A new analysis of botnets has come up with a possible reason for their prodigious ability to infect PCs -- many anti-virus programs are near to useless in blocking the binaries used to spread them.
According to FireEye chief scientist Stuart Staniford, detection rates are so poor that, on average, only around 40 percent of security software can detect binaries during the period of greatest infectivity and danger, namely the first few days after a particular variant starts being used by botnet builders.
In a detailed blog, he describes how he uploaded a sample of 217 binaries culled from FireEye appliances in customer premises between September and November to the independent VirusTotal test website. This runs 36 anti-virus programs -- a representative sample of the security programs used by businesses and individuals -- giving researchers access to data on get statistics on how many malware binaries have already been uploaded to the site by other researchers, when they were uploaded and how many were detected by each program.
Roughly half of the binaries picked up by FireEye were unknown to VirusTotal, a result indicative of the core problem of detecting botnet malware -- speed.
Because malware often uses 'polymorphism' -- programs are constantly changed very slightly to evade binary pattern detection -- the problem of detecting and blocking malware quickly is huge. According to Staniford, this makes it important that anti-virus programs can spot malware in the first week of its use.
"The sample is likely to get discarded by the bad guys pretty soon after that," he notes.
During the first three days after initial detection by FireEye, only four in ten anti-virus programs could spot the offending code, which suggests that many bots would evade security software during attacks on real PCs in they happened during this same period.
"The conclusion is that AV works better and better on old stuff -- by the time something has been out for a couple of months, and is still in use, it's likely that 70-80 percent of products will detect it," says Staniford.
FireEye's appliances can be seen as an 'early warning' system because of the way they use behavioural analysis to spot malware in real time, in some cases days or weeks before a program has been formally identified and documented by security companies. By the time it has been spotted and a signature rolled out to anti-virus databases, however, it might already be too late.
Equally, many prominent security vendors will use similar techniques to spot malware as quickly as possible, making it surprising that so many anti-virus programs failed to spot FireEye's sample binaries. The reason might simply be the vast number of samples that appear in any given period.
What nobody doubts is the importance of botnets to the spread of malware and spam, as evidenced by the recent takedown of a US hosting company McColo, which had been accused of hosting botnet controllers. In the hours after the hoster's demise, spam levels were reported to have plummeted dramatically.
Friday, November 28, 2008
Analyst: Mobile Data Will Continue Boom in '09
There will be more than 36 million laptops connected to mobile data networks in Western Europe in 2009, compared to the 26 million estimated for the end of this year, according to market research company CCS Insight.
"It's a little bit more growth than what we have seen this year. Overall, next year you will see a push by all the carriers, but not just mobile carriers, but also from alternative providers as well," said Paolo Pescatore, analyst at CCS Insight.
For example, in Sweden, cable operator Com Hem is collaborating with 3 to offer subscribers mobile as well as cable broadband. The goal is for them to become one-stop shops for broadband, according to Pescatore.
Another big trend during 2009 will be packaging of mobile broadband in various new ways.
"Many mobile operators also have fixed-line assets, so they are very much in a position to package multiple access technologies and compete quite aggressively," said Pescatore.
The mobile operators will also start to package mobile phones and laptop connectivity.
"We are already seeing that today: whereby 3 here in the U.K are saying that if you take out a contract with us we'll also throw in mobile broadband at a 50 percent discount," said Pescatore.
Mobile broadband will weather the current economic storm, with growth and data-integration plans continuing, according to Pescatore.
For the mobile data operators both browsing on mobile devices and laptop connectivity will become an even more important source of revenue. "We have already seen this year how much of an impact that it's making on total revenue, and this will continue next year given the fact that voice connections are very much saturated, and there aren't many users to connect," said Pescatore.
Laptops will generate a majority of the traffic on a per user basis, but mobile phones will also be an important traffic generator. There are many more phones than laptops in circulation and data browsing from phones will continue to increase for a number of reasons. The industry has only skimmed the surface of what can be done with social networking on the phone, according to Pescatore.
"Social networking will continue to whet consumer appetite for data moving forward and we'll see a lot more collaboration between carriers and social networking sites, as well as social networking sites and device manufacturers," said Pescatore.
Mobile data growth is still a bit of a tricky proposition for operators because more customers mean more revenue but also a larger strain on networks.
So mobile broadband providers hope users will sign up for a mobile broadband deal in the same way they take out membership to a gym: a subscription makes them feel good, even if they take advantage of it less than they intended, according to Pescatore.
"It's a little bit more growth than what we have seen this year. Overall, next year you will see a push by all the carriers, but not just mobile carriers, but also from alternative providers as well," said Paolo Pescatore, analyst at CCS Insight.
For example, in Sweden, cable operator Com Hem is collaborating with 3 to offer subscribers mobile as well as cable broadband. The goal is for them to become one-stop shops for broadband, according to Pescatore.
Another big trend during 2009 will be packaging of mobile broadband in various new ways.
"Many mobile operators also have fixed-line assets, so they are very much in a position to package multiple access technologies and compete quite aggressively," said Pescatore.
The mobile operators will also start to package mobile phones and laptop connectivity.
"We are already seeing that today: whereby 3 here in the U.K are saying that if you take out a contract with us we'll also throw in mobile broadband at a 50 percent discount," said Pescatore.
Mobile broadband will weather the current economic storm, with growth and data-integration plans continuing, according to Pescatore.
For the mobile data operators both browsing on mobile devices and laptop connectivity will become an even more important source of revenue. "We have already seen this year how much of an impact that it's making on total revenue, and this will continue next year given the fact that voice connections are very much saturated, and there aren't many users to connect," said Pescatore.
Laptops will generate a majority of the traffic on a per user basis, but mobile phones will also be an important traffic generator. There are many more phones than laptops in circulation and data browsing from phones will continue to increase for a number of reasons. The industry has only skimmed the surface of what can be done with social networking on the phone, according to Pescatore.
"Social networking will continue to whet consumer appetite for data moving forward and we'll see a lot more collaboration between carriers and social networking sites, as well as social networking sites and device manufacturers," said Pescatore.
Mobile data growth is still a bit of a tricky proposition for operators because more customers mean more revenue but also a larger strain on networks.
So mobile broadband providers hope users will sign up for a mobile broadband deal in the same way they take out membership to a gym: a subscription makes them feel good, even if they take advantage of it less than they intended, according to Pescatore.
Hot Jobs: Software Implementation Analyst
Job description: The software implementation analyst ensures that deployments of new applications or upgrades are planned and carried out correctly. They act as a bridge between the software developer and the IT infrastructure team that handles installation and maintenance, says Carlo Carbetta, vice president of operations development at CIO Partners, an executive search firm. They determine whether the applications interoperate with existing systems and plan for customization or integration work. This person may be involved in testing, creating documentation and dealing with end users.
Why you need one: When a company buys packaged software, it has to adapt it to its operations and processes. "If you don't have your own staffer involved in that implementation to make sure that the vendors understand your needs, you run the risk of the implementation moving off your business plan," says Eugene Farago, an account executive with the IT and metals division of Hudson, a recruitment and talent management firm. The software implementation analyst also acts as an agent of change for the company, steering it through an often risky but necessary process, he says. This means addressing user concerns while keeping the implementation on track. Finally, with IT environments becoming more heterogeneous, the need for someone with detailed knowledge of a company's business and technology increases, experts say.
Desired skills: Candidates should have computer, technical, engineering or science degrees,and certifications in areas such as project management and software development lifecycle. Experience with and knowledge of a company's business and technology operations are key. "This is a midcareer-plus position," Carbetta says.
How to find them: Software implementation analysts move around a lot and many do contract work, so they network a lot. Try business-oriented social networking sites like LinkedIn.
What to look for: A potential hire should be meticulous, process oriented, methodic and cool under pressure. They should be able to build relationships across the business and IT.
Elimination round: Ask candidates which software platforms they are most familiar with and their experience deploying them, including the environment size. Good candidates will discuss their interaction with the infrastructure team regarding things such as hardware provisioning and bandwidth requirements.
Salary range: $65,000 to $125,000
Growing your own: Groom internal candidates by rotating them through the business to gain expertise in a variety of areas. "They need to understand the bigger picture. A typical issue with implementation consultants is that they were previously a developer only and they get stuck in the details," Farago says. Putting a prospect on a process-improvement team is also a good idea. This allows you to see how quickly someone is at identifying problems and coming up with solutions, and to determine whether or not they are good facilitators.
Why you need one: When a company buys packaged software, it has to adapt it to its operations and processes. "If you don't have your own staffer involved in that implementation to make sure that the vendors understand your needs, you run the risk of the implementation moving off your business plan," says Eugene Farago, an account executive with the IT and metals division of Hudson, a recruitment and talent management firm. The software implementation analyst also acts as an agent of change for the company, steering it through an often risky but necessary process, he says. This means addressing user concerns while keeping the implementation on track. Finally, with IT environments becoming more heterogeneous, the need for someone with detailed knowledge of a company's business and technology increases, experts say.
Desired skills: Candidates should have computer, technical, engineering or science degrees,and certifications in areas such as project management and software development lifecycle. Experience with and knowledge of a company's business and technology operations are key. "This is a midcareer-plus position," Carbetta says.
How to find them: Software implementation analysts move around a lot and many do contract work, so they network a lot. Try business-oriented social networking sites like LinkedIn.
What to look for: A potential hire should be meticulous, process oriented, methodic and cool under pressure. They should be able to build relationships across the business and IT.
Elimination round: Ask candidates which software platforms they are most familiar with and their experience deploying them, including the environment size. Good candidates will discuss their interaction with the infrastructure team regarding things such as hardware provisioning and bandwidth requirements.
Salary range: $65,000 to $125,000
Growing your own: Groom internal candidates by rotating them through the business to gain expertise in a variety of areas. "They need to understand the bigger picture. A typical issue with implementation consultants is that they were previously a developer only and they get stuck in the details," Farago says. Putting a prospect on a process-improvement team is also a good idea. This allows you to see how quickly someone is at identifying problems and coming up with solutions, and to determine whether or not they are good facilitators.
VoIP: Worth the Effort?
If product placement for film and TV is as effective as companies hope, Cisco must be rolling in it. If you've seen any scene in the last few years involving some form of office -- no matter whether it's in a high-rise commercial building, a hospital or a morgue -- there's a significant chance you'll see a Cisco-branded, IP-based phone sitting on a desk. If fiction mirrored reality, Voice over IP (VoIP) is ubiquitous already.
Unfortunately for Cisco, that isn't exactly the case. In fact, I think I'm yet to see an entire corporation that has made the switch to VoIP. Sure, there are the odd cases here and there -- small businesses trying to cut costs wherever possible, for example -- but unless you happen to work for a VoIP company, chances are you are on the same traditional PSTN line as everyone else.
So is VoIP really worth the hassle? Sure, there are the cost benefits if it is set up and organised properly, but the idea of adding layer of technology on top of your standard office network is mind-boggling. Load the network bandwidth of VoIP on top of your standard, snail-slow office Internet connection and there's a good chance your employees will find yet another way to remain unproductive, as IT staff struggle to rebuild the IP network in time for that all-important conference call.
For homes, the situation isn't too different. Sure, there are naked DSL plans, Analog Telephone Adaptors and dual-mode VoIP phones, but add VoIP onto your average broadband plan -- already cluttered with BitTorrent and Facebook -- and don't be surprised if it's nightmares ahoy. Not to mention that most naked DSL plans include uploads in the bandwidth quota, making the trip to dial-up town all that much shorter. If you happen to be the resident techie in your household and you feel confident to take the cons with the pros, go for it. For Joe the Plumber, though, VoIP is still a pipe dream.
Unfortunately for Cisco, that isn't exactly the case. In fact, I think I'm yet to see an entire corporation that has made the switch to VoIP. Sure, there are the odd cases here and there -- small businesses trying to cut costs wherever possible, for example -- but unless you happen to work for a VoIP company, chances are you are on the same traditional PSTN line as everyone else.
So is VoIP really worth the hassle? Sure, there are the cost benefits if it is set up and organised properly, but the idea of adding layer of technology on top of your standard office network is mind-boggling. Load the network bandwidth of VoIP on top of your standard, snail-slow office Internet connection and there's a good chance your employees will find yet another way to remain unproductive, as IT staff struggle to rebuild the IP network in time for that all-important conference call.
For homes, the situation isn't too different. Sure, there are naked DSL plans, Analog Telephone Adaptors and dual-mode VoIP phones, but add VoIP onto your average broadband plan -- already cluttered with BitTorrent and Facebook -- and don't be surprised if it's nightmares ahoy. Not to mention that most naked DSL plans include uploads in the bandwidth quota, making the trip to dial-up town all that much shorter. If you happen to be the resident techie in your household and you feel confident to take the cons with the pros, go for it. For Joe the Plumber, though, VoIP is still a pipe dream.
Subscribe to:
Posts (Atom)
