The new face of anti-virus
May. 9th, 2014 09:35 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneObviously computer viruses have matured in their attacks over the last 30-some years. It used to be that a virus could be examined and compared against a database of signatures to see if it would be allowed or not, but that's not enough these days. In the bad guy malware markets, they now have automated test servers that take your malware and bounce it against every anti-virus product out there, and if it hits any of them, it alters the code and encrypts it until it's undetectable. Once your malware passes this test, it is uploaded back on the bad guy's distribution server and they receive a text message saying that it's good to go out and play.
This works for a limited amount of time, as soon as someone knows they've been compromised, they can isolate the software and send it off to the A/V people for analysis and signature updating, still, it might give the bad guys a day or so to run amok and possibly get some valuable information, until the A/V software is updated and the malware is re-processed and the cycle continues.
So basically the truism continues: The price of computer security is eternal vigilance. Anti-virus software is a good first-line defense, it will trap old malware and even newer malware where the obfuscator/encryptor didn't do a very good job. You just have to remain vigilant about opening attachments and careful about running software from untrusted sites. Regardless, you're still potentially vulnerable to zero-day exploits, not to mention the total lack of control over your information that's being held by other people.
It's an ugly world out there, you gotta stay on your toes, and you might still get compromised. I personally fell for a social engineering attack last week: got an email that Yahoo was doing an upgrade and you needed to change your password. I still mentally smack myself upside the head: I didn't look at the freakin' URL on the update page, and I kid ou not, it was Bob's Plumbing. I can't believe I did that. I immediately changed it again to a different pattern than the one that I use for everything else. So even experienced people occasionally have bouts of the stupid.
http://krebsonsecurity.com/2014/05/antivirus-is-dead-long-live-antivirus/
This works for a limited amount of time, as soon as someone knows they've been compromised, they can isolate the software and send it off to the A/V people for analysis and signature updating, still, it might give the bad guys a day or so to run amok and possibly get some valuable information, until the A/V software is updated and the malware is re-processed and the cycle continues.
So basically the truism continues: The price of computer security is eternal vigilance. Anti-virus software is a good first-line defense, it will trap old malware and even newer malware where the obfuscator/encryptor didn't do a very good job. You just have to remain vigilant about opening attachments and careful about running software from untrusted sites. Regardless, you're still potentially vulnerable to zero-day exploits, not to mention the total lack of control over your information that's being held by other people.
It's an ugly world out there, you gotta stay on your toes, and you might still get compromised. I personally fell for a social engineering attack last week: got an email that Yahoo was doing an upgrade and you needed to change your password. I still mentally smack myself upside the head: I didn't look at the freakin' URL on the update page, and I kid ou not, it was Bob's Plumbing. I can't believe I did that. I immediately changed it again to a different pattern than the one that I use for everything else. So even experienced people occasionally have bouts of the stupid.
http://krebsonsecurity.com/2014/05/antivirus-is-dead-long-live-antivirus/
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2014-05-11 04:23 am (UTC)...so basically, we're all screwed, aren't we?
no subject
Date: 2014-05-11 05:44 pm (UTC)The TAILS method of booting from a secure drive and tightly controlling storage could be effective, but not very convenient. One possibility is to install a Tripwire software package: it writes a checksum of all your apps to a secure database and lets you know if any of them change, that would be one possibility.
I came across an interesting IndieGoGo project today: Keepod. Unfortunately the funding was successful and has already closed, or I would have supported it. Basically it's designed to help African states get kids online by providing a modern OS pre-configured on a USB stick with a retail cost of $7. The concept being that junked but functional computers are available, give every kid a stick and they're good to go. I found it quite interesting. https://www.indiegogo.com/projects/keepod-unite
no subject
Date: 2014-05-11 10:23 pm (UTC)no subject
Date: 2014-05-12 12:19 am (UTC)no subject
Date: 2014-05-12 12:40 am (UTC)