Page 1 of 2
Today's antivirus model is broken, largely because it seeks to block known malware without any way of anticipating the nature of the next attack. This blacklisting approach hit a rough stretch last year as attackers developed faster, automated ways of launching variations of malware that eluded unsuspecting defenses. As a consequence, a newer "whitelisting" approach has emerged that acts like a nightclub bouncer working from a guest list. If you're not on the list, you're not getting in.
The emergence last year of successive, low-volume attacks that struck targeted networks in waves, each containing slightly varied versions of a particular malware, exacerbates the problem and exposes blacklisting's weaknesses. According to a report on e-mail-borne malware produced last week by e-mail security vendors Proofpoint and Commtouch Software, malware variants each had to be individually identified and blocked, allowing malware writers to stay ahead of signature-based antivirus programs.
"No heuristic can block all of the variants, and by the time a signature is released, that particular outbreak has ended and several new variants have been released," the report says. "In 2006, the massive-variant viruses turned every hour of an attack into a zero-hour."
Whitelisting abides by the concept of defining up front the programs allowed to execute inside one's corporate network, and excluding everything else, similar to a photo-negative of a blacklist. "Whitelisting puts the onus on the admins to know what things should be running in the enterprise," says Dennis Szerszen, marketing and product development VP at SecureWave, a maker of endpoint security software that applies the whitelisting approach. "With whitelisting, there's no such thing as a zero-day attack."
Microsoft is impressed with SecureWave's work. On Monday, the software company gave Sanctuary 4 its stamp of approval by listing it in the Windows Embedded for Point-of-Service catalog. This should give SecureWave traction protecting endpoints used in the retail and hospitality industries, where Windows Embedded for Point of Service is used to build and run software on a variety of devices, including smartphones and ATMs.
The problem with conventional antivirus systems is that they're knowledge-based, meaning that if the system doesn't recognize a piece of code as malware, it won't block it, agrees William Bell, director of security at CWIE Holding Co. "If you let in a virus or a piece of malware, it can run amok," he says.
Bell has become a fan of the whitelisting approach, where a security system will only execute binary code that he approves ahead of time. CWIE runs Sanctuary 4, which includes application control and device control capabilities. This lets Bell control which applications run on the company's PCs and servers as well as whether users are allowed to plug iPods or memory sticks into their computers.
While CWIE still runs antivirus software despite also using SecureWave's software, the company doesn't use anti-spyware software. Because it's not whitelisted, Bell says, "spyware can't run on our machines."
1
|
2
|
Next >>
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
