“Malware Threat Outpaces Antivirus Software” plus 1 more |
| Malware Threat Outpaces Antivirus Software Posted: 03 Aug 2010 10:30 AM PDT For the last 20 years, hackers and antivirus software programmers have played a cat-and-mouse game over computer security. Whenever one side would innovate, the other would catch up. And for most of that time, the conflict remained a benign contest between tech savvy vandals looking for street cred and the professional programmers trained to counter them. But around late 2005/early 2006, malware production transformed from a hobby of malevolent computer geeks into a major source of money for organized crime. Funded by mobsters to steal credit card information or propagate Internet scams, virus writers began churning out malware at a rate, and of a complexity, orders of magnitude larger than antivirus software could deal with. Recently, antivirus software companies have responded with new technologies to counter the enhanced threat, but some experts believe even that may be too little, too late. [See graphic "Current Computer Virus Threat Types."] "The viruses are winning because the defenses don't work very well," said Golden Richard III, a professor of computer science at the University of New Orleans. "It's much harder to be on defense. And the offensive guys are really smart, they've got a lot of resources. It's a bleak situation." Out of the open and into the shadows Malware encompases any kind of malicious program, from computer viruses that crash computers to Trojans that steal credit card information. Until a couple of years ago, hackers wrote malware to gain respect in their community, with programs designed to perform some task that other computer programmers would easily notice. After all, a hacker would hardly gain any notoriety if no one noticed the virus they made, Richard said. This deliberate obviousness also made it easy for antivirus software (AV) to find and eliminate the infections. However, once the goal switched from infamy to criminal profit, malware writers began adding stealth features to their programs. That way, the malware could continue its illegal activity as long as possible without triggering an antivirus response. Modern malware uses a variety of methods to conceal itself. As a result, even the most advanced antivirus software only detects between 40 and 70 percent of infections, said Danny Quist, a malware specialist and founder of Offensive Computing, LLC. Some malware packs itself into innocuous looking code that an antivirus program will only recognize as malicious after it starts running, and by then, it's too late. Other malware will shuffle its own code, destroying the markers that antivirus software searches for. Some malware will even contain no dangerous code at all, but automatically downloads the dangerous software from a website once it has passed an antivirus check. Many types of malware do all those things and more, Quist said. "There was this contest at Defcon [a computer security conference], where the contestants were given old malware code, and asked to make it undetectable to AV, but still run. The contest went on for about four hours, and they got all the files. Some AV fell in minutes," Quist said. "It's trivially easy to modify a file so it does not get detected by AV." Not only has the malware gotten stealthier, it has multiplied in variety and number at an unmanageable rate, said Sean-Paul Correll, a threat researcher at Panda Security, an antivirus software company. "In 2006, we started noticing this growth in malware samples," Correll said. "Samples were doubling year after year. In 2009, we received 25 million new strains of malware. That was bigger than the past 20 years combined. Through July 2010, we had 46.6 million malware samples in our database. We have almost 100 percent growth since 2009, with 5 months to go." AV companies strike back To combat the immense number of stealth malware programs poised to attack commercial and private computers, antivirus software companies have turned to powerful server networks to analyze and block new malware. Whereas old antivirus programs simply used the resources of a single computer to analyze itself, this pooled approach, called cloud computing, allows AV companies to go beyond just checking malware code against a library of previously observed programs, said Toralv Dirro, a security strategist for antivirus software maker McAfee. The first advantage of cloud computing involves increased memory. The server clouds can hold vast lists of previously identified programs. If a user downloads a program that doesn't appear on that list, a unique program that hasn't been reported from anyone else in the world, the server cloud flags it as malware that has probably scrambled its coding to avoid detection, Dirro said. For the malware that camouflages itself in innocuous packing, the cloud can download and run the program in a safe, self-contained, environment. If after unpacking and running, the program begins to behave maliciously, the cloud can flag the program as malware, said Sean Sullivan, a security advisor at F-Secure Labs, an antivirus software company. "Nowadays we have 40-50,000 samples that come in every day. So we've had to build a lot of automation," Sullivan said. "Whereas 5 years ago, we have dozens of cases, these days we have to rely on our servers and automation to do the work. Now, the guy who was doing the research is designing the computers that do the research." However, not everyone is convinced that cloud computing is strong enough to combat the threat of modern malware. No independent study has ever shown that cloud computing increases the efficacy of antivirus software, said Paul Royal, a research scientist at the Georgia Tech Information Security Center. Even the AV companies admit that to a degree, they are outgunned. "I would compare [AV] to a lock on the door," F-Secure Lab's Sullivan said. "Everyone has a lock on the door to prevent home invasion. But just by itself, against a dedicated, penetrated attack, it probably doesn't help." Browse responsibly At this point, computer security cannot go back to a pre-2006 time when simply running AV software would protect the computer against most threats. To truly protect a computer against malware, the user must work as hard as the antivirus software by practicing safe Internet browsing. "Antivirus software isn't good enough on its own. You need to combine it with common sense as a human being," McAfee's Dirro said. "You've got airbags in your car, but you still don't drive into a concrete wall at full speed. If you think any email is dodgy, don't open it." Responsible browsing means staying away from websites that traffic in pirated material, avoiding adult websites without the proper level of security and, yes, installing the most up to date AV software, since, after all, even 40 percent protection is better than nothing, Correll said. However, even safe browsing habits are often not enough. Last year, hackers inserted malicious code into an advertisement that appeared on the USA Today website, Royal said. The malware infected computers regardless of whether or not the user clicked on the ad; simply reading an article with the advertisement on the same page lead to infection. And since the ads rotated, anyone simply looking for news became at risk, Royal said. "Things may suck right now, but they're not going to get any worse," Quist said, "because it's the worst case scenario right now." LiveScience.com chronicles the daily advances and innovations made in science and technology. We take on the misconceptions that often pop up around scientific discoveries and deliver short, provocative explanations with a certain wit and style. Check out our science videos, Trivia & Quizzes and Top 10s. Join our community to debate hot-button issues like stem cells, climate change and evolution. You can also sign up for free newsletters, register for RSS feeds and get cool gadgets at the LiveScience Store.Five Filters featured article: "Peace Envoy" Blair Gets an Easy Ride in the Independent. Available tools: PDF Newspaper, Full Text RSS, Term Extraction. |
| Webroot Unveils Webroot® Internet Security Complete, the First Consumer Offering to ... Posted: 03 Aug 2010 05:48 AM PDT Webroot Software Inc. Press release date: July 26, 2010All-New Suite Integrates Cloud-Based Threat Protection with Identity Management and Secure Access to Personal Files and Passwords - Anytime, Anywhere New Product Introduced With Latest Releases of Webroot Internet Security Essentials and Webroot AntiVirus with Spy Sweeper® BOULDER, Colo., -- Webroot, the first Internet security service company, today announced the availability of Webroot® Internet Security Complete, the company's newest consumer offering. Webroot Internet Security Complete introduces the most comprehensive protection for today's Internet user, integrating Webroot's enterprise-class cloud protection with technologies that secure what consumers care about the most: identity, privacy and personal data. "Security and privacy on the Web are becoming more complex - we're performing more personal transactions online, from an expanding number of locations and devices," said Mike Kronenberg, chief technology officer at Webroot. "At the same time, Webroot is seeing more than 40,000 new threats emerge every day. Traditional desktop security alone can't protect consumers in today's threat landscape. Webroot Internet Security Complete addresses these critical issues by delivering unparalleled Web-based protection that protects the person rather than the PC." Webroot Internet Security Complete delivers four key benefits: "For consumers, Security as a Service (SaaS) is the future of security," said Charles Kolodgy, research vice president for Security Products at IDC. "With consumers facing increasingly sophisticated attacks spawned by malware from legitimate Web sites, a comprehensive approach is needed that provides quick defense against new threats. As worldwide cyber-crime increases, SaaS potentially provides Internet users with comprehensive, near real-time protection across applications and Web activities. Webroot addresses this need with its SaaS product; furthermore, it enables portability for user data by allowing the transfer of important files between computers and other devices. This means that users can access data and applications from anywhere, without compromising security." Key features of Webroot Internet Security Complete include: A standard one-year subscription of Webroot Internet Security Complete protects up to three PCs for $79.95/pounds Sterling 49.99. Customers can upgrade their accounts for more storage, PCs secured and credit cards monitored for an additional cost. Additional Product Releases: All of Webroot's consumer products include free local phone support for 1 year; free 24/7 email and Web assistance; and program and definition updates for the life of the subscription. Each of these products is compatible with Windows 7, Windows Vista and Windows XP operating systems. For more information and to purchase any of Webroot's consumer products, visit http://www.webroot.com/En_US/consumer.html. The product is also available in select retail stores. ABOUT WEBROOT Read the Webroot Threat Blog: http://blog.webroot.com/. Follow Webroot on Twitter: http://twitter.com/webroot. ©2010 Webroot Software, Inc. All rights reserved. Webroot and Spy Sweeper are trademarks or registered trademarks of Webroot Software, Inc. in the United States and other countries. All other trademarks are properties of their respective owners. Web Site: http://www.webroot.com/ Contacts: Five Filters featured article: "Peace Envoy" Blair Gets an Easy Ride in the Independent. Available tools: PDF Newspaper, Full Text RSS, Term Extraction. |
| You are subscribed to email updates from Yahoo! News Search Results for antivirus To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google Inc., 20 West Kinzie, Chicago IL USA 60610 | |
0 comments:
Post a Comment