Tag Archive for Anti-Virus

| December 4, 2012
One comment

Is Cloud-Based Anti-Virus Ready?

Is Cloud-Based Anti-Virus Ready?Cloud computing technology is one of the most disruptive technologies in recent history. Xath Cruz at CloudTimes argues in a recent article that cloud computing is also disrupting security software such as anti-virus and he asks how effective are cloud-based anti-viruses?

Computer virusThe article, How Effective are Cloud-Based Anti-Viruses? claims the demand for cloud-based anti-virus software has gone up steadily as more cloud dependent computing devices have invaded the market. Cloud dependent computing devices like iPads, Nooks, iPhones and Galaxy’s are as susceptible to malware as their big desktop brethren.

In order to fight the malware threats to cloud dependent computing devices, cloud based anti-virus has evolved.  Cloud based anti-virus works differently than popular cloud-based document editors like Google Docs, where you only need a web browser and internet access. The blog post explains that cloud based anti-virus software can’t function if it’s only in the cloud, since your PC won’t easily give the right kind of administrative access needed by antivirus software to programs hosted remotely, as that would leave your PC at risk of being intruded upon by other programs.

s\Small native app to run on the deviceIn order to protect a PC, tablet or smartphone, a cloud-based anti-virus software requires a small native app to run on the device. When downloaded, the app acts as the anti-virus, with its database and heuristics data being hosted on the cloud. There are also cloud based anti-virus software that use web browser extensions or Active X and Java to gain proper access to your PC.

Like any technology, cloud-based antivirus software has specific pros and cons when compared to native anti-virus suites, Mr. Cruz lays out some of the pro and cans of cloud based anti-virus:

Advantages

Cloud based anti virus1. No Installation Required – The first advantage of cloud based anti-virus is that there’s no need to install them on your PC. Cloud based anti-virus does not eat up hard disk space, with its storage and memory footprint being a fraction of what local anti-virus need. Additionally, you can get them up and running immediately, and there’s no likelihood of messing up the installation (which usually results in a non-working antivirus or corrupted file volume).

2. No Updating Necessary –  With cloud based anti-virus, there is no need to update data files, since it’s hosted on the cloud, and will automatically be patched or updated by the provider. This will offer the latest in protection when it becomes available.

3. Double Security Layer – With a cloud based anti-virus software, it is possible to run a locally installed anti-malware app and run another different cloud based antivirus without worrying about conflicts or PC slowdown. Different anti-virus software are better able to catch or inoculate different viruses.

Collective Intelligence4. An advantage of cloud based anti-virus software the author missed is collective or community intelligence. SearchSecurity reports that when a  systems identifies malware, it’s able to give feedback to the cloud anti-malware provider, thus providing a wider surface area for rapidly detecting 0-day attacks.

Disadvantages

1. Won’t Run in the Background – Cloud based anti-viruses are not effective against viruses that run on startup. Cloud based anti-viruses are not TSR (terminate and stay resident) programs and only run on an as needed basis.

2. Limited Scan – Cloud based anti-viruses risk missing dormant viruses in unopened or archived files. Windows’ security protocols will prevent some cloud anti viruses from scanning the whole computer. They will only be able scan core windows files and what’s currently loaded in the memory.

Cloud security3. It Requires an Internet Connection – Cloud based anti-virus is useless without access to the Internet. This is a problem for portable device users who can’t be connected 24×7. Without an Internet connection viruses will be free to do whatever they want.

rb-

The author concludes for the best protection your PC can get, you need to use the services of both a locally installed anti-virus software and a cloud based one.

The main concern I have about cloud based anti-virus apps is downtime. Cloud providers like Microsoft, Amazon and Amazon have had issues lately providing their services. Downtime at the upstream ISP on the LAN can also play havoc with cloud based anti-malware apps.

Related articles
Category: Security | Tags: , , , , , , , ,
| September 29, 2011
Comments Off

Detroiters Vulnerable to Online Threats

Malware Detroit Internet users rank seventh among 35 U.S. cities for being most at risk for online threats and being “digitally duped,” according to an AVG Technologies survey of online behavior.

DetroitOf the more than 8,000 Americans with home Internet, AVG says many consumers are unknowingly putting themselves at risk of falling victim to identity thieves, viruses and malware with bad PC habits and a lack of comprehensive protection. :

75% don’t back-up their phone’s data – many rely on their provider to restore their contacts should an accident occur.
67% don’t use an identity monitoring service.
41% never run a manual antivirus scan to make sure computer is virus free
40% don’t use a password on their mobile device and of those that do, another 34% have not changed the password in the past year.
38% admit to sharing online passwords with at least one other person
23% don’t back up the data on their PC

AVG says that the top 10 U.S. cities at highest risk are:

1. San Antonio
2. Tampa, Fla.
3. Atlanta
4. Dallas
5. Oklahoma City
6. Charlotte, N.C.
7. Detroit
8. Denver
9. Washington D.C.
10. Sacramento, CA

rb-

The rules of the road still apply to online activities:

  • Patch your system
  • Use current anti-malware software
  • Change passwords regularly, use variations for each online account, and never, ever share them with others
  • Use one credit card with a low spending limit for all online purchases. Monitor this account regularly, and flag any inappropriate activity to the bank.
  • Back up your data
  • Don’t share your personal data on Facebook
  • Be wary of phishing scams. Never click on links in emails
Related articles
Category: Michigan, Security | Tags: , , , , ,
| September 6, 2011
One comment

Malware in Text

MalwareA team of security researchers have engineered a way of hiding malware in sentences that read like English language spam. The research led by Dr Josh Mason of Johns Hopkins University along with Dr Sam Small of Johns Hopkins, Dr Fabian Monrose of the University of North Carolina, and Greg MacManus of iSIGHT Partners outlined the threat in a paper English Shellcode (PDF) presented at the 2009 ACM Conference on Computer and Communications Security. According to the UK’s Computing the paper shows hackers could evade anti-virus protection by hiding malicious code in sentences that read like English language spam

ThText on screene article says that attackers could develop a tool that would be the next step in the hacking and virus arms race. Hackers could hide alphanumeric shellcode in valid files which would activate the malicious payload of a code-injection attack, This attack vector could give attackers control of system resources, applications, and data on a compromised computer.

The researchers report they can generate English shellcode in less than one hour on standard PC hardware. The text in bold is the instruction set and the plain text is skipped.“There is a major center of economic activity, such as Star Trek, including The Ed Sullivan Show. The former Soviet Union. International organization participation.”

The good news, Dr. Mason said that the widespread use of this attack vector is limited because the alphanumeric character set is much smaller than the set of characters available in Unicode and UTF-8 encodings. This means that the set of instructions available for composing alphanumeric shellcode is relatively small.  “There was really not a lot to suggest it could be done because of the restricted instruction set,” said Dr. Mason. Long strings of mostly capital letters, for example would be very suspicious.

Computing claims the work is a breakthrough. Current network security techniques work on the assumption that the code used in code-injection attacks, where it is delivered and run on victims’ computers, has a different structure to non-executable plain data, such as English prose. If an attacker challenge’s the assumption that executable code structure is different than non-executable data malware would be almost impossible to detect  Dr Nicolas T Courtois, an expert in security and cryptology at University College London, said malware deployed in this way would be “hard, if not impossible, to detect reliably.” The research is a proof of concept, but Dr. Mason doubts any hackers are using the technique to disguise their code. “I’d be astounded if anyone is using this method in the real world owing to the amount of engineering it took to pull off,” he said. “A lot of people didn’t think it could be done.”

Professor John Walker, managing director of forensics consultancy Secure-Bastion, argued the research highlights the flaws in the anti-virus community’s approach to security exploits. “There is no doubt in my mind that anti-virus software as we know it today has gone well past its sell by date,” he said.

rb-

Carly Fiorina

Did Carly Fiorina lock up mid-thought due to this?

If this technology gets out in the wild, most experts believe that the current signature based anti-malware products will miss the attack and leave us all defenseless. Sounds like a something the chip makers should be working on. Is this why Intel bought McAfee?

What do you think?

Can the anti-malware industry adapt to new threats from attachers?

View Results

Loading ... Loading ...


 

Related articles
Category: Malware, Security | Tags: , , , , , ,
| May 21, 2011
Comments Off

2 of 3 K-12 Networks Breached Multiple Times a Year

Panda Security, a provider of cloud-based security software, recently released a report that says 63 percent of schools experience malware outbreaks or unauthorized user access at least twice a year.  The report, Kindergarten-12 Education IT Security Report (PDF), had some other interesting infobits.

The survey reports that eighty-two percent of schools allow students and staff to connect personal computers and laptops to the school network. Panda says schools recognize outside devices introduce external risks, but they struggle to fully integrate security policies for multiple devices. Only 74 percent of districts are monitoring the use of external devices. Fifteen percent fail to take any extra security measures, leaving those school systems more vulnerable to infection.

Panda Security LaptopMost schools have implemented IT security best practices, there is still room for improvement reports Panda. The report says ninety percent of schools install anti-virus and/or anti-malware on computers, but nearly 25 percent fail to use firewalls, block high-risk websites, or employ user authentication. 86% prevented the use of very risky websites; while 89% mandated users install security software on their systems. Further, 15% of respondents acknowledged that there weren’t any extra security measures in their districts if they wanted to use laptops.

Panda Security bst praticesSocial media is a top concern for schools, but the stringency of school policy varies greatly. Ninety-five percent of schools have a social media policy in place, citing the mitigation of malware-related risks as a main reason for implementation. Twenty-nine percent of schools allow students unlimited access to social media sites, while 32 percent deny students’ access altogether.

Panda Security Social Media

Schools lack the funding to be secure. I have always said that schools face attacks from the inside and the outside. Insiders in a K-12 school network range from technically unsavvy to damn good malicious attackers. Despite this the report  says 72% of schools reported that budget limitations were the main obstacle, to better security and 38% reported non-availability of staff and 29% of the schools, reported their IT staff had to attend to other more important tasks than IT security.  IT administrative staff at 38 percent of schools report removing viruses or malware from IT systems a few times a week, and 21 percent are doing this daily according to Panda.

With malware on the rise and new threats propagated through social media every day, having the right security tools in schools has never been more important. Security issues consume staff time, diverting attention from the business of education. Help Net Security quotes Rick Carlson, president of Panda Security US, who has a great grasp of the obvious, “While the Internet is an invaluable tool for education, it can cause serious interruptions to day-to-day operations if schools fail to properly address security concerns.”

rb-

Just to prove the point, the Oakland Press is reporting that 4 students at Romeo High School in Romeo, Michigan were caught allegedly intercepting 60 staff members emails, including the Superintendent after “something goofy” happened to the website. While I have no first hand knowledge, the news did say the attackers went after people who read their emails on their cellphones. So more than likely it was some kind of Bluesnarfing attack , maybe including a Cain and Able payload to get at passwords.

Related articles

Category: Michigan, Security | Tags: , , , , , ,
 

Switch to our mobile site