In this week's Security Bites podcast, Robert Vamosi speaks with Ryan Naraine, security evangelist for Kaspersky and Zero Day blogger for ZDNet, about malicious software.
Naraine recently spoke at a conference on emerging security threats sponsored by the Georgia Tech Information Security Center about the increasing risks of malware on social networks, such as Facebook pages that to lead people to Google pages with additional links to malware sites (a two-step infection process), and the more straightforward approach of
In this podcast, Naraine and Vamosi talk about the changing nature of threats today and what we might see in the future.
Listen now:
Download today's podcast
A few weeks ago, the Dutch High Tech Crime Unit identified and arrested a 19-year-old Dutch man who allegedly was operating a botnet known as Shadow. This botnet, unlike more recent examples, used IRC, meaning its traffic was easier to trace than the Web-based command and control traffic used today by most new botnets. Shadow would infect users via Windows Live Messenger or MSN Messenger.
What's unusual here is that the crime unit then asked Kaspersky Lab to provide the identified victims, people who had unknowingly allowed their computers to become compromised, with instructions on how to neutralize the malware on their systems. While antivirus companies and law enforcement work together all the time, rarely has law enforcement been concerned about cleaning up a victim's machine.
This week CNET's Robert Vamosi spoke by phone with Roel Schouwenberg, senior antivirus researcher at Kaspersky, who happens to be based in the Netherlands, about the Shadow botnet.
Listen now:
Download today's podcast
To put it simply, the concept of "white listing" is to define a set of software, a set of vendors, and allow only those trusted applications or files from those vendors to run on your machine. If a file or application is not approved, it will not run. This is the opposite of how we've blocked malware from our machines in the past.
In 2007, Symantec detected more than 1 million viruses, with two-thirds created within the calendar year. Loading 1 million antivirus signatures or even a percentage of that if generic signatures are used is a pretty serious undertaking. The idea here is that maybe we should only be loading signatures for the good files.
So far, the idea is only being implemented in the enterprise space. Still, it's a interesting idea. On the desktop it's already being used to stop spam, so why not use white lists to block malware as well?
Massachusetts-based Bit9 has created one of the largest catalogs of "known good" and "known bad" applications. Its Global Software Registry (GSR) serves as the policy enforcement center for Bit9's enterprise offerings. Recently, desktop antivirus vendor Kaspersky announced a partnership with Bit9 that will allow it to use the GSR in its upcoming desktop products in 2009.
This week on the Security Bites podcast, CNET's Robert Vamosi talks with Tom Murphy, chief strategy officer for Bit9, about white listing and its potential for the future.
Listen now:
Download today's podcast
- prev
- 1
- next
Robert Vamosi has appeared on CNN, NBC, ABC, MSNBC, and various other media outlets as an expert on computer viruses, spyware, identity theft, phishing, and other criminal activities on the Internet.
