SlideShare ist ein Scribd-Unternehmen logo

Is Anti-Virus Dead?

ESET
ESET

Let us explain you why we don't think so, in this comprehensive presentation from ESET researcher Aryeh Goretsky. #ESETCast

Software
1 von 51
Is Anti-Virus Dead? Aryeh Goretsky, Distinguished Researcher October 21, 2015 #ESETCast
Aryeh Goretsky Distinguished Researcher Aryeh is ESET’s Distinguished Researcher and has been with the company for over nine years. A twenty-six year veteran of fighting viruses, today he is responsible for threatscape monitoring, investigations and working with researchers in and outside of ESET globally. He was the first employee at McAfee and is a veteran of several software and networking startups. He has received industry awards from Microsoft, Lenovo and Securing our eCity for his efforts to help make computing safer. #ESETCast
Agenda • Overview of the death of AV (1980s-today) • History of threats • History of defenses • What is malware, anyways? • What is anti-malware? • Virus Bulletin 2015 highlights (if I have time) • Q&A #ESETCast
Not on the Agenda This is an overview-level presentation, not a deep dive session. Not going to drill down into: • history of viruses • history of anti-virus software • examples of next-gen technology • not going to be very ESET-specific While mentioned in passing, each of these is a multi-hour discussion by itself. #ESETCast
Who says ‘AV is dead,’ anyways? #ESETCast
Why say ‘AV is dead?,’ anyways The question of anti-malware software being dead comes up perennially. Why is that? • those who do not understand the problem • those who do not understand the solution • those who are financially motivated • those who have hidden agendas #ESETCast
Choice words “For me for the last three years I’ve been feeling that the anti-virus industry sucks. If you have 5.5 million new viruses out there how can you claim this industry is doing the right job?” — Eva Chen (2008) CEO, Trend Micro #ESETCast
Choice words “Antivirus ‘is dead.’ We don’t think of antivirus as a moneymaker in any way.” — Brian Dye (2014) SVP Information Security, Symantec* *Mr. Dye is no longer with Symantec #ESETCast
Choice words recontextualized Sometimes, it comes from within the anti- malware industry. Why? • it’s easy to get quoted out of context – questions get reframed, cherry-picked, etc. • people have agendas – responding to criticism – boosting shareholder value – getting a lot of page views #ESETCast
A Quick History of Viruses #ESETCast
DEFINITION Virus (n.) – A computer program that modifies other computer programs to include a copy of itself, i.e, they exhibit parasitism. Computer viruses can be said to be recursively self- replicating. (a generally-accepted industry definition) #ESETCast
Fred Cohen’s Ph.D thesis Computer Viruses – Theory and Experiments is published in 1984. First definition of a “computer virus” as: a computer program that can affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself * #ESETCast
*Actual definition (via Dr. Cohen’s thesis): #ESETCast
A Quick History of Anti-virus #ESETCast
An old signature-based AV program #ESETCast
Defining Anti-Virus In 1984, Dr. Cohen also described the three atomic (or fundamental) techniques used to detect computer viruses: • behavior blocking • change detection • signature matching (fingerprint, pattern, hash, etc.) #ESETCast
Defining Anti-Virus In 1984, Dr. Cohen also described the three atomic (or fundamental) techniques used to detect computer viruses: • behavior blocking • change detection • signature matching (fingerprint, pattern, hash, etc.) I don’t have formal mathematical proofs for these. Sorry. #ESETCast
Defining Anti-Malware That was over 30 years ago. Today’s threats: • are more sophisticated • are more dangerous – financially motivated (selling spam, bot, DDoS...) – espionage (economic, intelligence, military…) • require new concepts & ideas for defending systems #ESETCast
Defining Anti-Malware Today, all modern security programs use a broad range of techniques to detect these sophisticated threats using the following fundamentals: #ESETCast
Defining Anti-Malware Today, all modern programs use a broad range of techniques to detect these sophisticated threats using the following fundamentals: • Behavior blocking • Change detection • Signature matching (fingerprint, pattern, hash, etc.) #ESETCast
Defining Anti-Malware Today, all modern programs use a broad range of techniques to detect these sophisticated threats using the following atomic methods: • Behavior blocking • Change detection • Signature matching (fingerprint, pattern, hash, etc.) Often when saying “they’re not AV.”  #ESETCast
Do you think Anti-virus is dead? Polling Question  Yes  No  Don’t know #ESETCast
Malicious Software • An umbrella term encompassing all malicious software (malware) • Overwhelming majority of malware these days is non-viral in nature: – not self-replicating – not parasitic • Many different types, no universal agreement about classification #ESETCast
Some malware types • Adware • Agents • APTs • Backdoor • Bootkits • Bots • Botnets • C&C servers • DDoS • Dialers • Downloaders • Droppers • Exploit Kits • Hoaxes • Keyloggers • Packers/crypters • Memory-only processes • Phishes • PUAs • Ransomware • Remote Access Tools • Rootkits • Spyware • Trojans • Viruses • Web Injects • Worms • Zero-days • Zombies #ESETCast
To put things in perspective: These days, when people are talking about computer viruses, they usually mean some other kind of malware. #ESETCast
Why call it Anti-Virus? Public has awareness of computer viruses: So they know they need to buy “AV” software to protect themselves. #ESETCast
AV Perception • Lack of understanding how anti- malware (née -virus) works, even from other parts of security industry. • Think that if programs don’t provide 100% protection they provide 0% protection. • Assume programs are simply matching hex strings, checksums, hashes, other predetermined values. #ESETCast
What people think signatures are • Old technologies like fingerprint, pattern- matching, CRC-driven signatures were getting phased out in the mid-1990s • Some were relatively sophisticated (regex, fuzzy logic, similarity matching, heuristics, etc.) • May still be used for legacy detection (DOS, Classic Mac) in some cases #ESETCast
What signatures really are At anti-malware firms, signatures are scripts or macros written in their proprietary languages used for describing: • Packers, cryptors, obfuscators (automatically detect + decrypt) • Multiple families of malware (covers several families + variants, accounts for polymorphism, etc.) • Heuristics (behaviors repeatedly observed in malware…) • Cloud API Calls (reputational/server-side analysis...) Think of them as maps of malicious behavior. #ESETCast
Are Viruses Still Even a Problem? • Viruses account for <10% threats seen daily • Viruses are never going to be extinct. • Attackers will blend techniques from them and other malicious programs • Criminals want your money and will look for ways to continue stealing it #ESETCast
Building Better Anti-Malware 30-year-old+ ideas can today be applied, used and even combined in new & interesting ways. When you get it right you can: • Improve security • Increase performance • Reduce false positives #ESETCast
‘Modern’ Anti-Malware Techniques CODE-SIGNING • change detection CLOUD-BASED • client/server computing model • move CPU intensive activities from local PC to anti-malware company’s servers CONTEXT SENSITIVITY • use riskier signatures, heuristic thresholds • more likely to generate false positives on downloads, but that’s OK #ESETCast
‘Modern’ Anti-Malware Techniques DETONATION CHAMBER • behavioral analysis inside emulator or sandbox • Determination based on codified set of rules (aka signatures) GENERIC DETECTION • teaching neural networks to… – create signatures for families (easy) – but not cause false positives (hard) INDICATORS OF COMPROMISE (IOCs) • signatures for evidence of infection #ESETCast
‘Modern’ Anti-Malware Techniques HEURISTICS • metasignatures derived from observed behavior, other signatures, etc. • signatures calculated for behaviors HIPS • behavior blocking… for applications NIDS • signatures… for malicious network traffic WHITELISTING • change detection #ESETCast
How many new malware samples do you think the ESET virus lab sees per day? Quiz Question  250  2,500  25,000  250,000  2,500,000 #ESETCast
The smörgåsbord of techniques Can you use new and old tech to protect PCs? • ESET receives about 250,000 new samples of malware a day • ESET does not add 250,000 signatures a day Would anyone care to make a guess how many signatures ESET adds a day? #ESETCast
The smörgåsbord of techniques #ESETCast
The smörgåsbord of techniques #ESETCast
The smörgåsbord of techniques Anti-malware software can • block 100s-1,000s of malware samples a day using specific signatures • block 100,000s of malware samples a day using other techniques (generic + heuristic signatures, etc.) *Keep in mind, a single signature might detect a family of malware that has billions of permutations #ESETCast
Recap Next generation security programs are based on three fundamental, atomic mechanisms: • Behavior blocking • Change detection • Signature matching So are “old” anti-virus/anti-malware programs. #ESETCast
Recap What does this all mean, though? • Even the oldest technologies can be applied in novel ways • It is important to keep track of research • Innovations can occur both inside and outside the anti-malware space • Keep on researchin’ #ESETCast
#ESETCast
Virus Bulletin 2015 highlights Economic sanctions on malware Prof. Igor Muttik Intel Security • increase costs to malware ecosystem – technologies to de-incentivize malware authors #ESETCast
Virus Bulletin 2015 highlights The Kobayashi Maru Dilemma* Morton Swimmer, Trend Micro; Nick FitzGerald, independent researcher; Andrew Lee, ESET • Offensive hacking – Is attacking the attackers legal? Ethical? *bonus points for Star trek reference #ESETCast
Virus Bulletin 2015 highlights discussions about • APTs • Certificate technologies • Linux malware • Packers #ESETCast
I would like to request one of the following Polling Question  Contact from ESET Sales  Technical Demo  Business trial  Information on becoming a Reseller Partner or MSP  None of the Above #ESETCast
Q+A Discussion #ESETCast
Bibliography • Dr. Fred Cohen’s web site: http://all.net/ • Paper: Hype heuristics, signatures and the death of AV (again) – Virus Bulletin • Presentation: Economic sanctions on malware - Virus Bulletin • Presentation: The Kobayashi Maru Dilemma - Virus Bulletin • Signatures, product testing, and the lingering death of AV – We Live Security • Symantec Develops New Attack on Cyberhacking – Wall Street Journal • Trend Micro's CEO says 'AV industry sucks' – The Register #ESETCast
Join Us Next Time… #ESETCast
Thank You No presentation gets done in a void, and I’d like to thank my co-workers for their assistance: Bruce P. Burrell, Jakub Debski, David Harley, Juraj Malcho, Roman Kováč & Thomas Uhlemann And thank you for attending! #ESETCast
Aryeh Goretsky WWW.ESET.COM WWW.WELIVESECURITY.COM aryeh.goretsky@eset.com @goretsky (personal) / @esetna / @welivesecurity /u/goretsky fb.com/goretsky #ESETCast

Empfohlen

ESET: #DoMore With Our Comprehensive Range of Business Products
ESET: #DoMore With Our Comprehensive Range of Business ProductsESET: #DoMore With Our Comprehensive Range of Business Products
ESET: #DoMore With Our Comprehensive Range of Business ProductsESET
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
ESET is introducing its brand new product ESET Secure Authentication
ESET is introducing its brand new product ESET Secure AuthenticationESET is introducing its brand new product ESET Secure Authentication
ESET is introducing its brand new product ESET Secure AuthenticationESET
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554TISA
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security EvasionInvincea, Inc.
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Next Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseNext Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseLuca Simonelli
 

Empfohlen

ESET: #DoMore With Our Comprehensive Range of Business Products
ESET: #DoMore With Our Comprehensive Range of Business ProductsESET: #DoMore With Our Comprehensive Range of Business Products
ESET: #DoMore With Our Comprehensive Range of Business ProductsESET
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
ESET is introducing its brand new product ESET Secure Authentication
ESET is introducing its brand new product ESET Secure AuthenticationESET is introducing its brand new product ESET Secure Authentication
ESET is introducing its brand new product ESET Secure AuthenticationESET
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554TISA
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security EvasionInvincea, Inc.
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Next Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseNext Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseLuca Simonelli
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsInvincea, Inc.
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_finalPacSecJP
 
Eset India General Presentation
Eset India General PresentationEset India General Presentation
Eset India General PresentationKsenia Kondratieva
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.SOCIALware Benelux
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersDragos, Inc.
 
Threat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityThreat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityCore Security
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
Sandbox
SandboxSandbox
Sandboxayush_nitt
 
Sandbox Technology in AntiVirus
Sandbox Technology in AntiVirusSandbox Technology in AntiVirus
Sandbox Technology in AntiVirusAshish Gautam
 
From velvet to silk there is still a lot of sweat
From velvet to silk there is still a lot of sweatFrom velvet to silk there is still a lot of sweat
From velvet to silk there is still a lot of sweatStefano Maccaglia
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server securityxband
 
IOT Security FUN-damental
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damentalSatria Ady Pradana
 
Behavior-Based Defense in ICS
Behavior-Based Defense in ICSBehavior-Based Defense in ICS
Behavior-Based Defense in ICSDragos, Inc.
 
IoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstIoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstSatria Ady Pradana
 
Mengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatMengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatCharles Lim
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersOllie Whitehouse
 
Talos threat-intelligence
Talos threat-intelligenceTalos threat-intelligence
Talos threat-intelligencexband
 
Issa jason dablow
Issa jason dablowIssa jason dablow
Issa jason dablowISSA LA
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
Anti Virus Software
Anti Virus SoftwareAnti Virus Software
Anti Virus SoftwarePradeepkrajyaguru
 

Weitere ähnliche Inhalte

Was ist angesagt?

Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsInvincea, Inc.
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_finalPacSecJP
 
Eset India General Presentation
Eset India General PresentationEset India General Presentation
Eset India General PresentationKsenia Kondratieva
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersDragos, Inc.
 
Threat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityThreat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityCore Security
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
Sandbox Technology in AntiVirus
Sandbox Technology in AntiVirusSandbox Technology in AntiVirus
Sandbox Technology in AntiVirusAshish Gautam
 
From velvet to silk there is still a lot of sweat
From velvet to silk there is still a lot of sweatFrom velvet to silk there is still a lot of sweat
From velvet to silk there is still a lot of sweatStefano Maccaglia
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server securityxband
 
Behavior-Based Defense in ICS
Behavior-Based Defense in ICSBehavior-Based Defense in ICS
Behavior-Based Defense in ICSDragos, Inc.
 
IoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstIoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstSatria Ady Pradana
 
Mengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatMengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatCharles Lim
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersOllie Whitehouse
 
Talos threat-intelligence
Talos threat-intelligenceTalos threat-intelligence
Talos threat-intelligencexband
 
Issa jason dablow
Issa jason dablowIssa jason dablow
Issa jason dablowISSA LA
 

Was ist angesagt? (20)

Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day Threats
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_final
 
Eset India General Presentation
Eset India General PresentationEset India General Presentation
Eset India General Presentation
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS Defenders
 
Threat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityThreat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core Security
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
 
Sandbox
SandboxSandbox
Sandbox
 
Sandbox Technology in AntiVirus
Sandbox Technology in AntiVirusSandbox Technology in AntiVirus
Sandbox Technology in AntiVirus
 
From velvet to silk there is still a lot of sweat
From velvet to silk there is still a lot of sweatFrom velvet to silk there is still a lot of sweat
From velvet to silk there is still a lot of sweat
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server security
 
IOT Security FUN-damental
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damental
 
Behavior-Based Defense in ICS
Behavior-Based Defense in ICSBehavior-Based Defense in ICS
Behavior-Based Defense in ICS
 
IoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstIoT Security - Preparing for the Worst
IoT Security - Preparing for the Worst
 
Mengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatMengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih Dekat
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
 
Talos threat-intelligence
Talos threat-intelligenceTalos threat-intelligence
Talos threat-intelligence
 
Issa jason dablow
Issa jason dablowIssa jason dablow
Issa jason dablow
 

Ähnlich wie Is Anti-Virus Dead?

ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
ESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectivenessESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectivenessESET Middle East
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Invincea, Inc.
 
ANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationabhijit chintamani
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackEMC
 
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityAI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityTasnim Alasali
 
Malware is NOT Magic
Malware is NOT MagicMalware is NOT Magic
Malware is NOT MagicEnergySec
 
1_Introduction.pdf
1_Introduction.pdf1_Introduction.pdf
1_Introduction.pdfssuserfb92ae
 
Virus and Anti Virus - Types of Virus and Anti Virus
Virus and Anti Virus - Types of Virus and Anti VirusVirus and Anti Virus - Types of Virus and Anti Virus
Virus and Anti Virus - Types of Virus and Anti VirusAdeel Rasheed
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Chinatu Uzuegbu
 
information about virus
information about virusinformation about virus
information about virustoshan badiye
 
Cyber Security Presentation By(Aashish Tanania)
Cyber Security Presentation By(Aashish Tanania)Cyber Security Presentation By(Aashish Tanania)
Cyber Security Presentation By(Aashish Tanania)AashishTanania
 

Ähnlich wie Is Anti-Virus Dead? (20)

ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
 
Anti Virus Software
Anti Virus SoftwareAnti Virus Software
Anti Virus Software
 
ESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectivenessESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectiveness
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
ANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentation
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
 
Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOps
 
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityAI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
 
Malware is NOT Magic
Malware is NOT MagicMalware is NOT Magic
Malware is NOT Magic
 
1_Introduction.pdf
1_Introduction.pdf1_Introduction.pdf
1_Introduction.pdf
 
Virus and Anti Virus - Types of Virus and Anti Virus
Virus and Anti Virus - Types of Virus and Anti VirusVirus and Anti Virus - Types of Virus and Anti Virus
Virus and Anti Virus - Types of Virus and Anti Virus
 
Virussss.pdf
Virussss.pdfVirussss.pdf
Virussss.pdf
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6
 
information about virus
information about virusinformation about virus
information about virus
 
Cyber Security Presentation By(Aashish Tanania)
Cyber Security Presentation By(Aashish Tanania)Cyber Security Presentation By(Aashish Tanania)
Cyber Security Presentation By(Aashish Tanania)
 
Thur Venture
Thur VentureThur Venture
Thur Venture
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name Basics
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name Basics
 

Mehr von ESET

ESET Cybersecurity students
ESET Cybersecurity studentsESET Cybersecurity students
ESET Cybersecurity studentsESET
 
ESET Cybersecurity training
ESET Cybersecurity trainingESET Cybersecurity training
ESET Cybersecurity trainingESET
 
How to implement a robust information security management system?
How to implement a robust information security management system?How to implement a robust information security management system?
How to implement a robust information security management system?ESET
 
#AntimalwareDay: The ESET Celebration of the Origins of Computer Defense in N...
#AntimalwareDay: The ESET Celebration of the Origins of Computer Defense in N...#AntimalwareDay: The ESET Celebration of the Origins of Computer Defense in N...
#AntimalwareDay: The ESET Celebration of the Origins of Computer Defense in N...ESET
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear DenESET
 
AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Its...
AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Its...AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Its...
AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Its...ESET
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET
 
Bootkits: Past, Present & Future - Virus Bulletin
Bootkits: Past, Present & Future - Virus BulletinBootkits: Past, Present & Future - Virus Bulletin
Bootkits: Past, Present & Future - Virus BulletinESET
 
Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015ESET
 
Shopping Online
Shopping OnlineShopping Online
Shopping OnlineESET
 
Banking Online
Banking OnlineBanking Online
Banking OnlineESET
 
Is Linux/Moose endangered or extinct?
Is Linux/Moose endangered or extinct? Is Linux/Moose endangered or extinct?
Is Linux/Moose endangered or extinct? ESET
 
Unpack your troubles*: .NET packer tricks and countermeasures
Unpack your troubles*: .NET packer tricks and countermeasuresUnpack your troubles*: .NET packer tricks and countermeasures
Unpack your troubles*: .NET packer tricks and countermeasuresESET
 
ESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to EnterprisesESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to EnterprisesESET
 
ESET: Delivering Benefits to Medium and Large Businesses
ESET: Delivering Benefits to Medium and Large BusinessesESET: Delivering Benefits to Medium and Large Businesses
ESET: Delivering Benefits to Medium and Large BusinessesESET
 
#DoMore with ESET
#DoMore with ESET#DoMore with ESET
#DoMore with ESETESET
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat ReviewESET
 
Learn more about ESET and our soulutions for mobile platforms
Learn more about ESET and our soulutions for mobile platformsLearn more about ESET and our soulutions for mobile platforms
Learn more about ESET and our soulutions for mobile platformsESET
 
Trends for 2014: The Challenge of Internet Privacy
Trends for 2014: The Challenge of Internet PrivacyTrends for 2014: The Challenge of Internet Privacy
Trends for 2014: The Challenge of Internet PrivacyESET
 
ESET Technology From
ESET Technology FromESET Technology From
ESET Technology FromESET
 

Mehr von ESET (20)

ESET Cybersecurity students
ESET Cybersecurity studentsESET Cybersecurity students
ESET Cybersecurity students
 
ESET Cybersecurity training
ESET Cybersecurity trainingESET Cybersecurity training
ESET Cybersecurity training
 
How to implement a robust information security management system?
How to implement a robust information security management system?How to implement a robust information security management system?
How to implement a robust information security management system?
 
#AntimalwareDay: The ESET Celebration of the Origins of Computer Defense in N...
#AntimalwareDay: The ESET Celebration of the Origins of Computer Defense in N...#AntimalwareDay: The ESET Celebration of the Origins of Computer Defense in N...
#AntimalwareDay: The ESET Celebration of the Origins of Computer Defense in N...
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear Den
 
AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Its...
AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Its...AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Its...
AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Its...
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection Regulation
 
Bootkits: Past, Present & Future - Virus Bulletin
Bootkits: Past, Present & Future - Virus BulletinBootkits: Past, Present & Future - Virus Bulletin
Bootkits: Past, Present & Future - Virus Bulletin
 
Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015
 
Shopping Online
Shopping OnlineShopping Online
Shopping Online
 
Banking Online
Banking OnlineBanking Online
Banking Online
 
Is Linux/Moose endangered or extinct?
Is Linux/Moose endangered or extinct? Is Linux/Moose endangered or extinct?
Is Linux/Moose endangered or extinct?
 
Unpack your troubles*: .NET packer tricks and countermeasures
Unpack your troubles*: .NET packer tricks and countermeasuresUnpack your troubles*: .NET packer tricks and countermeasures
Unpack your troubles*: .NET packer tricks and countermeasures
 
ESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to EnterprisesESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to Enterprises
 
ESET: Delivering Benefits to Medium and Large Businesses
ESET: Delivering Benefits to Medium and Large BusinessesESET: Delivering Benefits to Medium and Large Businesses
ESET: Delivering Benefits to Medium and Large Businesses
 
#DoMore with ESET
#DoMore with ESET#DoMore with ESET
#DoMore with ESET
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat Review
 
Learn more about ESET and our soulutions for mobile platforms
Learn more about ESET and our soulutions for mobile platformsLearn more about ESET and our soulutions for mobile platforms
Learn more about ESET and our soulutions for mobile platforms
 
Trends for 2014: The Challenge of Internet Privacy
Trends for 2014: The Challenge of Internet PrivacyTrends for 2014: The Challenge of Internet Privacy
Trends for 2014: The Challenge of Internet Privacy
 
ESET Technology From
ESET Technology FromESET Technology From
ESET Technology From
 

Kürzlich hochgeladen

%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationJuha-Pekka Tolvanen
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxAnnaArtyushina1
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 

Kürzlich hochgeladen (20)

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 

Is Anti-Virus Dead?

  • 1. Is Anti-Virus Dead? Aryeh Goretsky, Distinguished Researcher October 21, 2015 #ESETCast
  • 2. Aryeh Goretsky Distinguished Researcher Aryeh is ESET’s Distinguished Researcher and has been with the company for over nine years. A twenty-six year veteran of fighting viruses, today he is responsible for threatscape monitoring, investigations and working with researchers in and outside of ESET globally. He was the first employee at McAfee and is a veteran of several software and networking startups. He has received industry awards from Microsoft, Lenovo and Securing our eCity for his efforts to help make computing safer. #ESETCast
  • 3. Agenda • Overview of the death of AV (1980s-today) • History of threats • History of defenses • What is malware, anyways? • What is anti-malware? • Virus Bulletin 2015 highlights (if I have time) • Q&A #ESETCast
  • 4. Not on the Agenda This is an overview-level presentation, not a deep dive session. Not going to drill down into: • history of viruses • history of anti-virus software • examples of next-gen technology • not going to be very ESET-specific While mentioned in passing, each of these is a multi-hour discussion by itself. #ESETCast
  • 5. Who says ‘AV is dead,’ anyways? #ESETCast
  • 6. Why say ‘AV is dead?,’ anyways The question of anti-malware software being dead comes up perennially. Why is that? • those who do not understand the problem • those who do not understand the solution • those who are financially motivated • those who have hidden agendas #ESETCast
  • 7. Choice words “For me for the last three years I’ve been feeling that the anti-virus industry sucks. If you have 5.5 million new viruses out there how can you claim this industry is doing the right job?” — Eva Chen (2008) CEO, Trend Micro #ESETCast
  • 8. Choice words “Antivirus ‘is dead.’ We don’t think of antivirus as a moneymaker in any way.” — Brian Dye (2014) SVP Information Security, Symantec* *Mr. Dye is no longer with Symantec #ESETCast
  • 9. Choice words recontextualized Sometimes, it comes from within the anti- malware industry. Why? • it’s easy to get quoted out of context – questions get reframed, cherry-picked, etc. • people have agendas – responding to criticism – boosting shareholder value – getting a lot of page views #ESETCast
  • 10. A Quick History of Viruses #ESETCast
  • 11. DEFINITION Virus (n.) – A computer program that modifies other computer programs to include a copy of itself, i.e, they exhibit parasitism. Computer viruses can be said to be recursively self- replicating. (a generally-accepted industry definition) #ESETCast
  • 12. Fred Cohen’s Ph.D thesis Computer Viruses – Theory and Experiments is published in 1984. First definition of a “computer virus” as: a computer program that can affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself * #ESETCast
  • 13. *Actual definition (via Dr. Cohen’s thesis): #ESETCast
  • 14. A Quick History of Anti-virus #ESETCast
  • 15. An old signature-based AV program #ESETCast
  • 16. Defining Anti-Virus In 1984, Dr. Cohen also described the three atomic (or fundamental) techniques used to detect computer viruses: • behavior blocking • change detection • signature matching (fingerprint, pattern, hash, etc.) #ESETCast
  • 17. Defining Anti-Virus In 1984, Dr. Cohen also described the three atomic (or fundamental) techniques used to detect computer viruses: • behavior blocking • change detection • signature matching (fingerprint, pattern, hash, etc.) I don’t have formal mathematical proofs for these. Sorry. #ESETCast
  • 18. Defining Anti-Malware That was over 30 years ago. Today’s threats: • are more sophisticated • are more dangerous – financially motivated (selling spam, bot, DDoS...) – espionage (economic, intelligence, military…) • require new concepts & ideas for defending systems #ESETCast
  • 19. Defining Anti-Malware Today, all modern security programs use a broad range of techniques to detect these sophisticated threats using the following fundamentals: #ESETCast
  • 20. Defining Anti-Malware Today, all modern programs use a broad range of techniques to detect these sophisticated threats using the following fundamentals: • Behavior blocking • Change detection • Signature matching (fingerprint, pattern, hash, etc.) #ESETCast
  • 21. Defining Anti-Malware Today, all modern programs use a broad range of techniques to detect these sophisticated threats using the following atomic methods: • Behavior blocking • Change detection • Signature matching (fingerprint, pattern, hash, etc.) Often when saying “they’re not AV.”  #ESETCast
  • 22. Do you think Anti-virus is dead? Polling Question  Yes  No  Don’t know #ESETCast
  • 23. Malicious Software • An umbrella term encompassing all malicious software (malware) • Overwhelming majority of malware these days is non-viral in nature: – not self-replicating – not parasitic • Many different types, no universal agreement about classification #ESETCast
  • 24. Some malware types • Adware • Agents • APTs • Backdoor • Bootkits • Bots • Botnets • C&C servers • DDoS • Dialers • Downloaders • Droppers • Exploit Kits • Hoaxes • Keyloggers • Packers/crypters • Memory-only processes • Phishes • PUAs • Ransomware • Remote Access Tools • Rootkits • Spyware • Trojans • Viruses • Web Injects • Worms • Zero-days • Zombies #ESETCast
  • 25. To put things in perspective: These days, when people are talking about computer viruses, they usually mean some other kind of malware. #ESETCast
  • 26. Why call it Anti-Virus? Public has awareness of computer viruses: So they know they need to buy “AV” software to protect themselves. #ESETCast
  • 27. AV Perception • Lack of understanding how anti- malware (née -virus) works, even from other parts of security industry. • Think that if programs don’t provide 100% protection they provide 0% protection. • Assume programs are simply matching hex strings, checksums, hashes, other predetermined values. #ESETCast
  • 28. What people think signatures are • Old technologies like fingerprint, pattern- matching, CRC-driven signatures were getting phased out in the mid-1990s • Some were relatively sophisticated (regex, fuzzy logic, similarity matching, heuristics, etc.) • May still be used for legacy detection (DOS, Classic Mac) in some cases #ESETCast
  • 29. What signatures really are At anti-malware firms, signatures are scripts or macros written in their proprietary languages used for describing: • Packers, cryptors, obfuscators (automatically detect + decrypt) • Multiple families of malware (covers several families + variants, accounts for polymorphism, etc.) • Heuristics (behaviors repeatedly observed in malware…) • Cloud API Calls (reputational/server-side analysis...) Think of them as maps of malicious behavior. #ESETCast
  • 30. Are Viruses Still Even a Problem? • Viruses account for <10% threats seen daily • Viruses are never going to be extinct. • Attackers will blend techniques from them and other malicious programs • Criminals want your money and will look for ways to continue stealing it #ESETCast
  • 31. Building Better Anti-Malware 30-year-old+ ideas can today be applied, used and even combined in new & interesting ways. When you get it right you can: • Improve security • Increase performance • Reduce false positives #ESETCast
  • 32. ‘Modern’ Anti-Malware Techniques CODE-SIGNING • change detection CLOUD-BASED • client/server computing model • move CPU intensive activities from local PC to anti-malware company’s servers CONTEXT SENSITIVITY • use riskier signatures, heuristic thresholds • more likely to generate false positives on downloads, but that’s OK #ESETCast
  • 33. ‘Modern’ Anti-Malware Techniques DETONATION CHAMBER • behavioral analysis inside emulator or sandbox • Determination based on codified set of rules (aka signatures) GENERIC DETECTION • teaching neural networks to… – create signatures for families (easy) – but not cause false positives (hard) INDICATORS OF COMPROMISE (IOCs) • signatures for evidence of infection #ESETCast
  • 34. ‘Modern’ Anti-Malware Techniques HEURISTICS • metasignatures derived from observed behavior, other signatures, etc. • signatures calculated for behaviors HIPS • behavior blocking… for applications NIDS • signatures… for malicious network traffic WHITELISTING • change detection #ESETCast
  • 35. How many new malware samples do you think the ESET virus lab sees per day? Quiz Question  250  2,500  25,000  250,000  2,500,000 #ESETCast
  • 36. The smörgåsbord of techniques Can you use new and old tech to protect PCs? • ESET receives about 250,000 new samples of malware a day • ESET does not add 250,000 signatures a day Would anyone care to make a guess how many signatures ESET adds a day? #ESETCast
  • 37. The smörgåsbord of techniques #ESETCast
  • 38. The smörgåsbord of techniques #ESETCast
  • 39. The smörgåsbord of techniques Anti-malware software can • block 100s-1,000s of malware samples a day using specific signatures • block 100,000s of malware samples a day using other techniques (generic + heuristic signatures, etc.) *Keep in mind, a single signature might detect a family of malware that has billions of permutations #ESETCast
  • 40. Recap Next generation security programs are based on three fundamental, atomic mechanisms: • Behavior blocking • Change detection • Signature matching So are “old” anti-virus/anti-malware programs. #ESETCast
  • 41. Recap What does this all mean, though? • Even the oldest technologies can be applied in novel ways • It is important to keep track of research • Innovations can occur both inside and outside the anti-malware space • Keep on researchin’ #ESETCast
  • 43. Virus Bulletin 2015 highlights Economic sanctions on malware Prof. Igor Muttik Intel Security • increase costs to malware ecosystem – technologies to de-incentivize malware authors #ESETCast
  • 44. Virus Bulletin 2015 highlights The Kobayashi Maru Dilemma* Morton Swimmer, Trend Micro; Nick FitzGerald, independent researcher; Andrew Lee, ESET • Offensive hacking – Is attacking the attackers legal? Ethical? *bonus points for Star trek reference #ESETCast
  • 45. Virus Bulletin 2015 highlights discussions about • APTs • Certificate technologies • Linux malware • Packers #ESETCast
  • 46. I would like to request one of the following Polling Question  Contact from ESET Sales  Technical Demo  Business trial  Information on becoming a Reseller Partner or MSP  None of the Above #ESETCast
  • 48. Bibliography • Dr. Fred Cohen’s web site: http://all.net/ • Paper: Hype heuristics, signatures and the death of AV (again) – Virus Bulletin • Presentation: Economic sanctions on malware - Virus Bulletin • Presentation: The Kobayashi Maru Dilemma - Virus Bulletin • Signatures, product testing, and the lingering death of AV – We Live Security • Symantec Develops New Attack on Cyberhacking – Wall Street Journal • Trend Micro's CEO says 'AV industry sucks' – The Register #ESETCast
  • 49. Join Us Next Time… #ESETCast
  • 50. Thank You No presentation gets done in a void, and I’d like to thank my co-workers for their assistance: Bruce P. Burrell, Jakub Debski, David Harley, Juraj Malcho, Roman Kováč & Thomas Uhlemann And thank you for attending! #ESETCast
  • 51. Aryeh Goretsky WWW.ESET.COM WWW.WELIVESECURITY.COM aryeh.goretsky@eset.com @goretsky (personal) / @esetna / @welivesecurity /u/goretsky fb.com/goretsky #ESETCast