Secure Coding mailing list archives

Re: informIT: Modern Malware

From: Gary McGraw <gem () cigital com>
Date: Wed, 23 Mar 2011 11:14:50 -0400

hi andy,

If you read the article again, I think you'll find that the solutions
offered by both Invincea and Dasient work regardless of whether the
malware is installed through broken software or through social
engineering. Dasient protects the server side of the APT problem
(especially when it comes to bad ads), and Invincea wraps the browser (or
the Adobe product) in an instrumented and transparent VM.

I agree that clueless users who click on whatever pops up lead to many
infections even when software is is reasonable shape, but I don't see that
as a reason not to build better software.  Presumably, you guys at paypal
agree.  Right?

gem

On 3/22/11 7:57 PM, "Andy Steingruebl" <steingra () gmail com> wrote:

On Tue, Mar 22, 2011 at 8:41 AM, Gary McGraw <gem () cigital com> wrote:

hi sc-l,

The tie between malware (think zeus and stuxnet) and broken software of
the sort we work hard on fixing is difficult for some parts of the
market to fathom.  I think it's simple: software riddled with bugs and
flaws leads directly to the malware problem.   No, you don't use static
analysis to "find malware" as the AT&T guys sometimes thinkŠyou use it
to find the kinds of bugs that malware exploits to get a toehold on
target servers.  One level removed, but a clear causal effect.


Gary,

Interestingly, your article only covers malware that gets installed by
exploiting a technical vulnerability, not malware that gets installed
by exploiting a human vulnerability (social engineering).  I've been
looking around and haven't found much data on infection rates,
percentages, success rates, etc. but "voluntarily" installed malware
is a significant and growing concern, and it requires an entirely
different approach than that required for malware that exploits a
technical vuln.

Thoughts?

- Andy



_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

Current thread:

informIT: Modern Malware Gary McGraw (Mar 22)
- Re: informIT: Modern Malware Andy Steingruebl (Mar 23)
  - Re: informIT: Modern Malware Gary McGraw (Mar 23)
    - Re: informIT: Modern Malware Andy Steingruebl (Mar 23)
    - Re: informIT: Modern Malware Haroon Meer (Mar 26)
    - Re: informIT: Modern Malware Gary McGraw (Mar 26)
    - Re: informIT: Modern Malware Haroon Meer (Mar 26)
    - Re: informIT: Modern Malware Gary McGraw (Mar 26)
    - Re: informIT: Modern Malware Gunnar Peterson (Mar 26)
    - Re: informIT: Modern Malware John Wilander (Mar 26)
    - Re: informIT: Modern Malware Kevin W. Wall (Mar 26)
    - Re: informIT: Modern Malware Gary McGraw (Mar 27)
  - Re: informIT: Modern Malware Martin Gilje Jaatun (Mar 23)

(Thread continues...)