To The Last Tribe Consulting

An organization I have been doing some consulting with has decided that they want to standardize their Anti-Virus product across their 5+ centers.  I wanted to head off the time-consuming, in-depth study of what AV product is currently the best, and so I wrote up the following, and sent it out to them (a little longer then I meant it to be).

Anti-virus, as it has been done the past 20 years, is dead.

The reason is that, the primary method of anti-virus detection is signature based.  A virus is released, the AV company captures it, and writes a signature for it, and pushes out the signature to their clients.  The problem is that today’s malware (virus, worms, adware, etc) are not monolithic code—They are polymorphic, encrypted, and much more.  They change what files they infect, how they infect a system, and then once inside, disable anything that could dislodge them.  (AV programs, etc)

Do you see the issue?  Since the malware is ever-changing, for the AV companies to detect it, they have to write a new signature for every infected system!

Not only that, but more and more systems are being  initially compromised not by the traditional viruses or worms, but by “drive-by-downloads” on legit websites, or by a vulnerability in Flash or PDF Reader—Then, the malicious code downloads a Trojan, and opens a back door to the system, or rootkits the system.

By this time, I hope you are asking yourself what anti-virus programs are good for?—because it is a valid question.

I see them, as another layer in our defense in depth strategy. They are still good for detecting and cleaning old viruses, as well as the modern day unsophisticated viruses (something script kiddies might throw together).  And the AV companies are working on new techniques—Better heuristics, etc…

But when it comes down to it, it is going to be layers of defense that helps to protect us.  Taking away admin rights, anti-malware programs, host-based firewalls, etc…

So with all this in mind, my recommendation is that we do a little bit of research and looking around, but that we don’t spend a lot of time and energy on comparing the top 5 AV companies—Because they all struggle with the same issues—Some just have better signatures and response times than others.

-Josh

As I alluded to in a past post, I have been working on my GCIH Gold paper for the past 6 months.  Well, I submitted it last month, and just found out that it has been accepted/passed!  This means that I now have my GCIH Gold certification.  I will be working on my GSEC Gold certification next.

As for the paper itself, I decided to do original research on social engineering on social networks–specifically, on the amount of information that people give up on the “harmless” quizzes they take on social networks like Facebook.

Below is the abstract:  (You can find the paper online here)

-Josh

As a member of InfraGard, I was invited to the Great Lakes 2010 InfraGard Conference; this year’s theme was “Securing the Next Decade.”

I thought I would share a couple thoughts that I picked up throughout the day.

One of the first sessions was a series of presentations by the Detroit FBI Cyber Squad.  Hearing, (directly from the FBI), how the FBI is dealing with electronic threats was very enlightening.  Something that one of the agents  (Brian Concannon) said, caught my attention.  He said something to the effect that, “the solution for cybercrime is not better blocking of attacks, but being able to find, apprehend, and deal with the perpetrators themselves.”  I do not hear these kind of statements very often, as most of us are just trying to keep our heads above water when it comes to cyber threats.

Another of the special agents presented on his niche, which was Intellectual Property theft.  It was very interesting to see things like copyright infringement on movies and music, from the FBI’s perspective–how they really are in a no-win situation: companies are upset at them for not working faster/protecting better,  and the consumers themselves see it as a victim-less crime, and give excuses such as, “The recording industry is ripping us off! We deserve music cheaper!,” or “It’s just a copy! I wasn’t even planning on buying the album anyways!”  In other words, perception management is a key factor in the FBI’s prevention arsenal.

Most of the other presentations dealt with how the different government departments (DHS, FBI, etc) could better collaborate with the private sector, specifically in the area of detecting and dealing with cyber-crime.

Overall, I thought it was a very productive conference, that got me thinking in some new areas of I.T. Security.

-Josh