This page contains a Flash digital edition of a book.
CYBER WATCH with Brent MacLean

COMING TO ADESKTOP NEAR YOU

W

hitelisting, like virtualization, is a mainframe concept largely for- gotten in the era of personal com-

puting, but recently rediscovered in our contemporary IT environment. There are various forms of whitelisting for

security purposes. In the context of com- bating e-mail fraud and spam, for example, we are concerned with application whitelisting — a method to ensure that only approved ap- plications and their associated executables are permitted to run on a given machine. In his 2008 RSA keynote address, John

W. Thompson, the CEO of Symantec, sup- ported whitelisting in the face of growing malware diversity. He said that if the growth of malicious software continues to outpace the growth of legitimate software, tech- niques like whitelisting, where we identify and allow only the good stuff to come in, would become increasingly critical. This is a telling statement from a high-ranking ex- ecutive of a company whose main source of revenue is desktop anti-virus software, the epitome of blacklisting technology. Symantec, and other companies whose business models are firmly based on blacklisting, now agree that whitelisting as a malware defence is an idea whose time has come. Blacklisting is not really about maintaining a list of prohibited software, but rather maintaining a database of mal- ware signatures to evaluate the state of software through scanning. Software is blacklisted when it is identified to have characteristics identical or similar to

10 SECURITY MATTERS • MAY/JUNE 2010

known malware. And this is the key point — known malware. The successful and timely identification

of malware depends on the rapid identifi- cation, production and distribution of up- dates to signature databases. Over the past year, an inflection point was reached where malware crossed over as being pro- duced in greater quantities than legitimate software. We are heading to the same state of affairs in e-mail where spam dom- inates the number of legitimate messages. By the end of 2009, there were ap- proximately 3.5 million known examples of malware, over two-thirds of which had been produced in 2009. To put that in per- spective, 2009 saw more malware pro- duced than all previous years combined. While this sounds alarming, it should be

In the battle against malware, there has been a seismic shift away from blacklisting and towards whitelisting, the process of allowing access only to web sites, applications and e-mails that are known to be safe

noted that part of the reason known mal- ware has been increasing rapidly is due to better detection methods,

in particular

honeypots and malware sensor networks. But malware is also increasing due to a

change in strategy of the malware industry. Recently, there has been a shift from a mass distribution of a small number of threats to micro distribution of millions of distinct threats, more recently referred to as targeted attacks. Symantec itself has observed single days where 10,000 new virus strains have been produced, mainly through a technique known as server-side polymorphism, which can automatically regenerate malware strains.

Even just a few years ago, a single sig-

nature could be expected to protect 10,000 users whereas today that expectation has dropped to less than 20 users. That is, mal- ware attacks are so specific that signatures serve only to protect small groups of users. Thus signatures must be produced in vast numbers to protect the broader user com- munity. The anti-virus blacklisting industry has reached a point of diminishing returns — the marginal value of producing addi- tional signatures is minimal. The anti-virus signature cycle of detect-

produce-distribute is being overwhelmed, and the effectiveness of anti-virus solu- tions (i.e., the fraction of known malware that is detectable) is decreasing. Equiva- lently, the false positive rate is increasing, and consumers are getting less protection than they expect. There is a significant Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42
Produced with Yudu - www.yudu.com