Layered defenses largely fail to block exploits, says NSS

Discussion in 'other anti-malware software' started by ronjor, May 25, 2013.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    https://www.networkworld.com/news/2013/052413-layered-defenses-largely-fail-to-270136.html
     
  2. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    547
    Location:
    USA Southwest
    My paranoia just spiked 10 fold.:blink:
     
  3. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Take a pill... :)
     
  4. guest

    guest Guest

    It seems that the article title is quite sensational. :D

    Spoiler:

    On later part it says it's fine to use layered defense, as long as it's not from the same vendor and not on the same type. I want to hear opinions from security suite users about this. :)

    What the article didn't mention is that cherry-picking can be dangerous if you consider about compatibilities. This is where security suites shine, built from the same technology means conflicts are less likely to occur. Not saying that cherry-picking should be avoided, just make sure you do it right. ;)

    End of spoiler.......

    I personally think it's still pretty effective. Not a holy grail but supposed to be adequate enough for most situations. Just as long as you know where to put those layers and their limits. ;)
     
  5. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Don't paranoid. It's just saying that layering is the way to go but you have to do it properly. Using 2 AV's or 2 Blacklisting isn't going to help. It's pretty much what most of us already know. Having an AV, firewall and HIPS covers most of what suites have today. So instead of using NIS, you could use Outpost firewall, Eset AV and Appguard. You have your Firewall/HIPS, AV and Anti-exe. You just have to look at what you have and determine if it's more than two of the same things.
     
  6. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    547
    Location:
    USA Southwest
    I am interested in hearing what suite users have to say as well.
     
  7. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Nothing we didn't know already really.. If malware can take down NIS for example, then both the firewall and the AV are both taken down, leaving you pretty exposed. Like the article says, the art to combining products from different vendors is really finding the ones that play well together. As we all have seen, conflicts are commonplace. But with some experimentation, one can come up with a pretty good strategy that covers the bases well, without conflicts or issues. The possible combinations from different vendors is, well, not unlimited, but vast...
     
  8. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    :thumb: Exactly. There are plenty of choices. You just have to mix and match till you find something to your liking. Took me a while to find the combo that works for me. I'm still tweaking stuff here and there but not so much lately.
     
  9. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    In the link they say:


    Now how do we find out what were the 3%?

    That is about 18 or 19 unique combos. I want to know if my combo happens to be one of them.
     
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Actually, the last paragraph sums it up:

    There is a significant correlation of failures to detect exploits between security products. "This is because most vendors use the same sources of threat intelligence and the same vulnerability research feeds as each other, and this means that they will, more often than not, have the same deficiencies in their coverage," NSS reported.

    Translated, everyone is using the same source so your in essence wasting your money and system resources using more than one. Hum ........ wonder what MBAM thinks of that?

    However this article is talking about exploits.I have EMET for that.
     
  11. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
  12. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    GJ, that image is so small I can't read it...
     
  13. guest

    guest Guest

    Bigger version: hxxp://0xdabbad00.com/wp-content/uploads/2013/04/exploit_mitigation_kill_chain.png
     
  14. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Yeah, much better. Thanks...
     
  15. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Sorry, my mistake there. Also my post about should have said "Windows XP." Point was that Vista and later have better protection against memory exploits.
     
  16. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    In other words, use a true layered approach with software from multiple vendors? :rolleyes:
     
  17. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,913
    Doesn't EMET prevent all these exploits?
     
  18. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    Agree ! In last years I have tried and successfully experienced good combos for a multi layered security; sometimes I found a bad combo which created conflict, and simply I reject it. A disk image software helps to test and try. ;)
     
  19. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe

    Do you mean that you use HIPS and anti-exe together ? I always thought that such a combo could decrease their effectiveness.
     
  20. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    "One pitfall to avoid with layered security is using products from the same vendor. That's because all of a single vendor's products are based on the same technology and security intelligence."

    That is just common sense. I've just seen few at Wilders using a layered approach with the same vendor.
     
  21. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    There are vendor security suites using technologies from different sources. Ideal choice for avoiding conflicts but keeping the layered approach philosophy (e.g. Bullgard, G-Data, ZoneAlarm, etc..)
     
  22. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    They perform similar jobs but work differently. The AE does just that blocks exe that aren't whitelisted. It doesn't block scripts or other exploits. HIPS has a granular control over your system. Depending on the HIPS, it will prompt you for just about everything that a program is attempting to perform. Little more interactive and sometimes annoying. I have used both before but I don't believe it will decrease effectiveness of either.
     
  23. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,060
    Location:
    Netherlands
    The windows os will emerge to a three level trust zone: elevated - normal - sandboxed. Next generation security should focus on exploit protection keeping untrusted in sandbox and preventing shoot in the foot errors by virtualising/sandboxing binaries with poor reputation. The latter helps safeguarding the normal - elevated frontiere and possibly also jailing known blacklisted binaries.

    So multi level will be os plus exploit mitigation plug-ins/add ons and an AV with reputation scoring and auto sandboxing
     
  24. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    Yes, my doubt is if they are installed both at lower level in the system.
     
  25. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Yes,if not all then the vast majority.
     
Thread Status:
Not open for further replies.