Intelligent Protection

| March 2, 2009

Only strong combination of artificial and human intelligence will protect you from the threats you can see, as well as those you can't.

Recently a colleague opened an attachment from a friend labelled "check out photos of my new puppy". Strange as it seemed that her friend who lives in a tiny high-rise apartment would have bought a puppy, it didn't ring any alarm bells. 

My colleague was still in the mindset that it's OK to open attachments from "trusted sources".

But her friend's address book had been corrupted and opening the file unleashed a nasty bug on her system.

Once bitten, twice shy. After enduring her system being down all day, my colleague will be more aware of possible threats in the future and, hopefully after hearing her story, so will you. 

It's not enough to buy the package and with fingers crossed trust our technology to look after us online. We need to keep our systems in good order and oversee their implementation with some common sense and a tech-savvy attitude.

There is a huge range of great software available which deploys highly sophisticated artificial intelligence to protect against viruses, phising, spam and other malware, but without the support of the user they can still be compromised.  

Malware protection needs to be a two-pronged attack. Combine staying alert to the types of threats only you can see, with maintaining your protection software to ensure you can trust it to detect the threats you can't see.

It was only a few years ago that viruses spread along one of eight primary mechanisms. In 2008, many exploits took advantage of systems by spreading through all eight of those mechanisms, sometimes more. In 2009 web-based threats will only continue to increase in both volume and complexity.

Advancements which have enriched the browsing experience have also created better pathways along which threats can spread. Instant messaging and email address books on our friend's computers are being hijacked to deliver threats that appear to be from people we know and trust.

Multi-track, super- viruses are difficult to recognise, diagnose and correct.  

Just when most people finally seem to have got the message about only opening attachments from trusted sources, things have got more complicated. Now we need to ask, not only is this from someone I trust, but is it the type of attachment I'd expect to receive from them?

And it gets more insidious.

Few people realise that these days it's possible to become infected just by looking at a website. Drive-by downloads, browser plug-ins, invisible I -frames all mean you no longer need to click on, or even drag your mouse over an icon, let alone download anything to pick up something nasty; and this isn't only on "dodgy" sites.

Trusted websites are increasingly being targeted as launching pads. By targeting banks and other popular portals, with huge traffic, criminals can gain access to lots of victims really fast. Normally a good IT team will diagnose and remove malware from these sites within a few minutes, but even in such a short space of time many people with un-patched PC's can be infected.

This is when having good, up-to-date, anti-virus and malware protection software installed can save the day, because it has the "intelligence" to see the types of threat we humans can't.

Nowadays it's rarely obvious when you're under attack. Latest breed threats are either invisible or socially engineered to arrive disguised as something "friendly"; remember the puppy.

However it's not only the latest threats which are wreaking havoc. The most active and widely distributed threats in circulation at the moment are actually those taking advantage old vulnerabilities, bugs which are six months to three years old. It's only still possible because so many people are neglecting to patch their PCs.

Attackers are still getting a lot of mileage where they should by all rights be beat: unprotected systems are low hanging fruit. 

The solution to all these problems is the same. Simple, age-old, best practice. Choose the right system, keep it up to date and patched to lower your risk profile and raise your security threshold. Run Windows Update regularly, and if a trusted application advises it needs an update, do it!

Then remember to back this up by paying attention to your own inbuilt threat detector, common sense, whenever you're surfing the net.

Robert Pregnell, Senior Manager of Regional Product Management for Endpoint Security, Asia Pacific

Robert Pregnell serves as the manager of regional product management for endpoint security in Asia Pacific and Japan, responsible for driving Symantec's enterprise security development across the region. An established and well respected expert in the field, Robert has been driving Symantec's endpoint security strategy and development for over fourteen years within various roles by leading and contributing to the engineering, product management, and technology groups. Since joining Symantec in 1995, Robert has worked extensively throughout the US and Asia Pacific region, maintaining an extensive customer oriented approach to global and Fortune 500 companies. In addition to direct customer consultation and deployments, he has worked in the areas of product design, development, quality assurance and stress testing. Robert has GSEC Level I Security certification. Prior to joining Symantec, Robert provided consulting services to private and government organisations throughout Australia and New Zealand, performing security design, deployments, and response services implementations.