Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


The Zero-Day Dilemma



 By: Ryan Naraine
2007-01-24
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. The Zero-Day Dilemma
  2. ' Strategy for Growth '

Rate This Article:
Poor Best
The Zero-Day Dilemma
( Page 1 of 2 )

Anti-virus companies such as Kaspersky Labs are working around the clock to keep zero-day attacks at bay.

The recent surge in malware attacks against zero-day flaws in some of the most widely used software packages is confirmation of an IT administrators worst nightmare: Stand-alone, signature-based anti-virus software offers no protection from sophisticated online criminals.

During 2006, there was a wave of zero-day attacks against Microsoft Office applications—through vulnerabilities known only to the attackers—that bypassed all anti-virus protection at the network and desktop level. Because traditional anti-virus technology depends on the ability to quickly capture malware samples, reverse the code for the specific characteristics, and then write and release detection signatures, the zero-day attack presents a major dilemma.

"Signatures have been dead for a long time now," said Roger Thompson, an anti-virus pioneer who now runs the Atlanta-based Exploit Prevention Labs, in an interview with eWEEK. "[Attackers] use new packers or tweak their code so that its different enough to bypass signatures for a short while. By the time you get a signature out, its too late. Theyve already hit enough targets."

The death of stand-alone, signature-driven anti-virus software has forced incumbent security software vendors to reshape their product lineups. Industry heavyweights such as Symantec, McAfee and Trend Micro are all rolling out converged suites, offering multiple capabilities including anti-spyware, personal firewall and endpoint policy enforcement, with intrusion prevention as the foundation.

In Moscow, the state of security is not lost on Eugene Kaspersky, founder and chief technologist at Kaspersky Lab, a privately held, 700-employee outfit.

Resource Library:

"Were already there," Kaspersky declared, when confronted with the anti-virus eulogies. "There are no stand-alone anti-virus products anymore. Its now anti-everything. You have to do things like behavior blocking and heuristic detections and add anti-spam, anti-spyware, anti-rootkit capabilities to your software," Kaspersky said in an interview with eWEEK.

Kaspersky, a former military officer who founded the company in 1997 and oversaw its expansion into the United States, Europe and Asia, said he still believes theres value in the ability to respond to malware outbreaks in real time.

"Were losing this game with computer criminals. There are just too many criminals active on the Internet underground, in China, in Latin America, right here in Russia. We have to work all day and all night just to keep up," Kaspersky said.

Woodpeckers

In a room full of flat-screen monitors, Kaspersky shows off his "woodpeckers," a youthful crew of virus hunters responsible for tracking computer threats in real time and working around the clock to write and ship signatures to millions of computer users.

This is the companys secret sauce: its highly touted ability to ship anti-virus signatures every hour on the hour, seven days a week, 365 days a year.

"We just cant depend on signatures," Kaspersky said. "You need information backup, you need parental controls, you need anti-phishing. Its a different world today. Ten years ago, we were fighting against smart kids who hacked as a hobby. Now, were dealing with criminal gangs that control your computer to make money. Different world, different protections."

Zero-day world to put bulls-eye on Vista in 2007. Click here to read more.

The new protection suites must also feature data leak prevention and patch and configuration management; be bundled in a single console; and, more important, be sold at heavily reduced prices.

"This has been a great party while it lasted," said Jon Oltsik, an analyst with Enterprise Strategy Group. "These guys have been making money hand over fist, but things are changing. Customers are demanding more, and the [security companies] are now living in a competitive, lower-market world."

Vista Security

Oltsik said he believes the security improvements in Windows Vista and Microsofts aggressive approach to selling its enterprise and consumer security offerings—directly and via the channel—will definitely affect smaller players such as Kaspersky Lab, but, in a discussion with eWEEK, he stressed that the bigger incumbents will feel it even more.

"I dont think anyone should be underestimating Microsoft," Oltsik said, pointing out that the company has pushed into the markets through acquisitions of Sybari for enterprise-grade anti-virus and Giant Company Software for anti-spyware and real-time malware protection.

Sybari has undergone a major makeover and is being rebranded as Microsoft Forefront; Giants technology is now powering Microsofts Windows Defender software.

Next Page: Strategy for growth.





  Reader Comments: The Zero-Day Dilemma
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}ks㶲*Q3皢H,{)ٖ:c[>f|fj I)l+ /=(ɏsw-@n4~vv$I  ǘZNSݣw&w$5vv~] izN)#3WrD廚fw2Gv=S;^> \?g#wD!x_'Щѩ€dL8wdD|ODQ_ƾQ/?2 Lbhq٤XA# : rWü#~0h='@IR܇CѺ8P(} c! [t:v oT| p&DF;=aR!U5EpH#|x\{໇d3#L=Vya/ w-mv@M-G ,ؓ ۭB5lvy!rs#g ͻH͠匜(Gd`jI:4G}D`iR13 LeC1+;T*9R*Q3CmbZ35k-3@ؾQt̀ ݢq#!_TBp`FrbmO,Ӈ;) ۱-C¿{+ײ߀My6Գތ]좚b6jۄ@ظ?0}$ꎧchG@5#o8Sto6 dݺ=Tr jR+j{Q>oچs[=}0q*sܼLǯBEQBvѽl]HQPwٷ@ ږkZTk0Ns#ϭwq@α{Adm#5UE`R$_c::-gv}j] ty[^ JZPbePOr ])2!,R![GҺ쵮鵎ώۭSd̲1<jUU* j vd"?ޙ:ӓkIKN;}"+|q5 0\6:jo~;Wc!ab; dP[w8LwrMRr~:\8ZW$'MXOz'_gs`HlDmYܺ̑\Ryɽka)XY|Dͼ94o fo NE ;- ujf%*Z DU1 rƒ 4$yW7hr Ce)#p?c̓IhJq䰉cXSl؅ RoBiO{e ,}PEtBA(O ${3BDȝ`g@3 BD4?CC0&pJn΋|?uK˚чfuќ.Ӆ]We o^#LK\zcfut:~hu-xX18,0]ev|`\67jUPXR85b(7Z`Lm,5,LtM i0`贎;mB_{'0@P? M/6G˥qf>6 @ LNa 8 V83 5Cuө {>0sB}Sk`IkE 6]LRmd;>t)HhQ0<sx0ܙ[衟#]ҽ:? a#0.Z-{ Be^~m ¢Psԧ>ȁ{0'`sD;ʹiǀxԘڀ;r)Ea3C.G))$C]HPw9J B!\0H V0(NZzGBJe6Os@PGҹ3rJP.τRZ z)0ٜMjL=?뺾l1!^+|#'bXr`Y \h+|h)lb Ԩ˶Z)Xi(>$`z=GTkRPkȋ3 6M}ӆ)S=ϦL Gx}lj7˄\=[áL{dhٚM3[:L^M3a  o¯LU]shL©(9 }Y9&2|kݬ ̙> .z2Hp0ѿ{yBfOxW;rKKF3UʝW.,NrBeO-T_%YX X`w LR?v&6I :Xh8G/C4JM24-%ւfUT]ٽh@r6vaXZ @)ĿEi ,a-WV5Q(* ,)T al`cytE9Ȇɨ_-i>t>{jMj&;,_*P?>2eiFoeVUV/J}sf8 , J; )mT.mT^MΧޱyд "u=#7c-`cg@>`3ǟGRlC28c"P+mne0GP}E]23R%\T2.Q &ZbOFf.#NWɅc& ¢{Z\Sv˦;a6O[- V!0 |T30`MjiV㎍WH.Z^AlX)~j"yd\s˰2Xre9ٔA5n\Ht]t)erah9& zqD*˜,Za'+F5aN~SmGS[䚻!`Pj#ff:qV*[M3$!WombPI0})Xk±&>,<<+ڂh0@  ~H.LbV46\,0|,WWS/V_LQ0(TKn»hAz-X]>L,',@ХCkz]W9(#_&hho?^H~5&jEQÒRVq* :?CUQ@H.ɾ3cY;vogK֧7{`3|x+mK-+1cZ$ c?`W_RwU)ұ)N<:a~AU[+[3^>F]h!.־71X@P A6+8SU,5eT\rO-xzVGs8'ԿE XsIMzއRRYEG?voqe@^5`Ȍ؇^gm/JZ/*5myA0-fdaD4@w=8bC-YMœ ~rqߎ3ӭ"HySV9y]%fZ+a1yݙUz|uhFA֌M:+lS0Ufyr;`jd W'&#?۩+-m۠|e2uMtn1b%[œ[2|'@dkѪ)3 NQFg%`Z%kdٝN]7E$9P\GwDF$۝6RdsM-]ouʅJV>H-U4qMݗ[?jKokSߊR{4@L!Y* e 4v=.EЋr}cꞃLB.Mo 4y kEXqkTV C-O \X JPJzL5|5O C 7PɵGZV/fIC{EY,..%MXJP/ITAte礨v`i&x9LlLl'P`RxGzM*"L]8Tf<^΀ۋ}95ף~@ f@- P5^IW:Λ+y*1fn%ve#X׵I78C ְS#f`.S%_'I## &8-._EwE2qyh7(jM_L7 x4Hđ ;wk~ʾf*;H@ r;qG;a#raQ@JGtɒ\' W*jV0 s>B)c'd1s<ɷofClCXp|~W?l)ɁXXD>DQkF ߉8x Ŋ +2/ȟ-1y݋O{u01@ EE@j}߱?% ?/l8)F::w~ݕDw;?ܴOzg}eO:m^Ͽ&=~l?<{aa=$g^"}/;,4.i_I_|H`UuԾh~hc0[-2m&[x!KCF16`d+]=+ao''5ð N{a區 U:^Bh^h_/~w;!9o_dcxΕ`.'!Mypye4)$yy~|hq\1)6MF"0Sjt՟6 B @ tOZלY0z.BB fDy0fR,#E%'}KiV X x4~hW 0bAdaKF+9ǭNڟI| 󃗉 NAv}9oq_4C9en1KP -Mu>So4 jGYkNEl=O?G( ch9aR)%bv( 4iQ%uyjtJ)SBt' 2H PUW,O$e=lI2 KBh%bbVHJo{ռܜ4<1ަmƙWxvImc%yx"kI85(^yNHmQJiIw 3DJ^MjpVK ɏX =Na0O3)WY^KtӨJVtgbGڶ'NxwĎ#*syBO+f8 GW ./}v6gNȣ&k{?fdxFM{uS意G ڝ9k3rE}ۨ{25[xϟؕv{vOsn<]1ngvlL'#I"+W;Uw7}\8%+r;ѩc+N c,nP2^;pO coS[gȞx~K7׷bR#oy~}I.~Q(;ݝbOmYr۝&ZD܎qw5Q<'{Jy:/:'%:m֗Bݽ];K !bi4V3YTޔg_/4 c@Hta`TQCChxtUT_=G φvgIPQKI69:b9 9&f80/?C`lОP`@ FA_V~4*Lb& [|e6BEŴR0%r^ء{:^d^{_zΉ6NFL4Yc V;`K8EC-dK"Ʋ .mJERKo2V}[G6 ogKśhMu*}/8R 7?9C `C IY=/4BmlSz+H*)M٧욡;h)= } ė1DHx /U+BA $6IצKMhƆ⨚(RٔJϮ;ak A HaPK08}[u)#qol_gN M]wlMj~Su`U%*i~&kV!83UyvhCGMz:RiNPx0Zq ՜@(Cx] 1!ƛbذfl%՗Y90%Xv[OǁԘ85F H@tsHD!5v$ ލ?b+v߱R^DA]A rq#wgwgwgwgw&Vkjz )9 HCǓpkmMfB K o.=V]W6~!j(52_o8t/3U 0;JxŠaau«'pc74!:Tp؋5bUxs =7 ߝȼ*]:l[ LlR-K+8A2{7tjᐈJyb+4)!<.NzbZ G:E%.^Q7rE6!!ب؆~&̀Juҩ:+ QjmhףaXWbñ|~ s RJUsG=(Cs)< B,sV^10ʕ[%!<Y4fkP%:(B4UmC>oK`kن뀞HIx&j]e*c(eXĕ,δ fV9~HzxTwwww+w[Up_ⶲ2S:97u-\ʏ6 K0:XwD`Tx[^c}wj Q w6,L>8GaGxN{O RH4Y[{bB5/Rqc\D]  B%@Osl{66-`힔P7OEQ8u1tp pE +zTa:fD7D*,A:2s{7O>J7c,VK#V%ja&O 76X]cm?͋գW#JS?8ӒQ]MrP&TkJX5&F"X[[˖wر, /uJYsWmw2o;3 ocsG9+ܚĮ4lIƖV1ϬsALrLx1X\o^-gW/xh %%?^GѬq&㞚jN@W{[Ћ/1S+5S%squeMoقQB=6[7o%vJ}e~奙v=nZAͽ=V4gܱ nX[`8,_Eyxq{Os]@VD]][ͮ=:qB&YoYZ VBͬf#1=Dļ=( ʬ+ㄭ$I1Ʊ ."*Nh斾3 ,Hy.vptowwv{30417xO/Yn/ =?򨶼oq]|ۯiY@{ 2I3mq!C &p6P]?zUcb\Dxi~ö}:K{0e3s cٿgg^+{̮}-:Ӫ=F(a%\k ffTf8nĽqG+"-s?E* nO2ŤO,;h6`aV3ط/0q_7nm4˔=u; 's5;8q'!&>ybuKɸ)x)!pS/^ ;q'H|GA<;ޅwD^U z]kJ9-  *E~ۘ>M[,zM p=BYŪ B(lF]֐8<6,jAˢǝM'(UNs.I(+a?1ve1h}(FyB4RwĸWҒn"9I‖P/)Η;AXk="V+9DNE0V!7"EvypDYbɠ/l&vf-^ ۜ951E!޹r>&ƘKjxZ-Ԕ咋|?9Bӊ,w9+ȈZ i"r\IoA$TChrM`O]bTi |Wlms|IM13bmCym =}kag];Xhf+yb+n'-;Sx"(͊DN\`i27| >6n)Htm+xG2)n-&~iXe>H'2t=jhDƤJ Vfb?jPV*C7'YW UuYQ= q<.K }rs0G|z`Qg`z9Eh#us{ Z*WR4Ϛx +HhHGz2J\d9[IǏ>HP.$6Zz/0Qqƨ%d\z1W5vO^ڨ]+ `J $ؕ_㽽n$DdCe՝LP>9F;6CknnBzTB}F}gzGb^\sn0c /,9+(9Z`M-+J5!F\Hc;7s":;Mf:#g٦ l&G"T78~RBHUTy+sR1miJ! 'LmJBʇh5=P*T&BQxcLW<0՘0t#PʲjNT]֏pY CO-dR; wCy–3\vcf+~o?pa)f?Eo8f+HjqC9nV(b#}~6L-Ƭ D"c*41GJ["}s uˤZ' 45`BRA~9=gBp 0C1CLD:%L[lFLNP@N8=ӾbbWoP$P`+wdc||9ǀ+$y+D:DV (bU oI[Pk,(ωB5DuSJTin$|s |5XLh0vs<ʹ0>]\A~2u:`-ܦ`\ovNիž |{` > c[7Υi4Ei~L ]ǒ 4B1hV\ 㯛2} =܇}~P¾R-'I_BBveX &z(I·o͊g2Vq&JZ!`xzNRsdhhz߃J L]#&O=lFLfgyuuvI^Z{|ݾ;u޹ST֒_OG٪;G/ǝ/uk|j%<ז6ideAN/-fL)D{=\h^Dpɂwo;OKvY Ccq~cg|={{J"Q^e9DU@ 8,L!~ԊKm8ޗ5g%^L˒c:|jQ==uR\Js@1@C|m{s5BJe?x!L3}w2#V?2O>ڹY{I>xkg3ˌvF?vs݌_y|s_d/}/2{ȠE^^d'eg,??2_0{ s!?0~ׁw2?/ rqWP*5utn]~ S}~3 Ax&oon2/9IR<rּ…)Qrq/ 苬U=oFk>s2 'GYkwU/3yKw+=}n}7}FƷn_x` ~iMnڧGp~k;ُϋGkwˆPcvdmoCdx^$}=G](-xLԸ²GpoQV"#<5 li3׃>Z76v {xuCZחUC=z}YPW$MdBgpX`$fZ g8 a箩%gh髡r:pùzksn ?X>fu:ɹӁT)jIoR-W+w俓k$2 Gtb3R ro9 Z)ʥ*D`{F((R h[iRoh ypC>fJC Dk(xx}mEy+cAV73/tj^"_v3*mc(2bb;ˈT`TtD@.vLS,)mc5q) ߄՞ٕv"n44wz:e8@4ǭaƹr4@z4}z<8~3mJ)gL=[ ot^]~ٓL .LySz~;{,8(,_bY\]Y򿧦~˭d<@īdRۨ* ur$%}[ {w{#˹F8x/ C4|ˉK;-Ɓsw@ ,f',4F=sR3 /160> 9ڣLigGE{-ljFӴFo 9ţ2aPjD8k9p<y ůD|݆-g)'4<T#0?fu|q&K6cﲮnǝ)ZKDœj@@rĶEN(6̾ %ar'3v tA5<,ŃBLr$Ҵ }dl0/3.(ul70aptz e/='ݙfSH!L&lOW[l,)1{;sh6ĕ>#%0qncItg+>x*8" $Xm)Ӿb,ӣuǎg}EXz٭(}#Km4#?0c6}#5H(KE-F&A}F垓$g'_6b Fi&b3@3p6+ಁe"=`S sm#gTt7R1󠶓Sl]@_܅iLUhHl[:h2-Ƶ83& |خ;Oq^Gdd9f7 ﴵ11$+nvGD '7>6'كl2`:(Dْ0?FuoY W)6 1- `⎈MeeR8DR*El'f ,~sf_OZ (@P 9#":xqeaVt*N`wޗX;yB(O;=y>rC*gUVXvQ%6įoZg%;, ,Mo?\w>]HaA eiFђe:'4!j/?$ e=;P7 r)̳`bhP7]Ө+jE&I#[ov[b$- U.IP/nt; o]F'a1P>\J\SK$%WY/fDNDsKq>tgLp -ͱeRZ`l/Z6vk&