Viruses and Malicious Code: A Community Defense Perspective

Similar documents
Building the IA Workforce

Intrusion Detection Issues and Technologies

Antivirus Technology

Intruders. significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders:

User Guide. This user guide explains how to use and update Max Secure Anti Virus Enterprise Client.

An Overview of Mobile Security

NetDefend Firewall UTM Services

Beyond Testing: What Really Matters. Andreas Marx CEO, AV-TEST GmbH

Anti-Virus Comparative No.8

CERT-In. Indian Computer Emergency Response Team ANTI VIRUS POLICY & BEST PRACTICES

NETWORK THREATS DEMAN

ELECTRONIC BANKING & ONLINE AUTHENTICATION

9 Steps to Protect Against Ransomware

Anti-Virus Comparative No.4

Security. Bob Shantz Director of Infrastructure & Cloud Services Computer Guidance Corporation. All Rights Reserved.

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

DEFENDING THE MOBILE WORKFORCE Karim Toubba-Vice President Product Marketing and Strategy-Security Business Unit

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

Défense In-Depth Security. Samson Oduor - Internet Solutions Kenya Watson Kamanga - Seacom

ClearPath OS 2200 System LAN Security Overview. White paper

What to Look for When Evaluating Next-Generation Firewalls

Virus Analysis. Introduction to Malware. Common Forms of Malware

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

UTM Firewall Registration & Activation Manual DFL-260/ 860. Ver 1.00 Network Security Solution

SECURITY & PRIVACY DOCUMENTATION

Small Office Security 2. Mail Anti-Virus

AT&T Endpoint Security

Chapter 10: Security and Ethical Challenges of E-Business

Venusense UTM Introduction

19.1. Security must consider external environment of the system, and protect it from:

Anti-Virus Comparative No.7

Symantec Endpoint Protection

Electronic Identity Theft and Basic Security

DNA Intrusion Detection Methodology. James T. Dollens, Ph.D Cox Road Roswell, GA (678)

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

The WildList is Dead, Long Live the WildList!

Internet Security Mail Anti-Virus

Cyber Security Practice Questions. Varying Difficulty

All-in one security for large and medium-sized businesses.

Introduction to Security. Computer Networks Term A15

Reduce Your Network's Attack Surface

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

Certified Ethical Hacker (CEH)

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Chapter 6 Network and Internet Security and Privacy

Hazardous Endpoints Protecting Your Network From Its Own Devices

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

National Defense University and IRMC. National Defense University

ECDL / ICDL IT Security. Syllabus Version 2.0

CheckVir anti-virus testing and certification

Network Security Fundamentals

Management Information Systems. B15. Managing Information Resources and IT Security

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

Symantec Client Security. Integrated protection for network and remote clients.

Security Checklist Frequently Asked Questions

Understanding Threat Intelligence In Today s Layered Security World

Computer Security. Solutions

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

SECURE USE OF IT Syllabus Version 2.0

A Security Model for Space Based Communication. Thom Stone Computer Sciences Corporation

Retail/Consumer Client Internet Banking Awareness and Education Program

How to Upgrade the Router Firmware

A Unified Threat Defense: The Need for Security Convergence

Kaspersky PURE 2.0. Mail Anti-Virus: security levels

Information Technology

Training UNIFIED SECURITY. Signature based packet analysis

INDEX. browser-hijacking adware programs, 29 brute-force spam, business, impact of spam, business issues, C

Information Technology General Control Review

Malware, , Database Security

How To Remove Personal Antivirus Security Pro Virus Manually

Endpoint Protection : Last line of defense?

Module 20: Security. The Security Problem Authentication Program Threats System Threats Threat Monitoring Encryption. Operating System Concepts 20.

May the (IBM) X-Force Be With You

Getting over Ransomware - Plan your Strategy for more Advanced Threats

CCISO Blueprint v1. EC-Council

ANATOMY OF AN ATTACK!

Course Outline (version 2)

MIS Week 6. Operating System Security. Windows Antivirus

Projectplace: A Secure Project Collaboration Solution

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

Intel Security Advanced Threat Defense Threat Detection Testing

The professional IT management platform

Home Computer and Internet User Security

Discovering Computers Living in a Digital World

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Online Security and Safety Protect Your Computer - and Yourself!

Jelena Roljevic Assistant Vice President, Business Intelligence Ronald Layne Data Governance and Data Quality Manager

KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.

Advanced Threat Control

A Review Paper on Network Security Attacks and Defences

Dr.Web KATANA. Kills Active Threats And New Attacks

Security Assessment Checklist

CS System Security Mid-Semester Review

IT Service Upgrades Announcement

Lecture 12 Malware Defenses. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422

APT Attack Detection of Vulnhunt. Vulnhunt Inc Flashsky

2008 CAMS-ii Users Conference

Types Of Computer Virus Sources Of Virus Virus Warning Signs Virus Detection(Anti-Virus) Virus Prevention and Removal

Nebraska CERT Conference

Transcription:

Viruses and Malicious Code: A Community Defense Perspective Presentation to the 5th Science in Savannah Symposium September 19, 2002 Julie J.C.H. Ryan, D.Sc. Assistant Professor, GWU jjchryan@gwu.edu

What to call it? Malicious Code Virus coined by Fred Cohen in 1984 Used to describe the nature of a specific type of software Malicious software More descriptive and includes more varieties Trojan horses, easter eggs, worms, malicious macros All varieties of legitimate programming techniques When used for nefarious purposes, called malicious When used for good purposes, called agents Bottom line: Software doesn t know good from bad -- it s the people behind the software What you need to know Any programming technique can be used for malicious purposes Protecting yourself from malware isn t terribly difficult or technologically intense

The Differences Payload Body Guidance Propulsion A virus relies on other files and users to provide both guidance and propulsion -- it hitchhikes a ride A worm contains all elements itself -- it is self-propelled and self-guided Most people refer to all malware as viruses without distinguishing between types

Virus Infections Known good file Variations on how infections take place Note damage to file

August 2002 Wildlist Recent Statistics 203 viruses in the wild on the most active list Ones that were reported most: Source: http://www.wildlist.org/wildlist/200208.htm

Small Business Concerns Overall Ranking Extremely High Moderate Low Not Concerned Average Score 3.60 Viruses 200 150 100 50 0 5 4 3 2 1 3.33 Data Availability 3.30 Data Integrity 3.23 Transaction Integrity 3.22 Software Problems 3.04 Power Failure 2.98 Data Secrecy 2.71 User Errors 2.69 Data Theft 2.67 Data Sabotage 2.67 Outsider Access Abuse 2.52 Natural Disaster Scale is from 1 to 5, where 1 equates to Not Concerned and 5 equates to Of Extreme Concern 2.49 Fraud 1.90 Insider Access Abuse

Technology Use Technology Tools Percentages Yes No Yes No Anti-Virus Software 182 27 87.1% 12.9% Data Backup System 157 52 75.1% 24.9% System Access Control 152 57 72.7% 27.3% Power Surge Protectors 147 62 70.3% 29.7% Redundant Systems 95 114 45.5% 54.5% Shredders 93 116 44.5% 55.5% Data Segregation 60 149 28.7% 71.3% Firewalls 54 155 25.8% 74.2% Encryption 53 156 25.4% 74.6% Intrusion Detection Systems 47 162 22.5% 77.5% System Activity Monitor 33 176 15.8% 84.2% Facility Access Control 30 179 14.4% 85.6% Security Evaluation System 24 185 11.5% 88.5% Dial Back Modem 21 188 10.0% 90.0% Media Degaussers 7 202 3.3% 96.7% Less than 50% use Less than 25% use

Use of Remedies Remarkably few people understand how AV software works Actually, it shouldn t be necessary that they do This currently impinges on the effectiveness of stopping malware infections Current AV software requires frequent updates Works by pattern matching through signatures Signature must be known a priori in order for detection to occur Many users don t know this, or don t bother to update There are some non-technical controls that can greatly reduce infection rates Turning off auto-run and macro launches Only accepting executables from trusted sources Limiting file sharing Not using preview capabilities in email clients Not automatically launching.vbs files without checking them out first

4 Recommendations Awareness, awareness, awareness Training and education Push AV definitions A distant fourth: exotic solutions Auto-immune system for computers Research being done in New Mexico Central analysis center sampling network traffic Auto-analyze and push new definitions to users Research done at IBM Watson Research Lab

Contact Information Julie J.C.H. Ryan, D.Sc. 1776 G. Street NW #110 Washington DC, 20052 jjchryan@seas.gwu.edu http://www.seas.gwu.edu/~infosec/ The George Washington University is an NSA Certified Center of Academic Excellence in Information Assurance Education and meets the Federal Training Standards for Information Systems Security Professionals (NSTISSI 4011). We offer Graduate Certificate, Master s, and Doctoral level education in Information Security Management for professionals from all educational backgrounds. GWU is located in the heart of Washington DC very near the White House and other government offices.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback