The new face of anti-virus
May. 9th, 2014 09:35 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
Obviously computer viruses have matured in their attacks over the last 30-some years. It used to be that a virus could be examined and compared against a database of signatures to see if it would be allowed or not, but that's not enough these days. In the bad guy malware markets, they now have automated test servers that take your malware and bounce it against every anti-virus product out there, and if it hits any of them, it alters the code and encrypts it until it's undetectable. Once your malware passes this test, it is uploaded back on the bad guy's distribution server and they receive a text message saying that it's good to go out and play.
This works for a limited amount of time, as soon as someone knows they've been compromised, they can isolate the software and send it off to the A/V people for analysis and signature updating, still, it might give the bad guys a day or so to run amok and possibly get some valuable information, until the A/V software is updated and the malware is re-processed and the cycle continues.
So basically the truism continues: The price of computer security is eternal vigilance. Anti-virus software is a good first-line defense, it will trap old malware and even newer malware where the obfuscator/encryptor didn't do a very good job. You just have to remain vigilant about opening attachments and careful about running software from untrusted sites. Regardless, you're still potentially vulnerable to zero-day exploits, not to mention the total lack of control over your information that's being held by other people.
It's an ugly world out there, you gotta stay on your toes, and you might still get compromised. I personally fell for a social engineering attack last week: got an email that Yahoo was doing an upgrade and you needed to change your password. I still mentally smack myself upside the head: I didn't look at the freakin' URL on the update page, and I kid ou not, it was Bob's Plumbing. I can't believe I did that. I immediately changed it again to a different pattern than the one that I use for everything else. So even experienced people occasionally have bouts of the stupid.
http://krebsonsecurity.com/2014/05/antivirus-is-dead-long-live-antivirus/
This works for a limited amount of time, as soon as someone knows they've been compromised, they can isolate the software and send it off to the A/V people for analysis and signature updating, still, it might give the bad guys a day or so to run amok and possibly get some valuable information, until the A/V software is updated and the malware is re-processed and the cycle continues.
So basically the truism continues: The price of computer security is eternal vigilance. Anti-virus software is a good first-line defense, it will trap old malware and even newer malware where the obfuscator/encryptor didn't do a very good job. You just have to remain vigilant about opening attachments and careful about running software from untrusted sites. Regardless, you're still potentially vulnerable to zero-day exploits, not to mention the total lack of control over your information that's being held by other people.
It's an ugly world out there, you gotta stay on your toes, and you might still get compromised. I personally fell for a social engineering attack last week: got an email that Yahoo was doing an upgrade and you needed to change your password. I still mentally smack myself upside the head: I didn't look at the freakin' URL on the update page, and I kid ou not, it was Bob's Plumbing. I can't believe I did that. I immediately changed it again to a different pattern than the one that I use for everything else. So even experienced people occasionally have bouts of the stupid.
http://krebsonsecurity.com/2014/05/antivirus-is-dead-long-live-antivirus/