| |
| |
|
Security Information |
|
|
|
The Move to a New Anti-Virus Model
This is the second in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions. Reason #1: the Basic Model Anti-virus software vendors still rely on yesterday's methods for solving today's problems: they wait for the next virus to wreak havoc and then produce a solution. That worked for a long time when a virus would take years to traverse the world. But in this fast-paced Interet-crazed world we live in today, this type of solution is no longer applicable. Now a virus can traverse the world and infect millions of computers in minutes. In the good old days a virus traveled by floppy disk. Put a floppy in your computer and save some data to it and the virus would infect the floppy. Then unwittingly put the infected floppy in another computer and presto the new computer would become infected. (I'm skimming over a lot of detail here to make a point). So the virus' progress was slow and steady. Anti-virus vendors had time on their side. They had the time to get a copy of the virus, dissect it, run it through a series of tests to come up with a signature string (see below for definition), put the string into a database of strings to search for when scanning your hard drive (and floppies) and release the new database to the public. Ten years ago this system worked very well. But now everyone is connected via the Internet. Now, using email as a transport point, it doesn't take years to gather momentum, instead it takes a matter of minutes. And here is where the model breaks. Step back and ask yourself the following question: if vendors can catch "known and unknown viruses" as their literature states, how then is it that we continue to have virus problems? The answer lies in the fact that virus authors have been more creative in coming up with new ways to infect and wreak havoc and the software industry has not responded in kind, preferring to stay embedded in its old fashioned methodologies. Why don't the old ways work any more, you might ask? It's relatively simple. Let's go through the steps. A virus author unleashes NewVirus via email. He mass mails his virus to thousands of people. Some, not all, unwittingly open the attachment thinking it's from a friend or the subject is so enticing that they are fooled into opening it without thinking it's a problem (cf. nude pictures of Anna Kournikova). The email attachment immediately starts emailing everyone in his contact list and embeds itself into his operating system so that it's activated every time he turns on his computer. The folks he emails in turn get fooled into thinking the email is valid and they open the attachment. Very quickly all hell breaks loose. Agencies which monitor Internet traffic see problems arising with the sudden spikes in email traffic and they begin to get calls or emails alerting them to the fact that there's a new problem. Samples are obtained and sent off to anti-virus vendors. They pass the emails through a series of tests to analyze what exactly the virus does and how it does it. Additionally analysis is performed to extract a unique string of 1's and 0's to identify this attachment as none other than NewVirus. This is called the signature string. It's important that whatever string is arrived at does not exist in any other program or piece of software; otherwise, you will get what is commonly called a false positive. Quick digression on "false positives": if a vendor arrives at a unique string that just happens to be embedded in Microsoft Word, then every time a user runs a scan of their hard drive, Microsoft Word will be identified as being infected with NewVirus. Users will uninstall Word and re-install only to learn that they are still infected. There will be complaints; the vendor will be forced to re-assess the signature string and re-release his list of strings and admit the error. Typically signature strings are matched against a whole boatload of commonplace software just to protect against this occurrence, but it still happens and vendors learn to add new software to their test beds. OK, so the vendor has arrived at a signature string. Next? Implement the string into their string database so that when their scanners are scanning they will match what's on your hard drive to what's in the database. After the database has been updated they release the database to their customers in what's commonly called a "push" where they send the updates to their primary users. If you did not buy into this service, you must know enough to log into your anti-virus vendor and update your software so that you stay current. So where are we? The bad guy -or problem teenager- has unleashed NewVirus. NewVirus has infected thousands of computers; vendors have been alerted; NewVirus continues to infect; solutions are achieved and "pushed" to corporate clients; NewVirus continues to infect hundreds and thousands of computers; corporate clients breathe a sigh of relief and alert their users as to the new threat. Thousands, if not millions, of computers become infected and need to be cleaned because the best way to solve the virus problem is to wait for each new virus to come along and solve on a case by case basis. But if you sat back and said: what if? What if you categorized all the things a virus can do (or could do), built a series of computers to allow any email attachment or program to have full rein of a computer (much like it would have on your own computer - such a computer is called "honeypot") and then analyze that computer for unwelcome behavior? That would be a true pre-emptive strike against all malicious software. This is the behavior-based model. Such a model would actually protect you unknown viruses, along with all the known 70,000 viruses. In part 2 we'll discuss the risks and security failures of having distributed vendor software on your desktop. About The Author Tim Klemmer Tim Klemmer has spent the better part of 12 years designing and perfecting the first true patented behavior-based solution to malicious software.
MORE RESOURCES:
Security - Google News |
|
|
|
RELATED ARTICLES
How To Give Away Your Personal Information Identity Theft and Your Personal Information -------------------------------------------- Identity theft is apparently the "in thing" these days. By media accounts, hackers and evildoers lurk everywhere trying to steal your personal information. Protection for Your PC - Painless and Free! Viruses, Bugs, Worms, Dataminers, Spybots, and Trojan horses. The Internet is a veritable minefield of things that can invade your PC and affect it's Security and Performance. Internet Shopping - How Safe Is It? Millions of people make purchases online, but many people are still wary. They fear the unknown and have many doubts and questions about who they are dealing with. I Spy...Something Terribly Wrong (In Your Computer) This really chapped my lips.. Five Excellent Indie Encryption And Security Solutions You Have Not Heard About 1. Geek Superhero http://www. Email Scams - Ten Simple Steps To Avoiding Them According to the Anti-Phishing Working Group (APWG) email scams also known as phishing attacks claim more than 2,000 victims each day from more than 75 million phishing emails that are sent each day. The APWG also claims that these email scams steal close to $1 billion a year from its victims. Information Security for E-businessmen: Just a Couple of Ideas If you constantly deal with bank or electronic accounts, it must be your worst nightmare--to wake up and learn that you are a bankrupt. Some crook stole your personal data and all the money you have been sweating blood for years has flown to somebody else's account. Eliminate Adware and Spyware Everyone should eliminate spyware and adware from your hard drive for your computer privacy protection. Spyware and adware programs also slow down the speed of your computer by cluttering your hard drive with annoying programs. How To Clean the Spies In Your Computer? Manual Spy Bot Removal > BookedSpaceBookedSpace is an Internet Explorer Browser Helper Object used to show advertising.Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!Variants BookedSpace/Remanent : early variant (around July 2003) with filename rem00001. Phishing-Based Scams: A Couple of New Ones Phishing in its "classic" variant is relatively well-known. Actually, 43. 3 Simple Steps to Stay Safe from Spyware There are several basic concepts to keep in mind when deciding to stay spyware free for good. This article will outline a spyware checklist for you to keep in mind when getting tough on spyware and taking back control of your computer using two popular free applications, Ad-Aware,and Spybot - S&D. Why Corporations Need to Worry About Phishing Phishing is a relatively new form of online fraud that focuses on fooling the victim into providing sensitive financial or personal information to a bogus website that bears a significant resemblance to a tried and true online brand. Typically, the victim provides information into a form on the imposter site, which then relays the information to the fraudster. Passwords or Pass Phrase? Protecting your Intellectual Property Much has been said on the theory of password protection for files, computer login, and other network access. In the past we used a combination of letters, special characters, and other techniques to try and prevent unwanted or unauthorized access to our computers, resources, and networks. DOS Attacks: Instigation and Mitigation During the release of a new software product specialized to track spam, ACME Software Inc notice that there was not as much traffic as they hoped to receive. During further investigation, they found that they could not view their own website. How To Avoid Hackers From Destroying Your Site? Recently, my site and other internet accounts ( http://www.nabaza. Viruses and Worms: The Problems and Their Solutions History and BackgroundThe virus was one of the first ever threats to computer security. It brought a whole new fear upon computer users. Just Whos Computer is this Anyway? Well, this is an article I never thought I would have to write. Computer ownership was just not something I thought people would get confused over but, after overhearing a number of conversations last week from my co-workers, I realized that quite a few people just don't know how cut and dry this topic is. With the Rise of Internet Crimes, Users are Turning to High-Tech "PI's" for Solutions High-tech private investigators are becoming the answer for many Internet users who have been victimized online. The use of e-mail by that unethical element lurking in cyberspace rings all too common these days. Dont Allow Hackers to Take Out Money from Your Bank Account If you know what is the 'Fishing' then it's very easy to understand the definition of 'Phishing'. Just replace letter 'F' from the word Fishing with 'Ph'. What is Hacking? Are You a Hacker? WHAT IS HACKING?Hacking, sometimes known as "computer crime" has only recently been taken very seriously. The activities undertaken by the real hackers have been criminalized and they are now being legally persecuted on a scale disproportional to the actual threat they pose.
|
|
home | site map Visit our other sites: GamesBlog | GamingDepot | GimmeaRide | GimmeNetwork | Golf Biz | HotorNotGame | I Want Computers | I Want Games | I Want Hosting | I Want Music | I Want Security | JokeBox | ScriptShock | Wantedfonts | Webalize |
| © 2006 |
