thewayne: (Cyranose)
[personal profile] thewayne
Obviously computer viruses have matured in their attacks over the last 30-some years. It used to be that a virus could be examined and compared against a database of signatures to see if it would be allowed or not, but that's not enough these days. In the bad guy malware markets, they now have automated test servers that take your malware and bounce it against every anti-virus product out there, and if it hits any of them, it alters the code and encrypts it until it's undetectable. Once your malware passes this test, it is uploaded back on the bad guy's distribution server and they receive a text message saying that it's good to go out and play.

This works for a limited amount of time, as soon as someone knows they've been compromised, they can isolate the software and send it off to the A/V people for analysis and signature updating, still, it might give the bad guys a day or so to run amok and possibly get some valuable information, until the A/V software is updated and the malware is re-processed and the cycle continues.

So basically the truism continues: The price of computer security is eternal vigilance. Anti-virus software is a good first-line defense, it will trap old malware and even newer malware where the obfuscator/encryptor didn't do a very good job. You just have to remain vigilant about opening attachments and careful about running software from untrusted sites. Regardless, you're still potentially vulnerable to zero-day exploits, not to mention the total lack of control over your information that's being held by other people.

It's an ugly world out there, you gotta stay on your toes, and you might still get compromised. I personally fell for a social engineering attack last week: got an email that Yahoo was doing an upgrade and you needed to change your password. I still mentally smack myself upside the head: I didn't look at the freakin' URL on the update page, and I kid ou not, it was Bob's Plumbing. I can't believe I did that. I immediately changed it again to a different pattern than the one that I use for everything else. So even experienced people occasionally have bouts of the stupid.

http://krebsonsecurity.com/2014/05/antivirus-is-dead-long-live-antivirus/

Date: 2014-05-11 04:23 am (UTC)
From: [identity profile] silveradept.livejournal.com
So what we need now are tools that automatically detect infection vectors and shunt them away that can't be turned off. Possibly with a punishing blackhole that goes with it. Of course, we need them not to interfere with legitimate enterprises and not to violate net neutrality and not to punish file-sharing...

...so basically, we're all screwed, aren't we?

Date: 2014-05-11 05:44 pm (UTC)
From: [identity profile] thewayne.livejournal.com
Yeah, basically we're all screwed. The basic tenant of computer security was that if you don't want your computer hacked, don't connect it to a network. But with ultrasonic and flash drive attacks, even that isn't bullet-proof.

The TAILS method of booting from a secure drive and tightly controlling storage could be effective, but not very convenient. One possibility is to install a Tripwire software package: it writes a checksum of all your apps to a secure database and lets you know if any of them change, that would be one possibility.

I came across an interesting IndieGoGo project today: Keepod. Unfortunately the funding was successful and has already closed, or I would have supported it. Basically it's designed to help African states get kids online by providing a modern OS pre-configured on a USB stick with a retail cost of $7. The concept being that junked but functional computers are available, give every kid a stick and they're good to go. I found it quite interesting. https://www.indiegogo.com/projects/keepod-unite

Date: 2014-05-11 10:23 pm (UTC)
From: [identity profile] silveradept.livejournal.com
That is a very good idea, and I hope that at some point they release a writable image file so that everyone could create their own Keepod. It's exactly the right thing for those places where there's only a few machines and a lot of users. It's almost right for library usage.

Date: 2014-05-12 12:19 am (UTC)
From: [identity profile] thewayne.livejournal.com
There's a program for Windows machines, I'm not sure if it'll work for all Intel-based boxes, called Deep Freeze. We used it at the university when I was a lab aide. It locks the image and whenever the compute reboots, it goes back to the locked image. Theoretically it can't be infected with malware, but it's been a while since I've used it and the malware scene has changed considerably since then.

Date: 2014-05-12 12:40 am (UTC)
From: [identity profile] silveradept.livejournal.com
Our public computers all use things that are supposed to be to this, but I'm pretty sure they're all hackable.

October 2017

S M T W T F S
12 34 5 67
8910 11121314
15161718192021
22232425262728
293031    

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Oct. 18th, 2017 09:02 am
Powered by Dreamwidth Studios