Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

IEEE Launches Anti-malware Services To Improve Security

Soulskill posted about 2 months ago | from the trickle-down-security dept.

Security 51

New submitter Aryeh Goretsky writes: The IEEE Standards Assocation has launched an Anti-Malware Support Service to help the computer security industry respond more quickly to malware. The first two services available are a Clean file Metadata Exchange (PDF), to help prevent false positives in anti-malware software, and a Taggant System (PDF) to help prevent software packers from being abused. Official announcement is available at the offical website."

cancel ×

51 comments

Sorry! There are no comments related to the filter you selected.

Taggant (3, Interesting)

TubeSteak (669689) | about 2 months ago | (#47366575)

I can't get the linked PDF to load
This probably isn't the same thing, but it explains what they're trying to do and why
https://media.blackhat.com/bh-us-11/Kennedy/BH_US_11_KennedyMuttik_IEEE_Slides.pdf [blackhat.com]

Re:Taggant (0)

Anonymous Coward | about 2 months ago | (#47366617)

I can't get the linked PDF to load

It's probably already compromised.

Which part of "Adobe product" did you not understand?

Re:Taggant (0)

Anonymous Coward | about 2 months ago | (#47366701)

how will this help against self rewriting applications?

Re:Taggant (1)

Aryeh Goretsky (129230) | about 2 months ago | (#47373441)

Hello,

It probably won't help much, if at all, but the number of legitimate applications which are self-modifying is comparatively very rare compared to those which done.

Regards,

Aryeh Goretsky

In reply to "Anonymous Coward" at Wednesday July 02, 2014 @12:34AM:

how will this help against self rewriting applications

Re:Taggant (2)

MrL0G1C (867445) | about 2 months ago | (#47367303)

"Portable Document Format (PDF) is a file format used to present documents in a manner independent of application software, hardware, and operating system"

http://en.wikipedia.org/wiki/P... [wikipedia.org]

You don't have to use Adobe to view or edit PDFs.

Re:Taggant (1)

NotInHere (3654617) | about 2 months ago | (#47367677)

Try pdf.js -- it is the implementation of a pdf reader in one of the most secure code execution runtimes -- a js engine. It is slow and lacks much pdf features, but for these slides pdf.js is enough.

Re:Taggant (2)

arglebargle_xiv (2212710) | about 2 months ago | (#47366783)

I can't get the linked PDF to load

Basically they want the people who write malware packers to tag the packed malware as malware so it can be easily identified. Sort of like asking burglars to wear a shirt with I AM A BURGLAR printed on it in large letters, and perhaps notify the police when they're planning to break into a house.

It's a cunning plan, but somehow I can't see it catching out many bad guys.

Re:Taggant (1)

mythosaz (572040) | about 2 months ago | (#47369271)

They already wear masks, striped shirts, and carry their stolen goods in burlap bags. I'm pretty sure that "I AM A BURGLAR" is unnecessary.

Re:Taggant (1)

dave562 (969951) | about 2 months ago | (#47370909)

I got just the opposite from the PDF.

I thought what they are proposing is that "good" companies will sign their executables with certificates that can be revoked in the future if it turns out that the certificate is being used to sign malware.

Re:Taggant (1)

Aryeh Goretsky (129230) | about 2 months ago | (#47373455)

Hello,

I believe the idea is to allow legitimate developers of packers, cryptors, etc. a means of identifying their software. I would not expect those folks on the malware side of things to take any action as a result of this activity under the IEEE's auspices as it does not apply to them.

Regards,

Aryeh Goretsky

They're also "f'ing up" security: How? (0)

Anonymous Coward | about 2 months ago | (#47367777)

I use a technique (packed .exe files & testing size (or CRC32) @ app startup vs. viral infestation) that creating UNPACKERS will fuck up (was modded up for it here on /. YEARS ago in fact) -> CODING FOR DEFCON (my compressed/packed exe + sizecheck @ startup technique): 2005 -> http://it.slashdot.org/comment... [slashdot.org]

Thus, I KNOW it's UTTER BULLSHIT to create antivirus rules based on packed executables as well (& yes, I've been 'flagged' falsely for it, & had the likes of Norton/Symantec, McAfee, Comodo, ClamAV, ArcaVir + others per the JOTTI & VirusTotal online tests RESCIND & REVERSE their findings also...)

Yes - You CAN do that technique using non-packed exe's - HOWEVER - packed .exe files are HARDER to disassemble (acting as security itself).

* Just goes to show you that the "experts" aren't as "expert" as they *may* think themselves to be, if "lil' ole' me" can knock them onto their asses for b.s. rules (so they can show more 'findings' than their competitors albeit on bullshit grounds)!

APK

P.S.=> Especially considering that SYMANTEC even ADMITTED RECENTLY their antivirus products ARE ONLY "55% EFFECTIVE" no less... Which makes sense:

MOST of where you'll be infected nowadays COMES FROM THE WEB!

I have something better, that's NOT "reactive" technology & thus, inferior, acting "after the fact" when you've been infected/infested & you already HAVE it natively!

I stop it, BEFORE it can occur -> http://it.slashdot.org/comment... [slashdot.org] , & it uses the most efficient mechanism you already have vs. redundant inefficient "so-called 'competition'" in browser addons + even secures vs. DNS redirect security faults!

(By not bolting on more, which Mr. Spafford (Morris Worm disassembler) even recommends - Don't bolt on "more" with more complexity & bugs in it since it's not proven - shore up & SECURE using what you have http://it.slashdot.org/comment... [slashdot.org] )

... apk

Re:Taggant (1)

Aryeh Goretsky (129230) | about 2 months ago | (#47373421)

Hello,

No problems viewing either PDF file via Sumatra PDF Reader. Perhaps you could try that.

Regards,

Aryeh Goretsky

Thoughts on this? (0)

Anonymous Coward | about 2 months ago | (#47379425)

http://it.slashdot.org/comment... [slashdot.org]

??

Thanks!

Sincerely,

APK

P.S.=> Personally (& I have a LOT of backing on this account from quite a few "industry luminaries"), I am QUITE CERTAIN that it's "the way of the future" using something from the distant past, since threats are mostly "webbound" (delivered via the web), & it does more than ANY SINGLE BROWSER ADDON there is under the sun (by far & FAR more efficiently in RAM usage, CPU use, and messagepassing overheads) + also shores up DNS redirect security issues with total end user control) offering more speed, security, reliability, & even anonymity... let's hear YOUR thoughts on it: Should interest you, as even Symantec has ADMITTED their antivirus product is ONLY "55% effective" recently -> http://it.slashdot.org/story/1... [slashdot.org]

Is it cross-platform? (0)

Anonymous Coward | about 2 months ago | (#47366577)

It seems like all the really good anti-malware stuff only supports Windows.

Re:Is it cross-platform? (1)

Cenan (1892902) | about 2 months ago | (#47367049)

No need to be cross platform. Any platform that is not Windows is impervious to malware, /. says so.

Re:Is it cross-platform? (1)

hawkinspeter (831501) | about 2 months ago | (#47367157)

I don't think other platforms are impervious, but other platforms have sensible package management that doesn't encourage users to download random unsigned packages from random websites.

I really do think that Windows trains users in the worst possible behaviours - download and install from any website and if you see a dialog, don't bother reading it, just keep clicking "next" or "ok" until it's done.

Re:Is it cross-platform? (1)

NotInHere (3654617) | about 2 months ago | (#47367657)

I've thought that with windows store Microsoft people wanted to solve this problem, but unfortunately they have only enabled this mechanism for metro apps. I hope that rumors are right about windows store apps being abled to also run on desktop windows.

That's b.s. (you know it though, lol)... apk (-1)

Anonymous Coward | about 2 months ago | (#47368069)

The MOST USED on any given platform WILL be most attacked, & -> http://yro.slashdot.org/commen... [slashdot.org]

* For YEARS here, I kept telling the "'Pro-*NIX noobz" here that, as I'd seen it before on far older platforms... & "lo & behold" it's come to pass, today!

(Yes, it only makes sense too - & you have to "channel your 'inner criminal'" to understand it (think like the opposition): They want to be able to get the MOST "bang" from the least code possible to attack the largest body of victims/users - on PC's & Servers combined, that's Windows... however: On smartphones? That's ANDROID (yes, it's a Linux variant that STUPIDLY uses Java/Dalvik imo as its front-end)... & we all KNOW the results there on that account (exploited daily, since it's most used, thus most attacked, on the smartphone platform...))

APK

P.S.=> It *truly* astonishes me that the YEARS to a decade++ of PUREST "FUD" went on here (largely I suspect *not* from actual knowledgeable users here, they're TOO SMART & experienced for that CRAP, but rather, those that stood to GAIN by spreading such b.s. to users that *may* be & are, less experienced, & thus, easily 'fooled' by clever b.s. & repetitive hammering of their brains, as advertizers are wont to do, for instance)... apk

This is cross platform & works... apk (0)

Anonymous Coward | about 2 months ago | (#47367291)

By "prevention is the best medicine" & "what you can't touch you can't be burnt by" (it blocks sources of malicious content w/ absolutely current data from the security community):

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o... [start64.com]

(Details of benefits in link)

Summary:

---

A.) Hosts do more than:

1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/commen... [slashdot.org]

B.) Hosts add reliability vs. downed/redirected dns (& overcome redirects on sites, /. beta as an example).

C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... [slashdot.org] w/ less added "moving parts" complexity/room 4 breakdown,

D.) Hosts files yield more:

1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).

---

* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) by filtering the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).

* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - how Clarityray is destroying Adblock.

* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth... [mozilla.org] )

Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)

APK

P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"

...apk

I different approach on network operating systems (1)

raymorris (2726007) | about 2 months ago | (#47370929)

Network operating systems such as Linux take a different approach from the Windows line of disk operating systems. You CAN get some Windows-style anti-malware stuff for Linux or Mac, but it's main use is to scan emails on the server in order to protect the Windows clients. To protect the Linux/BSD/Mac systems, we take the opposite approach. Not anti-malware, loading up another 75,000 virus signatures to try in vain to identify the bad stuff, but a pro-goodware approach, identifying the 20 or so programs that are supposed to be running. An excellent example of this is Tripwire http://sourceforge.net/project... [sourceforge.net] . One primary function of Tripwire is that is does a scan of your system before anything bad happens, hopefully when you first set up the system, and it catalogs which files are supposed to be there. Then when it does it's nightly run it doesn't try to figure out if any of the files are malware, it looks for anything that has changed from the day before. My computer should be the same today as it was yesterday, except for some emails and logs, so any new files are suspect. Any new programs running is definitely suspect. The first few days that you run Tripwire or another IDS it'll catch some things that legitimately change from day to day. You set it not to alert you to that stuff that's normal. I'd leave it where it still tells you about new programs that show up - though installing software is "normal", I don't install new stuff every day so I don't mind being alerted to the fact.

An IDS like Tripwire is just one example of the different approach. Another example, which Windows is starting to emulate now, is that normally on Linux nothing is allowed to come in from the network except what you specifically allow. Some think that works better than intensively scrutinizing everything that comes in and trying to identify the bad stuff.

I'll agree with that, BUT... apk (-1)

Anonymous Coward | about 2 months ago | (#47373939)

"Whitelisting"'s what you're describing - &, per my subject-line above, I'll agree, it has merit.

However, I *think* that a combination of BOTH traditional approaches (i.e. -> 'blacklisting' via antivirus/antispyware & even what I do -> http://it.slashdot.org/comment... [slashdot.org] is overall, best... )

What I do is more of a "proactive approach" than "reactive" ones like antivirus/antispyware, by stopping the sources of online infestation and access to them by users via hosts files (and even firewall rulesets, which I also use for that too)).

"Layered Security"/"Defense in Depth" is the BEST THING we have going vs. threats of all kinds, inclusive of what YOU are stating, and imo, what I am stating as well.

APK

P.S.=> The MAIN reason I am directly confronting you was because of a comment of yours I found offensive -> http://slashdot.org/comments.p... [slashdot.org] so... let's see you disprove my points on hosts here, then -> http://it.slashdot.org/comment... [slashdot.org] since you evaded my confronting you on that link I noted SEVERAL times already - go for it .. apk

raymorris the bullshit artist runs again (0)

Anonymous Coward | about 2 months ago | (#47374921)

Is a technically unjustifiable downmod "the best you got", blowhard raymorris? Apparently so.

Additionally: Don't even *try* to tell us "You can't downmod in a post you've already posted in" bullshit either - that's EASILY done using sockpuppet alternate accounts here (I've busted quite a few idiots here doing it, you're just another deceitful worm that does also), or downmodding, logging out of your registered 'luser' account here, & playing with the state saving cookie for it.

Child's play & that's about "your speed" as well as the upper limits of your skillset in computing.

Long and short of it, as to MY estimation of you:

You're a do-nothing big talker raymorris that just "blew it again" spouting erroneous bullshit here (and you KNOW it - hence your 'downmod' to hide it, yet not disproving my points on hosts files, which I have confronted you a DOZEN++ times on and you can't despite your "big talk" you can't backup... you're a coward, and a blowhard WORM)!

I also notice you've never achieved anything of note in the art & science of computing that I know of - why? You're at most, a MENIAL is why.

You've GOT no creativity, no talent, & certainly NO BALLS -> http://it.slashdot.org/comment... [slashdot.org]

("Run, Forrest: RUN!!!")

APK

P.S.=> You've blown it this time on saying "Windows is just starting" to do whitelisting? Bullshit. It's been possible & around since Windows XP you know-nothing big talking "ne'er-do-well" DOLT - all you've GOT is your effete little downmods - no big deal! Keep it up, blow them all, & I will just come over the top of you AND POST IT AGAIN, exposing you... coward! apk

By the way raymorris - get a set of balls! apk (0)

Anonymous Coward | about 2 months ago | (#47374033)

"Another example, which Windows is starting to emulate now, is that normally on Linux nothing is allowed to come in from the network except what you specifically allow" - by raymorris (2726007) on Wednesday July 02, 2014 @02:53PM (#47370929)

Whitelisting on Windows7's doable & for a LONG time now http://lifehacker.com/5442636/... [lifehacker.com] not "just starting to be emulated" like you said - it's been doable since Windows7's inception (over 5++ yrs. now).

APK

P.S.=> Also, get a set of BALLS for once instead of being an evasive coward (downmodding my posts confronting you like you did in 2013, yes, on hosts files efficacy) & disprove my points on hosts validly, here -> http://it.slashdot.org/comment... [slashdot.org]

OR,

Do I have to post the literally DOZEN times you evaded it & downmodded it as well?

(Also - please: DO NOT EVEN *TRY* TO FEED ME A LINE THAT "I can't downmod a post I posted in already", or I will shoot you down on THAT also with EXACTLY how it's done here with sockpuppets, or downmod/logout, & state cookie manipulations here too)... apk

"Window is 'just starting' to"? bs (-1)

Anonymous Coward | about 2 months ago | (#47374061)

Been around since Windows XP, raymorris (Applocker & software restriction policies areas in registry etc.) -> http://windowsitpro.com/window... [windowsitpro.com]

APK

P.S.=> Still/again - get a set of BALLS raymorris & disprove my points on hosts files validly -> http://it.slashdot.org/comment... [slashdot.org] since you DOWNMODDED & EVADED IT A DOZEN TIMES BEFORE after shooting your mouth off about hosts files here which I quoted and confronted you on 12++ times now http://slashdot.org/comments.p... [slashdot.org] and you downmodded it and ran!

OR

Do I have to post the literally DOZEN times you evaded it & downmodded it as well?

(Also - please: DO NOT EVEN *TRY* TO FEED ME A LINE THAT "I can't downmod a post I posted in already", or I will shoot you down on THAT also with EXACTLY how it's done here with sockpuppets, or downmod/logout, & state cookie manipulations here too)... apk

"Windows is just starting to be"? Bullshit (0)

Anonymous Coward | about 2 months ago | (#47379233)

Been around since Windows XP, raymorris (Applocker & software restriction policies areas in registry etc.) -> http://windowsitpro.com/window... [windowsitpro.com]

You bullshit spouting wannabe fake...

APK

P.S.=> Still/again - get a set of BALLS raymorris & disprove my points on hosts files validly -> http://it.slashdot.org/comment... [slashdot.org] since you DOWNMODDED & EVADED IT A DOZEN TIMES BEFORE after shooting your mouth off about hosts files here which I quoted and confronted you on 12++ times now http://slashdot.org/comments.p... [slashdot.org] & you downmodded it and ran like the little cowardly BITCH fake you clearly are.

OR

Do I have to post the literally DOZEN times you evaded it & downmodded it as well?

(Also - please: DO NOT EVEN *TRY* TO FEED ME A LINE THAT "I can't downmod a post I posted in already", or I will shoot you down on THAT also with EXACTLY how it's done here with sockpuppets, or downmod/logout, & state cookie manipulations here too)... apk

What do Clickbank & Vertis do, raymorris? apk (0)

Anonymous Coward | about 2 months ago | (#47381099)

They're advertisers you work for: It's why you ran from disproving MY points on hosts http://it.slashdot.org/comment... [slashdot.org]

You also made large technical blunders so your resume is pure bullshit obviously and you know nothing.

Makes sense you *TRY* to put hosts down though - you can't do a DAMNED THING against them!

Hosts files are a huge threat to scumbags like you is why you attempt to put them down and fail (running like a scared weasel you are since you can't validly do so).

APK

P.S.=> "Cat's outta the bag on you", scumbag weasel that you are (advertiser)... apk

spam less than you (1)

raymorris (2726007) | about 2 months ago | (#47381563)

N/m

LOL: Finally, he "ReAcTs" (0)

Anonymous Coward | about 2 months ago | (#47382625)

Now that the TRUTH of him is out -> http://slashdot.org/comments.p... [slashdot.org]

* Like I said, raymorris - "Cat's outta the bag" on you now, & it explains ALL OF THIS (your technical errors, your use of "jump on the bandwagon" puny 'marketing mind manipulation tactics' what-with YOU stating what you did here (nobody wants to read about hosts - when the TRUTH is, YOU DON'T WANT OTHERS READING ABOUT THEM SINCE YOU ARE AN ADVERTISER -> http://slashdot.org/comments.p... [slashdot.org] & guess what?

FACT: YOU FAIL & ARE "BUSTED" IN YOUR TRUE MOTIVATIONS Mr. ADVERISTER... lol!

(I also KNOW you see my posts now - you just "conveniently ignored them" & YES, you've been downmodding them (as EVERYONE KNOWS you advertizers use sockpuppets galore too, shall I post material on THAT also? I can you know... lol!))

You're pitiful man...

APK

P.S.=> See here, for PROOF of that last sentence above from me http://it.slashdot.org/comment... [slashdot.org]

(Showing your technical errors, your use of marketing tactics ala jump on the bandwagon -> , & yes - YOU ARE RUNNING FROM DISPROVING MY POINTS ON HOSTS FILES VALUE TO USERS -> http://it.slashdot.org/comment... [slashdot.org] in more speed, security, reliability, & anonymity - done more efficiently by far as well, + doing more than ANY SINGLE BROWSER ADDON THERE IS, & can't be stopped by native browser methods or ClarityRay either - so YOU FEAR THEM, that much is clearly obvious... )

... apk

Truth isn't spam, mr. advertiser (0)

Anonymous Coward | about 2 months ago | (#47382725)

Clickbank + vertis your employers, do spam and steal bandwidth and infect users with malicious code (advertisers have done that, maybe not them specifically on that point, admittedly, but they have and that is fact)!

Especially since that "spam" accusation's the best you've got to being busted in your true motives for putting down hosts and evading a fair challenge put to you to disprove my FACTS on hosts files superiority over all other competing methods validly -> http://it.slashdot.org/comment... [slashdot.org] and failing badly!

You've avoided validly disproving facts on hosts files REPEATEDLY in fact (which you advertisers are helpless against unlike browser addons) http://it.slashdot.org/comment... [slashdot.org]

LMAO - after you tried marketing jump on the bandwagon (no one wants to read about hosts) failing tactics and downmodded challenges to you to disprove those facts on hosts a dozen times http://slashdot.org/comments.p... [slashdot.org]

You fail man... badly!

APK

P.S.=> You steal our bandwidth, infect us, + get in our faces unwantedly, & expect success? Your model in advertising was DOOMED from the START on those grounds along!

Fact... you people are NOT very smart (bottom-line)!

I.E., an OLD business rule:

"You can't sell folks what they DO NOT WANT, period"

So... get THAT straight (yes, I have a Bachelors of Business degree with MIS concentration, I know what I speak of here, evidently BETTER THAN YOU DO along with CS degree past Associates 60cr hr & into 90/120 of the Bachelors now) - get that thru your heads: It is WHY Google is diversifying into say, ROBOTICS now (they know it too) buying Boston Dynamics... they're smart - you're not, & that IS that... apk

Lastly: When've I ever posted on hosts (0)

Anonymous Coward | about 1 month ago | (#47395397)

Where it didn't apply to the topic @ hand, raymorris? It's NOT spam if it applies to the topic (& I am not selling anything either - it's free & works). Answer that. Clue: YOU, fail (badly)... on all accounts noted!

Especially since you cannot validly technically disprove my points on hosts files adding security, speed, reliability, & even anonymity here -> http://it.slashdot.org/comment... [slashdot.org]

* "Eat your words", Mr. Redirector/Advertiser... & "Run, Forrest: RUN!!!", lmao!

APK

P.S.=> I don't expect you to answer - you're afraid to, like every advertiser is AFRAID of hosts since you can't detect for them via native browser methods & just like you were after you "shot your mouth off" on hosts, using classic predictable MARKETER/ADVERTISER "jump on the bandwagon" tactics -> http://slashdot.org/comments.p... [slashdot.org] & you RAN when I confronted you NICELY on it a dozen++ times after YOU downmodded it out of site using either sockpuppets, or logging out of your account after downmodding & altering the state-saving cookie child's play CRAP admen are KNOWN for (which yes, you "projected" in that link you DO do)...

OR

Do I have to post the literally DOZEN times you evaded it & downmodded it as well?

(Also - please: DO NOT EVEN *TRY* TO FEED ME A LINE THAT "I can't downmod a post I posted in already", or I will shoot you down on THAT also with EXACTLY how it's done here with sockpuppets, or downmod/logout, & state cookie manipulations here too)... apk

Re:spam less than you (0)

Anonymous Coward | about 1 month ago | (#47398345)

adblock 'spams' on /. for years yet you don't complain about them since they are blockable by advertisers.

Officially* (1)

skirmish666 (1287122) | about 2 months ago | (#47366761)

Official announcement is officially available at the official website* - FTFY

Re:Officially* (1)

Aryeh Goretsky (129230) | about 2 months ago | (#47373745)

Hello,

Oops. Thanks for catching this!

Regards,

Aryeh Goretsky

Thanks for catching THESE... apk (0)

Anonymous Coward | about 2 months ago | (#47373855)

http://it.slashdot.org/comment... [slashdot.org] and http://it.slashdot.org/comment... [slashdot.org] for the heck of it, please comment on them...

* Again, per my subject-line above - thanks!

(I wasn't sure if you'd comment in this, you have though, so... there we are!)

APK

P.S.=> This isn't for confrontation with you directly, OR to "offend you" - FAR from it in fact (as I was impressed with your AntiVirus work with ESET, my favorite in 32 + 64 bit in fact, for antivirus programs, that is - they're just not that effective anymore (malware makers in general are more clever now, & the threats are MORE 'webbound' than say, traditional exe bound nowadays, what with Symantec/Norton ADMITTING LITERALLY to being only "55% effective" nowadays too, for example -> http://it.slashdot.org/story/1... [slashdot.org] ) - it's to see your thoughts on what I wrote... apk

Addendum: Thanks especially for catching this (0)

Anonymous Coward | about 2 months ago | (#47373913)

YOUR thoughts on this are especially appreciated -> http://it.slashdot.org/comment... [slashdot.org]

* :)

(In addition to my points in my other 2 links I posted to you...)

Thank-You!

Sincerely,

APK

P.S.=> It's important to me to get your "point-of-view" on my points in the link above, MOST of all... apk

cyberoam firewall web filter (1)

verikurtarma (3692853) | about 2 months ago | (#47366815)

#cyberoam cyberoam güvenlik te üstün koruma hizmei ile dünyada ve türkiyede lider firmalarndandr. kaynak:http://www.cyberoam.web.tr

IEEE (4, Funny)

war4peace (1628283) | about 2 months ago | (#47367263)

My head is defective. I always see "IEEE" and transform it into "Internet Explorer Enterprise Edition". Makes me cringe every time.

Reactive technology is inferior to this (-1)

Anonymous Coward | about 2 months ago | (#47367315)

Proactively blocking known sources of infection (for more speed, security, reliability, + anonymity, more efficiently than addons & shores up DNS redirect issues):

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o... [start64.com]

(Details of benefits in link)

Summary:

---

A.) Hosts do more than:

1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/commen... [slashdot.org]

B.) Hosts add reliability vs. downed/redirected dns (& overcome redirects on sites, /. beta as an example).

C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... [slashdot.org] w/ less added "moving parts" complexity/room 4 breakdown,

D.) Hosts files yield more:

1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).

---

* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).

* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray is destroying Adblock.

* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth... [mozilla.org] )

Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)

APK

P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"

...apk

slashvertized service is commercial (1)

adriccom (44869) | about 2 months ago | (#47367731)

CMX Consumer and/or Taggant SSV (price US $8,000.00)

        Access to CMX for 1 year
        Access to Taggant System IEEE Public Root Key, and blacklist for one year

http://standards.ieee.org/deve... [ieee.org]

Most TI vendors at least offer some free feeds to suggest they have valuable content before asking you to pay up. Adoption of this new service isn't going to very good if no one can try it out/use it for free. *shrug*

Re:slashvertized service is commercial (1)

Aryeh Goretsky (129230) | about 2 months ago | (#47373815)

Hello,

Software vendors are not charged for submitting to the CMX, and the Taggant System is free for packer authors, as well.

It is the developers of anti-malware software who are paying for access to the CMX and Taggant System metadata, since they get the most value out of using that information. They are essentially underwriting the costs for everyone else in order to help provide a mechanism that helps clean up the ecosystem.

While there are probably some anti-malware software developers for whom this would be a big investment, there are probably a lot for whom it is not, and since this is being done under the auspices of the IEEE, I wouldn't be surprised if there wasn't some provision for academia, too.

Regards,

Aryeh Goretsky

Re:slashvertized service is commercial (0)

Anonymous Coward | about 2 months ago | (#47376645)

Re:slashvertized service is commercial (0)

Anonymous Coward | about 2 months ago | (#47374241)

Well I guess open source antivirus like clamav would not be able to get access to this or would have to make a fundrising or sort like that. Why if is done by the IEEE is not just free and public domain for everyone? This world where security got a price will only be insecure. I also think the taggant system contains a basic flaw that the malware author can buy a packer deploy malware and then when identified just take another identity and deploy again. What about packers that are free and not sold? Legacy software packed that doesn't contains the taggant? Is all gonna be now identified as infected when it isn't? Well I guess in such case ppl is gonna just think ahh no is just the antivirus that is always flawed. There is even software that is not maintained anymore. Everything looks so easy but on large scale real world things are not so easy.

Why anti-malware software don't work .. (2)

lippydude (3635849) | about 2 months ago | (#47367877)

This actually WORKS (on a simple principle) (-1)

Anonymous Coward | about 2 months ago | (#47367927)

"Prevention is the best medicine" & "What you can't touch, can't hurt you" (or talk back to C&C servers as in botnets) -> http://it.slashdot.org/comment... [slashdot.org]

* I'll take on ANY 'comers'/naysayers on that account, gladly... &, I'll win - so "bring it on" boys - I've already FLOORED the "big boys" in the security world on it as well -> http://it.slashdot.org/comment... [slashdot.org] albeit, on different grounds (that actually FIT this article's premise no less).

(I always do - & the past oh, 3-4 months now, even THEY have stopped trying... as I've absolutely TOTALLY floored them all here using FACTS (there's no disputing truth), + my "so-called 'competition'" in browser addons that don't do a FRACTION of what custom host files for added speed, security, reliability, & anonymity (more efficiently by FAR as well) & also shoring up DNS redirect security issues as well (bonus) via the single file native to your system already resulting cross-platform output of my program produces - hosts...)

APK

P.S.=> They don't call me "the 'Lord of HOSTS'" for nothing (just kidding on that one though)... apk

By the way: On my 'challenge'? (0)

Anonymous Coward | about 2 months ago | (#47368179)

That extends to our esteemed article submitter as well (ESET = Aryeh Goretsky)...

Now THAT?

That should he choose to take it, would be an INTERESTING (& possibly challenging for me) "something to see" here!

Don't you ALL agree? Wouldn't be some "1st" for me either, but one that would give me a possible "run for my money"...

* :)

(HOWEVER - I don't *think* he's dumb enough to take a challenge like that, especially since I use nothing but FACT & TRUTH to back me (as well as valid results)).

Plus, I admittedly respect his ware (for an antivirus that is, since it's my fav. of the lot & I've been a licensed user of his stuff - a credit to his design, as I don't pick shitware to use, ever... being a coder myself since 1983 (professionally since 1994), I can spot good stuff...)

Still - challenge stands, even to "Mr. G"... why am I being so bold to do this? OFFENSE, is the BEST DEFENSE (& taking on Goliaths & winning IS MY MIDDLE NAME, lol)... that's a compliment to him, by the way. Where'd I learn that premise? Being a lettering NCAA athlete for a national champ in the sport of Lacrosse on the collegiate level + 1st learning the game @ a national decades long champ @ the highschool level, West Genesee). It's a great philosophy, but challenging to live up to "backing up your bluster" but when you overcome the opposition, fairly? There is NOTHING like it.

APK

P.S.=> Nice to see a fellow "do-gooder" submitting @ /. too by the way, IF You read this Aryeh Goretsky (assuming you're a member of the slavic tribes as well, on a side note - as am I) - we're the BEST! apk

Re:Why anti-malware software don't work .. (1)

CaptainDork (3678879) | about 2 months ago | (#47369505)

This is the very best summary I've ever read on the current state of security.

Thanks for the link.

Wrong (0)

Anonymous Coward | about 2 months ago | (#47370671)

Evidently it's not good. All you've done was run from a challenge trying to hide it here http://it.slashdot.org/comment... [slashdot.org] using unjustifiable downmods to try hide it without disproving its technical points validly

This actually WORKS (on a simple principle) (0)

Anonymous Coward | about 2 months ago | (#47370621)

"Prevention is the best medicine" & "What you can't touch, can't hurt you" (or talk back to C&C servers as in botnets) -> http://it.slashdot.org/comment... [slashdot.org]

* I'll take on ANY 'comers'/naysayers on that account, gladly... &, I'll win - so "bring it on" boys - I've already FLOORED the "big boys" in the security world on it as well -> http://it.slashdot.org/comment... [slashdot.org]

albeit, on different grounds (that actually FIT this article's premise no less).

(I always do - & the past oh, 3-4 months now, even THEY have stopped trying... as I've absolutely TOTALLY floored them all here using FACTS (there's no disputing truth), + my "so-called 'competition'" in browser addons that don't do a FRACTION of what custom host files for added speed, security, reliability, & anonymity (more efficiently by FAR as well) & also shoring up DNS redirect security issues as well (bonus) via the single file native to your system already resulting cross-platform output of my program produces - hosts...).

LASTLY (to the downmodding weasels vainly & effetely *trying* to "hide this" befpre via technically unjustifiable downmods here http://it.slashdot.org/comment... [slashdot.org] , since they're clearly unable to dispute AND VALIDLY DISPROVE my points or take my challenge?):

My points are clearly inviolate & you downmodded them here before since you can't take me on, mano-a-mano, like the weasels you are: No biggie - I'll just post & REPOST it again, just as I have now, simply exhausting you of those moderations points you abuse, & then it gets out anyhow & others see it... lol, you FAIL, trolls (& you KNOW it)...

APK

P.S.=> They don't call me "the 'Lord of HOSTS'" for nothing (just kidding on that one though)... apk

By the way: On my challenge? apk (0)

Anonymous Coward | about 2 months ago | (#47370657)

That extends to our esteemed article submitter as well (ESET = Aryeh Goretsky)...

Now THAT?

That should he choose to take it, would be an INTERESTING (& possibly challenging for me) "something to see" here!

Don't you ALL agree? Wouldn't be some "1st" for me either, but one that would give me a possible "run for my money"...

* :)

(HOWEVER - I honestly don't *think* he's dumb enough to take a challenge like that, especially since I use nothing but FACT & TRUTH to back me (as well as valid results)).

Plus, I admittedly respect his ware (for an antivirus that is, since it's my fav. of the lot & I've been a licensed user of his stuff - a credit to his design, as I don't pick shitware to use, ever... being a coder myself since 1983 (professionally since 1994), I can spot good stuff...)

Still - challenge stands, even to "Mr. G"... why am I being so bold to do this? OFFENSE, is the BEST DEFENSE (& taking on Goliaths & winning IS MY MIDDLE NAME, lol)... that's a compliment to him, by the way. Where'd I learn that premise? Being a lettering NCAA athlete for a national champ in the sport of Lacrosse on the collegiate level + 1st learning the game @ a national decades long champ @ the highschool level, West Genesee). It's a great philosophy, but challenging to live up to "backing up your bluster" but when you overcome the opposition, fairly? There is NOTHING like it.

APK

P.S.=> Nice to see a fellow "do-gooder" submitting @ /. too by the way, IF You read this Aryeh Goretsky (assuming you're a member of the slavic tribes as well, on a side note - as am I) - we're the BEST! apk

Reactive tech is INFERIOR to this... apk (0)

Anonymous Coward | about 2 months ago | (#47370729)

Proactively blocking known sources of infection (for more speed, security, reliability, + anonymity, more efficiently than addons & shores up DNS redirect issues):

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o... [start64.com]

(Details of benefits in link)

Summary:

---

A.) Hosts do more than:

1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/commen... [slashdot.org]

B.) Hosts add reliability vs. downed/redirected dns (& overcome redirects on sites, /. beta as an example).

C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... [slashdot.org] w/ less added "moving parts" complexity/room 4 breakdown,

D.) Hosts files yield more:

1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).

---

* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).

* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray is destroying Adblock.

* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth... [mozilla.org] )

Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)

APK

P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"

...apk

Taggant vs. any other digital signature scheme (1)

BillX (307153) | about 2 months ago | (#47373963)

While I'm admittedly not an expert in cryptography or trusted computing schemes in general, I don't see how this differs on a technical level from numerous other code-signing schemes with a central certificate authority (CA) (and its chain of delegations) blessing "good" code and revoking such blessings. Well known examples include Securicode / Windows Driver Signing, the anti-consumer bits of UEFI, etc. Can anyone shed some further light on how this is different?

As with other such systems, it assumes the existence of a benevolent authority that cannot be hacked, the cooperation of all packer vendors, the cooperation of all packer *users* (who are not malware authors)... and all packer users who *are* malware authors never hearing of it.

The only main difference I can see (and its potential downfall for its purpose) is that end-users don't pay for certificates. While that's great for end-users (driver signature enforcement in x64 Windows versions is pretty close to extortion IMO), this seems to break down for any packers that are not a licensed commercial product where an explicit, one-on-one packer-vendor to packer-user relationship exists. This excludes any freeware and open-source packers*, where any schmuck can just download and run it (and even modify it) without key exchanges or other communication with its author.

Conversely, if any old schmuck can obtain a fresh signature at any time ("it's free!"), what's to stop any old schmuck from doing exactly that? The stipulations that the system is free to both end-users and packer vendors, bankrolled entirely by A/V vendors out of the goodness of their hearts, suggests any background-checking that occurs as a condition of generating a signature can't be very exhaustive.

* While the IEEE materials refer to the proof-of-concept running on "a modified version of UPX", a well-known F/OSS packer, this almost certainly has to do with the ability to quickly bodge this feature in due to easy source code access, and very little to do with whether the actual author of UPX is complicit in or aware of the system, or whether this scenario can possibly work in the real-world for open-source packers with anonymous downloads.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>