| |
| |
|
Security Information |
|
|
|
The Move to a New Anti-Virus Model
This is the second in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions. Reason #1: the Basic Model Anti-virus software vendors still rely on yesterday's methods for solving today's problems: they wait for the next virus to wreak havoc and then produce a solution. That worked for a long time when a virus would take years to traverse the world. But in this fast-paced Interet-crazed world we live in today, this type of solution is no longer applicable. Now a virus can traverse the world and infect millions of computers in minutes. In the good old days a virus traveled by floppy disk. Put a floppy in your computer and save some data to it and the virus would infect the floppy. Then unwittingly put the infected floppy in another computer and presto the new computer would become infected. (I'm skimming over a lot of detail here to make a point). So the virus' progress was slow and steady. Anti-virus vendors had time on their side. They had the time to get a copy of the virus, dissect it, run it through a series of tests to come up with a signature string (see below for definition), put the string into a database of strings to search for when scanning your hard drive (and floppies) and release the new database to the public. Ten years ago this system worked very well. But now everyone is connected via the Internet. Now, using email as a transport point, it doesn't take years to gather momentum, instead it takes a matter of minutes. And here is where the model breaks. Step back and ask yourself the following question: if vendors can catch "known and unknown viruses" as their literature states, how then is it that we continue to have virus problems? The answer lies in the fact that virus authors have been more creative in coming up with new ways to infect and wreak havoc and the software industry has not responded in kind, preferring to stay embedded in its old fashioned methodologies. Why don't the old ways work any more, you might ask? It's relatively simple. Let's go through the steps. A virus author unleashes NewVirus via email. He mass mails his virus to thousands of people. Some, not all, unwittingly open the attachment thinking it's from a friend or the subject is so enticing that they are fooled into opening it without thinking it's a problem (cf. nude pictures of Anna Kournikova). The email attachment immediately starts emailing everyone in his contact list and embeds itself into his operating system so that it's activated every time he turns on his computer. The folks he emails in turn get fooled into thinking the email is valid and they open the attachment. Very quickly all hell breaks loose. Agencies which monitor Internet traffic see problems arising with the sudden spikes in email traffic and they begin to get calls or emails alerting them to the fact that there's a new problem. Samples are obtained and sent off to anti-virus vendors. They pass the emails through a series of tests to analyze what exactly the virus does and how it does it. Additionally analysis is performed to extract a unique string of 1's and 0's to identify this attachment as none other than NewVirus. This is called the signature string. It's important that whatever string is arrived at does not exist in any other program or piece of software; otherwise, you will get what is commonly called a false positive. Quick digression on "false positives": if a vendor arrives at a unique string that just happens to be embedded in Microsoft Word, then every time a user runs a scan of their hard drive, Microsoft Word will be identified as being infected with NewVirus. Users will uninstall Word and re-install only to learn that they are still infected. There will be complaints; the vendor will be forced to re-assess the signature string and re-release his list of strings and admit the error. Typically signature strings are matched against a whole boatload of commonplace software just to protect against this occurrence, but it still happens and vendors learn to add new software to their test beds. OK, so the vendor has arrived at a signature string. Next? Implement the string into their string database so that when their scanners are scanning they will match what's on your hard drive to what's in the database. After the database has been updated they release the database to their customers in what's commonly called a "push" where they send the updates to their primary users. If you did not buy into this service, you must know enough to log into your anti-virus vendor and update your software so that you stay current. So where are we? The bad guy -or problem teenager- has unleashed NewVirus. NewVirus has infected thousands of computers; vendors have been alerted; NewVirus continues to infect; solutions are achieved and "pushed" to corporate clients; NewVirus continues to infect hundreds and thousands of computers; corporate clients breathe a sigh of relief and alert their users as to the new threat. Thousands, if not millions, of computers become infected and need to be cleaned because the best way to solve the virus problem is to wait for each new virus to come along and solve on a case by case basis. But if you sat back and said: what if? What if you categorized all the things a virus can do (or could do), built a series of computers to allow any email attachment or program to have full rein of a computer (much like it would have on your own computer - such a computer is called "honeypot") and then analyze that computer for unwelcome behavior? That would be a true pre-emptive strike against all malicious software. This is the behavior-based model. Such a model would actually protect you unknown viruses, along with all the known 70,000 viruses. In part 2 we'll discuss the risks and security failures of having distributed vendor software on your desktop. About The Author Tim Klemmer Tim Klemmer has spent the better part of 12 years designing and perfecting the first true patented behavior-based solution to malicious software.
MORE RESOURCES: PA announces halt to security coordination with Israel; US cautions against move The Times of Israel UN Security Council to hold emergency meet following lethal Jenin sweep The Times of Israel NSA Launches Unprecedented Hiring Effort in 2023 National Security Agency Third-Party App Stores Could Be a Red Flag for iOS Security Security Intelligence Clean energy is national security The Hill Countries Gather for U.S.-Canada Co-Hosted Proliferation Security ... Department of Defense Registration for The Security Event 2023 is open Security Magazine Study: Interactive security prompts help promote more secure ... Virginia Tech Daily Biden Administration Announces Additional Security Assistance for ... Department of Defense Oregon has failed to address its water security crisis, government ... Oregon Capital Chronicle Ecuador says illegal mining is national security threat Reuters Canada Facebook, Instagram Blasted for 'Lame' Security Practices BankInfoSecurity.com African Leaders Discuss Path to Food Security at Dakar Summit Voice of America - VOA News The Importance Of Understanding Vulnerability Management Frameworks To Prioritize Security Responses Forbes Changing Perspectives: How Bottom-Up Studies Can Improve Water ... Columbia University Former CEO Of Email Security Company Sentenced To Five Years ... Department of Justice Data Lake Security: Dive into the Best Practices The New Stack Employee Security – 7 Best Practices to Consider Security Boulevard US arms sales jump by 50% in 2022 amid security concerns over war in Ukraine, China aggression Fox Business CISA’s Joint Cyber Defense Collaborative to tackle energy, water security in 2023 The Record by Recorded Future Five best security keys for iOS 16.3 AppleInsider The Empty Promise of 'Rigorous Security Vetting' in New Migrant ... Immigration Blog South Huntington School Board votes to hire armed security officers to patrol outside buildings WABC-TV Ubuntu Pro: Comprehensive subscription for open-source software ... Help Net Security Prove Identity hires Amanda Fennell as CISO and CIO Help Net Security Menendez gets seats on transportation, homeland security committees New Jersey Globe | New Jersey Politics Wimbledon to step up security amid pro-Russia demonstrations at ... Sports Business Journal 5 Manual Tasks Security Professionals Solve with Compliance Software Security Boulevard California allocates $20M toward abortion clinics' physical, digital ... Jefferson Public Radio The Definitive Browser Security Checklist The Hacker News The Week in Security: After breach, ‘unusual activity’ detected in GoTo and LastPass dev enviro... Security Boulevard Members of Congress sign up for TikTok, despite security concerns Minnesota Reformer Better Together: Why Data Security and Privacy Go Hand-in-Hand Security Boulevard At Marine Raiders' homicide trial, questions center on security video Marine Corps Times DHS Continues to Prepare for End of Title 42; Announces New ... Homeland Security 3 Relatives Get Life in Prison for Killing Security Guard Over Mask Dispute The New York Times More Than $3 Billion in Additional Security Assistance for Ukraine Department of Defense How Schools Have Boosted Security as Shootings Become More Common The New York Times Remarks by President Biden on Border Security and Enforcement The White House |
|
|
|
RELATED ARTICLES
Fishing for Fortunes. Scam! Spelt phishing, but pronounced as above, this despicable act is an effort to batter your bankroll or commandeer your cash.To put it simply, you can get emails from account administrators, which strongly urge you to update details attached to that account. Internet Shopping - How Safe Is It? Millions of people make purchases online, but many people are still wary. They fear the unknown and have many doubts and questions about who they are dealing with. Data Security; Are Your Company Assets Really Secure? Is your data secure? Think again. Securing data is unlike any other corporate asset, and is likely the biggest challenge your company faces today. Desktop Security Software Risks - Part 1 This is the second in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions.Reason #2: the Desktop Security Software RisksThe risks of placing software on the desktop are such that I will be breaking this article into two parts. Mail Forwarding - Why Would You Do It? First of all we need to get some terms stated. I have been in the business for just over two years and there is still some confusion over the topic. Protection for Your PC - Painless and Free! Viruses, Bugs, Worms, Dataminers, Spybots, and Trojan horses. The Internet is a veritable minefield of things that can invade your PC and affect it's Security and Performance. Don't Become An Identity Fraud Statistic! "You've just won a fabulous vacation or prize package! Now, if you'll kindly give me your credit card information and social security number for verification purposes, you will receive this awesome gift!"Now why would they need my credit card or social security number to send me a freebie? Can you say, "identity theft?"Although there are legitimate reasons for people to need that information, such as a purchase or job application, thieves need it to steal your life and money from you!Crime officials are reporting that this kind of theft is becoming quite common. Don't be a victim! Follow a few common-sense suggestions to avoid finding out someone else has taken over your life-along with your bank account!-Do not allow anyone to borrow your credit cards! Your best friend may be trustworthy, but her boyfriend may not be!-Don't provide personal information such as date of birth, credit card numbers, your pin number, mom's maiden name, or social security number over the telephone unless you initiate the call. Phishing: A Scary Way of Life The Federal Bureau of Investigation has identified "phishing" as the "hottest and most troubling new scam on the Internet."What is Phishing?Phishing is a scam initiated via e-mail. I Spy...Something Terribly Wrong (In Your Computer) This really chapped my lips.. Cybercriminals Trick: Targeted Trojan-Containing Emails Threats we ordinary Web users face online leave us no choice but learn. Haven't you noticed how many new things you learned lately? We are much better informed about malicious programs than just a year ago. Protect Your Little Black Book The movie Little Black Book features a young woman, Stacy, who is frustrated when her boyfriend refuses to share information about his past relationships. When his PDA, a Palm Tungsten C, falls into her hands, she is faced with a conundrum. The Never Ending Spyware Story It's been with us since 1993, it's gotten more intrusive, more complicated.It's created a whole ecosystem, so to speak. Dont Fall Victim to Internet Fraud-10 Tips for Safer Surfing The Internet offers a global marketplace for consumers and businesses. However, criminals also recognize the potential of cyberspace. Wells Fargo Report Phishing Scam First off I should explain what phishing is. Phishing is basically the act of tricking a victim into divulging information. Protecting Your Home Both Inside and Out If you are a parent, you have probably wondered at one time or another, what more you can do to protect your children and yourself, not only physically but emotionally, mentally, spiritually etc. Today many parents and families are discouraged. Personal Firewalls for Home Users What is a Firewall?The term "firewall" illustrates a system that protects a network and the machines on them from various types of attack. Firewalls are geared towards keeping the server up all the time and protecting the entire network. Pharming - Another New Scam Pharming is one of the latest online scams and rapidly growing threat that has been showing up on the Internet. It's a new way for criminals to try to get into your computer so they can steal your personal data. Backup and Save your business! There you are busily typing away on your PC or yourLaptop, and all of a sudden the strangest thing happens.The screen goes black, extinquished like a candle in thewind. Keeping Worms Out of Your Network... No auntie Sookie, not earth worms, computer virus worms that can get to you computer and slowly dig deep into your files and eat them away. Put that eggnog down and I'll tell you some more about these new worms. Personal Firewalls - Secure Your Computer There has not been a time in the history of the personal computer that firewalls and anti-virus programs have been more necessary and in-demand. Today, personal computer security is not only threatened by viruses and worms, but also by spyware - those severely annoying programs that are illegally loaded onto your computer from the internet.
|
| home | site map |
| © 2006 |