Tuesday, January 1, 2013
(W) Proof Anti-Malware is not enough - Flame, Ducu, Stuxnet
I have always said if you rely on Anti-Virus/Anti-Malware as your sole defense against the nefarious neer-do-wellers of the InterWebbings you will get p0wned! Most home users may have AV, hopefully also their local operating system firewall is enabled and have a DSL/Cable router with firewall capabilities, but is that enough?
We have learned over the past year that the analysis of The Flamer, Ducu and Stuxnet malware went undetected so long by Anti-Malware software, Intrusion Protection Solutions and other security solutions because they all use signature based analysis.
The moral? We only can detect what we know about and all these solutions are designed to monitor what we know, not what we don't know. This is why user behavior is so important when it comes to browsing the InterWebbings.
Only YOU can prevent Forest Fires... I mean Malware by your behavior. Use Extensions for Chrome, Plugins for FireFox to block unwanted scripting on sites you might just visit or 'drive by' as we say. Using Web of Trust (WOT) will give you an indication of links that may be bad on google searches and websites. NotScript and NoScript prevent auto loading of scripting and allows you to only enable the sites and content you actually need versus seeing all of it all the time. Using AdBlock, blocks those often malware distributing ads.
Browsers are also becoming more aware of blocking tracking as well, so utilize these features and avoid using Internet Explorer to browse as this is a great browser to catch malware from. Proof is the latest MS XML 0-Day that is currently out for all versions of IE.
Build your environment to protect users from themselves and make a more secure browser with extensions or plugins required for all users and get used to having them and using them all the time!
Oh yeah... It goes without saying... DON'T CLICK ON THAT... Dot com
Safe browsing in 2013