Re: malware strategy and products used

[Dennis Meharchand <dennis () VALTX COM>]

Mark:

Thanks for the observations.
On the Anti-Virus/Spyware question we see no way that a virus or spyware
could on its own infect the system as the S Chip while in normal operation
deflects and wipes out any changes to the boot drive. Almost every new
virus/malware is modified daily (according to Anti-Virus and Anti-Spyware
companies) so Anti-Virus and Anti-Spyware are always out of date. Anti
Malware software we believe to be of some value on Email Gateways to check
all email for known malware. So if new malware is let in via an Email
Gateway attachment - the same out of date anti-virus/anti-malware on the
desktop/notebook does not help. Agreed that occasional scanning with updated
Anti-Malware may be of use. In our environment we update our systems from
key vendors such as Microsoft, Adobe etc. We trust that these vendors are
not sending us malware. In one test honey pot system we found that the
always up to date Anti Virus/Anti Spyware software we used found some really
dangerous spyware - the infection had occurred 9 months earlier - the Anti
Virus/Anti Spyware software website had this to offer "if you've found this
on your system - it's already too late"!! Already too late? What am I paying
for? Our argument for our hardware product then is that as long as you don't
download a Virus/Spyware on your own and install it then you are safe.
According to IBM over 90% of all attacks occur by merely visiting infected
websites - I've experienced the attacks myself - and I thank myself everyday
for having developed our hardware S Chip products.

Dennis Meharchand
CEO, Valt.X Technologies Inc.
Cell: 416-618-4622
Tel: 1-800-361-0067, 416-746-6669
Fax: 416-746-2774
Email: dennis () valtx com
Web: www.valtx.com

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mark Rogowski
Sent: January 28, 2009 3:34 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] malware strategy and products used

> > > Dennis Meharchand <dennis () VALTX COM> 01/20/09 1:35 PM >>>
> Disclosure - Vendor Response (Valt.X is a security product vendor exiting
development stage)

> Desktops: We use the Valt.X S Chip Desktop/Server Ultra Security
Controllers
(PCI/PCI-e hardware controllers) on desktops - we do not use any Anti-Virus
or Anti-Spyware on Desktops.

> Notebooks: We use the Valt.X Digital Secure Drive with the S Chip - we do
not use any Anti-Virus or Anti-Spyware on Notebooks.

> Email Servers: We use the Valt.X S Chip Desktop/Server Ultra Security
Controllers (PCI/PCI-e hardware controllers) on email servers - in addition
we use Symantec Antivirus and Webroot Anti-Spyware to scan incoming emails.



> Dennis Meharchand

> CEO, Valt.X Technologies Inc.

> Cell: 416-618-4622

> Tel: 1-800-361-0067, 416-746-6669

> Fax: 416-746-2774

> Email: dennis () valtx com

> Web: www.valtx.com


*******************************

Hi Folks,

This posting caught my attention.  I decided to order one of these devices
from this company to determine what the product does and how effective it
could be in the real world.  Please be aware that I have no affiliation
to/with this firm at all other than possessing the willingness to jump on
something that sounds way too good to be true.

The product is basically DeepFreeze on a chip with an added bonus.  You can
select between 'frozen mode' whereby any changes made to the system will be
lost once it is rebooted, and 'user mode' where changes are saved to the
disk but it is up to you to "backup" these changes once in awhile.

Setup, backup and restore operations are performed through a CLI interface
on system boot.  You access the interface using a three key combination and
must know a password to perform any function.  It also has the ability to
backup and restore your CMOS settings as well.

I can certainly see value here from a time/human resource perspective.
Desktop support for malware calls would be reduced to a pittance provided
due diligence was done by end users on backing up their system using the
card.  To completely remove all alerting capabilities for known malware is a
real stretch however.  Without Anti Virus running, a person could have a
Trojan or keylogger on the system and never know it.

Anyway, just thought I'd share my observations.



Mark Rogowski  CISSP, CISM
IT Security
Technology Solutions Centre
University of Winnipeg
Ph: (204) 786-9034