Death of antivirus software imminent

Sherri Davidoff alien at MIT.EDU
Sun Dec 30 17:56:56 EST 2007


Anne & Lynn Wheeler wrote:
> Virtualization still hot, death of antivirus software imminent, VC says
> http://www.networkworld.com/news/2007/121707-crystal-ball-virtualization.html

Interesting how "virtualization" seems to imply "safe" in the public
mind (and explicitly in that article) right now.... I'm sure with the
increasing use of virtualization, we'll start to see more VMware-aware
malware and virtual machine escapes in the wild. Another example of
putting many, many eggs in the same basket.

Here's a good article about the first public VMware escape, which
Intelguardians demonstrated at SANSFIRE this summer:
(Note: I'm biased, having worked on this project.)
http://www.pauldotcom.com/2007/07/

What boggles my mind is that despite this, the DoD has still decided to
rely on virtualization software to keep classified and unclassified info
on the same physical systems:
http://www.internetnews.com/storage/article.php/3696996

Sherri



Anne & Lynn Wheeler wrote:
> re:
> Storm, Nugache lead dangerous new botnet barrage
> http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1286808,00.html
> 
> from above:
> 
> The creators of these Trojans and bots not only have very strong software development and testing skills, but also clearly know how security vendors operate and how to outmaneuver defenses such as antivirus software, IDS and firewalls, experts say. They know that they simply need to alter their code and the messages carrying it in small ways in order to evade signature-based defenses. Dittrich and other researchers say that when they analyze the code these malware authors are putting out, what emerges is a picture of a group of skilled, professional software developers learning from their mistakes, improving their code on a weekly basis and making a lot of money in the process.
> 
> ... snip ...
> 
> ... and somewhat related
> 
> Virtualization still hot, death of antivirus software imminent, VC says
> http://www.networkworld.com/news/2007/121707-crystal-ball-virtualization.html
> 
> from above:
> 
> Another trend Maeder predicts for 2008 is, at long last, the death of antivirus software and other security products that allow employees to install and download any programs they'd like onto their PCs, and then attempt to weed out the malicious code. Instead, products that protect endpoints by only allowing IT-approved code to be installed will become the norm.
> 
> ... snip ...
> 
> and post about dealing with compromised machines
> http://www.garlic.com/~lynn/2007u.html#771 folklore indeed
> 
> mentioning sophistication in other ways:
> 
> Botnet-controlled Trojan robbing online bank customers
> http://www.networkworld.com/news/2007/121307-zbot-trojan-robbing-banks.htm
> 
> from above:
> 
> If the attacker succeeds in getting the Trojan malware onto the victim's
> computer, he can piggyback on a session of online banking without even
> having to use the victim's name and password. The infected computer
> communicates back to the Trojan's command-and-controller exactly which
> bank the victim has an account with. It then automatically feeds code
> that tells the Trojan how to mimic actual online transactions with a
> particular bank to do wire transfers or bill payments
> 
> ... snip ...
> 
> there have been some number of online banking countermeasures for
> specific kinds of system compromises .... like keyloggers ... but they
> apparently didn't bother to get promises from the crooks to only limit
> the kinds of attacks to those exploits.
> 
> some related comments on such compromised machines
> http://www.garlic.com/~lynn/aadsm27.htm#66 2007: year in review
> http://www.garlic.com/~lynn/aadsm28.htm#0 2007: year in review
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list