'Reputation' weapons help spurn Web 2.0 malware

The browser has become the new battleground

Reputation-measurement is one of the newer ways of blocking malware in a world where threats have grown more elaborate and cunning, and Web 2.0 has grown the audience for rich media.

While the continuing usefulness of traditional virus-signature identification should not be underrated, at least two techniques are now in common use whose specific aim to evade it, according to Scott Montgomery, vice-president of global technical strategy at Californian-based Secure Computing.

The first technique is polymorphism, which involves producing a piece of malware in a number of variants with similar payload and mode of attack but written so as to offer a slightly different signature to filters.

A more widespread problem, however, is packer malware. This involves compressing, and sometimes even encrypting, agents before sending them, so as to evade filters tuned to particular signatures. The key to unscramble the infective agent and make it operational is then sent in a separate transmission.

Measures of malicious traffic by German malware analyst AVtest.org show no less than 48 per cent of recent malware came in packed and/or encrypted form, says Montgomery. Signature-based detectors are of little use against this type of malware. The best hope of detecting its presence is by its behavior.

"If it tries to change permissions on files, change registry entries or start up a shell, then it's probably up to no good."

The new weapon against malware -- and one that is quite potent -- involves rating sources of traffic by reputation, says Montgomery. The domains of people and companies you know and trust, or who have a good commercial reputation, are given a high "reputation" score; while domains that send out a lot of traffic but have little or no in-coming traffic fall under suspicion of being potential spam sources.

Some reputation-scoring can be done by the receiving individual or organization, but companies like Secure Computing maintain a large population of sensors and build reputation scores internationally, by means of continuous monitoring.

Adding the two together helps build up a picture of who can be trusted. "But it's a question of risk analysis," Montgomery says. Reputation analysis can only give a score; it's up to the receiver to decide where to draw the line between probably okay and probably not okay.

The set of developments known collectively as Web 2.0 involve richer media and a growing amount of dynamic content that works interactively within the browser, rather than at the server level.

"The browser has become the new battleground," says Montgomery.

Recommended

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Stephen Bell

Computerworld

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?