In-the-Cloud Technology Beats Malware Pollution

Technology

I finally got permission from Computerworld Philippines to post here the article that we submitted for their Viewpoints column. I am already tinkering with the WordPress post/edit stuffs, but upon checking their site today, they already posted it on their online portal 🙂 I’m posting some snippets of the article below:

Computerworld Philippines

Web Security Lifeline: In-the-Cloud Technology Beats Malware Pollution

By Menard Oseña

Published in the November 2008 print edition of Computerworld Philippines

December 18, 2008

The State of Threats

Often, to impress upon the public the kind of dangers lurking online, security vendors struggle to pin a number on the volume of new malicious codes that are being produced everyday. AV-Test.org, an independent antivirus tester, placed it at 650,000 unique samples a month, an incredible jump from roughly 50,000 a month in 2005. We are seeing the same thing along with other AV (antivirus) vendors, although the number may differ among companies. The bottom line is that the numbers are indeed growing at an alarming rate.

Alongside the volume problem is the nature of these threats. Malicious codes these days no longer announce their presence on computers. The days of global outbreaks like the ILoveYou virus are over. They now operate stealthily, sitting unknowingly in computers to perform cybercrime. They can siphon personal and sensitive information from computers. They can hijack PC computing power for large-scale online attacks that can take down sites for hours. These threats are collectively known as Web threats and they are characterized by the smaller and targeted nature of their attacks, with money often the sole motivator.

AV Vendors Fight Back

In pattern matching, AV vendors use different sourcing strategies to obtain the file plaguing customers. We look for the marker or the unique thumbprint of the file and program a malware definition that can detect it, an activity we can now automate with the use of technology, making it an effective way of battling malware. But doing this for every single sample that we obtain will eventually consume too much computing power, making the user experience suffer as a result.

Quite different from pattern matching, heuristics involves the collection of a vast number of malware samples. Engineers create rules based on an analysis of common malware behavior and characteristics. Heuristic patterns detect not only all existing variants similar to the malicious code that was analyzed, but also future variants. This technique, however, although generally considered to be less resource-intensive, requires a safety net to be in place as it is more prone to false detection.

In-the-Cloud* is the Way to Go

Looking at the big picture, however, these strategies ultimately fall short. Detecting threats at the gateway and at the endpoint, after all, requires that a threat already be present on the system. In an ideal world, threats are detected and blocked at the source. Instead of the messy file-based battle, AV vendors must figure out a way to deliver protection at all possible fronts.

In today’s attacks, the infection chain begins long before a file is downloaded. Malware writers, for instance, can entice users via social engineering to click on a malicious URL. This can happen via spam or an instant message or even as part of the search results of a legitimate search engine. The URL can lead to several redirections which in the end causes the PC to download a malicious file. This means there are actually several chances to cut off the infection chain before a file ever gets to perform its payload. In addition to detecting files, this new level of protection must filter out fraudulent mail and block malicious URLs, bringing users farther away from the risks of these sneaky Web threats.

Going in the cloud for Trend Micro means “setting up camp” on the Internet and installing lighter-weight clients on user PCs to block threats before they ever reach the corporate network. This move likewise presents several pluses. By hooking up to a Web-based protection network, each client becomes a part of a real-time global protection schema. When the network detects an Internet security threat on behalf of any one participant in the network, all participants are automatically and immediately protected. They act as “sensors” looking out for the rest of the subscribers. This protection also extends to all devices connected to the network. By affording this protection proactively, the network significantly lessens the need to download new pattern files, reload databases, or even perform that customary system scan. In this case, file size and memory consumption are no longer an issue. Needless to say, time to protect is shorter, and we may at last have the chance to beat malware writers at their own game.

Complete article can be found HERE
Update 06.07.2009
Since Computerworld link is broken now, I am posting the whole article above.

The Computerworld Philippines November 2008 Cover

Computerworld Philippines November 2008

My personal thanks goes to Macky and Jercyl of TrendLabs Tech Marketing team for their help on the “prettification” of the article and to Deb of MediaG8way for the CWP Logo and the permission to post here in my blog.