, one of which is anti-phishing technology. As Gates noted, “Some of the advances [in IE 7] include things focused on phishing, where people use URLs that appear to come from another location, things related to malware. So, [that] will be another important advance [in IE 7].”

IP traffic encryption capability, included in IE 7, helps prevent electronic eavesdroppers from modifying data before it reaches your machine or redirecting you silently to malicious servers. "It makes sure that the traffic is encrypted, so there is no eavesdropping or modification that can take place, but it also makes absolutely sure through the use of certificates that the machine that you're connected to is the machine that you want to be able to connect to," Gates noted.

Changes for Web Developers
Good news for Web developers: IE 7 includes support for transparent PNG files, CSS consistency, CSS 2 fixed positioning, international domain name (IDN) support, and more. However, it does not conform fully to the CSS 2 specification.

Not Included
IE 7 does not include any ad blocking technology and a new Outlook Express (OE) version (e.g. OE 7).

Conclusions
Internet Explorer 7 differs greatly from its predecessor, in a better way. However, its disadvantage is that it contains minimum of vital functions. Well, a lot has been done, and it would be really good if the final version of Internet Explorer 7 would be able to satisfy all users’ needs.

© Arovax, LLC

Do you think it is worth switching to Internet Explorer 7 as your Default browser?

Express your opinion about new IE7 in the article's comments section

Why Trojan Horses Are Dangerous

2006-02-22T07:19:00.000-08:00

The Internet of today is not only a useful informational environment, but a potential source of different dangers that threat both users’ PCs and servers. According to the statistics, the most serious threats are so-called ‘Trojan Horses’. The origin of this term is known to everybody from school. It embodies a “present” with a hidden threat for its recipient. These “presents” can be of great danger for Internet users. So, in this article we would like to describe the work of Trojan Horses.
As it was already mentioned above, Trojan Horses are one of the most dangerous threats for PC and its owner. These malicious programs can be completely different. Major worms can also be related to Trojan Horses. Describing and classifying them is very difficult. However, there is one parameter by which all Trojan Horses can be classified to different groups. This parameter is a target of the virus, or in other words, the harm that they cause on the victim-PC. There are six groups of malicious programs that exert influence upon the victim.

Remote Administration
Nowadays, there are a lot of programs that make it possible to provide remote administration of both separate PCs and computer systems. These programs are very convenient utilities that make things easier for local network administrators. The operation principle of such programs is easy: a special agent is installed on a remote PC; after that the administrator can launch the main module onto his computer, connect to another computer and get an opportunity to completely control it.
Now imagine that a PC user does not know about the agent installed into his system. And this agent connects not to another local network computer, but to thousands miles remote PC on which a hacker works. In this case the criminal can do anything he wants: steal passwords, copy personal documents, install any software, even reboot or turn off the PC. That is why Trojan Horses (in fact, these are agents utility for remote administration) of this group are most dangerous. They offer the criminal splendid opportunities to control a victim-PC.

Data Stealing
Another very dangerous group of Trojan Horses includes those viruses that are focused on stealing users’ data. They are of serious threat for home PC owners. Prima facie this may seem strange. What secret data can an ordinary user have? Hackers should be interested in huge companies which have their commercial secrets and are afraid that their data will be sold to competitors. However, there is one problem here. Trojan Horses cannot themselves find files with secret data. Moreover, it is rather difficult to send big data volumes over the Internet. At the same time it is very easy to steal data (for example passwords for access to OS or Internet) from home PCs which are usually less protected.
This variant is the most popular. With the help of Trojan Horses which steal passwords for access to the Global Network a criminal connected up to the same provider as the victim, can easily make other people cover his Internet costs by using their authorization data. Besides, there are malicious programs with a complicated algorithm. They can try to steal passwords saved in browser from different web-services, FTP-servers, etc.

Spies
Nowadays spies are used more and more often. The principle of their work is as follows: A special agent is installed on user’s PC. Working without being noticed by the user, it collects certain data and sends it over the Internet to a hacker. Such software is called spyware. Modern spyware can do a lot of things: keep log of the pressed keyboard keys, make screenshots of the whole screen and visited web-pages from time to time. All this enables criminals to collect very detailed data about their victims, including passwords necessary for access to the Internet and different services.
However, it should be noticed that the majority of this kind of Trojan Horses record only the order of typed keys. First, this information is the most critical. This is the way to learn user’s passwords and using the resources on behalf of the victim. Second, the list of pressed keys is relatively small in size. So, it can be easily sent to hackers’ PC.

Homepage Hijackings
Today there are a lot of partnership programs in the Internet. Their function is as follows: A person attracts visitors to the sponsored site, getting some fee for every visitor. In fact, partnership programs is a common thing, but only unless both sides stick to the rules. However, many web resources with the “adult” content look through their fingers at partners’ actions. As a result we have the following:
Aiming to have the highest profit, some people use Trojan Horses. They infect Internet users’ computers with such malicious programs that constantly hijack the browser home page and change it to partner’s site’s address. Vsiting it will immediately open some other pop-ups with the sponsor’s web-projects. Besides, such Trojan Horses themselves are able to initiate opening of the defined adress during certain activity of the user (connecting to the Internet, opening new browser window, etc.)

Attack Implementing
The most popular type of remote attacks are denial of service (DDoS-attacks). Their main point is in the following: criminals send great amount of special network packets. As a result, the computer cannot cope with this flood and becomes inaccessible for ordinary users. However, it is impossible to create such a huge amount of threads to completely load a server. And it is dangerous for hackers as well.
That is why criminals often use the following scheme: First of all they infect as much ordinary Internet users’ PCs as possible with a special Trojan Horse. This malicious program lives in the PC without identifying itself or making any activity. However, when it receives a special command from the control center the Trojan is activated and starts sending network packets to the pointed victim. There can be hundreds and thousands of such computers, so it is not a surprise that the server “falls down”. In fact, such Trojans Horses are not harmful for a user, except that when he works his channel is overloaded.

Downloading and Installation of Other Software
Lately, spyware requirements have changed. All viruses were very small before, but modern Trojan Horses can be huge in size. This is because of their multi-functionality (for example spy-programs and remote administration utilities) and technologies they use. It is not always possible to place such big data volumes on user’s PC. That is why hackers use the following method: First a PC is infected with a small utility which connects to a certain server, downloads malicious spyware from there, installs and launches it. In this case multi-purpose downloaders are most dangerous as they enable a criminal to install different Trojan Horses on user’s PC. It depends on what is kept on the server at this moment.

Conclusions
So, we can be certain of the fact that modern Trojan Horses are really very dangerous for any computer connected to the Internet. It is also necessary to consider that modern programs can relate to two, three and more groups. Such Trojans can for example spy on the user, secretly download and install different software on his PC and take part in attacks.
It is not difficult to protect your PC from such threats. It is enough to have a regularly updated antivirus program, correctly set firewall and regular updates of OS and software.

How to Keep Anonymity in the Internet

2006-02-22T07:09:00.000-08:00

Speaking about network security it would be good to destroy the steadiest myth of Internet anonymity. The statement ‘I do not do something harmful, so I do not need anonymity. Let hackers worry about that…’ is in fact wrong. Just imagine that all pedestrians in the street know your home address, follow you and try to penetrate into your house. Nobody would like that. So, why so few Internet users pay attention to such important problem as anonymity? Today, more and more web resources offer users different information (it depends on their living place). For example, major informational business projects of USA do not show most important data to users that come from other countries. Isn’t that unfair? Yes, it is. In this article you will learn how to fix this unfairness.

Let’s start with the theory of networks and the Internet in particular. To be more specific, with describing the principal of addressing forwarded data packets. When you type any address in the browser line, first of all the inquiry is sent to DNS server which transforms the symbols line into a set of 32 ‘zeros’ and ‘ones’ – IP-address – which is used for routing. If a criminal knows this address he can learn a lot about the person who uses it. For example, his real location. It is done with the help of service ‘whois’ which can easily define user’s provider by his IP-address. Here the question rises: “How can users be protected?”

One of possible ways of protection is “hiding” with the help of proxy-server which is a kind of intermediary between a user’s PC and Network servers. We have already found out that the main “betrayer” is IP-address to get rid of which is impossible as it is needed for data routing. Proxy-server sends inquires to web-servers as if on behalf of itself. And proxy-server itself receives all the replied data. So, it may seem that using a proxy-server guarantees anonymity. But it is not that simple. It turns out that vast majority of proxy-servers send IP-address of the end user in their inquiries in a special field (x-forwarded-for). However, there are anonymity services but it is difficult to find them. By the way, you can check any proxy-server for anonymity on the website http://www.samair.ru/proxy/socks.htm

Another option of keeping anonymity in the Internet is using anonymizers. Anonymizers are just anonym proxy-servers that have their own web interface. Working with them is very easy. All you need is to visit the site and type address of the server you need in a special field. The inquired web page downloads and you can be sure of your anonymity. However, there are some weak points here. First, the speed of pages download can be much lower, and second, today it is practically impossible to find an anoymizer for free. Of course when these services just appeared nobody could even think of taking money for that. All that owners could afford was placing a couple of advertising banners. Nowadays users have to pay for the ‘luxury’ to stay invisible. Lately, more and more people are for considering anonymizers illegal. This is nonsense. The authority will also have to forbid selling wigs because some criminals would buy them to change their appearance.

So, now you know how to hide your IP-address. However, there are other, more active ways to track users. The most popular technology of tracking users is cookies. Cookie is a symbol line up to 4KB in size which is recorded in a special file on user’s PC by the web-server. This technology was developed to make using the Network easier. For example, an online-shop wants to “remember” a user and offer him some new goods, depending on the user’s preferences. In order to save data confidentiality a restriction was taken: only that server can read the information from cookies which had recoded it. Unfortunately, this is very easy to avoid. Banners and clicks counters can be seen on every page (most of these elements are loaded from their own servers). So we see that data can be recorded to and read from cookies by the clicks counter script. As a result, the system can follow all your web-route and learn all your preferences.

One more way of keeping anonymity in the Internet, and the most reliable one, is socks-protocols. The operation principle of this technology is alike with proxy-server’s work. Socks-server receives data from user’s PC, sends it to the web-servers and then forwards back reply data. However, they have some differences. First, user’s PC and socks-server “communicate” not in accordance with common rules, but by means of special protocols (socks4, socks5, etc.). As a result this makes sending user’s IP address impossible. Besides, socks-server itself transforms data from the user to inquiries for common protocols. It means that no server can “guess” that it sends data to an intermediary, not to the final user. Socks technology is very easy to use. All a user needs is to download a special utility SocksCap, install and launch it, choose the software for which he needs to get anonym connection (for example, Internet Explorer), type socks-server’s address and port. When launching browser from SocksCap he has nothing to worry about.

These are probably the most reliable means of making sure that you are invisible and anonymous in the Global network nowadays. Of course, the situation constantly changes and new technologies appear every day, so if you really want to stay completely anonymous during your Internet surfing – try to follow the latest news, especially Arovax News, as Arovax Company is hardly working on creating of Anonymizer software, that will solve all your problems and worries about anonymous use of Internet resources.

Arovax Antispyware and Arovax Shield roadmaps are updated!

2006-02-14T08:31:00.000-08:00

We would like to inform you that Arovax Antispyware and Arovax Shield roadmaps are updated.

Full information about Arovax AntiSpyware Roadmap you can find here>>>

You can find full information about Arovax Shield Roadmap here>>>

Detection and Removal of Spyware

2006-02-14T06:28:00.000-08:00

Rapid growth of modern informational Internet-technologies begets the development of the hardware-software and network infrastructure. However, it also causes a number of negative aspects that influence the improvement process of the IT-industry.
A wide range of negative, so to say ‘begotten by the Internet’, factors can be pointed out in the computer industry. They include: hackers, viruses, Trojans, SPAM, etc. Lately, another step in the development of the software – Spyware – appeared in the publicity. This article describes what Spyware is and how it can be fought.

What is Spyware?
Spyware represents ordinary embedded software modules that track and gather different information about your activity during your work on PC, redirect you on various companies’ sites during your surfing the Internet, open advertising banners of every sort and kind and do a lot of other unapproved spy activity.

Where can Spyware be “picked up”?
It is not that hard to “pick up” a Spyware. The most assured way of becoming infected is visiting warez sites or adult web-resources for those ‘over 18’. Be sure that your PC is infected if you had visited the sites mentioned above using not up-to-date Internet Explorer and without any antivirus and firewall installed. Why we are so sure about it? The thing is that authors of Spyware-programs do their best to place the infection on as much computers in the network as possible, so any new breach in the browser is a splendid opportunity for them.
Also, it often happens that Spyware-modules are bundled with different software. A perfect example of that are P2P-clients and a great number of suspicious programs from unknown developers.

How can Spyware be detected?
As a rule, the task to detect Spyware is many-sided and has a couple solutions:
1. Installation of Firewall (for example Outpost Firewall Pro, Norton Personal Firewall, Kerio Personal Firewall, etc.) that will immediately inform you about suspicious network activity of any program.
2. Installation of IDS (Intrusion Detection System) software that provide you with real protection in real time by immediately recognizing and stopping attempted, unwanted or malicious behavior by other programs. A perfect example of such software is Arovax Shield.
3. Installation of such specialized software for Spyware removing as Arovax Antispyware, SpyBot-Search & Destroy, Ad-Aware, MS AntiSpyware, etc.
4. Using special antivirus programs. In most cases, they can be found on the web-sites of major modern antivirus software.

How to remove found Spyware?
It is best to use proper software to ‘treat’ found Spyware programs. Such software cleans the registry correctly and removes all found spy modules and libraries. Consider the fact that some antivirus can only detect Spyware and in most cases are not able to ‘treat’ your PC from them.
You can also try to remove Spyware manually. However, this variant is suitable for experienced users only. In this case you will need not only to remove Spyware executing modules (you might need to load OS in safe mode) but to edit the system registry in order to get rid of harmful programs links as well.

How to protect your PC from further infections?
The receipt is simple: install all updates for your OS, install proper antispyware software, antivirus and Firewall, keep them always up-to-date and do not install suspicious programs from the Internet.

French Arovax fans created a full tutorial for Arovax Shield

2006-02-02T04:55:00.000-08:00

A website with a full tutorial for Arovax Shield http://xp.net.free.fr/tutos/Arovax.html was created by French ‘Arovax-lovers’ in order to help French beginners cope with computer security problems. The official site of Arovax Shield www.arovaxshield.com is mostly in English, which makes it difficult to understand for the majority of foreign users.

We are very grateful to our French friends for creating http://xp.net.free.fr/tutos/Arovax.html . Such users inspire us on further development and improving Arovax products and translating our websites and the programs into other languages.

You are allways welcomed with your suggestions on the Arovax Community Forum http://forum.arovaxcompany.com

We released multilingual version of Arovax Shield

2005-12-09T15:54:00.000-08:00

Dear friends,

We are glad to announce our latest release of Arovax Shield version 1.2.314!
Finaly we start to add localizations on different languages of Arovax Shield.
We start with Dutch language and 1.2.314 version already contains Dutch localization.
Also we fixed Bug with Autostart Folder monitoring as well as made some minor fixes and improvements.

As always you can download latest Arovax Shield release from our Download Section.

Enjoy new release and stay tunned for further Arovax news!

Arovax AntiSpyware 1.0 Beta (Free) is available for download!

2005-11-13T16:09:00.000-08:00

Arovax Company Accepts the Spyware Challenge
And Answers the Call!

Arovax Anti-Spyware: a standalone application for Home and Corporate users designed to keep your PC system clean of all forms of spyware, adware, trojan horses, keystroke loggers, security disablers and other malware. The program works under Microsoft Windows 98/Me/NT/2000/XP and does not interfere with other applications installed on users PC.

November 12, 2005 – Salem, Oregon, USA. Online Security and Privacy solutions oriented company Arovax LLC, mostly known for it’s brand new type of freeware personal security solution – Arovax Shield, announces a Beta version of it’s innovating, powerful, speedy and extremely easy to use Anti-Spyware scanner and remover named Arovax AntiSpyware designed to become a solid defense for PC systems by giving a fight back to the most dangerous online threats of the new century.

Beta-version of Arovax AntiSpyware protection includes following features and benefits:

Quick Scan, which allows you to quickly find out if your PC is infected and allows you to take appropriate actions if it is.

Deep Scan a great decision if you want to scan your entire PC for all sorts of malware infections and wipe them.

Remover is a functionality implemented in both above listed features allowing you to eliminate found infections for good.

Deep Scan Settings a special section which gives you ability to tune your Arovax AntiSpyware by choosing which disks and folders to scan.

Program Settings is a section of Arovax AntiSpyware which includes functionality of choosing application language and allows you to turn on a Run Scan at Windows startup feature.

Application Update is a great functionality added in Beta version making it possible for each user to do a Live Update of the application without visiting the website, thus having always up-to-date Arovax AntiSpyware solution.

Ignore List feature gives you a great opportunity to put the items Arovax AntiSpyware finds and which you consider “good” for you – to an Ignore list. Items in Ignore list are not wiped out by Arovax AntiSpyware Remover and they will not appear on your Scan results next time you scan your PC for infections.

Quarantine is a “final-plea” for infections you found. All removed items from both Scans are put to Quarantine. If later on you decide that one of these items shouldn’t have been deleted – just Restore it from Quarantine.

Scan Reports is a place where all logs of your scans are held. If you have any problems with infections on your PC and the way Arovax AntiSpyware deals with them – these logs are the first thing Arovax Spyware Specialists will ask you for.

Help & Support section contains a link important to those who need any help about the application and to those who want to participate in Arovax Community in order to help other members of Community and help us to make our products better.

Arovax AntiSpyware Beta version is not equipped with most of Features, Plugins and Add-ons which will be added in Release of this powerful anti-spyware remover. The main Goal of this Beta-version - is to discover bugs and check operability on all possible PC configurations, OS versions and in different conditions.

Arovax AntiSpyware is distributed exclusively over the internet. Actual version can always be downloaded from our website. Beta version is available for download for everyone free of any charge.

If you have any questions or inquiries, please contact Arovax Company:
mailto:info@arovaxcompany.com

Press inquires can be sent here:
mailto:press@arovaxcompany.com

Product Page:
http://www.arovaxantispyware.com

Arovax AntiSpyware on BetaNews!

2005-11-04T17:10:00.000-08:00

Just couples weeks have passed since we released Arovax AntiSpyware (Alpha) and it was already noticed on BetaNews (http://fileforum.betanews.com/detail/1131136869/1). Very pleasing news for us.

Missing Quarantine and Signatures Update features for sure will be added in the upcoming Beta release.

Multilingual Arovax Shield

2005-10-21T02:17:00.000-07:00

Dear friends!

We started our work on translating of everything on other languages. Some of our software end-users join us as volunteers. And we appreciate their help. We started from Arovax Shield and here we are: the French version of the website is practically ready:
http://www.arovaxshield.com/fr/.
If you find any bugs on it: language wise or code wise - please let us know.

We are to translate software now. Dutch version of Arovax Shield is planned for the nearest future as well.

Stay tunned!

-Arovax

Hacking AntiVirus

2005-10-18T03:23:00.000-07:00

Our operating systems are insecure. They are protected to a certain extent, but still insecure. The reason of this lies in the fact that they were designed and created at the time when the problem of security just did not arise. And even so-called “update services” were not intended to enable millions of users to defend themselves against a threat. It just happened that most of the discovered errors concern security. Trying to eliminate this defect users have to use third-party software – anti-viruses, firewalls, spam filters and anti-spyware. Installation of such software can produce a false impression of security. The user must not forget that this means of protection is not a magic wand but software, just like the operating system. It also can contain errors and be vulnerable.

For example, the resource http://www.rem0te.com contains some reports concerning discovered defects in popular anti-virus programs. The author of these reports shows critical vulnerabilities, by using which a malicious program can not only block the work of anti-virus software but also execute malicious code at the user computer.

Designing Arovax Shield we have faced a technical problem which, if solved in a wrong way, could cause vulnerabilities in our product. We have found our own solution but during the discussions a number of different variants were proposed, so we decided to check the least suitable variants with other software products dealing with real-time protection.

Our research has shown that many manufacturers either don’t pay attention to this problem at all or use an extremely insecure variant. For example, several producers of very popular anti-spyware programs use the following mechanism to unload their programs from memory before updating them: it’s enough to run the program with the “/u” key. And these producers claim that one of the key features of their software is perfect real-time protection! Just imagine, any malicious program can simply execute the command superantispyware.exe /u and then do whatever it wants.

Due to active investigations of security tools’ own security and discovering vulnerabilities in them many manufacturers create their own “update services” for their products. In Arovax, we also try hard to create a mechanism which will enable users to quickly and easily update our software. Our new products now provide the feature of Live Update. And we, as always, appreciate any your comments, requests and remarks.

Arovax AntiSpyware Alpha is available

2005-10-15T07:23:00.000-07:00

I would like to greet everyone, whom we already know, and those who already heard about us. We want to ask you for your help in evaluating of our new product.

So, Gentlemen, here we are with our new born child - Arovax AntiSpyware. On the current moment this product is in its Alpha mode and thus I sincerely ask you to avoid hasty conclusions about it, on the contrary, we sincerely ask you to HELP us in its Alpha-Testing.

Alpha version of Arovax AntiSpyware includes Smart Scan, Deep Scan and a Remover - ability to remove found parasites. Our Database contains 33171 records. We did not equip this version of program with any Features, Plugins or Addons, those will be available in final Release of Arovax AntiSpyware, as the main Goal of this Alpha-version - is to check operability of main engines - Scanner and Remover on all possible PC configurations, OS versions and in different conditions, and we sincerely rely on your help in this.

Current Engine is maximum optimized, fast and compact! Try Arovax AntiSpyware today and tell us what you think about it, because your opinion really counts in our Company and it is very important for us. What should we add? What should we fix? What should we better work on? What direction to develop?

Please post all your thoughts and comments here or e-mail to support (at) arovaxcompany.com.

You can download actual Alpha version of Arovax AntiSpyware on http://www.arovaxantispyware.com. Alpha version is available for download for everyone free of any charge.

Thank you guys for your understanding and your support,

Arovax

Two Wales - theory of fighting against spyware/malware/adware

2005-09-13T17:19:00.000-07:00

Two Whales

“Two whales” are two basic ways of fighting against spyware/malware/adware. In this short article we will tell you about the “two whales” of mankind’s confrontation with the misfortune called “spyware”.
So, from this point on, talking about spyware/malware/adware we will mean software which is installed (launched) at a user’s computer without the user’s knowledge, impedes their work and of which the user certainly wants to rid themselves to return to their normal full life.

Whale One – protecting the territory

The first thing you need is to prevent the enemy from getting to you territory. To locate it just when it crosses your border and to destroy it. To understand how to do this, it’s necessary to learn all paths that the enemy can use to cross the border and set there your traps. This method of protection is called Real-Time Protection (sometimes you can also come across the term IDS – Intrusion Detection Software). Many producers of anti-spyware build real-time protection mechanisms into their products to a greater or lesser extent. Such a mechanism tracks key settings of the operating system and informs the user of any attempt to modify them (Arovax Shield is one of such products). Then the user decides if the modification should be allowed or denied. However, there is one big drawback. Not only spyware applications change these settings but normal programs also do. If the software producer uses a signature base and blocks only what is known to them, they risk letting through a new, unknown enemy. If the software blocks all modifications (like Arovax Shield does), then the right to decide is passed to the user, but not all the users deeply understand all system settings (and besides, they do not have to).
Probably, the best solution would be a combined mechanism. At the moment when the system is modified, you not only issue a notification to the user but also indicate if the corresponding spyware is found in the signatures base.

Whale Two – cleaning the territory

This is like a cold war. Both parties are constantly increasing their military potential. Producers of anti-spyware software are improving their fight methods while producers of spyware are looking for new insidious ways to get in the user’s PC and dig in deeply. And it’s not always that the formers outdo the latters.
And when the first frontier is broken and the enemy crossed the border, the Weapon Number Two appears on the scene – a spyware remover. Remover (or Cleaner) is the program which will help to remove already installed spyware. First of all, it includes a reliable scanner which will scan the user’s computer, detect saboteurs (the installed spyware) and eradicate them. The most important thing at this stage is a good spyware base. The more signatures it includes, the more the possibility to detect the enemy.

Here are the mandatory components of such a product:
• Scanner which performs the PC scan and spyware detection by the known signatures.
• Remover (or Cleaner) which is responsible for eradication of the detected spyware.
• Quarantine. If a user is in doubt if the detected spyware should be removed, they can place it in quarantine before the removal and then remove. Later they will have the possibility to restore the removed information.
• Ignore List. Sometimes the scanner detects something that the user does not consider spyware/malware/adware or does not want to remove. Then such records are placed on a special list and will be ignored during the following scans.

Concerning selection of a spyware remover we recommend to pay your attention not only to the availability of the above four components but also to the quality of the signature base. A very important issue is how quickly the producer responds to the new threats appearance and updates the base.

(c) Arovax, LLC

Wellcome to Arovax Blog!

2005-09-09T12:44:00.000-07:00

Hello! We are Arovax Software and we are starting our blog now!

On the pages of the present blog we will try to represent the ongoing development of Arovax Company Products and interact with you, our customers, in an informal environment. Day by day we will tell you interesting things about us, our company and our products. We will discuss different topics and organize different contests in order to put something into our blog that will make it entertaining enough, despite or even contrary to the fact that we are a serious Security & Privacy company and our company-related websites should be of a serious nature.

Soon we will launch our special project.We will chronicle the development process of a new product which is being created by the Arovax team. You will witness the birth of the new product and day by day you will be able to follow and take part in every step of our Development team.

We constantly improve our current products and create new ones to fit your needs as much as possible. But we need a strong feedback from you - our users - in order to succeed in our goals and our mission. So please, don't hesitate to comment, ask, suggest and debate about everything we do. Your help will be highly appreciated.

Thank you all for staying with us.

Sincerely yours, Arovax Staff.

PS: You can use any newsreader that supports Atom to monitor our blog. Read more about Atom here.

The link to our RSS feed is: http://arovax.blogspot.com/atom.xml.