It should come as no surprise to anyone that given the vast numbers of malicious software anti-virus companies are claiming to detect, the number of viruses out there is practically limitless.
With the introduction of polymorphic viruses more than a decade ago, and the current practice of injecting specialized Trojans into known vulnerabilities, the combinations of shapes and sizes are now infinite. It’s clear that anti-virus software has been relying on its ability to detect known or anticipated signatures for too long, and this lack of innovation has finally caught up with it.
Patterns are where it’s at. Viruses don’t look the same anymore. In fact, they almost never do.
 In a report published last month, Symantec mentioned over 36,000 distinct strains of one attack. Just as it claims to intercept 1.5 million malicious emails per day, that number could well be a billion or more. At some point, this no longer scales, so it really is more about pattern recognition than file names and embedded signatures. Just ask McAfee, after last month’s debacle left the company scrambling for an excuse when its flagship product mis-identified and quarantined a legitimate Windows file and crippled millions of computers around the world.
But all this talk of obsolescent technology and process failure pales in comparison to the recent claim of security researchers from Matousec, who recently announced that their new method for attacking Windows PCs bypasses most – but likely all – current anti-virus software. By reaching deep into the operating system and neutralizing the common anti-virus method of using Windows ‘hooks’, their KHOBE (Kernel HOok Bypassing Engine) tool effectively kills installed anti-malware and surrenders the PC to its attackers.
As if to firmly drive the very last nail into the coffin of anti-virus software, this method also works on computers with limited privilege accounts. While most home users operate their computers with administrative rights, corporate users and companies are generally shielded from software threats and unauthorized programs. According to the company however, KHOBE even works in situations where restricted user accounts lack administrative privileges. This indicates that mature, layered security approaches and an entirely new anti-malware strategy is imminently required for businesses and home users alike. Perhaps this is the catalyst has needed for a long time, to get out of the stone ages and adopt innovative new approaches to malware detection.
| About the author: |
| Claudiu Popa, CISSP, PMP, CISA, CIPP, CRMP is an information security consultant and CEO of Informatica Corporation (www.InformationSecurityCanada.com). Claudiu helps enterprises to understand and mitigate security risks, anticipate and respond to threats, and implement proper security governance. He is the author of the Canadian Privacy and Data Security Toolkit for SME, published by the CICA. Write to [email protected] simply contribute your comments to this blog. Follow him on http://Twitter.ClaudiuPopa.com or connect with him on http://LinkedIN.ClaudiuPopa.com. |
