New Security Threats & Solutions

Recently the security industry has found new hybrid viruses which top anything previously known. They are saying that virus producers now are almost like a terrorist group, they have funding, they have research and development teams, etc. It should be expected really, as there are obviously hate groups all over, particularly Muslim I guess, and they are willing to blow them selves up just to attack the West. 

What do these hybrid viruses do? 

One such virus found in 2007 was named “Storm”, and has been called a Worm and Trojan as well as Virus because it has features of both, I just call them all viruses. Storm actually has capabilities of an SMTP relay apparently, and some sort of Socket server with the capability to communicate stolen information to many destinations, even the ability to communicate and warn it’s own Storm infected host computers across a network of many Storm infected computers. One report said this Storm creates a Botnet of computers with combined criminal computing power greater then IBM’s best super-computers. This virus has features which I really do not want to state because I don’t want to proliferate virus design. This virus starts in an eMail containing an executable attachment, the dumb users are tricked into running the attachment. That’s typical. Experts are estimating that this Storm virus has infected more then 200 million computers around the world, by email, and only the US and Europe have gotten some control of it at this time. 

What’s the solution? 

Actually the solution is to not execute any program from any source except your trustworthy business associates, within the US preferably. But where ever you are you need to have educated and trustworthy associates, so they don’t accidentally propagate viruses. However with eMails you also need to be sure they are legitimate, not artificially produced by a spam virus using your friend’s eMail address. That’s the rule for me, but many of my clients just can’t keep these rules, so I install good Anti-virus software on their computers.

There are a lot of anti-virus packages out there, but big names are not always best. For example Trend-Micro is recommended by many but tests have shown it is not that thorough, and Microsoft has been unwilling to participate and prove the quality of their AV software. McAfee is what I use for many of my clients and it has an excellent track record for many years with a low price, though I also use Symantec which is possibly the best of all. 

I know better then to run any eMail attachment, or download and run any questionable software product from non-american companies particularly, so I have actually not had a virus that I can remember. And I have not used Anti-virus software for near 10 years on my computers. Well, pre 2000 I think I had some minor virus problems, and I unfortunately downloaded and used some over-seas software and started having computer problems, so I backed everything up and wiped my hard drive clean. That’s how I solve my virus problems. Were you expecting some elaborate solution? True, you need more advanced solutions particularly for big networks… 

Advanced corporate solutions: 

Most importantly, again, the solution is to not execute a questionable program. This is especially important on servers, and ultra important for administrators to be careful not to run any questionable program. Second you need good Firewall solutions implemented on your network, this holds down such things as the Storm virus. These things are standard practice of course. I have actually averted these problems all together for administration by using a product called Iron-Admin from WiseFirm, I use it to administer all of my customer’s servers and workstations. This product allows you to administer all your network computers from one workstation, including Windows and Unix/Solaris/Linux servers, and you don’t ever have to execute any programs at all. Iron-Admin uses high-encryption for all it’s communications, and from one computer you can remotely administer 100s of servers and limitless workstations, and do backups of them all at scheduled times. Another similar product which I have tried is InterStructures, but it is not compatible with AIX and Solaris and does not do backups.

You may use Anti-virus software, but honestly it is over-rated. Consider the case of a new virus, such as Storm, in this case your Anti-virus software will not recognize it initially. If your company is so unfortunate that this virus gets access to administration level servers, your whole company’s data could fall. Anti-virus software is a good step to protect common user’s computers to a limited degree, and to stop a virus eventually after it has been discovered. 

I will get into more details on the security factors we have looked at in this article, and some additional ones. Look for my future blogs here. 

 

Share
  • http://anti-virus-rants.blogspot.com kurt wismer

    yikes – trojans are a type of virus? since when? i hope you’re not using the term virus in the sense that all bad things are viruses…

    not running programs from untrusted sources is not a “solution”, it’s a fine risk mitigation practice and should definitely fall under the heading of “safe hex”, but it does not actually solve the problem – especially so for viruses (true viruses, self-replicating programs that infect other programs) as they tend to propagate quite well along channels of trust… i have a document i didn’t know was infected and i send it to you, you open it because we trust each other and i sent the doc legitimately, then you get infected and pass on still more infected documents to others…

    only using american software seems pointlessly xenophobic and represents a misapplication of trust… there are plenty of foreign companies who are trustworthy enough that we can trust them not to intentionally do bad things and/or spread malicious software (many security software companies are non-american, for example)… further, even companies with good intentions shouldn’t necessarily be trusted entirely (for example microsoft has unwittingly distributed viruses on multiple occasions)…

    finally, if you don’t run anti-virus software, how do you *really* know that you haven’t had any viruses in the past 10 years? all preventative measures fail some of the time so we need security software such as av not just to prevent system compromise by malware but also to help detect when preventative measures have failed… you need both barricades *and* sensors, so what sensors are you using if not av? it’s not as if viruses are helpful and alert you to their presence in the general case…

  • Oscar Marques

    Damn… this was a bad post.
    I lost minutes of my life reading this shit.

  • http://www.JDCampbell.com jdcampbell

    Personally I am shocked to see CARTOONS and CUSSING people on a computer security site.

  • Someone

    What’s sad is, the cartoons and cussing have more purpose than this post. At least the cartoons don’t leave me less intelligent than I started.

  • comment smartassers

    Commenters are always smartasses – say nothing always complain never provide anyone with their opinion.

    If any of you have things to say, say it, don’t just flame others.

    It is easy to flame, hard to give your opinion.

  • http://www.u0vd.org Nima Bagheri

    you can use Venak and Avenak Detection Malware Scanner (MPS edition)

    We releasing a white paper about VA new security model, you can download the White paper from following Link:

    http://www.u0vd.org/Docs/White_Paper.pdf

    and a Demo

    http://www.u0vd.org/Demo/MPS_Demo.wmv

    Venak and Avenak Trial Version Will Ready 2008-01-05

    download here

    http://www.u0vd.org/Demo/VA_MPS_Trial.zip

    best regards , Nima