DCIG (Data Center Infrastructure Group Inc.) released their High Availability and Clustering Software Buyer's Guide that weights, scores and ranks over 60 features on 13 different software solutions from 10 different software providers. Veritas Cluster Server (VCS) achieved the "Best-in-Class" ranking and earned the top spot in this inaugural DCIG High Availability and Clustering Software Buyer's Guide.

Veritas Cluster Server earned the only “Best-in-Class” ranking, and for good reason. We ranked “Best-in-Class” and/or “Excellent” in all the categories that DCIG used for evaluation. Categories included operating environment and management capabilities. DCIG mentioned, “Making Symantec’s achievement so impressive was that it’s in a highly competitive space where most high availability and clustering software packages only focus on a few or even only one operating system. Symantec stands apart with its support for all standard operating systems and takes this support one step further by allowing failovers to be orchestrated across multiple operating systems.”

DCIG also spoke to various end-users to get a sense of how they would weight their needs in these various areas. DCIG then evaluated the vendors’ capabilities by applying weighting indicated from their conversations with these end-users. No vendors, whether clients or not, were afforded preferential treatment in the Buyer’s Guide. All research was based upon information provided directly by vendors, research and analysis by DCIG and other publicly available information.

For more information about our High Availability solutions please check out this page.

DCIG (Data Center Infrastructure Group Inc.) released their High Availability and Clustering Software Buyer's Guide (attached to this email) that weights, scores and ranks over 60 features on 13 different software solutions from 10 different software providers. Symantec's Veritas Cluster Server (VCS) achieved the "Best-in-Class" ranking and earned the top spot in this inaugural DCIG High Availability and Clustering Software Buyer's Guide.

VCS earned the only “Best-in-Class” ranking, and for good reason. VCS ranked “Best-in-Class” and/or “Excellent” in every single category that DCIG evaluated. Categories ranged from operating environment to management capabilities. DCIG mentioned, “Making Symantec’s achievement so impressive was that it’s in a highly competitive space where most high availability and clustering software packages only focus on a few or even only one operating system. Symantec stands apart with its support for all standard operating systems and takes this support one step further by allowing failovers to be orchestrated across multiple operating systems.”

DCIG also spoke to various end-users to get a sense of how they would weigh their needs in these various areas. DCIG then evaluated the vendors’ capabilities by applying weighing indicated from their conversations with these end-users. No vendors, whether clients or not, were afforded preferential treatment in the Buyer’s Guide. All research was based upon information provided directly by vendors, research and analysis by DCIG and other publicly available information.

The complete article can be found at http://www.dcig.com/2013/07/dcig-2013-high-availability-clustering-software-bg.html.

The complete report can be found at http://dcigbuyersguides.com/2013-high-availability-clustering-software-buyers-guide/

I have seen a few posts on the Connect Forums which talk about a variety of steps to get your current Enterprise Vault environment to EV 10 (or 10.0.1, 10.0.2, etc). Each expert has their own opinion of the steps which should be taken, and I'm not alone in that particular game either. I know that there are many options, perhaps too many?

Let's assume at the start of this exercise you have a nice, working, Enterprise Vault 9 server running on Windows 2003 SP 2 - it's old school stuff. Your storage is a network share. Your SQL Server is (of course) on a different server.

The options that I have seen discussed are :

* Forklift to new 64 bit hardware, with the same EV 9 version. Upgrade to EV 10.

* Use the Server Settings Migration Wizard to go to 64 bit hardware. Update to EV 10.

* Use the Server Settings Migration Wizard to go straight to EV 10 on 64 bit hardware

Each of these has their pro's and con's. Which would you recommend, and why?

A couple of days ago Microsoft announced the general availability of Office 2010 Service Pack 2.  There are quite a few articles on the internet about it, such as this one from bink.nu. There are also a huge number of downloads available, for individual components of Office, and other things like SharePoint Designer.

The main two, in my mind are:

32 Bit full installer

64 Bit full installer

The release of the service pack is some 2 years after Service Pack 1, and as you can imagine contains a huge list of fixes, and is a big download too (730 Mb for the 64 bit file, and 630 Mb for the 32 bit file).  Installation for me seemed to zoom along at first, and I thought it was only going to take 2 minutes to install the whole update.  But alas, no, it seemed to stop for a long time at about 95%.

Overall I think it took about 10 minutes to install the update - and it required a reboot on my Windows 7 machine.

I've not looked in detail through the updates, what I was interested in of course is whether or not it works with the Enterprise Vault Outlook Add-in, or not.

Now, remember, I am not official Symantec Support - for that you'll have to wait for it to be officially announced, but in my testing just now, I was able to:

- Install the Add-in when Office 2010 SP 2 was installed (ie a fresh install of the add-in on an Office 2010 SP 2 machine)

- Upgrade to Office 2010 SP 2 on a machine that already had the Outlook Add-in installed

- Perform basic tasks like opening archived items, synchronising virtual vault, searching.

It's system admin today and we've got a great offer lined up for all those system admins out there. For one day ONLY (today!), if you're a system admin, you can get two FREE sockets of Backup Exec V-Ray Edition.

So what are you waiting for? Email Iesa_Behbehani@symantec.com and ask for your free copy.

Since the beginning of the year, Japanese one-click fraud scammers have continued to pump new apps onto Google Play and the market has struggled to keep itself clean. Though many are removed on the day they are published, some remain for a few days. Although they have short lives, the apps must provide ample profit for the scammers as they show no signs of halting their development of new ones. Their tactic of abusing the search function on Google Play allows their apps to be easily bumped to the top of keyword searches. A test search carried out by Symantec resulted in 21 out of 24 top hits being malicious apps.
 

Figure 1. Search with only 3 out of 24 results not malicious
 

The scammers have been persistent as well, publishing apps almost daily amounting to over 1,200 apps in total being published over the last seven months.
 

Figure 2. Activity over seven-month period
 

Because of the success the scammers appear to be having, it seems a new player has come along to try their luck on the market. The new scam is a variation on the typical one-click fraud we see in Japan. The new type not only requires clicks, but it also requires users to send an email in order to register to become a member of a service, call a given phone number to acquire a password, and enter the password to log into the fraudulent site. That’s quite a bit of work to get through just to be scammed. Once the user successfully logs into the site, they are charged an annual fee of 315,000 yen, which is equivalent to approximately US$3,150, for watching online adult videos without any obvious prior warning of the fee.
 

Figure 3. Three developers previously posting malicious apps
 

The app is downloaded from Google Play.
 

Figure 4. App download page
 

Once the app is opened, the browser is launched to open an adult video site.
 

Figure 5. Adult video site
 

If the user tries to play a video from the adult site they are requested to register to become a member in order to watch all site’s videos.
 

Figure 6. Registration request page
 

An email is automatically drafted when the ‘send email’ button is clicked. All the user needs to do is to click on the “send” button.
 

Figure 7. Automatically drafted email
 

Shortly after, the service returns an email containing a link.
 

Figure 8. Email containing link
 

Clicking on the link takes the user to another service on a different site.
 

Figure 9. Another adult video site
 

This time when a video is selected, the user is asked to enter a password to log in.
 

Figure 10. Password request page
 

Clicking on ‘confirm password’ prepares the phone to make a call to a pre-determined number.
 

Figure 11. Phone preparing to call a pre-determined number
 

When the call is made to this number, an automated message tells the user the password. After logging into the site with the given password, a page appears on the browser informing the user of the registration details as well as notifying them of a whopping 315,000 yen annual fee due in three days.
 

Figure 12. Registration and annual fee details
 

I don’t recall reading anything about the service requiring an annual fee…although, wait a minute, there is a hidden link to a EULA on the page where the password is entered. The sentence where the link is states that to use the site you must be an adult who has agreed to the user agreement. The link is very faint compared to other text on the page.
 

Figure 13. Almost hidden link to EULA (highlighted in red box)
 

It does in fact state that the service has an annual fee in the EULA, if you can eventually find it that is. There are some very sneaky tactics being used here!
 

Figure 14. EULA
 

Because these apps only launch the browser to open certain sites, which request users to take additional steps to reach the final destination, it can almost be impossible for any system to confirm anything malicious about these apps. The manual steps required in this scam is another strategy used to keep the apps on the market as long as possible. Human analysis may be the only way to discover these sorts of apps. We have so far confirmed over 100 of these apps published on Google Play since the beginning of July. At the time of writing, there are currently still 30 apps, published by three developers, still available on the market. Symantec continues to inform Google about these apps so that they can be removed. Hundreds of users have downloaded the apps, but the actual number could potentially be over a thousand. It is unknown how many people have actually been tricked into paying the fee. The apps discussed in this blog are detected by Symantec products as Android.Oneclickfraud. Please take precaution when downloading apps, regardless of where they are hosted and we recommend using our Norton Mobile Security to help protect you.

今年に入ってから、日本語のワンクリック詐欺アプリが次々と Google Play で公開されており、マーケットはその削除に追われ続けています。詐欺アプリの多くは公開されたその日のうちに削除されていますが、一部は数日間残ります。ごく短命ではありますが、新しいアプリの開発が終息する気配がまったくないところを見ると、詐欺師にとっては十分な利益を上げていることは間違いありません。Google Play の検索機能を悪用する手口のおかげで、詐欺アプリは簡単にキーワード検索の上位に躍り出ています。シマンテックで試しに検索を実行したところ、ヒットした上位 24 個中の 21 個が悪質なアプリでした。
 

図 1. 検索結果 24 件のうち正常なアプリは 3 つだけ
 

詐欺師の執拗さもあいかわらずで、ほぼ毎日のようにアプリが公開されており、過去 7 カ月間に公開されたアプリの数は 1,200 個を超えています。
 

図 2. 7 カ月間の活動状況
 

これまでの詐欺が成功を収めたことを受け、「濡れ手で粟」を狙った新しい参入者も現れたようです。新しい詐欺は、日本で定番となったワンクリック詐欺の亜種ですが、クリックを要求するだけではありません。サービスのメンバーに登録するために電子メールを送信し、指定された番号に電話を掛けてパスワードを入手したうえで、そのパスワードを入力して偽サイトにログインすることも要求してきます。詐欺の手口としては、ずいぶん手間が掛かっています。サイトへのログインに成功すると、ユーザーはオンラインでアダルト動画を観るための年会費として 315,000 円を請求されます。ただし、料金について明確な事前警告はありません。
 

図 3.これまでに悪質なアプリを公開してきた 3 つの開発者
 

アプリは Google Play からダウンロードされます。
 

図 4.アプリのダウンロードページ
 

アプリを実行すると、ブラウザが起動してアダルト動画サイトが開きます。
 

図 5.アダルト動画サイト
 

アダルトサイトで動画を再生しようとすると、サイトの動画をすべて観るにはメンバーに登録する必要があると説明されます。
 

図 6.メンバー登録を求めるページ
 

［メール送信］ボタンをタップすると、自動的に電子メールの下書きが作成されるので、後は［送信］ボタンをタップするだけです。
 

図 7.自動作成される電子メールの下書き
 

メールを送信するとすぐに、リンクが掲載された返信メールが届きます。
 

図 8. リンクを含む電子メール
 

リンクをタップすると、異なるサイトの別のサービスにリダイレクトされます。
 

図 9.別のアダルト動画サイト
 

動画を選択すると、今度はログインするためのパスワードを入力するよう求められます。
 

図 10.パスワード入力を求めるページ
 

［パスワード確認］をタップすると、所定の番号に電話を掛けられる状態になります。
 

図 11. 所定の番号に電話を掛けられる状態になる
 

この番号に電話を掛けると、自動返信メッセージでパスワードが届きます。このパスワードを使ってサイトにログインすると、ブラウザでページが開き、ユーザーの登録情報が示されたうえで、315,000 円という法外な年会費を 3 日以内に支払うよう通知されます。
 

図 12.登録情報と年会費の請求
 

このサービスに年会費が必要だという情報はどこにもなかったはずですが、よく見ると、パスワード入力ページに利用規約への隠しリンクがあります。リンクが設定されている文章には、このサイトが成人用であり、利用規約に合意する必要があると書かれていますが、同じページの他の文章に比べると文字が非常に薄くなっています。
 

図 13.ほとんど見えない利用規約へのリンク（赤い線で囲んだ部分）。
 

利用規約には確かに、このサービスでは年会費が必要であると書かれています。もっとも、最終的にこれを見つけられればの話です。ここでは、実に巧妙な手口がいくつも使われています。
 

図 14.利用規約
 

これらのアプリは、ブラウザを起動して特定のサイトを開き、そこから何ステップかを経て最終的なページへとユーザーを誘導するだけなので、アプリが悪質であると断定することは、どのようなシステムでもほとんど不可能です。この詐欺がわざわざ手動の手順を要求しているのは、アプリをできるだけ長くマーケットに滞留させようとする新しい戦略です。この手のアプリを発見するには、人手による解析に頼るほかありません。シマンテックが確認したところでは、こうした悪質なアプリが 7 月初め以降 100 個以上も Google Play で公開されています。この記事の執筆時点で、前述の 3 つの開発者によって公開されたアプリがまだ 30 個もマーケットで入手できる状態になっています。シマンテックは、このようなアプリが発見され次第削除できるように、Google 社への情報提供を続けていきます。これらのアプリをダウンロードしたユーザー数は数百人ですが、実数は 1,000 人を超える可能性もあり、いったい何人が騙されて料金を支払ってしまったのか実態は不明です。シマンテック製品では、今回のブログでお伝えしたアプリを Android.Oneclickfraudとして検出します。アプリをダウンロードするときは、公開されている場所にかかわらず予防対策を講じてください。ノートン モバイルセキュリティを使って保護することもお勧めします。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Nick D'Aloisio hit the headlines recently by selling his Summly app to Yahoo for an estimated £18 million, which is not bad at all when you consider he is still a teenager.

So now you are hoping to emulate him. Fine. But first, although this may be stating the blindingly obvious, you need an idea. Let me rephrase that: you need a very good idea. But that doesn’t mean it’s just a very good idea to you. Other people need to think so, too, and not just your best mates, your parents, or devoted partner. I mean people you don’t know who would be willing to fork out their money for your app only after you’d convinced them it was worth every penny and a bit more. That, after all, is the ultimate test of anyone’s sincerity when it comes to doing business.

They do like it and would buy it? Great. But have you found out if someone else has already got there before you. Are there hundreds, even thousands, of people already happily using an app that’s all but identical to yours? No? Then time to move up the apps ladder to the next level.

Now, while your app should be exceptional to truly succeed, it should also be fairly easy to create. Anything intricate and complicated is likely to backfire: too expensive, with much reduced prospects of even breaking even, never mind setting you up for life. Speak to someone who has been through the experience. Find out what went wrong and why. That will set you in good stead.

What about the start-up capital? In the current climate it’s unlikely any bank will start throwing cash at you, but friends and family are a natural starting point.

Okay, time to roll up your sleeves, which could be literal or metaphorical. In other words, are you the one with the actual IT skills to create the app yourself of are you going to have to invest in the services of a computer engineer. When you find out what they charge per day – anything up to £1,000 a day is not that uncommon – you may well decide to invest in yourself and develop the required skills. But you don’t have to be all alone in this task. Several online and real-world code academies can help you. Some simple desk research and Google will typically show names such as Steer and Code Academy.

Then there is the matter of confidence… of your potential customers…. in you. How can they be absolutely sure that your app is coming from a risk-free source? Packaged software, of course, uses branding and trusted sales outlets to assure users of its integrity. But these are not available when code is transmitted on the Internet. Also, there is no guarantee that the code hasn't been altered while being downloaded. So you need to be able to assure everyone from the outset that you – and your apps – are to be trusted.

On which note, it’s worth taking a look at Microsoft's solution to these issues – Microsoft Authenticode. This allows developers to include information about themselves and their code with their programs through the use of digital signatures. And while Authenticode itself cannot guarantee that signed code is safe to run, it tells users quite clearly that the software publisher is participating in an infrastructure of trusted entities. That way, it serves the needs of both software publishers and users who rely upon the Internet for the downloading of software. Digital signatures ensure accountability, just as a manufacturer's brand name does on packaged software.

So, now you have an app to tell people about, and they know it’s trustworthy across multiple platforms from Windows OS to Android to Windows Phone, how do you market and make some real money out of it? Sadly, there’s no magic formula. You app may be exceptional, but so, too, will be many of the countless other apps out there, clamouring for attention. So you want to make sure that your claim to fame, all things being equal, is un-equalled!

To which end, I came across some useful pointers recently on how to get this right – from the development and marketing team at Telerik Radcontrols for Windows Phone. Their ‘How to promote your Windows phone app on a tight budget’ guide contains a number of tips to help make you a savvy app entrepreneur. Just as helpful, if you go to: http://www.telerik.com/products/windows-phone/getting-started/resources.aspx, you can download a Windows app for free that allows you to browse through more than 100 examples to help inspire you.

Oh, and good luck!

We're testing SEP 12.1.2 on a 64-bit Windows 7 Pro client.    When we run a full scan, sometimes we get a large difference in the number of files scanned.   For example, sometimes SEP will report 170,000 files scanned, then if we immediately run another full scan, SEP will report 80,000 files scanned.  

The answer from Symatec Support is that this is normal behaviour for  the SEP 12.1 client.

Support says that the first full scan after an AV defs update rescans everything, including the file cache.  Subsequent full scans performed before the next AV defs update does not rescan everything as some files are marked as already having been scanned.   Support says the product was designed this way for performance.   

In our scans, we're seeing between 1,500 and 3,000 files trusted, but the apparently the number of trusted files are not the reason for the difference in the full scan counts.

We tested full scans with Insight turned off and the results were consistent with the higher number of files (about 170,000).   The only reason for this that I can think of is that turning off Insight for scans always forces scanning of all files similar to that which happens after an AV pattern update in addition to trusted files..

So, the bottom line is that after talking with support we've turned Insight back on for scans.   Evidently, what we are seeing is normal and is just the way the product works.  We've got SEP 12.1.2 running on both 32 and 64 bit clients and the full scans all act the same - high file count after an AV pattern update then subsequent full scans report a lesser number (~50% fewer) of files scanned until the next AV defs update.

Thousands of years ago, news traveled at the pace of man or animal. I mean to say you would only learn what someone else was doing or what was happening either in the next town, village, kingdom, etc. only as fast as it could physically get to you. It took days, weeks or months to learn that your neighbors had a new means of creating fire, that the wheel was invented, that an army was headed your way or that there was a disaster. This made our ability to learn from each other and improve on what we learned slow, inconsistent, and unreliable.

I’ve heard on TV shows, online and in movies that there are those that believe much of the technology we have today came from visiting aliens. That we captured them, or they willingly shared it with us, and we use it in military equipment and then slow roll it out to the general populace. I won’t argue whether or not this is true but I have another hypothesis, the speed at which information is shared, processed and stored is the key factor in the ability for the human race to have accomplished so much in the last 100 years.

Over time we invented faster means of physical transportation. We were able to cross large spans of land on horses and camels and we could cross large waterways with boats. This evolved to trains and ships and then to airplanes. While physical transportation was evolving a new type of communication was born, electronic. The ability to transmit messages at near speed of light over wires, then over the air, completely changed our ability to communicate. We could now in moments transmit information from one side of the country to the other in seconds, no pony express, train, or plane could beat it. That evolution continued to progress until we were able to not only transmit verbal information but data.
 

The ability to collaborate with someone on data across the country or the world catapulted our ability to advance in ways people of the past hadn’t yet dreamt. The other advancement that was part of this evolution was the ability to use machines to interpret and calculate data at speeds impossible for the human brain. This allowed us to perform work in weeks that would have taken years. As this computing evolution proceeded those weeks turned into days, then to hours, minutes and seconds. Now the experiments that the scientist, engineer or economist would have spent lengthy amounts of time and brain energy on was complete faster and without as much effort. Now we start seeing the fruits of those labors more rapidly. The time to market continued to decrease and the illusion that we are using other worldly technologies becomes less plausible. What we are using are “external brains” that are smarter and faster than we but that we invented through the sharing of ideas and information.

Brains also store information.. In the past we were limited by our ability to retain our learning and knowledge. Cave walls, stone pillars and statues, papyrus, scrolls and paintings supplemented our brains in an effort to keep the information longer and to more easily share it. Unfortunately, these methods have the misfortune of being a slave to time. They deteriorate, can easily be altered, aren’t easily shared and they need to be physically secured. The advent of the ability to read and write brought on by the creation of mass distributed books and periodicals opened up a new door to the masses to get reliable or not so reliable information. This still required transportation to get the message to spread. Today we have the ability to store that data in near perpetuity, as it was originally written, leaving nothing to interpretation and deliver it in seconds. Now we can share news from the other side of the earth in a moment and refer back to it years to come.
 

Our technology enables us to create, compute and understand at a rate of speed that provides the illusion that our performance exceeds our means. If the Egyptians could build the pyramids with the ancient technology they created, why it is so hard to believe that we could create what we have today with the technology at our disposal?  This is just my hypothesis on a factor or two of the advancement of human intelligence. I’m sure genetics, evolution, and environment might have something to with it but I’ll leave those topics for others smarter than I.

My only ask is that we take the time to understand that we aren’t slowing down and the need to protect the ability to process the data and to secure the data we have in ways we haven’t considered in the past. Putting knights with Halberds at the door to your data center won’t do you much good when the Huns are approaching via a piece of malware embedded in a link via email or there is a vulnerability in your web app that is the equivalent to leaving the key to the royal library out for anyone.

Our security needs to match our abilities to create and learn and we need to assess of strengths and weaknesses regularly lest we fall to adversaries more powerful than we. To achieve this we need to engage experts that can help us determine our risks and vulnerabilities and recommend actionable changes that improve our security posture thereby protecting our second most critical asset, information systems. (People are still the most critical.)

Earlier this month, Symantec discussed the discovery of the Master Key vulnerability that allows attackers to inject malicious code into legitimate Android applications without invalidating the digital signature. We expected the vulnerability to be leveraged quickly due to ease of exploitation, and it has.

Norton Mobile Insight—our system for harvesting and automatically analyzing Android applications from hundreds of marketplaces—has discovered the first examples of the exploit being used in the wild. Symantec detects these applications as Android.Skullkey.

We found two applications infected by a malicious actor. They are legitimate applications distributed on Android marketplaces in China to help find and make doctor appointments.  Click here to learn more about these threats from our Symantec Star Response Team Blog.

Is your data protection solution vCloud Director AWARE? The introduction of VMware's vCloud Director included a new IaaS offering that layers on top of the existing vSphere product suite. This means yet additional challenges for backup and recovery professionals to work around.

Symantec experts will be addressing this topic on an On Air Google+ Hangout on Wednesday, August 7th.

Tune in to this Bonus Session of our Google+ Hangout Virtual Vision series to learn more about backup and recovery challenges with vCloud Director. Our experts will share how we solve them in one of the largest vCloud Director deployments in the world and discuss the difference between vCD API and VADP in this interactive session.

Get your questions answered live by our expert panelists during the event by submitting your questions to the hashtag #SYMCHangout.

Mark your calendars:

Title:                BONUS SESSION: Backing up vCloud Director | What's the difference between the vCD API and VADP?

Date:                Wednesday, August 7, 2013

Time:               Starts at 9:30 am PT

Length:            1 Hour

Where:             Google+ Hangout: http://bit.ly/12frQY7

Panelists include:

• Jason Puig, Manager Product Support
• John Kjell, Sr. Software Engineer
• Abrar Hussain, Sr. Manager of Engineering
• Alex Sakaguchi, Product Marketing Manager

Is your data protection solution vCloud Director AWARE? The introduction of VMware's vCloud Director included a new IaaS offering that layers on top of the existing vSphere product suite. This means yet additional challenges for backup and recovery professionals to work around.

Symantec experts will be addressing this topic on an On Air Google+ Hangout on Wednesday, August 7th.

Tune in to this Bonus Session of our Google+ Hangout Virtual Vision series to learn more about backup and recovery challenges with vCloud Director. Our experts will share how we solve them in one of the largest vCloud Director deployments in the world and discuss the difference between vCD API and VADP in this interactive session.

Get your questions answered live by our expert panelists during the event by submitting your questions to the hashtag #SYMCHangout.

Mark your calendars:

Title:                BONUS SESSION: Backing up vCloud Director | What's the difference between the vCD API and VADP?

Date:                Wednesday, August 7, 2013

Time:               Starts at 9:30 am PT

Length:            1 Hour

Where:             Google+ Hangout: http://bit.ly/12frQY7

Panelists include:

• Jason Puig, Manager Product Support
• John Kjell, Sr. Software Engineer
• Abrar Hussain, Sr. Manager of Engineering
• Alex Sakaguchi, Product Marketing Manager

In a recent blog entry we covered how scammers continue to publish malicious apps on Google Play and how the Android app market is struggling to keep itself clean.

In many cases it is difficult to quickly identify any malicious intent of applications and in-depth analysis is often required to be truly safe—a challenge for Google Play’s publishing process to prevent malicious apps from slipping through.

Symantec Security Response has discovered 14 applications, all published by the same developer, that allow the developer to create connections to any website of their choosing. The malicious component runs in the background as an Android service and communicates to a number of command-and-control servers that wait for developer instructions on how to build HTTP requests. The remote-control component accepts a broad number of options and may be well suited to generate revenue through abuse of pay-per-click services.

The following applications published on Google Play contain this malicious component:

• com.cyworld.ncamera
• com.kth.thbdvyPuddingCamera
• com.tni.pgdnaaeTasKillerFull
• com.greencod.wqbadtraffic
• com.teamlava.nbsbubble
• com.bestappshouse.vpiperoll2ages
• com.ledong.hamusicbox
• com.ktls.wlxscandandclear
• maxstrom.game.hvihnletfindbeautyhd
• org.woodroid.muhflbalarmlady
• com.lxsj.rbaqiirdiylock
• com.neaststudios.wnkvprocapture
• com.gamempire.cqtetris

These infected applications are mostly in popular categories like games and accessories, such as a camera app for instance.

Symantec detects these apps as Android.Malapp and notified Google of their presence. The apps have been removed by Google. We recommend installing a security app, such as Norton Mobile Security or Symantec Mobile Security, on your device. For general safety tips for smartphones and tablets, please visit our Mobile Security website.

We love our Connect community members and once again we're celebrating SysAdmin day. Check out this blog to find out how we are sharing the love with you!

Happy International Sysadmin Day!

Tell us something crazy that's happened in your world and we might make it worth your time!

We love our Connect community members and once again we're celebrating SysAdmin day. Check out this blog to find out how we are sharing the love with you!

Happy International Sysadmin Day!

Tell us something crazy that's happened in your world and we might make it worth your time!

We love our Connect community members and once again we're celebrating SysAdmin day. Check out this blog to find out how we are sharing the love with you!

Happy International Sysadmin Day!

Tell us something crazy that's happened in your world and we might make it worth your time!

Happy July 30th.

In case you missed it, Symantec just published its June quarter earnings (our fiscal first quarter).   I've included the highlights below plus a link to the full press release. If you're interested and in the right time zone, there's also information on our earnings conference, which happens at 2 p.m. Pacific today (July 30th). If you can't make the earnings conference and want to hear what's said, we typically publish a link to a replay of the conference, plus related financial information on our Investor Relations Page at http://investor.symantec.com/investor-relations/default.aspx

Conference Call

Symantec has scheduled a conference call for 5 p.m. ET/2 p.m. PT today to discuss the results of its fiscal first quarter 2014, ended June 28, 2013 and to review guidance. Interested parties may access the conference call on the Internet at http://www.symantec.com/invest. To listen to the live call, please go to the website at least 15 minutes early to register, download and install any necessary audio software. A replay and script of our officers’ remarks will be available on the investor relations’ home page shortly after the call is completed.

Link, Highlights and Short Excerpt of News Release

http://investor.symantec.com/investor-relations/press-releases/press-release-details/2013/Symantec-Reports-Record-June-Quarter-Revenue-and-Non-GAAP-EPS/default.aspx

Symantec Reports Record June Quarter Revenue and Non-GAAP EPS

• Organic FX adjusted revenue grew 3%

• Non-GAAP operating margin expanded to 25.3%

• Non-GAAP EPS of $0.44 grew 7%

MOUNTAIN VIEW, Calif. – July 30, 2013 – Symantec Corp. (Nasdaq: SYMC) today reported the results of its first quarter of fiscal year 2014, ended June 28, 2013. GAAP revenue for the fiscal first quarter was $1.71 billion, up 2 percent year-over-year and up 3 percent after adjusting for currency.

Click to Tweet: #Symantec reports record June quarter revenue and non-GAAP EPS: http://bit.ly/160O2rn

"I’m proud of the team’s performance despite the ongoing work to right-size and transform the company. I’m also pleased that we delivered better than expected results," said Steve Bennett, president and chief executive officer, Symantec. "While the hard work is just beginning, I’m confident we have the right team in place to execute our multi-year roadmaps, implement our critical go-to-market changes and continue to make progress on our successful transformation."

"We achieved better than expected results driven by strength in our backup, information security and endpoint security businesses," said James Beer, executive vice president and chief financial officer, Symantec. "During a period of planning and significant resource reallocation, we executed well and grew organic revenue by 3 percent. The magnitude of change we are undertaking is substantial and so as we move increasingly into the implementation phase of our transformation, we remain cautious on our outlook for the coming quarter."

Kashmir Hill, a reporter for Forbes, found out just how easy it is to hack a smart home. By “Googling a very simple phrase,” Hill was presented with a list of homes with automation systems from a well-known company. “[The] systems had been made crawl-able by search engines,” says Hill, and because the now discontinued systems didn’t require users to have a username or password the search engine results, once clicked, allowed her full control of the system. Hill contacted two of the homes she found online and, once she had asked for permission, demonstrated her ability to switch on and off lights in the homes. Hill also had the ability to control a range of other devices in the homes. This is just one example of the potential security issues surrounding home automation systems.

Home automation, the automation of things like lighting, heating, door and window locks, and security cameras  is a relatively new, but rapidly growing market currently worth US$1.5 billion in the US alone. But as with any new technology, there will inevitably be potential security risks.

Security researchers will give two separate presentations at the Black Hat 2013 security conference on security vulnerabilities in home automation systems. One of the presentations will discuss a vulnerability in a proprietary wireless protocol, Z-wave, that is used in a range of embedded devices such as home automation control panels, security sensors, and home alarm systems. The flaw allows for the encrypted communication of a Z-wave device to be intercepted and used to disable other Z-wave devices. A second talk, ‘Home Invasion 2.0,’ will present vulnerabilities discovered after several popular home automation systems were looked at. “We looked over somewhere in the range of 10 products and only found one or two that we couldn’t manage to break. Most didn’t have any security controls at all,” said Daniel Crowley of SpiderLabs. Many of the devices allow the user to download an app for their phone that allows them to control the automated system remotely. The researchers found that many systems used no authentication when communicating between the mobile device and the home system, creating opportunities for a malicious actor to take control.

Approximately three percent of homes in the US currently have home automation systems installed, but that number is set to grow, with some analysts projecting an increase that will see it reach double digits in the next few years.

In the rush to adopt new and exciting technology, keeping that technology secure may sometimes be placed low on the list of priorities. Hopefully, the vulnerabilities uncovered by this and other research will help highlight the importance of good security.