Malware threats have more than quadrupled

Well... Well... Well... Whadya know!

Malware threats have more than quadrupled

With an explosive 468 per cent increase in new threats from 2006 to 2007, social networking and trusted popular Web sites are now just part of the arsenal of tools hackers use to steal personal information.
4/8/2008 7:56:00 AM
by Brian Jackson

http://www.itbusiness.ca/it/client/en/home/News.asp?id=47876

 

Hello,
And how much has internet usage increased in the same period?
BTW, I can't load the page ...
Mrk

 

Hello,
Now, it's working ... cheers.
Mrk

 

The article quotes Michael Murphy, general manager at Symantec Canada:

2007 - Robin Bloor, Hurwitz & Associates
http://www.theregister.co.uk/2007/06/27/whitelisting_v_antivirus/

2004 - Dennis Szerszen, SecureWave
www.infosec.co.uk/ExhibitorLibrary/123/An_Ounce_of_Prevention.pdf

----
rich

 

That's what some of us have been saying for years. The user/company doesn't have to keep tract of all the benevolent apps, only the ones used on their PC/network.
Rick

 

Hello Herbalist,

Hehehe... Judging by your new signature and logo, you must also have a little blanket you drag around since you where 3

 

New signature and logo?? Been using these since last June.
Security blanket?? I also have Linux and Win2K installed but 98 is the OS I prefer. It's fast, comfortable to use, and contrary to popular opinion, easy to secure. I use what I like.

Default-deny and whitelisting known apps and system processes is a very old idea that has always worked very well but was ignored by the security software vendors. There's no money in it for them.

With the increasing popularity of kits that make custom malware, AVs are less dependable than ever. I'm glad to see the industry actually admit it.

They're the ones that need a security blanket.
Rick

 

I only meant that you would not let "go" of 98 unless you left some rather visible claw marks all over it, making a ...well, an attempt at being funny by comparing it to someone "holding" on to his security blanket long after it's due date. Security being the joke du jour and the obvious purpose of this forum, I thought you may have like my rather failed sense of humor!

As for your other remarks, I have been making noise about that failure for some time... Nothing I read, experienced, or see seems to be in line with the official song book... It's about time they acknowledge it... I was beginning to feel rather isolated in my corner of opinions...

 

Voila and that's why I use whitelists.
1. Anti-Executable is one whitelist, which covers unfortunately only executable objects, but acts IMMEDIATELY.

2. Freeze Storage is my second whitelist, which covers ALL objects, but acts only during reboot and that is unfortunately a little too late, but nevertheless a 100% removal tool of malware in theory.

Meanwhile, I have a computer, that cleans and cures itself automatically.
I'm just waiting for BETTER softwares, that clean and cure my computer IMMEDIATELY.

 

Personally I think, white lists are not the way to go either. Perhaps an hybrid method. That is why I recommend using a HIPS with an AV. I still greatly favor Prevx as it offers the best of both worlds, AV like scanning with black/white lists and HIPS controls...

Not perfect but better than anything out there I currently know of because of this balance of features, and it works... I find it is the perfect combination with a good AV... As in where the AV fails, Prevx usually picks up the slack. Also given that either ones fail at identifying something hostile, the built in HIPS controls will alert you of any executables that try to load...

 

I didn't take that seriously, but you're right. There would be claw marks in it if someone tried to take my 98 away. IMO, its obsolescense is artificial and greatly exaggerated.

It does get to feel like a lost cause after a while. Just not what most people want to hear. It seems that most want security apps that will allow them to run anything and still isolate every possible thing an app or piece of malicious code might do to a system, sandboxing and virtualization. IMO, it's only a matter of time until those apps are defeated badly, leaving the user with a system they don't even realize is compromised.

I would agree that an AV still has a place on the average users PC. It's just not at the front of the security package. AVs are better suited for scanning new files and executables a user might want to run or install. Their "default-permit" design is not sufficient against present day malware. That's a job for anti-executables or HIPS and firewalls.
Rick

 

First off i highly support herbalist loyalty to Windows 98. I been furious ever since they (MS) decided to just turn tail and run away from it instead of improving it and adding it to their collection of relatively good but needing extra securing operating systems.

Security vendors have done for 98 what MS refused or couldn't do, and that is increase it's security. HIPS made it's point with 98. A revamped rewrite for 98/Me would have put Microsoft well ahead in terms of a true technological innovator in my opinion. But they had other plans and so be it.

As ErikAlbert, with Windows XP, WHITELISTING is the safest by far route to a safe and secure system, and he's right also to gloat over that. Just look at the comparisons of success of apps that rely on siggys to those that chart the Solar system instead.

Two very good points from two fiercely loyal security conscious users!

 

I learned alot from disaster and problem posts from Security/Malware Forums and how much time, users spend on getting rid of these problems : hours and days and sometimes without solution.
I was in the same situation in the past, so I know how it is and I didn't even know how to solve these problem, because my technical knowledge is very poor.

I still read those posts at Wilders, recently an icon-cache problem and it is still not solved and I can't solve it either, at least not this way.
Now I can fix such a problem in less than 2 minuts without doing anything than reboot my computer, while this user is still working on the problem and asking for help. That's the difference.
I read such posts on a regular base, problems caused by a new software, a malware, a user mistake, whatever.
If it wasn't such a tragedy, I would laugh all the time.

The only problems I have are bugs and compatibility problems.

The days of simple malware are over and that is normal, because the bad guys have alot more experience during all these years.
The brilliant bad guys create the new sophisticated malware and the rest provides the quantity by writing numerous variants.
I can hardly believe that the good guys can keep up with this tempo and they first have to find this new malware, meanwhile the malware has done its job already.
That's why I replace my system partition with a new one and that's the end of any malware, including the zero-day threats and the new ones in the future.

A malware like robotdog isn't a problem either. 10 minuts and I'm back in business. Restoring a pure system partition is peanuts, I do it all the time for other reasons.