Proactive Defense Against Malicious Code

Presented at DEF CON 8 (2000), July 29, 2000, 11 a.m. (50 minutes).

Anti-virus software is an important part of a well-devised security policy, but reactive virus detection is not versatile enough for the demands that will be made on businesses engaged in e-commerce. The year 1999 began with the birth of the Happy 99 virus - a harbinger of things to come. Happy 99, plus Melissa, PrettyPark and the Explore.zip worm are all examples of third generation of malicious replicating code, designed to exploit the Internet for their rapid proliferation. A variant of Explore.zip, called MiniZip, managed to hide itself from antiviral utilities and spread at an amazing rate around the Internet at the end of 1999. Such programs, which launch new malicious code attacks, create "first strikes" against systems and networks. Allowing untrusted code to execute on the corporate network may not be suitable for your organization. But corporate security policies that block network executables adversely affect the evolution of the Internet, extranet, and intranet. While no security implementation is absolute, functionality is not achieved by disconnecting users from the network and preventing access to programs. Therefore, proactive defense against first-strike attacks is required today.

Almost all web sites today contain mobile code. Many of the powerful business (ecommerce) applications you need and use are written with mobile code. Consequently, net-enabled malicious software is likely to increase in prevalence and successful utilization. The factors accounting for such a prediction are the ease by which users are duped into double-clicking on malicious e-mail attachments and, the ease by which the sources of those e-mails are automatically spoofed to seem to come from a boss or from an e-mail or instant message friend. Traditional pattern matching approaches are incomplete, out-of-date, and ineffective and were never designed in preventing a series of new generation attacks based on malicious mobile code and Trojan executables.


Presenters:

  • Ron Moritz - Senior Vice President and Chief Technical Officer at Symantec Corporation
    Ron Moritz is the Senior Vice President and Chief Technical Officer at Symantec Corporation where he serves as primary technology visionary. As a key member of the senior management team interfacing between sales, marketing, product management, and product development, Ron helps establish and maintain the company's technological standards and preserve the company's leadership role as a developer of advanced Internet security solutions. Ron was instrumental in the organization of Finjan's Java Security Alliance and established and chairs Finjan's Technical Advisory Board. He is currently chairing the Common Content Inspection API industry standards initiative. Ron is one of a select group of Certified Information Systems Security Professionals. He earned his M.S.E., M.B.A., and B.A. from Case Western Reserve University in Cleveland, Ohio.

Links:

Similar Presentations: