Saturday, February 15, 2014

Status of Malware Detection and Prevention 2014

The word "ecology" is used in common discourse to refer to "the relationships between a group of living things and their environment" (Webster). However, the word is now used  as shorthand for the idea of a complex web of relationships between technology entities and human entities.  In computer security some of the entities are malware (the software), malware wholesalers, malware creators, identity distributors, websites in general, social websites in particular, antimalware (the software), antimalware developers, the internet infrastructure, security administrators (from corporate level to the individual homeowner), users, the intranet infrastructure, individual computers, flash drives and other "vectors" of intrusion, and on and on.

I found a fairly technical article on the status of "ecology" of Malware and its prevention.  Though technical, I thought some readers might find it interesting.  The article's title is "The Changing Face of Advanced Malware Detection."  To summarize the article:


  • The typical defenses for a network (home or business) consist of a network-based intrusion prevention product (firewall) and desktop/laptop/tablet/smartphone intrusion prevention (firewall) product,  and a desktop/laptop/tablet/smartphone virus scanner
  • 2014 Malware is getting harder to detect because malware makers are selling suites of specialized malware tools, called "crypters" and "packers" that make it very easy "to create (within seconds) custom code destined for a particular desktop."
  •  "The effect of this "individualized" approach is that signature scanners are ineffective, making zero-day attacks, such as the November Windows XP privilege escalation attack, increasingly difficult to stop. Ransomware is also becoming more popular."  (Ransomware is the most common intruder I deal with.  Existing desktop "antivirus" does a poor job at detecting and preventing ransomware.)
  • Companies need to be able to detect intrusions in real-time and have a systematic global detection tracking and systemic response to that individual attack.  This doesn't just mean fix that one problem; it means reconfigure and adjust your entire security infrastructure based on that occurrence and the distribution of occurrences in that timeframe.  
  • This applies to individuals as well.  If you have a malware attack, you need to "reassess and recalibrate" your entire security setup and approach.  It is not enough to remove that single piece of malware;  assume that the malware makers have received some information about your computer and network configuration and, depending on what information they have about you, your business, your contacts, etc., they may be reconfiguring their malware suite for another, potentially more successful, attack.  More successful means that you don't detect it, or you can't get rid of it. 
  • Antimalware makers are delivering solutions that monitor the entire intranet for "silent" attacks;" eg those that go undetected, the ones that are collecting information about your infrastructure and you in order to later send malware that has a high probability of "success."  The article spends a good deal of time on vendors that provide such software for businesses.
  • Users, whether corporate or individual, must increasingly and actively establish environments that have "air gaps" between the internet and the individual computers; that is,  the computers aren't connect directly to the network or the configuration of their user account makes it impossible to sustain an attack.  
  • (my comments) Home solutions include: 
    • using non-administrator accounts for browsing (I don't find this too convient- who wants to log off of an administrator account and log back on to a non-admistrator- standard- account every time they browse?)
    • configuring browsers for "in-private browsing" or "incognito browsing"
    • if a USB drive is used on any other computer outside your control, scan it before using it (See this old but instructive video.) Assuming you have any kind of antimalware on your computer, when you right click (or Ctrl Click) on the USB device in "My Computer" or "This PC" or "Finder" you will find an option that says something like "scan for viruses."  Since I use AVG, mine says "scan with AVG."
    • Browse only from ethernet connected computers.  Turn off any wifi connections.
    • Use the sandboxing feature of your browser.  (Google Chrome is sandboxed by construction.)
    • Use https: whenever possible.  You can set your browser to do this.  (Google ssl along with your favorite browser name for the specific way to set this.)  Here is an interesting article where a marketing blogger is complaining about the impact of https on their web information harvesting efforts.)
    • Use very long passwords; eg 25 characters if the website allows.  Please!  You're short ones will be found out and sold to the highest bidder.  
    • Use a different password for each web site.  (I know, you're saying "That's crazy.  I can't remember where I left any of my 5 pairs of reading glasses."  My response:  Use a secure password manager that can automatically fill in user ids and passwords for every web site.  Use that manager to generate the awful passwords.  You can google "secure password manager" for options and reviews.  I use Lastpass.   
    • Don't ever save passwords in/on your browser using their "save password" function.
    • Don't save bank account or credit card on your computer either, unless it is in a program that has strong security protection.   
  • Users, whether corporate or home, should have a guest account on their router.  Anyone, including kids in the house, should use this account.  (Side comment:  If you have an older router, seriously consider upgrading it to a latest one, which has better security, including wifi WPA2, a serious firewall, and a guest signal.)
  • Really, really be concerned about information on any of the social websites.  (google social media security tips; eg this article).  Get rid of your personal information.  Malware distributors and malware identity wholesalers are trolling these sites to create profiles of individuals.  Even without direct access to your business accounts (whether at home or at work), the aggregate of information can be so significant that they can construct phishing emails that are "irresistable."
  • For businesses, the IT organizations should have detailed plans, plus appropriate software, to gracefully degrade and morph their IT infrastructure in the face of detected and projected security conditions.
  • For businesses, the greatest threat can come from within:  sometimes a malicious act by an employee or an innocent mistake, either in browsing or bringing a device "inside" the outer "mote".  Devices include wearable intelligent devices, not just cellphones.  (Homeowners:  this can be your problem too.  In fact, thinking about it... 2014 could see significant expansion of this mode as a way into your home network.)
  • Keep your software, ALL OF IT, up-to-date.  Obviously, the operating system, but also your other programs.  
  • Homeowners: audit all your electronic equipment- computers, routers, tablets, cellphones- for current versions once a month.  Apple users:  you just as vulnerable as Microsoft users now.  You do browse the internet, don't you?   And Safari is vulnerable and often the last to be "patched."  Mac Users:  if you haven't updated to Mavericks, do so.  It contains a new, more secure, Safari.  Better yet, use Firefox as your main browser.    



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Printfriendly

Print Friendly and PDF