Malware Authors Using New Techniques

Discussion in 'other security issues & news' started by De Hollander, Oct 28, 2012.

Thread Status:
Not open for further replies.
  1. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
  2. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    In other words, most of our tools are useless against determined attackers, which most already knew, and now the job is getting easier to attack and harder to defend.
     
  3. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    The trick here is to analyse the behavior of applications/potential malware directly on local machines where the malware is installed and active (e.g. WSA approach) rather than base the judgement on dedicated virtual machines that are prone to be fooled. This means a radical different way of dealing with infections for which most security companies are not prepared to. :)
     
  4. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    All of their other comments/claims aside, that article says one thing.
    We can't keep up with the threats.
    Many of us figured that out years ago.
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    What it says to me is signature based detection is becoming impossible. There are other solutions, however.
     
  6. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    It says to me that virtual software environments are not as useful as one might think and signatures are all but useless as well. But many already understood both of those things. I'm in favor of more complex solutions like HIPS, but at the same time I don't see them as favorable solutions to the "average" computing experience and user. It's hard enough to get people off of the idea that an AV will handle it all for them. The typical pop-up from many HIPS solutions will just have people shutting them off. I've yet to see a program like this stick to the K.I.S.S principle, and I'm not sure they can and still be effective.
     
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    "Automated threat analysis systems" = relegated to the stone age.
     
  8. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Signature based detection should already be dead, and would be if it wasn't such a cash cow.

    As for "other solutions", for the type of users that you find here, there's several. Finding one that will consistently work for the average user is a much taller order. Sandboxing and virtualization seem good now, but as they become more mainstream they will be attacked and defeated more often, and we'll be right back where we started. As long as the typical user is able to function as an administrator, there's no realistic way to protect either. Windows makes it way too easy to be the administrator.
     
  9. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Not being an Administrator on a system is really an answer for past issues more than it is for current ones. Not being one only limited damage to begin with, and now we deal with breaches that affect us when it isn't even on our system and more socially-engineered malware. There isn't much point in being a non-administrator if you purposefully let things run, as many do with these social-engineered attacks.
     
  10. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    No, nothing will stop a user from clicking things they shouldn't. Running as a non-admin does limit the damage malware can do, to the system anyway.
     
  11. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Unfortunately in this age of social networks and e-commerce, the damage to the system is the least of your worries. Attackers are after your personal data, passwords, banking details, etc. and that can be achieved when working in user mode as well, not only in administrator mode.
     
  12. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Cannot agree more with you! :thumb:
    Since 2007, I've ditched Resident/Real-Time Scanners.
    Virtualization/Sandboxing, Imaging etc. is, by far, more advisable...;)
     
  13. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    The only reason malware authors have to think of new techniques is because the goodguys are getting better at detecting their creations. 100% security will never work. I do feel that sandboxing each applications is a great idea.

    I feel that security software on a smart phone is a good idea. I dis agree that simply removing apps from the store when they are found to be malicious.
    An application Could steal data from the phone such as emails,phone numbers and dial premium rate numbers. by the time the app is removed from the market the criminals could of made a fortune. So I feel that antivirus is still relevant today.

    I think the best solution is a combination of blacklist and whitelist and then do an indepth analysis of the unknown files.
     
  14. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    That would work for the type of user found here. I can't imagine the average user doing that.
     
  15. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    If someone could ever come up with it, there's an enormous market for effective anti-stupidy software. Barring that, nothing can stop a user from shooting themselves in the foot (or the wallet), not even the best live CDS.
     
Loading...
Thread Status:
Not open for further replies.