malware and all those terms

Discussion in 'other anti-malware software' started by gambla, Apr 3, 2011.

Thread Status:
Not open for further replies.
  1. gambla

    gambla Registered Member

    Joined:
    Sep 4, 2007
    Posts:
    161
    Location:
    Frankfurt, Germany
    Hi,
    my second question today: I just wondered if it's still necessary to distinguish viruses, malware, trojans etc. ? What do you think ?
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hello, gambla,

    Whether something is "necessary" is relative, so that to a forensic analyst, differentiating between the types of attacks is helpful and probably required in making a report.

    To the average home users, I question whether or not it's necessary, or can be just a matter of interest, if they are so inclined to learn about the differences.

    I've been content over many years to refer to all malware as a "virus" with home users. It's the term they come into contact with most frequently.

    More important, from my point of view, are

    1) setting up good security policies and procedures that make them aware of the various exploit methods that cybercriminals use in tricking people into installing stuff

    2) having security in place to block the remote code execution exploit

    Then, it doesn't matter whether the exploit blocked is a rogue AV (trojan) or the Conficker USB remote code execution exploit (worm).

    regards,

    -rich
     
  4. gambla

    gambla Registered Member

    Joined:
    Sep 4, 2007
    Posts:
    161
    Location:
    Frankfurt, Germany
    Thank you. Maybe my question wasn't very precise. I asked in relation to all the different security apps. Afaik, all modern Antivirus softwares usually protect against malware too, as they claim. But still you read about Antimalware and other security apps. Does everybody everything today ? Or do we have take a closer look in the features they have ?
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hello, gambla,

    Security products have evolved to the most technical complexity, yet many computers are compromised daily. Even in Organizations which employ knowledgeable technical people.

    See this ISC diary:

    RSA/EMC: Anatomy of a compromise
    http://isc.sans.edu/diary.html?storyid=10645

    Read the comments by experts in the field - many different opinions and approaches as to how this exploit could have been prevented from doing its dirty work. Which would have been most effective? With the rise of sophistication of malware, can any one solution cover everything?

    Of course, you can argue that the employee should not have opened the unsolicited email attachment in the first place!

    regards,

    -rich
     
    Last edited: Apr 3, 2011
Loading...
Thread Status:
Not open for further replies.