La Piazza

The arrival on the market of the new Microsoft operating system Windows 8, innovatively mixes the concept of the traditional PC with the touch devices and laptops. The update for users who want to try either out of curiosity or to improve their experience with other operating systems is tempting, right? However, before venturing out to try it and to prevent headaches, make sure your applications are compatible. For now, rest assured that if you need an antivirus for Windows 8, Panda Security solutions both for the consumer market to the corporate market, are fully compatible, as announced in the post on our Press Center titled Panda Security solutions compatible with Windows 8.

However, you will see that during the process of upgrading the operating system to Windows 8, the Microsoft wizard detects your product Panda 2013 as not compatible.

Why is this message?

Do not alarm yourself, the reason is because Microsoft’s compatibility details page still does not pick the updated information on the compatibility of the Panda 2013 products.

While Microsoft updates this contradictory message, how can you check product compatibility with Windows 8? Well, looking at the Windows Compatibility Center.

You see, this table contains the latest information on compatible products. Just type the name of your program in the search box, click search and voilá!

Is there a workaround for this until the Windows 8 update wizard displays the  correct product information?

Yes, there is. Just follow the steps listed below you:

1. Uninstall your Panda antivirus protection.
   NOTE: We recommend you do the same with all the programs Mirosoft detects as non compatible.
2. Update your operating system.
3. Once the operating system is updated, download the version of the Panda product you’ve purchased which is fully compatible with Windows 8. For more information see the article How to download and install the latest version of Panda 2013?

All the details, on the Panda for Windows 8 page. Don’t miss out!!

Publicado por Javier Guerrero, 28 Abril, 2010

Una de las características de Windows más odiadas, temidas y vilipendiadas por cualquier usuario, es el pantallazo azul, también conocido como BSOD, siglas de “Blue Screen Of Death”. Efectivamente, el BSOD es todo un incordio, y no sólo para el usuario sino también para nosotros, los desarrolladores : -)

En este artículo explicaremos de forma relativamente sencilla qué son los BSOD y qué los puede provocar, pero por desgracia no podremos garantizar la forma de evitarlos, algo prácticamente imposible debido a su propia naturaleza.

Una cuestión de error

Cualquier software que se ejecuta en un ordenador, ya sea una aplicación, un controlador de dispositivos, un antivirus, o el mismo sistema operativo, es susceptible de fallar, por los motivos más diversos: un error de programación, una situación de corrupción de archivos, un escenario no contemplado por el código, o incluso algún problema de hardware. Algunos errores son considerados como “leves” (entendiendo el término “leve” como “asumible por el software que lo sufre”) y otros de mayor importancia e incluso críticos. Los BSOD pertenecen a este último grupo de errores.

Normalmente, cuando un error “crítico” se produce a nivel de aplicación, en lo que conocemos como la “capa de usuario”, la situación suele manejarse sin problemas, apareciendo algún mensaje de error y finalizando el proceso en cuestión, como puede apreciarse en esta pantalla:

Mensaje de error en Windows 7

Sin embargo, cuando el error crítico ocurre en el nivel más “interno” del sistema operativo, en lo que conocemos como la “capa de kernel”, la cosa es muy diferente, ya que se está produciendo una situación anómala en la parte más frágil de todo el sistema operativo, lo que establece un escenario de inestabilidad y le impide continuar con garantías su flujo de proceso. Es entonces cuando el sistema nos lanza su pantalla azul, que es la forma que tiene Windows de notificar esta circunstancia.

¿Se puede sacar algo en claro de un BSOD?

En un pantallazo azul, el sistema intenta aportar cierta información sobre el problema; lo malo es que su contenido es tan técnico y tan específico y dependiente del error en cuestión, que para cualquier usuario sin los conocimientos adecuados, no es más que un galimatías sin sentido.

No obstante, algo sí que se puede sacar en claro, y es el nombre del módulo que ha causado (o en cuyo contexto se ha producido) el fallo. En la siguiente pantalla de ejemplo hemos remarcado en rojo el culpable del error:  driver “myfault.sys”:

Ejemplo de BSOD

Para cualquier usuario este último dato, sin ser fidedigno al cien por cien, es el más útil ya que nos aporta una pista de dónde puede estar la causa del problema.

Por ejemplo, si obtenemos un pantallazo azul que haga referencia al driver de la tarjeta gráfica, eso nos permite descartar otras posibilidades y centrarnos en dicho componente; es posible que se deba a un error de programación en el controlador que maneja el dispositivo, pero también el BSOD puede ser realmente un síntoma de posible problema físico en dicho dispositivo.

¿Por qué tengo que reiniciar después de un BSOD?

Es razonable preguntarse por qué Windows no ignora el error y continúa el flujo de ejecución del kernel. Pues sencillamente, para evitar males mayores. El sistema prefiere ir sobre seguro y no arriesgar en una parte tan sensible como es el kernel del sistema operativo.

Algunos datos curiosos o poco conocidos

Para terminar este artículo, me ha parecido interesante comentar algunos aspectos curiosos sobre los BSOD.

¿Sabías que….?

• En contra de lo que muchos pueden pensar, Microsoft se toma muy en serio los errores que se producen en el sistema. Tienen una enorme infraestructura para la recogida de errores, y un departamento dedicado exclusivamente a estudiar los informes de problemas enviados por los usuarios, y las cifras que maneja la empresa son mareantes: se analizan los errores remitidos por una cantidad brutal de máquinas, cuya media es superior a 400 millones de PCS.

• Las conclusiones de dichos estudios son bastante sorprendentes: por ejemplo, la inmensa mayoría de BSODs son causados por drivers (ya sean filtros de monitorización o auténticos controladores de dispositivos) pertenecientes a productos ajenos a la compañía, incluso por ejemplares de malware que se ejecuta en la capa kernel. El resto son producidos por fallos de hardware, y una mínima parte son bugs del propio sistema operativo. De esto se deduce que Windows por sí mismo no es tan inestable como habitualmente se cree.

• Existe la posibilidad de que el módulo cuyo nombre se muestra en el BSOD no sea el auténtico causante del problema. Efectivamente, no es inusual que la responsabilidad de un error crítico sea achacada a drivers cuyas especiales características de funcionamiento les hace estar “en el peor sitio y en el peor momento”; en la Unidad de Interceptación de Panda ya nos hemos encontrado varias veces con esta situación.

• Es perfectamente posible que, como usuario, nunca hayas visto un pantallazo azul en tu sistema, pero ¿en alguna ocasión no te ha pasado que el PC se ha reiniciado solo? Pues eso significa que has experimentado un error crítico, sólo que no has podido verlo porque tu Windows está configurado para reiniciarse automáticamente ante un error crítico. Este comportamiento es configurable desde el Panel de Control en la opción Sistema desde la pestaña Inicio y recuperación utilizando la opción Reiniciar automáticamente.

Pues hasta aquí el artículo sobre los tan odiados pantallazos azules.

Si tenéis dudas o comentarios, este blog queda a vuestra entera disposición.

Un saludo,
Javier Guerrero
Dept. Desarrollo I+D

Blue screens, also known as BSODs (Blue Screen of Death), are one of the aspects of Windows that users most loathe, fear and despise. In fact, we dare say they are annoying for users and developers alike : -).

In this post we will explain in a fairly simple way what BSODs are and their causes. Unfortunately, we will not be able to provide instructions on how to prevent them, as -due to their nature- that is virtually impossible.

A question of error

Any software running on a computer (applications, device controllers, antivirus programs or operating systems) can fail for several reasons: a programming error, a file corruption, an unexpected scenario or a hardware problem. Some errors are considered ‘minor’ (‘minor’ meaning ‘can be supported by the affected software’), while others are considered more important or even critical. BSODs belong to this last group.

Usually, when ‘critical’ errors occur at application level in what is known as the ‘user layer’, the situation is resolved without further problems: the error message is displayed and the corresponding process is terminated, as can be seen in the following image.

However, when critical errors occur at a more ‘internal’ level of the operating system – in what is known as the ‘kernel layer’ – things are different. This involves an anomalous situation in the most fragile part of the operating system, which causes instability and prevents normal functioning. The system launches a blue screen which is Windows’ way of reporting the problem.

Can any information be obtained from BSODs?

The system tries to provide information about the problem via blue screens. The downside is that the content is highly technical, very specific and depends on the error. Consequently, users without the necessary technical knowledge would not understand it.

However, the name of the module that caused the error (or the context) can be obtained. In the image below we have marked the cause of the error in red: driver “myfault.sys”:

BSOD

Although this data is not one hundred percent reliable, it is highly useful for users, since it provides a clue as to the source of the problem.

For example, if you get a blue screen referring to the graphic card driver, you can reject other possibilities and focus on that component; it could be due to a programming error in the device controller, or even a physical flaw in the device.

Why must computers be restarted after a BSOD?

It is normal to wonder why Windows doesn’t ignore the error and continue with the kernel execution flow. The answer is to avoid greater consequences. The system prefers to act safely and not run any risks in such a sensitive element as the operating system kernel.

Interesting data

To finish this post, I would like to reveal some interesting aspects about BSODs.

Did you know….?

• Despite what some people may think, Microsoft takes system errors very seriously. It has a large infrastructure to collect errors and a department which is exclusively dedicated to studying problem reports sent by users. Microsoft figures are surprising; on average, Microsoft analyzes errors received from over 400 million PCs.

• The conclusions drawn from these studies are astonishing: for example, most BSODs are caused by drivers (monitoring filters or authentic device controllers) belonging to products from other companies, including malware running on the kernel layer. The rest are due to hardware problems, and a few correspond to bugs in the operating system themselves. Consequently, Windows is not as unstable as it may seem.

• It is also possible that the module displayed in the BSOD may not be the real source of the problem. In fact, it’s not unusual for drivers to be blamed, when -due to their special features- they just happened to be ‘in the wrong place at the wrong time’. Panda’s Interception Unit has seen this happen many times.

• As a user it is possible for you never to have seen a blue screen on your system, but hasn’t your PC ever restarted on its own? That means a critical error occurred but you didn’t notice it because your Windows operating system was configured to automatically restart under critical errors. This action can be configured in Control Panel -> System -> Start and recovery, by using the Automatic restart option.

Hope this article gives you a little insight into blue screens.

And remember, if you have any queries or comments, this blog is at your disposal.

Best regards,
Javier Guerrero
Development Dept.  R+D

Posted by david, July 16, 2009

In the past few days, we have had reports from our customers regarding a notification from Windows Security Center (WSC) of Vista SP1 machines indicating that the Virus Protection is not compatible although the antivirus is actually working fine.

The guys from Microsoft’s Windows Security Center Team contacted us to inform that this isn’t the expected behavior and they are working hard to find a solution for this error.

On the other hand, we are currently developing an autofix (automatic hotfix) for our 2009 and 2010 products which will solve the problem by changing the way our products register against WSC. This autofix will be available through automatic updates during the next weeks.

The immediate solution is pretty easy, just navigate to Windows Update website and install Windows Vista’s Service Pack 2. Don’t you think it’s a good opportunity to update your system to Vista SP2? This update not only will solve this small problem but will also fix several security bugs.

Posted by Alvaro, July 10, 2009

Microsoft has publicly announced two new vulnerabilities in Internet Explorer:  

1 .Users get infected on clicking a link to a video

This vulnerability affects the Windows XP and Windows Server 2003 operating systems.

Workaround published by Microsoft

2. Exploit that causes a memory overflow

This exploit takes advantage of a Mpeg2tunerequest stack overflow vulnerability in the msvidctl.dll library. Upon exploitation, an attacker could gain the ability to take full control of a compromised system.

You can find information about this second vulnerability at http://www.microsoft.com/technet/security/advisory/971778.mspx

Microsoft has not publicly acknowledged this vulnerability yet, and so it hasn’t published any official solution.

So far, there is only the possibility of setting a kill bit for the vulnerable control. You can do so by saving this file with the extension .reg and running it as administrator:

 Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}]
“Compatibility Flags”=dword:00000400

There is no information about the operating system versions affected by this exploit.

The following video explains how TruPrevent Technologies protect against this type of attack.

                       Sean-Paul Correll from Panda Security

Proactive protection against the msvidctl.dll ActiveX control vulnerability from Panda Security on Vimeo.

All our clients with Retail and/or Corporate products with TruPrevent Technologies enabled are protected against this exploit.

Remember PandaLabs blog, everything you need to know about Internet threats.

Hi all. I’m Juan S. Fernandez, part of the technical support department for Panda USA. This will be my first post and I want to blog about something that we often get asked for in support, at least recently: How to deal with Conficker.

From Panda’s perspective, the current variants of Conficker are properly identified and removed. But still, you may have Panda installed in your network, and still, Conficker seems to be showing up all over the place… Your computers keep reporting that are infected, network traffic is slow, your users have problems logging on as your Domain Controllers are saturated… And you wonder what is going on.

Typically, by the time we receive a call in support regarding a Conficker network infection the customer has already expent hours (some times, days) trying to eradicate Conficker from the network. Isolating computers where Panda detected the virus, running tool over tool, to find nothing or just a few left over registry keys… but the problem never goes away. What gives!

Well, I’m sorry, but you are wasting your time. You are concentrating on the wrong computers. Panda correctly detects and disinfects Conficker. Current versions of Conficker will not be allowed to run on a machine that has a working and updated Panda antivirus on it.

 So why are you seeing the detections? You need to understand the way that Conficker operates to know where to look for it: Conficker will utilize different paths of infection. The machine where Conficker is running will try to hit other machines on the same network, exploiting some Microsoft vulnerabilities (See MS08-67 here ) If the target machine hasn’t been patched, Conficker will be able to bypass your computer security and by impersonating an admin account, drop a file on the computer system32. It will also try to add a scheduled task to run those files, among other things (I’m a support guy, not a virus researcher… I’ll let them do the technical explanation)

So what is your Panda doing about it? Well, Panda is preventing the execution of the files, and giving you the detection. But we cannot “close the hole” on your Windows OS. That hole needs to be closed by applying the appropriate Windows Update. Which one? ALL of them!

Note where I said that Conficker will not run on a computer that has a working, and updated Panda Antivirus. That is actually they key to realizing what you need to do: Make sure that ALL your computers have working and updated Panda protections installed. And at the same time, make sure that all your computers have all needed Windows updates installed. But don’t stop just there. Go ahead and patch all your software too: from Adobe reader, to flash player, Real Player… or you may find yourself fighting other viruses another day.

So what should be your plan of action if you start receiving Conficker infections? Find the computers that are not complaining about it. Ignore the ones that complain. The computers that are infected with Conficker will not have working protection installed. Make sure that your Antivirus deployment is complete, and make sure that all your computers have Panda installed.

You only need 1 computer without protection and infected with Conficker to have the rest of your machines “defending” themselves constantly against it, generating distracting warnings. I had one instance where “a mayor network attack by Conficker”  prevented user log-ins for hours on a 600 user network, and it was caused by a single Laptop that somebody had brought from home… Which, of course, did not have Panda installed. Establish strict policies for external computers brought over to your network, perhaps create a separate wifi network to allow them access to the Internet, without compromising your own security.

For added protection, set your Panda Antivirus to scan all extensions, as Conficker will try to use non standard extensions to foul the protections. You may need to create some exclusions to ensure application estability (like the exclusions for your Exchange server…)

This is where products like Panda for Business or Panda Managed Office protection really show their value. They allow to monitor what is going on on your network. Who has protection, who does not, who got what virus detected… and quickly adjust your computer’s  protection settings if needed. Panda for Business will even tell you if you have any computers on the network that are not integrated, or with protections that cannot be managed. NetworkSecure can even remove from the network computers whose protection has been disabled, to reduce the risk to the rest of the network. Or prevent connections from computers on certain ip ranges. On large networks, it can be installed directly from a Group Policy, reducing the deployment time.

Panda Managed Office Protection allows you to monitor the protection status of your computers, no matter where they are in the world as long as they are connected to the internet. And you can do all that without investing on extra servers or databases.

I hope that this blog may help some of you get Conficker out of your network. And until the  next post.