Symantec Research Labs
Listen to the column "Symantec Research Labs".
When I visited Symantec's Santa Monica facility for the release of their Internet Security Threat Report
last month, I also had a meeting with two of the leaders of their research lab. Two of their initiatives seemed particularly interesting.
First, and timely after all the Sony Rootkit mess (hey, Feds, why no arrests of major spyware perpetrators with Sony name badges?), Symantec engineers are rolling out "raw disk virus scanning" technology. Rootkits hide from the file system, so Symantec wants to scan for viruses at the disk block level. If the virus scan ignores the operating and file systems, typical rootkit hiding techniques won't work.
Rootkits evade malware scans by fooling the operating system (this is not the droid, I mean file, you're looking for). Scanning disk blocks directly and bypassing the operating system will find rootkits and other files used by spyware and viruses. In addition, this technique greatly increases virus scanning speeds when bypassing the operating system bottleneck.
Next comes the Network Value Interception System, a clever way to deal with reported security holes until an official patch becomes available. According to Symantec, it takes at least six days before exploits appear to take advantage of a newly reported security hole. Patches, unfortunately, ship in 45 to 60 days. Are the hackers that much smarter than the vendor programmers?
Although Symantec doesn't know the exact malware payload that will leverage the security hole, they can make some pretty good guesses how it will work. Symantec programmers, working with information provided by the security-threatened vendor, will start to look for packets designed to attack the weakness. For example, they can start scanning for packets addressing the particular port number and carrying a certain number of payload bytes to overrun a buffer.
Researchers compared their technique to watching for a key designed to fit only one lock, which in this case means one new security weakness. Monitoring won't be fooled by whether the key has a round top or a square top, or is made of copper or stainless steel or even plastic, just whether the key's bumps fit the lock's profile.
While only able to stop exploits reported by vendors, this security technique offers immediate relief. You may even be able to sleep soundly without the ticking clock tracking security report to exploit haunting your nights.
ITworld.com
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Enterprise 2.0 Implementation
By Aaron C. Newman, Jeremy Thomas
Published by McGraw-Hill
Learn more!
Deploying Cisco Wide Area Application Services
By Zach Seils, Joel Christner
Published by Cisco Press
Learn more!
