Symantec Aims to Defeat Stealthy Malware by Sanitizing Files
The new "Disarm" feature in Symantec's messaging security software sanitizes common file formats, stripping away scripts and anything that could be malware.Antivirus software does quite well against opportunistic attacks sent out to a massive number of people in hopes of getting some small fraction to click on a link or open a file. But attacks targeting just a few people, or even a single person, are much harder to detect. Security firm Symantec aims to tackle the problem, announcing this week it will add a new feature to its messaging security software that will create clean versions of any file sent to a company's employees. In addition to attempting to detect malicious files, the company's email gateway software will clone any Microsoft Office or Adobe PDF file—two formats commonly used by attackers to deliver malicious code—creating a copy that has been cleansed of any potential scripts and malware. The approach, which the company calls Disarm, will sanitize the files, rather than attempt to detect whether they will do something bad, said Kevin Haley, director of Symantec's security response group. "We don't have to sit there and decide whether is it a targeted attack or not, is there an exploit in there or not," Haley said. "We are just going to make sure that every document has been cleaned, so there is no chance of one of these things getting through."
Targeted attacks, also known as advanced persistent threats (APTs), typically use email messages specifically crafted to persuade the target to click on the malicious link or open the attachment.