Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Debating Chamber > Security

Reply
 
Thread Tools Display Modes
Old 28. Jan 2014, 10:05 PM   #1 (permalink)
Senior Edtor
 
v.laurie's Avatar
 
Join Date: Jul 2010
Posts: 1,380
Default Malware getting smarter and tougher?

What is the opinion about the outlook for a worsening malware problem given in this article? It begins
Quote:
Hang on everyone, it looks like it’s going to be a wild ride in 2014 on the malware front. Malware source code moved to be “open” in 2013. As a result of this “open source” style —where building blocks and code are readily available to malware writers — both the speed of change and the effectiveness of malware are set to accelerate. Attackers will be able to start with standard code that can then be easily adapted, modified and obfuscated in executables to change the patterns that AV and other malware prevention software looks for, and expand the attacks that a given piece of malware uses. What that means to all of us is that traditional malware prevention methods will continue to become less and less effective.
What do you think of this statement?
Quote:
I think we will also start to see sandbox techniques become less relevant. Today’s sandbox techniques that identify new malware rely on the malware being executed immediately, or at most, after an initial reboot. This is an easy challenge for hackers to overcome and I predict we’ll see a new generation of “wait to invade” malware. This type of malware will be written to fly under the radar, avoiding detection techniques for long periods of time, then trying to maximize damage.
__________________
Vic
v.laurie is offline   Reply With Quote
Old 28. Jan 2014, 10:15 PM   #2 (permalink)
Senior Member
 
sicknero's Avatar
 
Join Date: Mar 2012
Location: England
Posts: 657
Default

I don't really understand the second statement ...

Comodo auto-sandboxing kicks in as soon as an executable runs however long it's been sitting on your HDD and will block or isolate it depending on your settings.

I don't understand how "wait to invade" would compromise that? I'm not proposing that CIS is immune, just that I don't follow the idea being presented here.
sicknero is offline   Reply With Quote
Old 29. Jan 2014, 04:39 PM   #3 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,277
Default

Another article with scare tactics with the motive of promoting their own products.
__________________
Anupam
Anupam is online now   Reply With Quote
Old 29. Jan 2014, 05:01 PM   #4 (permalink)
Senior Member
 
Join Date: May 2008
Posts: 424
Default

Quote:
Originally Posted by Anupam View Post
Another article with scare tactics with the motive of promoting their own products.
Well said. I agree completely.

BTW, the "open source" situation for hackers is not new. There have been such communities for years.
mr6n8 is offline   Reply With Quote
Old 29. Jan 2014, 05:05 PM   #5 (permalink)
Senior Edtor
 
v.laurie's Avatar
 
Join Date: Jul 2010
Posts: 1,380
Default

Quote:
Originally Posted by Anupam View Post
Another article with scare tactics with the motive of promoting their own products.
Are you saying that there is no substance at all to the idea that malware writers are devising smarter, harder to detect exploits? AV companies certainly have a vested interest in making things sound bad but should everything they say be dismissed out of hand? What do you tell ordinary people who read about threats and ask you about them?
__________________
Vic

Last edited by v.laurie; 29. Jan 2014 at 05:11 PM.
v.laurie is offline   Reply With Quote
Old 29. Jan 2014, 05:19 PM   #6 (permalink)
Senior Member
 
Join Date: May 2008
Posts: 424
Default

Quote:
Originally Posted by v.laurie View Post
Are you saying that there is no substance at all to the idea that malware writers are devising smarter, harder to detect exploits? AV companies certainly have a vested interest in making things sound bad but should everything they say be dismissed out of hand? What do you tell ordinary people who read about threats and ask you about them?
Saying that malware writers are developing new and smarter malware is like saying the sun will rise tomorrow. Yes that is happening.

The gist of this article is to dismiss Sandboxing with the advent of "wait to invade" malware - have you seen this out in the real world?
The article says " I predict we’ll see a new generation of “wait to invade” malware." offering no proof.

As to the other main point of the article on the "new" open source attitude in malware - that is not new at all.
mr6n8 is offline   Reply With Quote
Old 29. Jan 2014, 05:40 PM   #7 (permalink)
Senior Edtor
 
v.laurie's Avatar
 
Join Date: Jul 2010
Posts: 1,380
Default

Quote:
Originally Posted by mr6n8 View Post
Saying that malware writers are developing new and smarter malware is like saying the sun will rise tomorrow. Yes that is happening.
OK, could you clue us in on some of the new developments in malware so we can help the great unwashed public defend themselves?
__________________
Vic
v.laurie is offline   Reply With Quote
Old 29. Jan 2014, 05:45 PM   #8 (permalink)
Senior Member
 
Join Date: May 2008
Posts: 424
Default

Quote:
Originally Posted by v.laurie View Post
OK, could you clue us in on some of the new developments in malware so we can help the great unwashed public defend themselves?
Excuse me - I am not the one - you are - who put forth that proposition. So where is your proof and your solution?

I am just saying that is what has happened in the past and is likely to happen in the future.

My solution- do not download anything unless you know what it is and do not open suspicious attachments on emails.

[Personal comment edited out]

Last edited by MidnightCowboy; 29. Jan 2014 at 08:03 PM.
mr6n8 is offline   Reply With Quote
Old 29. Jan 2014, 05:53 PM   #9 (permalink)
Senior Member
 
Join Date: Jul 2009
Location: Northeast US
Posts: 476
Default

Quote:
Originally Posted by Anupam View Post
Another article with scare tactics with the motive of promoting their own products.
Yes sir, same old same old.
__________________
T
Taurus is offline   Reply With Quote
Old 29. Jan 2014, 06:21 PM   #10 (permalink)
Senior Member
 
sicknero's Avatar
 
Join Date: Mar 2012
Location: England
Posts: 657
Default

So can anyone here actually understand/explain this concept of "wait to invade"?

"Today’s sandbox techniques that identify new malware rely on the malware being executed immediately, or at most, after an initial reboot. This is an easy challenge for hackers to overcome ..."

This idea that sandboxing only works if malware is executed immediately doens't make sense to me. Perhaps I'm just being a bit slow.

Also, if it's such an easy challenge why hasn't it been overcome already?
sicknero is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 12:21 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.