Security Information |
|
The Move to a New Anti-Virus Model
This is the second in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions. Reason #1: the Basic Model Anti-virus software vendors still rely on yesterday's methods for solving today's problems: they wait for the next virus to wreak havoc and then produce a solution. That worked for a long time when a virus would take years to traverse the world. But in this fast-paced Interet-crazed world we live in today, this type of solution is no longer applicable. Now a virus can traverse the world and infect millions of computers in minutes. In the good old days a virus traveled by floppy disk. Put a floppy in your computer and save some data to it and the virus would infect the floppy. Then unwittingly put the infected floppy in another computer and presto the new computer would become infected. (I'm skimming over a lot of detail here to make a point). So the virus' progress was slow and steady. Anti-virus vendors had time on their side. They had the time to get a copy of the virus, dissect it, run it through a series of tests to come up with a signature string (see below for definition), put the string into a database of strings to search for when scanning your hard drive (and floppies) and release the new database to the public. Ten years ago this system worked very well. But now everyone is connected via the Internet. Now, using email as a transport point, it doesn't take years to gather momentum, instead it takes a matter of minutes. And here is where the model breaks. Step back and ask yourself the following question: if vendors can catch "known and unknown viruses" as their literature states, how then is it that we continue to have virus problems? The answer lies in the fact that virus authors have been more creative in coming up with new ways to infect and wreak havoc and the software industry has not responded in kind, preferring to stay embedded in its old fashioned methodologies. Why don't the old ways work any more, you might ask? It's relatively simple. Let's go through the steps. A virus author unleashes NewVirus via email. He mass mails his virus to thousands of people. Some, not all, unwittingly open the attachment thinking it's from a friend or the subject is so enticing that they are fooled into opening it without thinking it's a problem (cf. nude pictures of Anna Kournikova). The email attachment immediately starts emailing everyone in his contact list and embeds itself into his operating system so that it's activated every time he turns on his computer. The folks he emails in turn get fooled into thinking the email is valid and they open the attachment. Very quickly all hell breaks loose. Agencies which monitor Internet traffic see problems arising with the sudden spikes in email traffic and they begin to get calls or emails alerting them to the fact that there's a new problem. Samples are obtained and sent off to anti-virus vendors. They pass the emails through a series of tests to analyze what exactly the virus does and how it does it. Additionally analysis is performed to extract a unique string of 1's and 0's to identify this attachment as none other than NewVirus. This is called the signature string. It's important that whatever string is arrived at does not exist in any other program or piece of software; otherwise, you will get what is commonly called a false positive. Quick digression on "false positives": if a vendor arrives at a unique string that just happens to be embedded in Microsoft Word, then every time a user runs a scan of their hard drive, Microsoft Word will be identified as being infected with NewVirus. Users will uninstall Word and re-install only to learn that they are still infected. There will be complaints; the vendor will be forced to re-assess the signature string and re-release his list of strings and admit the error. Typically signature strings are matched against a whole boatload of commonplace software just to protect against this occurrence, but it still happens and vendors learn to add new software to their test beds. OK, so the vendor has arrived at a signature string. Next? Implement the string into their string database so that when their scanners are scanning they will match what's on your hard drive to what's in the database. After the database has been updated they release the database to their customers in what's commonly called a "push" where they send the updates to their primary users. If you did not buy into this service, you must know enough to log into your anti-virus vendor and update your software so that you stay current. So where are we? The bad guy -or problem teenager- has unleashed NewVirus. NewVirus has infected thousands of computers; vendors have been alerted; NewVirus continues to infect; solutions are achieved and "pushed" to corporate clients; NewVirus continues to infect hundreds and thousands of computers; corporate clients breathe a sigh of relief and alert their users as to the new threat. Thousands, if not millions, of computers become infected and need to be cleaned because the best way to solve the virus problem is to wait for each new virus to come along and solve on a case by case basis. But if you sat back and said: what if? What if you categorized all the things a virus can do (or could do), built a series of computers to allow any email attachment or program to have full rein of a computer (much like it would have on your own computer - such a computer is called "honeypot") and then analyze that computer for unwelcome behavior? That would be a true pre-emptive strike against all malicious software. This is the behavior-based model. Such a model would actually protect you unknown viruses, along with all the known 70,000 viruses. In part 2 we'll discuss the risks and security failures of having distributed vendor software on your desktop. About The Author Tim Klemmer Tim Klemmer has spent the better part of 12 years designing and perfecting the first true patented behavior-based solution to malicious software.
MORE RESOURCES: US State Department issues worldwide security alert due to potential for attacks on LGBTQ people and events KCCI Des Moines 'Blow the whistle': Indiana's top election official spends $35k on security guide mailings • Indiana Capital Chronicle Indiana Capital Chronicle Violence in New Caledonia subsides slightly as France sends reinforcements for security The Associated Press Canada security intelligence chief warns China can use TikTok to spy on users, CBC reports Reuters.com House Passes Israel Security Assistance Support Act | House Committee on Appropriations - Republicans House Appropriations Israel Resists Grand Bargain as U.S. and Saudis Work on Security Pact The New York Times International Community Meets to Discuss the Future of Nuclear Security International Atomic Energy Agency U.S.-Ukraine Security Entanglement Risks Forever War The American Conservative Security Alert: Worldwide Caution - U.S. Embassy & Consulates in Indonesia US Embassy and Consulates in Indonesia Palo Alto Networks and IBM to Jointly Provide AI-powered Security Offerings; IBM to Deliver Security Consulting ... IBM Newsroom Now armed with AI, America's adversaries will try to influence election, security officials warn The Associated Press Women are worried about their financial security. That may affect the 2024 presidential election CNBC Sean 'Diddy' Combs Allegedly Paid $50K to Obtain Hotel Security Footage of Cassie Assault: Lawsuit PEOPLE Nuclear security through the eyes of the Co-Presidents of ICONS 2024 International Atomic Energy Agency Security video appears to show Sean 'Diddy' Combs beating singer Cassie in hotel hallway in 2016 Washington Times Appropriators Lead Israel Security Assistance Support Act | House Committee on Appropriations - Republicans House Appropriations IBM Selling Cloud Security Software to Palo Alto Networks in Broader Cyber Strategy Shift The Wall Street Journal Security footage calls into question Anchorage police account of fatal shooting Alaska Public Media News Security Council Secretary: ‘Not an Inch of Armenian Land Ceded to Azerbaijan’ Armenian News by MassisPost TikTok is a threat to Canadians' data security, CSIS chief warns Bennington Banner Canada Releases Defense Policy Update to Boost Security Department of Defense NATO and Economic Security: A Political Oxymoron or Inevitability? CSIS | Center for Strategic and International Studies Amazon security guard tries to kill unsuspecting boss before he's shot dead in gunfight with police: 'He almost executed me' New York Post Identity Management and Information Security News for the Week of May 17; Exabeam, Saviynt, VAST Data, and More Solutions Review Fox News Poll: Abortion, economy, and border security are top deal-breakers in 2024 elections Fox News New Survey Finds a Paradox of Confidence in Software Supply Chain Security Security Boulevard Putin has ditched his paranoid security chief. Here are 5 of the wackiest things Nikolai Patrushev has said. POLITICO Europe See cops working security at Tacoma grocery stores? Here’s why and what policies allow Tacoma News Tribune OWASP dep-scan: Open-source security and risk audit tool Help Net Security Opinion | Is TikTok Chinese ownership a U.S. national security issue? Come on. - The Washington Post Opinion | Is TikTok Chinese ownership a U.S. national security issue? Come on. The Washington Post EXCLUSIVE: Two students uncover security bug that could let millions do their laundry for free TechCrunch Endpoint Security and Network Monitoring News for the Week of May 17; Alkira, Preamble, c/side, and More Solutions Review Diddy Physically Assaults Cassie in Never-Before-Seen Hotel Footage Entertainment Tonight UN sexual violence envoy pulls out of Security Council briefing on Hamas hostages The Times of Israel RSA Conference 2024: AI and the Future Of Security Security Boulevard The New U.S. Strategy on Global Health Security Think Global Health Multnomah County Signs $40 Million Contract for Armed and Unarmed Security at County Facilities, Including Public ... Willamette Week An inspector general warned the Justice Department of gaps in its security clearance appeals process Government Executive Fintech giant Flutterwave loses ₦11 billion to security breach Business Insider Africa PKI-Based Passkeys Lead The Way For A Passwordless Future Security Boulevard 7 months since Oct 7, UN Security Council holds first meeting entirely dedicated to Israeli hostages in Gaza All Israel News FCC proposes BGP security measures Network World May 17: IDF fighter jet carries out rare strike on target in West Bank city of Jenin The Times of Israel Votiro Keeps Up the Momentum in 2024 Security Boulevard The Best Home Security Systems of 2024 Security.org The situation concerning Iraq - Security Council, 9628th meeting Welcome to the United Nations JLOTS, an obscure Army-Navy capability, arrives in Gaza NavyTimes.com 'Abnormal' security video, Google Drive led to Stephan Sterns' arrest in Madeline Soto case, documents show WKMG News 6 & ClickOrlando Brothers Indicted for Stealing $25 Million of Ethereum in 12 Seconds Security Boulevard Making Safety and Security Intrinsic to School Design Campus Security Today Cybersecurity Insights with Contrast CISO David Lindner | 5/17/24 Security Boulevard The Dell API Breach: It could have been prevented Security Boulevard Yemeni security forces deploy in Aden as anger simmers over lengthy power outages The Associated Press U.S. Security Cooperation with Ukraine - United States Department of State Department of State Belgium cuts off ticket sales for soccer match against Israel over ‘security concerns’ The Times of Israel |
RELATED ARTICLES
3 Things You Must Know About Spyware 1)Spyware is on your system. Like it or not, statistically speaking, you probably have spyware on your machine right now. How Can Someone Get Private Information From My Computer? From the "Ask Booster" column in the June 17, 2005 issue of Booster's Auction News, a free ezine for online auction sellers and enthusiasts.Dear Booster,How can someone get private information from my computer?Thank you,Evan S. Wireless Network Security Working from home has its advantages, including no commute, a more flexible work schedule and fresh coffee and home-cooked meals whenever you want.But working from home while using a wireless local area network (WLAN) may lead to theft of sensitive information and hacker or virus infiltration unless proper measures are taken. 6 Ways To Prevent Identity Theft These six ways to prevent identity theft offer you valuable tips against the fastest growing crime in America today. In 2004, more than 9. SCAMS - Be Aware - And Report When Necessary The Internet is a vast International Network of people and businesses - and a place where people can make a fairly decent living. However, it is also a place where certain unsavory characters can freely roam - to take your dollars and run. Protection for Your PC - Painless and Free! Viruses, Bugs, Worms, Dataminers, Spybots, and Trojan horses. The Internet is a veritable minefield of things that can invade your PC and affect it's Security and Performance. Identity Theft - Beware of Phishing Attacks! "Dear Bank of the West customer", the message begins. I've just received an e-mail message, purportedly from the security department at the Bank of the West. Why Malicious Programs Spread So Quickly? It seems that nowadays cybercriminals prefer cash to fun. That is why malicious programs of various kinds (viruses, worms, Trojan horses, etc. How Free Scripts Can Create Security Problems With the Internet entering our lives in such an explosive manner, it was inevitable that Internet security issues would follow as well. While credit card frauds are an offline security problem that has been carried over to the Internet as well, spamming and phishing are uniquely Internet security hazards. An Open Letter From a So-called Stupid Someone recently told me, "You would have to be a stupid to lose your personal information." While I respectfully responded to this person in the moment, the comment has stuck with me. File Sharing - What You Need to Know! File sharing on p2p is soaring despite the music and movie industryefforts to curb the practice. Regardless of which side of the arguement you are on it is likely that sharing of copyright materialwill continue in one form or another for the foreseeable future. Hacked: Who Else Is Using Your Computer? A friend called me one day and asked if I would stop by to look at his computer. He said it was running abnormally slow and he had found something on his hard-drive he could not explain. Why Corporations Need to Worry About Phishing Phishing is a relatively new form of online fraud that focuses on fooling the victim into providing sensitive financial or personal information to a bogus website that bears a significant resemblance to a tried and true online brand. Typically, the victim provides information into a form on the imposter site, which then relays the information to the fraudster. Avoiding Scams: If It Sounds Too Good to Be True, It Probably Is A week or so ago, I received an inquiry from a man in Indonesia about buying multiple copies of certain items on my website. I immediately suspected fraud, so I explained that I only had one piece of each. How to Get Rid of New Sobig.F Virus? As you know, this time the virus under the name Sobig.F has wreaked quite havoc! No doubt, many of us have suffered from this recent virus outbreak. Computer-Virus Writers: A Few Bats In The Belfry? "Male. Obsessed with computers. Are You Surfing Safe? Ok, you've got a computer, and you get online. You surf your favorite sites, Sports, Shopping, Cowchip Tossing Blogs, and so on. The Risk Of Electronic Fraud & Identity Theft Electronic Fraud and Identity Theft-----------------------------------Human beings are pretty sensible when presented with an imminent threat or risk. That is, if it's staring us directly in the face. Check Out That Privacy Policy Before you enter your name, address or any other data in that form, STOP! Wait. Don't enter anything yet. How To Prevent Spyware Attacking Your Computer Spyware is software or hardware installed on a computerwithout a user's knowledge. It gathers information andreports it back to its source. |
home | site map |
© 2006 |