Sales & Marketing
Training & Development
PCs & Servers
Imaging & Printing
Blacklists, whitelists and heuristics: Symantec describes new threats
Nov 20, 2008 3:21 PM
Page 1 of 2 |
talks to Vincent Weafer, VP Security Response, Symantec, about how server-side polymorphism is changing the security landscape.
Weafer said that new threats have emerged in the security landscape over the past 18 months.
“There are two major changes,” said Weafer. “One is the increasing degree of complexity of the threats. The other is the massive volume of new threats coming out. Instead of seeing one virus and its effects, now we’re seeing one to two million new threats a month.”
Weafer said that this is because of server-side polymorphism: viruses that change every time they are downloaded.
“Imagine if you’ve got a piece of malicious code on a server. You can chop and change it every time a new person comes to the website. We’re talking about Trojans more than anything else.”
Instead of blocking one or two new viruses each day, Symantec’s system is blacklisting 10,000 to 20,000 new blocks every day: an ‘exponential growth of problems’ from 2-3 years ago.
“The typical scenario for a user getting infected today goes like this. The bad guys have scanned websites and found a vulnerable web server: an ordinary website that contains scripting. It could be a travel site, a downloads site or a small business, for example.
“A malware writer attacks the site with an SQL injection, or exploits other vulnerabilities to get their malware onto the site. When users browse the site, they’re exposed to the exploit. They might download data onto their machines. This creates a pathway to download tonnes of stuff – botnets, keyloggers, software updates – limitless information can now be downloaded onto that machine.”
Because these viruses morph every time they’re downloaded, they can be nearly impossible to predict.
“Server-side polymorphism creates literally millions of threats a month. This requires a totally new approach to security,” said Weafer.
Whitelisting, blacklisting and heuristics
The traditional model of internet security involves blacklisting, said Weafer: creating a list of undesirable sites that are automatically blocked at the user’s end.
“The problem with blacklisting is that there are millions and millions of sites,” said Weafer.
“It’s easy to blacklist the top 50 per cent. But once you get to the long end of the tail, there’s little knowledge about these sites and there are millions that you need to try and block.”
Whitelisting – creating a list of trusted sites – is a different approach to the problem.
“Whitelisting is often brought up as the magic pill,” said Weafer. “Whitelisting’s been around for a long time, and it’s only being leveraged by a small number of people – governments and financial services, for example. If you’ve got a controlled environment then you can keep it secure.
“We’re already using whitelisting to augment our behavioural protection. One of our goals is to build the world’s most comprehensive whitelist.”
Follow us on
Apple unveils new iPads and 5K Retina iMac
Free Windows attracts 50 new tablet and phone makers
Symantec and Veritas systems to split in October
Symantec to sell Veritas for US$8 billion
"King of Infidelity" CEO quits after Ashley Madison breach
HP lifts lid on new 3PAR all-flash storage
A lot of partnerships are born at conferences like APC
Google helps cloud partners become true resellers
Windows 10 Mobile has a catch
Send us your tips
You must be a registered member of CRN to post a comment.
Click here to login
Click here to register
Ads by Google
Inabox to help partners acquire "struggling" rivals
Emulating TPG and Vocus by plotting small-scale rollups.
Dicker Data cracks $500 million for half year
Cisco and HP going gangbusters for distie.
Hundreds hit Synnex Alliance Melbourne
[Photos] Who did we spot at the distie's roadshow?
Sign up to receive CRN email bulletins
Four iiNet directors resign, TPG boss steps in
Hills loses largest vendor in "challenging" year
We're not Uber! UberGlobal swamped by ridesharing requests
Pip Marlow, Tim Ebbeck, Andrew Penn named top LinkedIn users
Is 'channel-first' just lip service?
Powered by Disqus
Which distributor's cloud marketplace will be most successful?
view previous polls »
Powered by Disqus
CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.
What's in this issue?
Most popular tech stories
7 accounting packages for Australian small businesses compared: including MYOB, QuickBooks Online, Reckon, Xero
Do you use Dropbox? Here are some clever tricks
How much does it cost to use the NBN? 14 providers compared including iiNet, Telstra, Internode
How to get the best parking rates at Sydney Airport
Tip: Your shop can use a smartphone instead of an EFTPOS terminal
IBM tries to throw Qld govt’s payroll case out of court
IT staff outline deep anger in Macquarie Uni survey
Cheap thermal imagers can steal user PINs
Cost blowout to push NBN past $41bn budget
The Toshiba scandal: what went wrong?
How to: How much RAM do you really need?
Top 25 fantasy games of all time
11 WhatsApp tricks you may not know about
Windows 95 two decades on
Top 15 obscure video game consoles for collectors
Interview: Pete Hines on Fallout 4
Fallout 4 + Fallout Shelter E3 screenshots
Fallout 4 gets MA15+ rating - and no cuts!
Preview: Star Wars Battlefront Fighter Squadron mode
Review: Intel i7-4970K
PC & Tech Authority
nextmedia Pty Ltd
. All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's
Terms & Conditions
Login to CRN
Email or Username:
* Email or Username required
* Password required
Forgot your password?
Don't have an account? Register now!
To request a
, enter the email address linked to your CRN account and we'll send one to you.
* Email required
* Invalid Email address
* Invalid Email address
Click here to return to Login Form
comments powered by Disqus.