New antivirus software looks at behaviors, not signatures

It could be argued that security vendors are losing the battle with online scammers whose programs sneak onto computers and drop malicious programs, opening the computers up to remote attacks and turning them into zombies in botnet armies.

The problem is that most computers today rely on antivirus software that blocks malware by checking the code in a file against a database of signatures of known viruses. With thousands of new viruses arriving each day, many of them encrypted in part or otherwise disguised with modification, the signature lists require frequent updates and many new viruses slip through undetected.

As a result, security providers are turning their attention to behavior-based approaches for identifying new viruses, with software that focuses on watching for suspicious behavior, such as a program trying to write data to an executable program. Two security companies are set to make announcements on Monday that follow this trend.

Antivirus provider AVG is introducing AVG Identity Protection, software that analyzes the behavior and characteristics of programs running on a computer and shuts down activity that looks suspicious. The software is based on technology the firm acquired when it bought identity theft specialist Sana Security in January.

“The antivirus companies are flooded with malware to add to signature databases,” with 20,000 to 30,000 new unique samples coming out every day, said Roger Thompson, chief research officer at AVG. “It’s time to do something different.”

Meanwhile, Damballa is releasing its Failsafe 3.0 appliance that is designed to discover botnet malware on computers by listening for communications between compromised systems and command-and-control nodes controlled by attackers on the Internet.

As much as 5 percent of computers in a corporation are compromised with targeted attack type of bot malware, even with up-to-date antivirus and intrusion detection software in use, said Bill Guerry, vice president of product management and marketing at Damballa.

Of a sample of more than 200,000 malware samples scanned by a leading antivirus tool over six months, the average gap between the release of the virus and its detection was 54 days, with almost half going undetected on the day received and 15 percent still undetected after 180 days, according to a Damballa study.

Another company, Triumfant, announced behavior-based software last week that protects companies against zero-day attacks that arise from exploits of security vulnerabilities in software that has not yet been patched.

Triumfant Resolution Manager looks for changes in attributes of the computer, such as registry keys, security and port settings, and performance statistics, and removes code that is suspicious.

Read more »

Cloud hangs over Macworld opening

Macworld, the annual tech gathering for the Apple faithful in San Francisco, opens with a cloud hanging over it.

In a surprise move, the company recently shocked fans by announcing this year’s event is its last.

It also revealed that chief executive Steve Jobs would not present the keynote address, reigniting speculation his health has deteriorated following pancreatic cancer surgery in 2004.

Some analysts, however, see Mr Jobs’ decision as part of a succession plan.

“Steve is clearly beginning to share the spotlight with some other executives and sooner or later someone has to step up to the CEO role,” said Van Baker, vice-president of research for IT consulting firm Gartner.

“I don’t think this is about Steve’s health. I think he is trying to back off from being a ‘one man band’ and he is trying to make way for a possible succession and spread the wealth among the executive team that Apple has,” explained Mr Baker to BBC News.

Apple has said the reason for pulling out of future shows is because it feels the forum does not provide value for money.

In an earlier statement, the company said that “every week 3.5m people visit our retail stores. And like many companies, trade shows are a minor part of how Apple reaches its customers”.

Rumour mill
With Apple refusing to answer questions about Mr Jobs’ health, concern and rumour continues to take on a life of its own. Much of it was sparked off in the middle of last year when he appeared at Apple’s World Wide Developer Conference looking very thin and gaunt.

Just last week Gizmodo.com, a popular tech and gadget website, posted a report from an anonymous source who said Mr Jobs’ health was “rapidly declining”.

Within minutes, Apple stock dipped from $87.92 (£60.60) to $84.72 (£58.42). It rallied at the end of the day but this demonstrates how sensitive the market is to the issue.

Mr Baker, however, believes there really is nothing to worry about when it comes to either the health of Apple’s boss or that of the company he has been credited with turning into such a dominant force.

“I think it’s much ado about nothing, to be honest with you. Of course I could be wrong, but I think if he had anything that was truly life threatening there is an onus on the board and on him to share that with shareholders,” stated Mr Baker.

However, some analysts believe that Apple will suffer without Mr Jobs at the helm.

“Apple can’t survive the way it is without Steve Jobs,” Rob Enderle, principal analyst at the Enderle Group, told the San Jose Mercury News.

“It will have to change dramatically because it’s been so designed around Steve.”

That view is upheld by LA Times columnist Michael Hiltzik, who asks what he calls the crass question – “What is Apple Inc’s plan if CEO Steve Jobs dies?”

Mr Hiltzik wrote: “I hope the day when Apple has to contemplate life without Steve Jobs stays far, far in the future. But the value of the company and the perception of its future are now tied, at least in the short term, to the public perception of his future.”

Silent protest
Mr Jobs’ decision not to present Tuesday’s keynote speech now means the spotlight will be turned on Apple’s senior vice-president of worldwide product marketing, Phil Shiller, who will stand in.

The presentation has in the past been likened to that of a rock concert, with the audience cheering every announcement. It has also been a highly visible platform for Steve Jobs, who has delighted the Mac fans by giving them a first glimpse of new products such as the iPhone, the iPod and the Mac Air book among others.

“This really feels like we are making a pilgrimage to the mother ship to see what Steve is going to give us for the next year,” explained Lesa Snider King, who met her husband at Macworld and planned the wedding around the expo in 2006.

As a long time Mac user, regular Macworld attendee, and Mac training instructor, Ms Snider King told the BBC she was so disappointed at Apple’s decision to pull out of future shows that she had organised a protest. She has called on the Mac community to stay silent during Mr Shiller’s keynote address.

“I don’t want anybody to be rude, or throw things or heckle or anything. Our anger will speak volumes by us not saying anything. This isn’t personal against Mr Shiller but it’s aimed at sending a message to Apple,” Ms Snider King explained.

“There is a whole ecosystem that centres around Macworld and it’s not just about Apple. There are hundreds of mom-and-pop companies who will be adversely affected,” she said.

Ms Snider King added that while she has had a lot of positive response, there has been something of a backlash to her idea.

“There have been quite a number of very vile, mean personal attacks over it which I have found shocking. I never dreamt in a million years that I would have people calling me names that I don’t dare repeat. But this is important. Apple pulling out of Macworld has the potential to kill the show.

“Apple have always had this thing about eating their young and I feel that is what they have done here,” said Ms Snider King.

Read more »

Halloween 2.0

It’s nice to see the web 2.0 culture embracing Halloween – here are some of the sites that showed their appreciation for it…

 

 

Internet companies embrace human rights guidelines

Leading Internet companies, long criticized by human rights groups for their business dealings in China, are agreeing to new guidelines that seek to limit what data they should share with authorities worldwide and when they should do so.

The guidelines, to be announced Tuesday, call for Google Inc., Yahoo Inc. and Microsoft Corp. to try to reduce the scope of government requests that appear to conflict with free speech and other human rights principles. They also require participating companies to seek requests in writing, along with the names and titles of the authorizing officer.

The Global Network Initiative guidelines were drawn up by the Internet companies along with human rights organizations, investors and academics.

But ultimately, the documents are less about “what happens when you get a knock on the door than what are you doing before then,” said Leslie Harris, chief executive of the Center for Democracy and Technology, one of the main groups behind the guidelines.

Harris said the companies are agreeing to consider human rights issues ahead of time as they decide which countries to operate in and what services to offer. The guidelines also call for companies to train employees and develop mechanisms to resolve conflicts.

It was not immediately clear, however, what practices, if any, will change, as the guidelines do not ban any specific conduct, and many of the key points are open to interpretation or are left to individual companies to implement.

“What’s disappointing is that the amount of effort … didn’t produce something more substantial,” said Morton Sklar, executive director of the World Organization for Human Rights USA, which sued Yahoo for giving Chinese officials information that led to the arrest of two journalists. The lawsuit has since been settled for an undisclosed amount.

He said the documents do not offer specific guidance on how a company’s employee is supposed to respond when presented with a particular set of circumstances.

But Sklar praised the companies for recognizing “that there was a huge problem here and needed to be addressed.”

About 18 months in the making, the guidelines do call for the creation of an oversight organization to regularly review the companies’ practices, though what sanctions they face have yet to be decided. Other companies may join the Global Network Initiative.

The guidelines stress that free expression and human rights are ultimately principles requiring the commitment of governments, and that organization will also help companies collaborate on lobbying.

Internet companies have felt compelled to expand into China because of its growth potential, but the push into the world’s most populous country has raised thorny issues, particularly for Yahoo and Google, which were both co-founded by immigrants.

Yahoo and its Taiwan-born chief executive, Jerry Yang, have faced the biggest backlash for handing over e-mails that led to the imprisonment of two Chinese journalists. Besides Sklar’s lawsuit, the outcry spurred a congressional hearing during which the late Rep. Tom Lantos likened Yang to a moral “pygmy” for cooperating with the Chinese government.

Yang has since been more proactive about speaking out for human rights. Leading up to the Olympics in Beijing, Yang urged the Bush administration to use its diplomatic influence to obtain the release of jailed political dissidents.

Google has refrained from offering e-mail or blogging services in China because it doesn’t want to be put in a position where it might have to turn over any of its user’s communications.

Still, Google has come under fire for censoring about 2 percent of its search results in China to comply with government rules. Google’s Russian-born co-founder, Sergey Brin, has maintained that the people living there will be better off with an abbreviated version of the search engine than a full version that is entirely blocked by the government.

“From the start, Google has promoted free expression and the protection of our users’ privacy,” said Bob Boorstin, Google’s director of policy communications. “We see this as another crucial step. The coming together of all these diverse companies and groups is more likely to bring change in government policies than any one company working by itself.”

In a statement, Yang said the guidelines “provide a valuable roadmap for companies like Yahoo operating in markets where freedom of expression and privacy are unfairly restricted.”

Read more »

Beat the recession with StartupTech

After a substantial credit crisis, increased unemployment and the possibility of a global recession, it has never been a more important time to start saving your money. One company who are helping you do this is StartupTech, who offer low cost and affordable website design starting from just £250 ($420).

Their aim is to provide all of the support and guidance you need to setup your website, and ensure that you have a website that appeals to people, works well in the search engines and meets the legal requirements.

StartupTech work with people who want their first website designed or are on a low budget. Most of their business is associated with small companies and charities, start up businesses and individuals.

For more information click here.