This week I kicked off our Planet Antivirus challenge with a blog entry highlighting the top 5 failures of antivirus. My fifth point highlighted the fact that relying on antivirus resulted in a reliance on fire drill patching as a result:
Relying on antivirus ties companies to fire drill software patching — The side effect of relying on antivirus to protect endpoints is that companies are now tied to reactive software application patching as well. Because we can’t trust our antivirus software to protect the endpoint, we also must remain constantly aware and vigilant about identifying and fixing vulnerabilities in our applications on the endpoint. The resulting combination of rushed patches and signatures is a significant drain on the human resources of an organization.
It’s rare that such a post has supporting evidence appear just days after it is published, but this week, that is exactly what happened. It was reported this week that a Windows XP security update resulted in the notorious Blue Screen of Death (BSOD), locking up many users’ Windows XP PCs. In the article, “Windows patch cripples XP with blue screen, users claim,” hundreds of Windows users expressed their frustrations on the company’s support forum throughout the week. Continue reading this post…
I truly believe that 2010 is a turning point in endpoint security. The old antivirus model has reached the end of its practical usefulness and the disadvantages of an approach with a foundation of blacklisting far outweigh its benefits. Operation Aurora and the attacks against major online brands perfectly illustrates the failure of our old paradigm to protect endpoints.
Later this week, we are launching a fun (and funny) awareness campaign, called Planet Antivirus, highlighting the weaknesses of antivirus and focusing on the need to completely rethink our approach to how we defend endpoints. Today I am kicking this campaign off by highlighting the top five failures of antivirus technology: Continue reading this post…
Much has already been written about the impact of Operation Aurora on the threat landscape. The international attacks on some of the world’s leading Internet companies reminded us once again of the vulnerabilities within interconnected networks that can be accessed from virtually anywhere in the world.
These attacks also illustrate the growing need for, and strength of, application whitelisting solutions. As Aurora first gained access by attacking an endpoint within Google’s network to trick a user into installing malware, even leading antivirus software designed to detect such viruses and malicious code couldn’t stop it from running within the network. Continue reading this post…
As I’ve mentioned before, Microsoft’s inclusion of AppLocker, the embedded technology that decides which software should or should not run based on an IT administrator’s rules, in Windows 7 was further validation that application whitelisting has emerged as the anti-malware solution of the future. While the Windows 7 default security model certainly provides a level of protection against malware threats, for enterprises that require stronger protection with less manual tuning, it is not enough. Continue reading this post…
According to Gartner’s Avivah Litan, even two-factor authentication systems can’t stop today’s cyber thieves. Over the past few months, banks around the world that rely on one-time-password authentication systems have been compromised by man-in-the-middle attacks, despite having two-factor security in place.
Thomas Claburn of InformationWeek writes in his article, “Strong Authentication Not Strong Enough,” that fraudsters are now using call forwarding to bypass security measures. Continue reading this post…