| |||||||||
| |||||||||
Current Filter: >>>>>> Anti-Virus, the Cloudmark way Editorial Type: Opinion Date: 09-2014 Views: 3335 Key Topics: Security Malware Anti-virus Cybercrime Encryption Key Companies: Cloudmark Symantec McAfee Moore Secure IT Key Products: Key Industries: Education | |||
| Is there any way to defend against malware that is undetectable once it reaches your computer? The answer is 'yes', says Andrew Conway - lead software engineer at Cloudmark, who explains exactly how. As a computer security researcher for Cloudmark, I regularly have to investigate files that may contain malware. My first step is usually to upload the file to a website called Virustotal. This tests the file using all the common anti-virus packages (more than fifty of them) and indicates if any of them flag the file as malicious. However, when they do, often only one or two of the fifty will detect a threat and rarely will more than half of them agree that there is malware present. This means that, even if you have an up-to-date anti-virus package installed on your PC, the chances of it detecting any given virus are less than half. This was confirmed earlier this year by an interview that Brian Dye, Symantec's senior vice president for information security, gave to the Wall Street Journal. "Anti-virus is dead," he said... pointing out that hackers increasingly use novel bugs. He estimates anti-virus now catches just 45% of cyberattacks."
LACK OF FAITH Though the earliest computer virus was written for the Apple II in 1982, malware did not become a serious problem until the nVir virus started to spread on Macintosh computers in 1987. At the time, the MS-DOS operating system was not sophisticated enough to allow any scope for malware. However, when Windows began to dominate the market, malware authors switched their attention to that platform. This was before widespread Internet use and most malware was spread by infected floppy disks. Symantec published the first commercial anti-virus software, with a product for the Mac in 1989, and one for the PC in 1991. Last year, Symantec had $6.9 billion in revenues and is one of the largest companies in the computer security field. So, why is a company with vast resources and decades of experience in anti-virus software admitting that one of its flagship products is failing? And is there any way left to protect the end user against virus attacks? Security blogger Brian Krebs explains how cyber criminals are coming up with 'novel bugs' that are undetectable by anti-virus software: "Put simply, a crypting service takes a bad guy's piece of malware and scans it against all of the available anti-virus tools on the market today - to see how many of them detect the code as malicious. The service then runs some custom encryption routines to obfuscate the malware so that it hardly resembles the piece of code that was detected as bad by most of the tools out there. And it repeats this scanning and crypting process in an iterative fashion until the malware is found to be completely undetectable by all of the anti-virus tools on the market."
ANTI-VIRUS IN ACTION The signature gets added to the company's database and is made available for automatic download by client anti-virus applications. This can happen days or sometimes weeks after the malware sample was originally discovered. No wonder anti-virus software has a hard time keeping up with malware that is trivially mutated by its authors on a much more regular basis.
Page 1 2 | ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |