lutherjt
Newbie
We Are Watching You. -1984- Never Say Anything.
Posts: 28
|
 |
21st Century Technology
« on: Mar 6th, 2009, 2:16pm » |
 Quote  Modify
|
Are signature-based detections too old school to detect the new daily created viruses, trojans or spyware/malware? Are signature-based detections the only way to detect malicious activity or are there other, better methods?
Additionally, what about Active Scanning? I noticed when the company I work for switched to a corporate level anti-virus, Symantec Endpoint Protection, a BUNCH of additional options were available to detect malicious activity based on one simple fact, that Active Scanning is setup or can be setup to scan every file EVERY time it is accessed; i.e. constantly scanning every process, ALL files, and not just relying on scheduled scans. Should Active Scanning be a requirement option of every anti-virus software? This probably would not be feasible five (5) years ago or so when desktop computers could only handle 1Gig max RAM and only one 2GHZ processor. But nowadays, if you have the cash, for $3k you can build a computer with a Quad-Core processor, 4 to 8Gig RAM, 1333Mhz+ Front Side Bus and a video card which has 512 to 1Gig+ of RAM on it to unload the heavy demand that is given to the processor to calculate; Vista even has the Readyboost option and I read that you can utilize a USB drive as a temporary form of swap file space, like RAM.
And speaking of video cards, I hear/read of new methods of using the processing power of a video card to crack passwords. If my memory serves me right, the old method of cracking passwords relied on a good dictionary of possible phrases and did the cracking by guessing one at a time. But the new method is to use the video card in such a way that you can look at the entire password area to be cracked at once, thus reducing the time it takes to crack a password to near old school National Security Agency (NSA) speed, which is outright scary if in the hands of a person with malicious intend.
What about drivers? I hear/read they are the dark hidden secret of many companies who have little desire to update their drivers when a security risk is found in the wild. Whether it be printer, video card, sound card, or whatever peripheral devices are installed that require a driver to run, all are subject to super-stealth, poly-morphic hacking techniques.
What about Operating Systems? I am still running WinXP Pro simply because of all the bad hype that I hear/read about on Vista. I know that Vista has different methods to detecting malicious activity, wherein you do not have to turn off multiple services, encrypt the temp folder, not allow file sharing, not allow TCPIP over Netbios and other such methods/techniques to tighten the security of your OpSys. But at what level higher am I at risk by running an older version of Windows? We are quickly approaching the day when Vista will be the norm and people will be switching to Windows 7 and I will be learning how to utilize a new OpSys, which if not horrendous out of the box with the #1 issue being incompatible drivers or simply NO drivers for your devices, will be Windows 7. I would skip right over Vista.
And it doesn’t take a rocket scientist to figure out what malicious activity is coming from where by looking at the pie chart on Threatexpert.com. When is the USA going to step up and create ever-changing Federally Required Security Standards that all software/OpSys companies will have to legally adhere to or else face extreme penalties? The level of 0-day undetectable exploits for Adobe Reader, Adobe Flash, Java, WinXP, Vista, you-name-it, is outrageous! How many times will I have to hot-fix, patch, update, uninstall, re-install, upgrade, scan and fix? Where is the accountability? And For Pete’s sake, I swear I did not know that you have to un-install previous version of Java Updates. I had 9, 10, 11, and then when I was reading on the Internet Storm Center’s website (isc.sans.org) about version 12 being out and that you need to update and then “don’t forget” to uninstall previous versions…say what? I can’t believe I didn’t know that; well heck, with the vast amount of information required of a tech to know, I guess I fell asleep at the wheel that day. But it makes me wonder what else, albeit small, I might be missing.
What about the new hacking techniques? Let’s say that I have the most up-to-date everything. Whether it be hardware or software, everything is fully patched, updated, upgraded, fully configured, I have totally within my knowledge protected the OSI Model on every layer that I can, anti-virus, anti-spy, anti-trojan, anti-rootkit, anti-everything possible, even inside and out, by having a Firewall-Router fully updated and configured correctly. What is stopping these new hacking techniques like the one where I visit various blogs and a few harmless cookies pass the firewall detection, that eventually build themselves up into a “calling home” action wherein it installs the newest version of malicious or rouge software in the background; running super-hidden, poly-morphic, injecting itself into system dll files and eventually working its way into the system kernel becoming totally undetectable because the “anti-everything” programs are tricked into believing that is the kernal’s true state of operation.
And what the heck is going on with the exploitation of trusted websites like MySpace, Facebook, Bitdefender, Kaspersky, various Banks, wherein the hacker(s) (even teams of hackers) exploit flaws in Java, Adobe Flash, SSH, IFRAME, etc.? I understand that the exploit only lasts for a brief time before it is detected, but what about all those thousands of people that visit that website during the small, let’s say, ten (10) minute window of hacker opportunity. Those poor people are now unknowingly infected via redirect, active-x install, or on-demand installing which bypasses the “are you really sure you want to download “Iamavirus.vir”? And now their information, usually bundled together with 25 to 1,000 other peoples, is sold to the highest bidder on Youtube, darknets, dark markets, and what have you dot com underground websites. You know what I think? I think a lot of things are underground, like dead people. And that’s where our 20th century technology, and our 20th century way of thinking in this 21st century world is getting us, nowhere fast.
Furthermore, this Time magazine article I read awhile ago (December 2007) really opened up my eyes, again, to the hacking world’s potential: http://www.time.com/time/magazine/article/0,9171,1692063,00.html . And I quote directly from that news article “…Recent events have made Western governments very nervous that this is just the tip of the iceberg," says Saydjari. "[The Chinese] have launched the equivalent of a Sputnik in cyberspace, and the U.S. and other countries are scrambling to catch up….”
Lastly, we (USA) are behind in technology all across the board. From cars to computers and from energy sources to efficiency. What are we doing with our time that is considered so wise? We need to be like Avis and try hard(er). Because like Winn-Dixie, we’re getting better all the time. So please don’t Chris Brown me and enlighten me, or rather, lets enlighten each other, for the matter at hand.
Disclaimer: Don’t get me wrong, I love the country I live in, USA, I am merely a concerned citizen. And please forgive my ignorance in this (questionnaire) article. To the best of my knowledge, this is what I have heard, read, experienced and come to believe with the education I undertook in the fifteen (15) years I have been interested in learning everything to do with computers from high school to college and beyond, all starting with my 486SX 4MB RAM 20GIG HD Laser Computer from Radio Shack. Yes, I did spell check, it’s grammar I ain’t too good at.
|
Mischel Internet Security Forum
Reply
Notify of replies
Send Topic
Print
Author
IP Logged
Search
Members
Login
Register