+- MacResource (https://forums.macresource.com)
+-- Forum: My Category (https://forums.macresource.com/forumdisplay.php?fid=1)
+--- Forum: Tips and Deals (https://forums.macresource.com/forumdisplay.php?fid=3)
+--- Thread: Malware turning worse--just buy a Mac (/showthread.php?tid=27641)
Pages:
1
2
Malware turning worse--just buy a Mac - elmo3 - 02-07-2007
RSA: New threats could make traditional antivirus tools ineffective
by Jaikumar Vijayan
February 06, 2007 (Computerworld) SAN FRANCISCO -- An emerging breed
of sophisticated malware is raising doubts about the ability of
traditional signature-based security software to fend off new viruses
and worms, according to experts at this week's RSA security conference
here.
Signature-based technologies are now "crumbling under the pressure of
the number of attacks from cybercriminals," said Art Coviello, president
of RSA Inc., the security division of EMC Corp. This year alone, about
200,000 virus variants are expected to be released, he said. At the same
time, antivirus companies are, on average, at least two months behind in
tracking malware. And "static" intrusion-detection systems can intercept
only about 70% of new threats.
"Today, static security products are just security table stakes,"
Coviello said. "Tomorrow, they'll be a complete waste of money. Static
solutions are not enough for dynamic threats."
What's needed instead are multilayered defenses -- and a more
information-centric security model, Coviello said. "[Antivirus products]
may soon be a waste of money, not because viruses and worms will go
away," but because behavior-blocking and "collective intelligence"
technologies will be the best way to effectively combat viruses, he said.
Unlike the low-variant, high-volume threats of the past, next-generation
malware is designed explicitly to beat signature-based defenses by
coming in low-volume, high-variant waves, said Amir Lev, president of
Commtouch Software Ltd., an Israeli vendor whose virus-detection engines
are widely used in several third-party products.
Until last year, most significant e-mail threats aimed for wide
distribution of the same malicious code, Lev said. The goal in writing
such code was to infect as many systems as possible before antivirus
vendors could propagate a signature. Once a signature became available,
such viruses were relatively easy to block.
New server-side polymorphic viruses threats like the recent Storm worm,
however, contain a staggering number of distinct, low-volume and
short-lived variants and are impossible to stop with a single signature,
Lev said. Typically, such viruses are distributed in successive waves of
attacks in which each variant tries to infect as many systems as
possible and stops spreading before antivirus vendors have a chance to
write a signature for it.
Storm had more than 40,000 distinct variants and was distributed in
short, rapid-fire bursts of activity in an effort to overwhelm
signature- and behavior-based antivirus engines, Lev said.
By the time a signature is released for one variant, it has often
already stopped circulating and has been replaced by several other
variants, he said. As a result, such viruses can infect a network and
remain undetected by signature-based systems, he said. Examples of
polymorphic, server-side viruses include Stration/Warezov and the Happy
New Year virus.
Hackers have begun employing the same techniques with self-mutating
Trojan programs, said Eugene Kaspersky, founder of security vendor
Kaspersky Lab Inc. Such Trojans are planted on malicious Web sites and
can mutate with every download, making them very hard to detect. The
result: Each user who visits a Web site infected with such a Trojan can
be infected with a different version of the same program.
Increasingly, hackers are using "special mutating technology" that
allows them to inject random "junk" into Trojan program code before
compiling and compressing it to create separate variants, each of which
requires a separate signature to block it, Kaspersky said.
"We have to develop a special utility to extract this junk out of the
malicious code, but it takes time" because each Trojan is a distinct
variant, he said. So far, efforts to develop an automated tool for
fighting such Trojans have proved "challenging," Kaspersky said.
An early example of a mutating Trojan was Swizzor, a Trojan download
program discovered early last year that used a "packer" tool to encrypt
the code and evade detection by signature-based tools. Swizzor repacked
itself once per minute and recompiled itself once every hour to get past
virus defenses.
The use of polymorphic code to mutate malware -- combined with
encryption to evade detection -- are only a couple of the techniques
being used by malicious hackers to evade signature-based tools.
Modern malware programs are also designed to split themselves into
several co-dependent components once they are installed on a system, to
make them harder to locate and remove. Each fragment or component keeps
track of the others, and when an attempt is made to delete one
component, the remaining fragment instantly respawns or reinstalls it.
One example of such malware is WinTools, which has been around since
2004 and installs a toolbar, along with three separate components, on
infected systems. Attempts to remove any part of the malware cause the
other parts to simply replace the deleted files and restart them. The
fragmented nature of such code makes it harder to write removal scripts
and to know whether all malicious code has actually been cleaned off a
computer.
Re: Malware turning worse--just buy a Mac - ztirffritz - 02-07-2007
"One example of such malware is WinTools, which has been around since
2004 and installs a toolbar, along with three separate components, on
infected systems. Attempts to remove any part of the malware cause the
other parts to simply replace the deleted files and restart them. The
fragmented nature of such code makes it harder to write removal scripts
and to know whether all malicious code has actually been cleaned off a
computer."
sounds like AOL to me...
Re: Malware turning worse--just buy a Mac - edgarbc1 - 02-07-2007
[quote elmo3]RSA: New threats could make traditional antivirus tools ineffective
by Jaikumar Vijayan
February 06, 2007 (Computerworld) SAN FRANCISCO -- An emerging breed
of sophisticated malware is raising doubts about the ability of
traditional signature-based security software to fend off new viruses
and worms, according to experts at this week's RSA security conference
here.
Signature-based technologies are now "crumbling under the pressure of
the number of attacks from cybercriminals," said Art Coviello, president
of RSA Inc., the security division of EMC Corp. This year alone, about
200,000 virus variants are expected to be released, he said. At the same
time, antivirus companies are, on average, at least two months behind in
tracking malware. And "static" intrusion-detection systems can intercept
only about 70% of new threats.
"Today, static security products are just security table stakes,"
Coviello said. "Tomorrow, they'll be a complete waste of money. Static
solutions are not enough for dynamic threats."
What's needed instead are multilayered defenses -- and a more
information-centric security model, Coviello said. "[Antivirus products]
may soon be a waste of money, not because viruses and worms will go
away," but because behavior-blocking and "collective intelligence"
technologies will be the best way to effectively combat viruses, he said.
Unlike the low-variant, high-volume threats of the past, next-generation
malware is designed explicitly to beat signature-based defenses by
coming in low-volume, high-variant waves, said Amir Lev, president of
Commtouch Software Ltd., an Israeli vendor whose virus-detection engines
are widely used in several third-party products.
Until last year, most significant e-mail threats aimed for wide
distribution of the same malicious code, Lev said. The goal in writing
such code was to infect as many systems as possible before antivirus
vendors could propagate a signature. Once a signature became available,
such viruses were relatively easy to block.
New server-side polymorphic viruses threats like the recent Storm worm,
however, contain a staggering number of distinct, low-volume and
short-lived variants and are impossible to stop with a single signature,
Lev said. Typically, such viruses are distributed in successive waves of
attacks in which each variant tries to infect as many systems as
possible and stops spreading before antivirus vendors have a chance to
write a signature for it.
Storm had more than 40,000 distinct variants and was distributed in
short, rapid-fire bursts of activity in an effort to overwhelm
signature- and behavior-based antivirus engines, Lev said.
By the time a signature is released for one variant, it has often
already stopped circulating and has been replaced by several other
variants, he said. As a result, such viruses can infect a network and
remain undetected by signature-based systems, he said. Examples of
polymorphic, server-side viruses include Stration/Warezov and the Happy
New Year virus.
Hackers have begun employing the same techniques with self-mutating
Trojan programs, said Eugene Kaspersky, founder of security vendor
Kaspersky Lab Inc. Such Trojans are planted on malicious Web sites and
can mutate with every download, making them very hard to detect. The
result: Each user who visits a Web site infected with such a Trojan can
be infected with a different version of the same program.
Increasingly, hackers are using "special mutating technology" that
allows them to inject random "junk" into Trojan program code before
compiling and compressing it to create separate variants, each of which
requires a separate signature to block it, Kaspersky said.
"We have to develop a special utility to extract this junk out of the
malicious code, but it takes time" because each Trojan is a distinct
variant, he said. So far, efforts to develop an automated tool for
fighting such Trojans have proved "challenging," Kaspersky said.
An early example of a mutating Trojan was Swizzor, a Trojan download
program discovered early last year that used a "packer" tool to encrypt
the code and evade detection by signature-based tools. Swizzor repacked
itself once per minute and recompiled itself once every hour to get past
virus defenses.
The use of polymorphic code to mutate malware -- combined with
encryption to evade detection -- are only a couple of the techniques
being used by malicious hackers to evade signature-based tools.
Modern malware programs are also designed to split themselves into
several co-dependent components once they are installed on a system, to
make them harder to locate and remove. Each fragment or component keeps
track of the others, and when an attempt is made to delete one
component, the remaining fragment instantly respawns or reinstalls it.
One example of such malware is WinTools, which has been around since
2004 and installs a toolbar, along with three separate components, on
infected systems. Attempts to remove any part of the malware cause the
other parts to simply replace the deleted files and restart them. The
fragmented nature of such code makes it harder to write removal scripts
and to know whether all malicious code has actually been cleaned off a
computer.
stupid.
Re: Malware turning worse--just buy a Mac - Harbourmaster - 02-08-2007
Thank goodness for all of the Windows loosers out there keeping us Mac users safe just by being there!
Re: Malware turning worse--just buy a Mac - silvarios - 02-08-2007
I do think Mac OS X is more secure by design the Windows XP and below. It will take some time to see how Vista will fare. I remember how many publications wrote about how secure and stable XP was over every proceeding version of Windows. I have an article in front of me touting Windows XP for it's increased security, attractive interface, user friendliness, and even better hardware and software compatibility (both of which in my mind should mean an increase of stability). This article dates from Winter 2002 from a FOrtune c/net Tech Review publication.
I believe time has proven that XP is not the most secure platform by design and was not appreciably more stable than Windows 2000. Time has not been kind on the garish Windows XP plastic interface, I usually default to the classic look anyway, and user friendliness is debatable. I have worked with enough people and their XP computers to know they still have no real clue of how their computer works. Regardless of how many "helpful" Wizards pop up.
My long winded narrative began with such an intro because I do not think having clueless users on any platform will help overall security. I do think that an operating system which is secure by design will help mitigate the automatic propagation of such malware throughout computers running a similar OS. However, that does nothing to protect users who practice unsafe hex. Clicking okay at prompts without reading, typing in passwords when prompted without understanding the dialogue box, and other such quick to click computer use will prove detrimental to any user on nay platform. Bad juju.
Nathan
Re: Malware turning worse--just buy a Mac - ztirffritz - 02-08-2007
My experience with Vista is that within 20 minutes you become numb to the constant assault of requests for permission to do this or that. This creates complacency amongst users, which will only make security issues worse. MS didn't fix the security problems, but they figured out where they could occur. Why not take the time to actually fix the problem rather than just stake a flag that says be careful in this area?
Re: Malware turning worse--just buy a Mac - lafinfil - 02-08-2007
[quote ztirffritz]My experience with Vista is that within 20 minutes you become numb to the constant assault of requests for permission to do this or that. This creates complacency amongst users, which will only make security issues worse. MS didn't fix the security problems, but they figured out where they could occur. Why not take the time to actually fix the problem rather than just stake a flag that says be careful in this area?
Allowed !
:- )
Re: Malware turning worse--just buy a Mac - haikuman - 02-08-2007
What Phil said... Allowed ~!~
*(:>*
Re: Malware turning worse--just buy a Mac - silvarios - 02-08-2007
[quote ztirffritz]My experience with Vista is that within 20 minutes you become numb to the constant assault of requests for permission to do this or that. This creates complacency amongst users, which will only make security issues worse. MS didn't fix the security problems, but they figured out where they could occur. Why not take the time to actually fix the problem rather than just stake a flag that says be careful in this area?
Looks unfortunate.
I've heard that when you are logged into an account that when something wants to install or perform other system level modification, you only have to click allow, not re-authenticate your password. Can this possible be true.
[quote lafinfil]Allowed !
Does the Apple commercial specifically address this issue.
Nathan
Re: Malware turning worse--just buy a Mac - OWC Jamie - 02-08-2007
tab / enter