An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Outmaneuvered at Their Own Game
#24624 12/31/12 11:35 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009


MicroMat Inc
Makers of TechTool
Re: Outmaneuvered at Their Own Game
MicroMatTech3 #24628 01/01/13 12:27 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
The issue has been acknowledged around here for years; why has it taken the industry until now to yank its head out of its hole in the sand?


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Outmaneuvered at Their Own Game
artie505 #24708 01/07/13 03:48 AM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
The industry has made billions doing things the way they're currently done. In any industry from computer software to fishing lures, it is very hard to persuade a company "Give up the business model that is making you billions of dollars right now and switch to an unproven, untested business model that might be better."

The conventional way to do antivirus protection--identify malicious software, analyze how it works, create a signature for it, then distribute the signature--is fundamentally broken, especially in a world where malware is written for profit (enormous profit) and organized crime hires teams of dedicated, highly skilled programmers to churn out new variants on the malware literally daily.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Outmaneuvered at Their Own Game
tacit #24716 01/07/13 02:57 PM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: Tacit
The industry has made billions doing things the way they're currently done. In any industry from computer software to fishing lures, it is very hard to persuade a company "Give up the business model that is making you billions of dollars right now and switch to an unproven, untested business model that might be better."

Not to mention the fact the industry has millions (billions?) of dollars and countless labor hours invested in their existing software. Their very rational business model (and prices we have been paying) are based on their being able to use that existing product for several years with only minor tweaks and updates to the signature files. The current threat would suggest that no matter what technique the AV industry develops, its practical lifespan is probably measured in months rather than years. In turn, that means the cost to both the commercial and individual consumer for malware protection may increase dramatically, perhaps by as much as an order of magnitude. tongue


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Outmaneuvered at Their Own Game
joemikeb #24717 01/07/13 09:31 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
I don't think that the consumer is ever going to be protected with the current way of doing things. Endpoint protection--relying on antivirus vendors to make effective programs and relying on consumers to put AV software on their machines--just plain doesn't work. That model is broken.

I do think it is possible to stage effective defense against malware, but doing so will likely not happen soon because it moves the cost from the consumer onto other bodies who don't want to give up profits.

One effective strategy is to call on broadband providers to become more proactive. They can do this in a number of ways: monitoring for malware command and control traffic and disrupting it, monitoring endpoints (consumers) for signs of malware infection and notifying those users, monitoring for rogue servers on their network (a lot of malware will install Web or file servers on infected computers) and cutting them off.

Some broadband providers, like Comcast, already monitor for (some) signs of virus infection. One of my roommates recently had her computer compromised and Comcast sent us an email.

But they generally don't look for signs of malware and botnet command and control traffic flowing over their pipes. If they did, they could disrupt that traffic and paralyze botnets, but it would cost money. Broadband providers already complain about how much it costs for them to do business; Comcast, for example, is struggling along with a measly 900% profit margin in consumer broadband, and doesn't want to spend more money helping to break up botnets. From their perspective, disrupting botnets is all cost, no benefit.

ISPs can also play a role, by doing more to take down malware droppers, secure their networks, and shut down malware C&C servers. But again, the same economics apply. An ISP that shuts down servers loses money. Worse, they have to pay money (in the form of salaries for security and abuse teams) for the privilege of losing money. From the point of view of management, a security or an abuse employee is someone they pay to make the ISP lose money. I have contacted many, many ISPs--including large, profitable, supposedly "reputable" ISPs like GoDaddy, Rackspace, and Softlayer--to notify them of malware droppers, malware forums, and hacked Web sites, only to have them turn a blind eye. They have no economic incentive to stop malware and plenty of economic incentive not to. Bluntly: They profit by having this crap on their networks.

Another key part of the puzzle is merchant banks. Some malware, like fake antivirus scareware and ransomware, works by taking over a computer and then either warning about fake "viruses" or by encrypting files on the user's computer, and then demanding payment to remove the fake "viruses" or to give the user back his files. These malware programs are usually written by Eastern European organized crime, and they demand payment by credit card. Most US banks won't do business with them, but it's usually not too hard to find folks who will. Panda Security estimates that one organized crime gang in Russia averages about $34,000,000 per month in profits from fake AV scams. When their US-based credit card processor finally cut them off, they picked up an overseas credit card processor quickly. What bank wouldn't turn a blind eye in exchange for ten percent of $34 million a month?

Another bit of the puzzle is international law enforcement. Often, we know exactly who the miscreants are; they brag openly on their Web sites about the malware they've written. Russian law does not forbid writing malware, as long as it isn't released in Russia. Why would they? It brings tons of money into the struggling Russian economy. No extradition treaties exist between Russia and the United States. Leo Kuvayev, aka "Badcow," has been wanted on US warrants for malware distribution and computer hacking for YEARS, and has lived freely in Russia, running a huge spam gang and bragging about the malware he'd written, raking in money from bank-password-stealing Trojans and botnets. It wasn't until he got involved with processing payments for child porn operators that the Russians finally arrested him.

So as it stands right now, the criminals operate openly and with complete impunity from Eastern Europe. The banks that the criminals use to process transactions and hide money willingly do business with them, because the amounts of money in malware are staggeringly large. ISPs and broadband providers tolerate a certain amount of malicious activity on their networks, turning a blind eye to malware traffic, malware distributors, and malware command and control servers, because they don't want to bear the brunt of the cost of fighting them. Only if a problem becomes big enough not to ignore do they get involved, and sometimes then only reluctantly. (psychz.net, an American ISP founded by Russian expats, openly hosts spammers and malware droppers, and its peers won't cut it off because it's a lucrative revenue stream.) And through it all, the only thing everyone will say is "Users should run antivirus programs."


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Outmaneuvered at Their Own Game
tacit #24757 01/11/13 09:23 PM
Joined: Aug 2009
Likes: 7
Offline

Joined: Aug 2009
Likes: 7
Although this thread is not about Java, the following article is definitely related to security: Zero-day flaw prompts Apple to block Java 7 from OS X.


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: Outmaneuvered at Their Own Game
jchuzi #24777 01/13/13 09:46 AM
Joined: Aug 2009
Likes: 7
Offline

Joined: Aug 2009
Likes: 7


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: Outmaneuvered at Their Own Game
jchuzi #24778 01/13/13 10:07 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
I posted it yesterday...from Nigeria. grin


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Moderated by  alternaut, cyn 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.028s Queries: 30 (0.022s) Memory: 0.6125 MB (Peak: 0.6999 MB) Data Comp: Zlib Server Time: 2024-03-28 09:10:15 UTC
Valid HTML 5 and Valid CSS