Secure Coding mailing list archives
Re: informIT: Modern Malware
From: Gary McGraw <gem () cigital com>
Date: Wed, 23 Mar 2011 11:14:50 -0400
hi andy, If you read the article again, I think you'll find that the solutions offered by both Invincea and Dasient work regardless of whether the malware is installed through broken software or through social engineering. Dasient protects the server side of the APT problem (especially when it comes to bad ads), and Invincea wraps the browser (or the Adobe product) in an instrumented and transparent VM. I agree that clueless users who click on whatever pops up lead to many infections even when software is is reasonable shape, but I don't see that as a reason not to build better software. Presumably, you guys at paypal agree. Right? gem On 3/22/11 7:57 PM, "Andy Steingruebl" <steingra () gmail com> wrote:
On Tue, Mar 22, 2011 at 8:41 AM, Gary McGraw <gem () cigital com> wrote:hi sc-l, The tie between malware (think zeus and stuxnet) and broken software of the sort we work hard on fixing is difficult for some parts of the market to fathom. I think it's simple: software riddled with bugs and flaws leads directly to the malware problem. No, you don't use static analysis to "find malware" as the AT&T guys sometimes thinkÅ you use it to find the kinds of bugs that malware exploits to get a toehold on target servers. One level removed, but a clear causal effect.Gary, Interestingly, your article only covers malware that gets installed by exploiting a technical vulnerability, not malware that gets installed by exploiting a human vulnerability (social engineering). I've been looking around and haven't found much data on infection rates, percentages, success rates, etc. but "voluntarily" installed malware is a significant and growing concern, and it requires an entirely different approach than that required for malware that exploits a technical vuln. Thoughts? - Andy
_______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- informIT: Modern Malware Gary McGraw (Mar 22)
- Re: informIT: Modern Malware Andy Steingruebl (Mar 23)
- Re: informIT: Modern Malware Gary McGraw (Mar 23)
- Re: informIT: Modern Malware Andy Steingruebl (Mar 23)
- Re: informIT: Modern Malware Haroon Meer (Mar 26)
- Re: informIT: Modern Malware Gary McGraw (Mar 26)
- Re: informIT: Modern Malware Haroon Meer (Mar 26)
- Re: informIT: Modern Malware Gary McGraw (Mar 26)
- Re: informIT: Modern Malware Gunnar Peterson (Mar 26)
- Re: informIT: Modern Malware John Wilander (Mar 26)
- Re: informIT: Modern Malware Kevin W. Wall (Mar 26)
- Re: informIT: Modern Malware Gary McGraw (Mar 27)
- Re: informIT: Modern Malware Gary McGraw (Mar 23)
- Re: informIT: Modern Malware Andy Steingruebl (Mar 23)