SlideShare ist ein Scribd-Unternehmen logo

Protecting Against the New Wave of Malware

GFI Software
GFI Software

This Osterman Research white paper examines why older, traditional antivirus approaches don't work and why a new approach to endpoint security is required to better protect your users, your data and your long-term viability as a company from malicious threats. Learn about the scope of the malware problem and strategies that can help you defend against evolving malware threats.

Technologie
1 von 9
Downloaden Sie, um offline zu lesen
Protecting Against the New Wave of Malware An Osterman Research White Paper Published September 2008 SPONSORED BY Osterman Research, Inc. • P.O. Box 1058 • Black Diamond, Washington 98010-1058 Phone: +1 253 630 5839 • Fax: +1 866 842 3274 • info@ostermanresearch.com • www.ostermanresearch.com
Protecting Against the New Wave of Malware Executive Summary Managing threats to the endpoint infrastructure is becoming increasingly difficult for most organizations regardless of their size. Viruses, worms, spyware and other forms of malware are becoming more virulent, their authors are becoming more adept at getting around existing defenses, and the profits generated by malware are funding new and more dangerous threats. At the same time, many anti-virus, anti-spyware and other anti-malware defenses are not keeping up with the growing threats posed by malware. Independent sources have verified that some anti-malware tools are losing ground to the new variants of malware that developers are creating. Adding to the problem is the fact that many administrators view virus remediation and spyware remediation as somewhat compartmentalized offerings that address different problems when, in fact, these problems are actually quite similar in their scope and in the level of threat they pose to endpoints in their organization. What administrators should consider, therefore, is that malware is malware, regardless of whether the threat is a Malware is malware, virus, a worm, a Trojan, spyware code or some other threat. They should also regardless of whether the view malware remediation as an threat is a virus, a worm, a integrated set of capabilities that can be managed through a single agent that Trojan, spyware code or addresses viruses, spyware, rootkits and other malware in a coordinated some other threat. fashion. This white paper, sponsored by GFI Software, addresses the variety of issues facing organizations today in the context of their system management challenges, and discusses the capabilities of VIPRE Antivirus Business, an integrated platform that provides high- performance, integrated endpoint protection capabilities. The Current State of Malware Osterman Research conducted a major study among security-oriented decision makers in the first half of 2008. This study, which was not sponsored by GFI, asked these decision makers about a wide range of issues related to the security of their messaging systems, data stores and other parts of the IT infrastructure. As part of this study, Osterman Research asked decision makers to rate the severity of 44 problems on a scale of 1 (no problem at all) to 5 (a very serious problem). What we found is that viruses and other malware are creating quite serious problems, as shown in the following table. Further, organizations anticipate exposure from a number of problems focused on viruses, malware and other issues, as shown in the next table. ©2008 Osterman Research, Inc. 1
Protecting Against the New Wave of Malware Various Problems Experienced in Managing Messaging and Web Systems (% Indicating Problem is Serious or Very Serious) Problem % The lag between new virus outbreaks and when our AV vendor 25% issues an update to deal with these outbreaks Spyware infections 24% Virus infections 19% Perceived Risks of Various Security Problems (% Responding a Serious or Very Serious Risk) Risk % Your users visiting Web sites that could introduce malware 51% into your network A new virus, worm or Trojan that enters via email harming 41% your network, data, etc. A new virus, worm or Trojan that enters via a mobile device 39% harming your network, data, etc. A new virus, worm or Trojan that enters via instant 29% messaging harming your network, data, etc. THESE PROBLEMS ARE REAL What this means is that security problems are a serious risk, but decision makers fear that the problems with viruses, worms, Trojans, spyware and other malware will get significantly worse over time. However, these problems are by no means simply anticipated or theoretical: the same survey found that a significant proportion of organizations have already been directly impacted by malware, as shown in the following figure. ©2008 Osterman Research, Inc. 2
Protecting Against the New Wave of Malware Problems That Have Occurred During the Past 12 Months Clearly, then, these problems are real – they are happening to organizations of all sizes and creating a variety of problems, ranging from annoyance and extra demands on IT staff time to loss of data and revenue. For example, as of August 29, 2008, the SRI Malware Threat Center1 had detected 29,373 botnet attacks over the previous 456-day period, an average of more than 64 attacks every day. BLENDED THREATS ARE MAKING THINGS WORSE Blended threats are payloads that mix several delivery modes (such as email and Web) and often contain multiple components, such as phishing attempts, spam, viruses, worms and Trojans. These threats can combine protocols, such as emails that link to malicious Web sites. This is an increasingly serious threat vector that organizations must consider as they plan their defense strategies. WHAT YOUR PEERS ARE DOING The survey noted above found that one in six organizations had switched anti-virus vendors during the 12 months before the survey, indicating that many organizations are not satisfied with the performance of their current anti-virus solutions. Further, the survey found that 69% of organizations will likely or definitely invest in systems to protect against 1 http://www.cyber-ta.org/releases/malware-analysis/public/ ©2008 Osterman Research, Inc. 3
Protecting Against the New Wave of Malware adware and spyware during the next 12 months, and 53% are this likely to invest in systems to protect against zero-hour, email-borne malware threats. Traditional Anti-Spyware and Anti-Virus Models Anti-virus software is among the oldest genres of endpoint security. While there is some debate about when anti-virus software was first developed, it is generally accepted that the first PC-based virus was quashed in 1986 or 1987, although the first known virus actually infected ARPANET – the predecessor of today’s Internet – back in the 1970s. By 1990, a number of commercial anti-virus products were available from leading developers and the market has exploded since into a multi-billion dollar industry. A more recent threat has been the emergence of spyware. This is an One of the primary reasons entire class of malware that covers a variety of threats ranging from simple that malware authors have monitoring of user behavior to been able to defeat provide intelligence for advertisers to intercepting confidential information traditional defenses is that from infected computers to using those computers for sending malware they are becoming more on command. adept at creating variants of The deployment of anti-virus software their wares. and, more recently anti-spyware software, on client platforms and servers continues to be a critical best practice given the large and growing number of threats that exist. However, the effectiveness of these capabilities is decreasing over time as malware authors create new and better forms of malware designed to defeat these defenses. For example, a German computer magazine2 tested 17 different anti-virus scanners and published their results in January 2008. The testers found that effectiveness of these scanners ranged from 20-30%, down from the range of 40-50% that the magazine had discovered in its previous test in early 2007. WHY ARE TRADITIONAL PRODUCTS LESS EFFECTIVE? One of the primary reasons that malware authors have been able to defeat traditional defenses is that these developers are becoming more adept at creating variants of their wares. They will create a series of variants of a single threat, each of which has been prepared prior to the introduction of the first variant. Each variant is launched at pre- determined intervals and is able to take advantage of networks’ lack of signatures to deal with each new instance of the attack. For example, if each variant were launched at intervals of 12 hours, 100 variants of the same attack would leave open a 50-day window of vulnerability. 2 c’t (http://www.heise.de/ct/) ©2008 Osterman Research, Inc. 4
Protecting Against the New Wave of Malware Another important reason for the decreasing effectiveness of defense capabilities is the use of modular Trojans. Modular Trojans, also known as multi-stage downloaders, operate on a simple principle: a small Trojan first disables local anti-virus software or other security defenses. Once those tools are disabled, a second-stage of the attack downloads any of a variety of threats, including keystroke loggers, worms or other spyware/malware typically designed to take control of the platform. Attackers who successfully disable anti-virus defenses are free to download virtually any sort of malware, including old viruses and other threats, since these will no longer be detected. The bottom line is that malware is now extremely complex compared to the types of threats that organizations faced just a few years ago. Rootkits, malware that is comprised of several components and the polymorphic variants discussed above make the detection and eradication of malware extraordinarily difficult. DELIVERY IS BECOMING MORE SOPHISTICATED Another reason that malware is becoming a more serious threat is that social engineering techniques have become a key infection vector, in many cases using highly sophisticated and creative techniques. For example, some malware developers will display what look like system popups warning of an infection that has been detected or an out-of-date version of software installed on the platform. When well-meaning users click on the “OK” or “Next” button on these fake advertisements, their platform can become infected with malware. PROFITS ARE UPPING THE ANTE The fundamental driver for the growth of malware is simple: there are enormous profits to be made from distributing this content, in most cases as widely as possible. While early malware developers and spammers were motivated mostly by notoriety and the challenge of spreading their wares; modern-day attacks are motivated primarily by the prospect of generating huge The profit motive has revenues. Spammers, for example, dramatically exacerbated can earn significant amounts of money by selling products marketed the threats from malware. through spam – such as stock “pump- Profits from malicious and-dump” schemes – or by directing people to advertising-laden sites on activities are substantial, which they earn a commission for clickthroughs. they can be used to fund newer and better methods Malware developers, on the other hand, generate revenue by stealing it. for circumventing defenses. For example, a keystroke logger surreptitiously installed on a client platform can intercept usernames, passwords, bank account numbers, credit card numbers and other sensitive information that can then be used to deplete bank accounts, purchase products or simply be sold to others wishing to do the same. ©2008 Osterman Research, Inc. 5
Protecting Against the New Wave of Malware The profit motive has dramatically exacerbated the threats from malware. Because significant profits are generated by these criminals, many have been attracted to this “market”. Further, because profits from malicious activities are substantial, they can be used to fund newer and better methods for circumventing defenses against their attacks. Thus, a vicious circle is created in which malware generates profits that funds better malware that generates more profit. Next-Generation Technology is Needed There are a number of good anti-virus and anti-spyware products on the market offered by leading and not-so-leading developers. Some products offer reasonably high detection rates, fairly quick updates of new signatures and minimal impacts on system performance. However, some products do not provide acceptable levels of performance – they are slow to react to newer types of threats, such as the newest types of spyware; some consume enormous system resources; and some are not designed to deal effectively with “grayware” – those applications that typically are more annoying than threatening – such as those that display popup windows or track user behavior. As a result, the anti-virus and anti-spyware industries are in need of something of an overhaul. For example, while there are discrete anti-virus and anti-spyware products available today, there is no appreciable difference between viruses, Trojans, worms, spyware and other threats from a user’s or administrator’s perspective. These threats are merely different forms of malware, any of which represent a serious risk to users and organizations alike. It makes sense, therefore, to integrate discrete anti-malware capabilities into a single, integrated platform. An anti-malware system should be designed from the ground up as an integrated set of capabilities that offer: • A high rate of detection for various types of malware, whether the threat is a virus, Trojan, keystroke logger, adware, etc. • High-speed detection of threats. • Minimum imposition on system resources. • Reasonable pricing for organizations of any size. About VIPRE Antivirus Business™ VIPRE Business was built for the administrator that is tired of earlier generation antivirus programs that have bolted on module after module and now are peddling bloatware as a security solution. Instead, VIPRE Business is designed to optimize overall performance by melding anti-virus and spyware protection into a single, powerful engine. This combination of technologies offers high-performance anti-malware software that does not ©2008 Osterman Research, Inc. 6
Protecting Against the New Wave of Malware slow down users' PCs, consumes few system resources, and makes it easy for administrators to protect their networks. With its next-generation technology, VIPRE Business means powerful virus and spyware protection against today's highly complex malware threats. It eliminates the system slowness and resource headaches of older anti-virus products. The many capabilities of VIPRE Business include: • Checkmark Anti-Virus Certified VIPRE is Checkmark Anti-Virus Desktop certified by West Coast Labs and will receive additional certifications through other certifying bodies throughout the balance of 2008 and into 2009. • Powerful, comprehensive scanning agent technology VIPRE Business employs a high-speed, threat-scanning engine that can scan large volumes of information for malware threats in a short period of time with limited performance impact on the end user's machine. With its optional agent user interface, users can stop and start scans and manage their own quarantines. • Real-time monitoring with Active Protection VIPRE's Active Protection delivers real time monitoring and protection against known and unknown malware threats. Active Protection works inside the Windows kernel, watching for malware and stopping it before it has a chance to execute on a user's system. • Configurable dashboard provides a centralized, policy-driven management console VIPRE Business supports multiple methods of agent deployment to allow administrators flexibility in how agents are pushed to their users' systems. Within the Admin Console, an agent VIPRE Business employs a deployment wizard helps high-speed, threat-scanning administrators select a deployment option and assists them with their engine that can scan large deployment configuration: silent push install, MSI file, Active volumes of information for Directory Policy based on OU's, IP malware threats in a short range and machine lists. period of time with limited • Policy-based management performance impact. VIPRE Business has sophisticated policy creation and management functionality that gives administrators the flexibility to control scheduling of quick scans and deep scans, set scan options (including scanning of known locations, whether to scan cookies, and whether to scan running processes), and allow specific threats from the database. • Flexible Reporting VIPRE Business' reporting features make it easy for administrators to schedule and ©2008 Osterman Research, Inc. 7
Protecting Against the New Wave of Malware customize its library of reports. A report scheduler allows administrators to easily schedule any report to run at a designated time with the ability to email reports to specified users; simplifying report distribution to management. Additionally, a custom report editor enables administrators to modify existing reports or create their own reports. • Resource Usage Old-style anti-virus products have stacked layer upon layer of engines, and created bloatware in the process. VIPRE Business imposes a low impact on system resources compared to the competition. Summary Malware is a serious threat and the problems are getting worse. Authors of malware are becoming more adept at circumventing the billions of dollars in anti-virus, anti-spyware and other endpoint security defenses that have been deployed by organizations of all sizes. Because malware authors are motivated by profit – and successfully generating lots of it – they are able to create ever more sophisticated ways of breaching these defenses. At the same time, many anti-virus and anti-spyware tools have not kept pace with the threats. They are less effective at detecting the growing array of threat variants, they impose a huge burden on system resources and they are expensive to deploy and maintain. What organizations need, therefore, is a capability that provides high detection and proactive protection against known and unknown types of malware, an integrated approach to dealing with viruses, spyware, rootkits and other threats from malware, and robust management tools that will minimize administrator involvement in the process of manage threat remediation. © 2008 Osterman Research, Inc. All rights reserved. No part of this document may be reproduced in any form by any means, nor may it be distributed without the permission of Osterman Research, Inc., nor may it be resold or distributed by any entity other than Osterman Research, Inc., without prior written authorization of Osterman Research, Inc. Osterman Research, Inc. does not provide legal advice. Nothing in this document constitutes legal advice, nor shall this document or any software product or other offering referenced herein serve as a substitute for the reader’s compliance with any laws (including but not limited to any act, statue, regulation, rule, directive, administrative order, executive order, etc. (collectively, “Laws”)) referenced in this document. If necessary, the reader should consult with competent legal counsel regarding any Laws referenced herein. Osterman Research, Inc. makes no representation or warranty regarding the completeness or accuracy of the information contained in this document. THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED REPRESENTATIONS, CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE DETERMINED TO BE ILLEGAL. ©2008 Osterman Research, Inc. 8

Empfohlen

Anti virus in the corporate arena
Anti virus in the corporate arenaAnti virus in the corporate arena
Anti virus in the corporate arenaUltraUploader
 
AVG Threat Report Q4 2012
AVG Threat Report Q4 2012AVG Threat Report Q4 2012
AVG Threat Report Q4 2012AVG Technologies AU
 
Maximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesMaximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesSecunia
 
Application of hardware accelerated extensible network nodes for internet wor...
Application of hardware accelerated extensible network nodes for internet wor...Application of hardware accelerated extensible network nodes for internet wor...
Application of hardware accelerated extensible network nodes for internet wor...UltraUploader
 
Stormy Weather
Stormy WeatherStormy Weather
Stormy WeatherAnthony Arrott
 
Beyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus securityBeyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus securityUltraUploader
 
Attack of the killer virus!
Attack of the killer virus!Attack of the killer virus!
Attack of the killer virus!UltraUploader
 
A cooperative immunization system for an untrusting internet
A cooperative immunization system for an untrusting internetA cooperative immunization system for an untrusting internet
A cooperative immunization system for an untrusting internetUltraUploader
 

Empfohlen

Anti virus in the corporate arena
Anti virus in the corporate arenaAnti virus in the corporate arena
Anti virus in the corporate arenaUltraUploader
 
AVG Threat Report Q4 2012
AVG Threat Report Q4 2012AVG Threat Report Q4 2012
AVG Threat Report Q4 2012AVG Technologies AU
 
Maximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesMaximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesSecunia
 
Application of hardware accelerated extensible network nodes for internet wor...
Application of hardware accelerated extensible network nodes for internet wor...Application of hardware accelerated extensible network nodes for internet wor...
Application of hardware accelerated extensible network nodes for internet wor...UltraUploader
 
Stormy Weather
Stormy WeatherStormy Weather
Stormy WeatherAnthony Arrott
 
Beyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus securityBeyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus securityUltraUploader
 
Attack of the killer virus!
Attack of the killer virus!Attack of the killer virus!
Attack of the killer virus!UltraUploader
 
A cooperative immunization system for an untrusting internet
A cooperative immunization system for an untrusting internetA cooperative immunization system for an untrusting internet
A cooperative immunization system for an untrusting internetUltraUploader
 
Users’ Perception of the Effects of Viruses
Users’ Perception of the Effects of VirusesUsers’ Perception of the Effects of Viruses
Users’ Perception of the Effects of VirusesSolomon Sunday Oyelere
 
Cscu module 02 securing operating systems
Cscu module 02 securing operating systemsCscu module 02 securing operating systems
Cscu module 02 securing operating systemsSejahtera Affif
 
A generic virus detection agent on the internet
A generic virus detection agent on the internetA generic virus detection agent on the internet
A generic virus detection agent on the internetUltraUploader
 
An efficient control of virus propagation
An efficient control of virus propagationAn efficient control of virus propagation
An efficient control of virus propagationUltraUploader
 
Symantec intelligence report august 2015
Symantec intelligence report august 2015Symantec intelligence report august 2015
Symantec intelligence report august 2015Symantec
 
The uncool-security-hygiene
The uncool-security-hygieneThe uncool-security-hygiene
The uncool-security-hygieneThiagu Haldurai
 
How to Audit
How to AuditHow to Audit
How to Auditayousif
 
Fighting computer viruses
Fighting computer virusesFighting computer viruses
Fighting computer virusesNguyễn Anh
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingYogeshIJTSRD
 
An epidemiological model of virus spread and cleanup
An epidemiological model of virus spread and cleanupAn epidemiological model of virus spread and cleanup
An epidemiological model of virus spread and cleanupUltraUploader
 
Commercial Cyber Crime - Social Networks Malware
Commercial Cyber Crime - Social Networks MalwareCommercial Cyber Crime - Social Networks Malware
Commercial Cyber Crime - Social Networks MalwareAditya K Sood
 
Biological aspects of computer virology
Biological aspects of computer virologyBiological aspects of computer virology
Biological aspects of computer virologyUltraUploader
 
Cisco - See Everything, Secure Everything
Cisco - See Everything, Secure EverythingCisco - See Everything, Secure Everything
Cisco - See Everything, Secure EverythingRedington Value Distribution
 
Bilge12 zero day
Bilge12 zero dayBilge12 zero day
Bilge12 zero dayКомсс Файквэе
 
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureUsing Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureOPSWAT
 
Search Diverse Models for Proactive Software Diversification
Search Diverse Models for Proactive Software DiversificationSearch Diverse Models for Proactive Software Diversification
Search Diverse Models for Proactive Software DiversificationFoCAS Initiative
 
Kaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitKaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitPR Americas
 
Zbot/Zeus And Antivirus
Zbot/Zeus And AntivirusZbot/Zeus And Antivirus
Zbot/Zeus And AntivirusKim Jensen
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareGFI Software
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Deb Birch
 
C3
C3C3
C3Praveen Malisetty
 
Information security
Information securityInformation security
Information securityAppin Faridabad
 

Weitere ähnliche Inhalte

Was ist angesagt?

Users’ Perception of the Effects of Viruses
Users’ Perception of the Effects of VirusesUsers’ Perception of the Effects of Viruses
Users’ Perception of the Effects of VirusesSolomon Sunday Oyelere
 
Cscu module 02 securing operating systems
Cscu module 02 securing operating systemsCscu module 02 securing operating systems
Cscu module 02 securing operating systemsSejahtera Affif
 
A generic virus detection agent on the internet
A generic virus detection agent on the internetA generic virus detection agent on the internet
A generic virus detection agent on the internetUltraUploader
 
An efficient control of virus propagation
An efficient control of virus propagationAn efficient control of virus propagation
An efficient control of virus propagationUltraUploader
 
Symantec intelligence report august 2015
Symantec intelligence report august 2015Symantec intelligence report august 2015
Symantec intelligence report august 2015Symantec
 
The uncool-security-hygiene
The uncool-security-hygieneThe uncool-security-hygiene
The uncool-security-hygieneThiagu Haldurai
 
How to Audit
How to AuditHow to Audit
How to Auditayousif
 
Fighting computer viruses
Fighting computer virusesFighting computer viruses
Fighting computer virusesNguyễn Anh
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingYogeshIJTSRD
 
An epidemiological model of virus spread and cleanup
An epidemiological model of virus spread and cleanupAn epidemiological model of virus spread and cleanup
An epidemiological model of virus spread and cleanupUltraUploader
 
Commercial Cyber Crime - Social Networks Malware
Commercial Cyber Crime - Social Networks MalwareCommercial Cyber Crime - Social Networks Malware
Commercial Cyber Crime - Social Networks MalwareAditya K Sood
 
Biological aspects of computer virology
Biological aspects of computer virologyBiological aspects of computer virology
Biological aspects of computer virologyUltraUploader
 
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureUsing Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureOPSWAT
 
Search Diverse Models for Proactive Software Diversification
Search Diverse Models for Proactive Software DiversificationSearch Diverse Models for Proactive Software Diversification
Search Diverse Models for Proactive Software DiversificationFoCAS Initiative
 
Kaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitKaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitPR Americas
 
Zbot/Zeus And Antivirus
Zbot/Zeus And AntivirusZbot/Zeus And Antivirus
Zbot/Zeus And AntivirusKim Jensen
 

Was ist angesagt? (18)

Users’ Perception of the Effects of Viruses
Users’ Perception of the Effects of VirusesUsers’ Perception of the Effects of Viruses
Users’ Perception of the Effects of Viruses
 
Cscu module 02 securing operating systems
Cscu module 02 securing operating systemsCscu module 02 securing operating systems
Cscu module 02 securing operating systems
 
A generic virus detection agent on the internet
A generic virus detection agent on the internetA generic virus detection agent on the internet
A generic virus detection agent on the internet
 
An efficient control of virus propagation
An efficient control of virus propagationAn efficient control of virus propagation
An efficient control of virus propagation
 
Symantec intelligence report august 2015
Symantec intelligence report august 2015Symantec intelligence report august 2015
Symantec intelligence report august 2015
 
The uncool-security-hygiene
The uncool-security-hygieneThe uncool-security-hygiene
The uncool-security-hygiene
 
How to Audit
How to AuditHow to Audit
How to Audit
 
Fighting computer viruses
Fighting computer virusesFighting computer viruses
Fighting computer viruses
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration Testing
 
An epidemiological model of virus spread and cleanup
An epidemiological model of virus spread and cleanupAn epidemiological model of virus spread and cleanup
An epidemiological model of virus spread and cleanup
 
Commercial Cyber Crime - Social Networks Malware
Commercial Cyber Crime - Social Networks MalwareCommercial Cyber Crime - Social Networks Malware
Commercial Cyber Crime - Social Networks Malware
 
Biological aspects of computer virology
Biological aspects of computer virologyBiological aspects of computer virology
Biological aspects of computer virology
 
Cisco - See Everything, Secure Everything
Cisco - See Everything, Secure EverythingCisco - See Everything, Secure Everything
Cisco - See Everything, Secure Everything
 
Bilge12 zero day
Bilge12 zero dayBilge12 zero day
Bilge12 zero day
 
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureUsing Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
 
Search Diverse Models for Proactive Software Diversification
Search Diverse Models for Proactive Software DiversificationSearch Diverse Models for Proactive Software Diversification
Search Diverse Models for Proactive Software Diversification
 
Kaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitKaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst Summit
 
Zbot/Zeus And Antivirus
Zbot/Zeus And AntivirusZbot/Zeus And Antivirus
Zbot/Zeus And Antivirus
 

Ähnlich wie Protecting Against the New Wave of Malware

VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareGFI Software
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Deb Birch
 
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya
 
Cyber Malware Programs And The Internet
Cyber Malware Programs And The InternetCyber Malware Programs And The Internet
Cyber Malware Programs And The InternetHeidi Maestas
 
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurityEn msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurityOnline Business
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
FireEye Advanced Threat Report
FireEye Advanced Threat ReportFireEye Advanced Threat Report
FireEye Advanced Threat ReportFireEye, Inc.
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesAlireza Ghahrood
 
Why One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughWhy One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughGFI Software
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlJose Lopez
 
Computer virus
Computer virusComputer virus
Computer virusDark Side
 
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...ESET Middle East
 
Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2Scott Brown
 

Ähnlich wie Protecting Against the New Wave of Malware (20)

VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of Bloatware
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...
 
C3
C3C3
C3
 
Information security
Information securityInformation security
Information security
 
185
185185
185
 
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
 
Cyber Malware Programs And The Internet
Cyber Malware Programs And The InternetCyber Malware Programs And The Internet
Cyber Malware Programs And The Internet
 
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurityEn msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurity
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security
 
The modern-malware-review-march-2013
The modern-malware-review-march-2013 The modern-malware-review-march-2013
The modern-malware-review-march-2013
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
FireEye Advanced Threat Report
FireEye Advanced Threat ReportFireEye Advanced Threat Report
FireEye Advanced Threat Report
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antiviruses
 
Why One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughWhy One Virus Engine is Not Enough
Why One Virus Engine is Not Enough
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat Control
 
Computer virus
Computer virusComputer virus
Computer virus
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2
 

Mehr von GFI Software

Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013GFI Software
 
Network Environments
Network EnvironmentsNetwork Environments
Network EnvironmentsGFI Software
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesGFI Software
 
Understanding Data Backups
Understanding Data BackupsUnderstanding Data Backups
Understanding Data BackupsGFI Software
 
Master Class Series
Master Class SeriesMaster Class Series
Master Class SeriesGFI Software
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability ManagementGFI Software
 
Deploying GFI EventsManager™
Deploying GFI EventsManager™Deploying GFI EventsManager™
Deploying GFI EventsManager™GFI Software
 
How to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementHow to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementGFI Software
 
How to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerHow to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerGFI Software
 
Email Security Solutions
Email Security SolutionsEmail Security Solutions
Email Security SolutionsGFI Software
 
Messaging and Web Security
Messaging and Web SecurityMessaging and Web Security
Messaging and Web SecurityGFI Software
 
How to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkHow to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkGFI Software
 
How to Block NDR Spam
How to Block NDR SpamHow to Block NDR Spam
How to Block NDR SpamGFI Software
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productGFI Software
 

Mehr von GFI Software (20)

Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013
 
Network Environments
Network EnvironmentsNetwork Environments
Network Environments
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage Devices
 
Hybrid Technology
Hybrid TechnologyHybrid Technology
Hybrid Technology
 
Email Continuity
Email ContinuityEmail Continuity
Email Continuity
 
Understanding Data Backups
Understanding Data BackupsUnderstanding Data Backups
Understanding Data Backups
 
Data Backups
Data BackupsData Backups
Data Backups
 
Master Class Series
Master Class SeriesMaster Class Series
Master Class Series
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBs
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Deploying GFI EventsManager™
Deploying GFI EventsManager™Deploying GFI EventsManager™
Deploying GFI EventsManager™
 
How to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementHow to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log Management
 
How to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerHow to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManager
 
Email Security Solutions
Email Security SolutionsEmail Security Solutions
Email Security Solutions
 
Maxmp greylisting
Maxmp greylistingMaxmp greylisting
Maxmp greylisting
 
Messaging and Web Security
Messaging and Web SecurityMessaging and Web Security
Messaging and Web Security
 
How to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkHow to Keep Spam Off Your Network
How to Keep Spam Off Your Network
 
How to Block NDR Spam
How to Block NDR SpamHow to Block NDR Spam
How to Block NDR Spam
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware product
 

Kürzlich hochgeladen

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

Kürzlich hochgeladen (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 

Protecting Against the New Wave of Malware

  • 1. Protecting Against the New Wave of Malware An Osterman Research White Paper Published September 2008 SPONSORED BY Osterman Research, Inc. • P.O. Box 1058 • Black Diamond, Washington 98010-1058 Phone: +1 253 630 5839 • Fax: +1 866 842 3274 • info@ostermanresearch.com • www.ostermanresearch.com
  • 2. Protecting Against the New Wave of Malware Executive Summary Managing threats to the endpoint infrastructure is becoming increasingly difficult for most organizations regardless of their size. Viruses, worms, spyware and other forms of malware are becoming more virulent, their authors are becoming more adept at getting around existing defenses, and the profits generated by malware are funding new and more dangerous threats. At the same time, many anti-virus, anti-spyware and other anti-malware defenses are not keeping up with the growing threats posed by malware. Independent sources have verified that some anti-malware tools are losing ground to the new variants of malware that developers are creating. Adding to the problem is the fact that many administrators view virus remediation and spyware remediation as somewhat compartmentalized offerings that address different problems when, in fact, these problems are actually quite similar in their scope and in the level of threat they pose to endpoints in their organization. What administrators should consider, therefore, is that malware is malware, regardless of whether the threat is a Malware is malware, virus, a worm, a Trojan, spyware code or some other threat. They should also regardless of whether the view malware remediation as an threat is a virus, a worm, a integrated set of capabilities that can be managed through a single agent that Trojan, spyware code or addresses viruses, spyware, rootkits and other malware in a coordinated some other threat. fashion. This white paper, sponsored by GFI Software, addresses the variety of issues facing organizations today in the context of their system management challenges, and discusses the capabilities of VIPRE Antivirus Business, an integrated platform that provides high- performance, integrated endpoint protection capabilities. The Current State of Malware Osterman Research conducted a major study among security-oriented decision makers in the first half of 2008. This study, which was not sponsored by GFI, asked these decision makers about a wide range of issues related to the security of their messaging systems, data stores and other parts of the IT infrastructure. As part of this study, Osterman Research asked decision makers to rate the severity of 44 problems on a scale of 1 (no problem at all) to 5 (a very serious problem). What we found is that viruses and other malware are creating quite serious problems, as shown in the following table. Further, organizations anticipate exposure from a number of problems focused on viruses, malware and other issues, as shown in the next table. ©2008 Osterman Research, Inc. 1
  • 3. Protecting Against the New Wave of Malware Various Problems Experienced in Managing Messaging and Web Systems (% Indicating Problem is Serious or Very Serious) Problem % The lag between new virus outbreaks and when our AV vendor 25% issues an update to deal with these outbreaks Spyware infections 24% Virus infections 19% Perceived Risks of Various Security Problems (% Responding a Serious or Very Serious Risk) Risk % Your users visiting Web sites that could introduce malware 51% into your network A new virus, worm or Trojan that enters via email harming 41% your network, data, etc. A new virus, worm or Trojan that enters via a mobile device 39% harming your network, data, etc. A new virus, worm or Trojan that enters via instant 29% messaging harming your network, data, etc. THESE PROBLEMS ARE REAL What this means is that security problems are a serious risk, but decision makers fear that the problems with viruses, worms, Trojans, spyware and other malware will get significantly worse over time. However, these problems are by no means simply anticipated or theoretical: the same survey found that a significant proportion of organizations have already been directly impacted by malware, as shown in the following figure. ©2008 Osterman Research, Inc. 2
  • 4. Protecting Against the New Wave of Malware Problems That Have Occurred During the Past 12 Months Clearly, then, these problems are real – they are happening to organizations of all sizes and creating a variety of problems, ranging from annoyance and extra demands on IT staff time to loss of data and revenue. For example, as of August 29, 2008, the SRI Malware Threat Center1 had detected 29,373 botnet attacks over the previous 456-day period, an average of more than 64 attacks every day. BLENDED THREATS ARE MAKING THINGS WORSE Blended threats are payloads that mix several delivery modes (such as email and Web) and often contain multiple components, such as phishing attempts, spam, viruses, worms and Trojans. These threats can combine protocols, such as emails that link to malicious Web sites. This is an increasingly serious threat vector that organizations must consider as they plan their defense strategies. WHAT YOUR PEERS ARE DOING The survey noted above found that one in six organizations had switched anti-virus vendors during the 12 months before the survey, indicating that many organizations are not satisfied with the performance of their current anti-virus solutions. Further, the survey found that 69% of organizations will likely or definitely invest in systems to protect against 1 http://www.cyber-ta.org/releases/malware-analysis/public/ ©2008 Osterman Research, Inc. 3
  • 5. Protecting Against the New Wave of Malware adware and spyware during the next 12 months, and 53% are this likely to invest in systems to protect against zero-hour, email-borne malware threats. Traditional Anti-Spyware and Anti-Virus Models Anti-virus software is among the oldest genres of endpoint security. While there is some debate about when anti-virus software was first developed, it is generally accepted that the first PC-based virus was quashed in 1986 or 1987, although the first known virus actually infected ARPANET – the predecessor of today’s Internet – back in the 1970s. By 1990, a number of commercial anti-virus products were available from leading developers and the market has exploded since into a multi-billion dollar industry. A more recent threat has been the emergence of spyware. This is an One of the primary reasons entire class of malware that covers a variety of threats ranging from simple that malware authors have monitoring of user behavior to been able to defeat provide intelligence for advertisers to intercepting confidential information traditional defenses is that from infected computers to using those computers for sending malware they are becoming more on command. adept at creating variants of The deployment of anti-virus software their wares. and, more recently anti-spyware software, on client platforms and servers continues to be a critical best practice given the large and growing number of threats that exist. However, the effectiveness of these capabilities is decreasing over time as malware authors create new and better forms of malware designed to defeat these defenses. For example, a German computer magazine2 tested 17 different anti-virus scanners and published their results in January 2008. The testers found that effectiveness of these scanners ranged from 20-30%, down from the range of 40-50% that the magazine had discovered in its previous test in early 2007. WHY ARE TRADITIONAL PRODUCTS LESS EFFECTIVE? One of the primary reasons that malware authors have been able to defeat traditional defenses is that these developers are becoming more adept at creating variants of their wares. They will create a series of variants of a single threat, each of which has been prepared prior to the introduction of the first variant. Each variant is launched at pre- determined intervals and is able to take advantage of networks’ lack of signatures to deal with each new instance of the attack. For example, if each variant were launched at intervals of 12 hours, 100 variants of the same attack would leave open a 50-day window of vulnerability. 2 c’t (http://www.heise.de/ct/) ©2008 Osterman Research, Inc. 4
  • 6. Protecting Against the New Wave of Malware Another important reason for the decreasing effectiveness of defense capabilities is the use of modular Trojans. Modular Trojans, also known as multi-stage downloaders, operate on a simple principle: a small Trojan first disables local anti-virus software or other security defenses. Once those tools are disabled, a second-stage of the attack downloads any of a variety of threats, including keystroke loggers, worms or other spyware/malware typically designed to take control of the platform. Attackers who successfully disable anti-virus defenses are free to download virtually any sort of malware, including old viruses and other threats, since these will no longer be detected. The bottom line is that malware is now extremely complex compared to the types of threats that organizations faced just a few years ago. Rootkits, malware that is comprised of several components and the polymorphic variants discussed above make the detection and eradication of malware extraordinarily difficult. DELIVERY IS BECOMING MORE SOPHISTICATED Another reason that malware is becoming a more serious threat is that social engineering techniques have become a key infection vector, in many cases using highly sophisticated and creative techniques. For example, some malware developers will display what look like system popups warning of an infection that has been detected or an out-of-date version of software installed on the platform. When well-meaning users click on the “OK” or “Next” button on these fake advertisements, their platform can become infected with malware. PROFITS ARE UPPING THE ANTE The fundamental driver for the growth of malware is simple: there are enormous profits to be made from distributing this content, in most cases as widely as possible. While early malware developers and spammers were motivated mostly by notoriety and the challenge of spreading their wares; modern-day attacks are motivated primarily by the prospect of generating huge The profit motive has revenues. Spammers, for example, dramatically exacerbated can earn significant amounts of money by selling products marketed the threats from malware. through spam – such as stock “pump- Profits from malicious and-dump” schemes – or by directing people to advertising-laden sites on activities are substantial, which they earn a commission for clickthroughs. they can be used to fund newer and better methods Malware developers, on the other hand, generate revenue by stealing it. for circumventing defenses. For example, a keystroke logger surreptitiously installed on a client platform can intercept usernames, passwords, bank account numbers, credit card numbers and other sensitive information that can then be used to deplete bank accounts, purchase products or simply be sold to others wishing to do the same. ©2008 Osterman Research, Inc. 5
  • 7. Protecting Against the New Wave of Malware The profit motive has dramatically exacerbated the threats from malware. Because significant profits are generated by these criminals, many have been attracted to this “market”. Further, because profits from malicious activities are substantial, they can be used to fund newer and better methods for circumventing defenses against their attacks. Thus, a vicious circle is created in which malware generates profits that funds better malware that generates more profit. Next-Generation Technology is Needed There are a number of good anti-virus and anti-spyware products on the market offered by leading and not-so-leading developers. Some products offer reasonably high detection rates, fairly quick updates of new signatures and minimal impacts on system performance. However, some products do not provide acceptable levels of performance – they are slow to react to newer types of threats, such as the newest types of spyware; some consume enormous system resources; and some are not designed to deal effectively with “grayware” – those applications that typically are more annoying than threatening – such as those that display popup windows or track user behavior. As a result, the anti-virus and anti-spyware industries are in need of something of an overhaul. For example, while there are discrete anti-virus and anti-spyware products available today, there is no appreciable difference between viruses, Trojans, worms, spyware and other threats from a user’s or administrator’s perspective. These threats are merely different forms of malware, any of which represent a serious risk to users and organizations alike. It makes sense, therefore, to integrate discrete anti-malware capabilities into a single, integrated platform. An anti-malware system should be designed from the ground up as an integrated set of capabilities that offer: • A high rate of detection for various types of malware, whether the threat is a virus, Trojan, keystroke logger, adware, etc. • High-speed detection of threats. • Minimum imposition on system resources. • Reasonable pricing for organizations of any size. About VIPRE Antivirus Business™ VIPRE Business was built for the administrator that is tired of earlier generation antivirus programs that have bolted on module after module and now are peddling bloatware as a security solution. Instead, VIPRE Business is designed to optimize overall performance by melding anti-virus and spyware protection into a single, powerful engine. This combination of technologies offers high-performance anti-malware software that does not ©2008 Osterman Research, Inc. 6
  • 8. Protecting Against the New Wave of Malware slow down users' PCs, consumes few system resources, and makes it easy for administrators to protect their networks. With its next-generation technology, VIPRE Business means powerful virus and spyware protection against today's highly complex malware threats. It eliminates the system slowness and resource headaches of older anti-virus products. The many capabilities of VIPRE Business include: • Checkmark Anti-Virus Certified VIPRE is Checkmark Anti-Virus Desktop certified by West Coast Labs and will receive additional certifications through other certifying bodies throughout the balance of 2008 and into 2009. • Powerful, comprehensive scanning agent technology VIPRE Business employs a high-speed, threat-scanning engine that can scan large volumes of information for malware threats in a short period of time with limited performance impact on the end user's machine. With its optional agent user interface, users can stop and start scans and manage their own quarantines. • Real-time monitoring with Active Protection VIPRE's Active Protection delivers real time monitoring and protection against known and unknown malware threats. Active Protection works inside the Windows kernel, watching for malware and stopping it before it has a chance to execute on a user's system. • Configurable dashboard provides a centralized, policy-driven management console VIPRE Business supports multiple methods of agent deployment to allow administrators flexibility in how agents are pushed to their users' systems. Within the Admin Console, an agent VIPRE Business employs a deployment wizard helps high-speed, threat-scanning administrators select a deployment option and assists them with their engine that can scan large deployment configuration: silent push install, MSI file, Active volumes of information for Directory Policy based on OU's, IP malware threats in a short range and machine lists. period of time with limited • Policy-based management performance impact. VIPRE Business has sophisticated policy creation and management functionality that gives administrators the flexibility to control scheduling of quick scans and deep scans, set scan options (including scanning of known locations, whether to scan cookies, and whether to scan running processes), and allow specific threats from the database. • Flexible Reporting VIPRE Business' reporting features make it easy for administrators to schedule and ©2008 Osterman Research, Inc. 7
  • 9. Protecting Against the New Wave of Malware customize its library of reports. A report scheduler allows administrators to easily schedule any report to run at a designated time with the ability to email reports to specified users; simplifying report distribution to management. Additionally, a custom report editor enables administrators to modify existing reports or create their own reports. • Resource Usage Old-style anti-virus products have stacked layer upon layer of engines, and created bloatware in the process. VIPRE Business imposes a low impact on system resources compared to the competition. Summary Malware is a serious threat and the problems are getting worse. Authors of malware are becoming more adept at circumventing the billions of dollars in anti-virus, anti-spyware and other endpoint security defenses that have been deployed by organizations of all sizes. Because malware authors are motivated by profit – and successfully generating lots of it – they are able to create ever more sophisticated ways of breaching these defenses. At the same time, many anti-virus and anti-spyware tools have not kept pace with the threats. They are less effective at detecting the growing array of threat variants, they impose a huge burden on system resources and they are expensive to deploy and maintain. What organizations need, therefore, is a capability that provides high detection and proactive protection against known and unknown types of malware, an integrated approach to dealing with viruses, spyware, rootkits and other threats from malware, and robust management tools that will minimize administrator involvement in the process of manage threat remediation. © 2008 Osterman Research, Inc. All rights reserved. No part of this document may be reproduced in any form by any means, nor may it be distributed without the permission of Osterman Research, Inc., nor may it be resold or distributed by any entity other than Osterman Research, Inc., without prior written authorization of Osterman Research, Inc. Osterman Research, Inc. does not provide legal advice. Nothing in this document constitutes legal advice, nor shall this document or any software product or other offering referenced herein serve as a substitute for the reader’s compliance with any laws (including but not limited to any act, statue, regulation, rule, directive, administrative order, executive order, etc. (collectively, “Laws”)) referenced in this document. If necessary, the reader should consult with competent legal counsel regarding any Laws referenced herein. Osterman Research, Inc. makes no representation or warranty regarding the completeness or accuracy of the information contained in this document. THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED REPRESENTATIONS, CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE DETERMINED TO BE ILLEGAL. ©2008 Osterman Research, Inc. 8