Kinetics Group sent Rhys Kerrigan along to the Trend Micro Anti-Virus road show for Trends take on what is happening in the AV security space.  In this article Rhys shares some interesting snippets.

The other day I went along to a presentation from Trend which discussed upcoming products and features, and also gave information about where security threats are coming from these days.

New Trend Products

Firstly Trend went over some of the new features in Worry Free Business Security version 7.0. Here are the best bits of the new product - note most of these are only available in the "Advanced" version of Worry Free Business:

1. Mac support - Macs are as at risk as any other device with a browser (more about his later!), and Trend now has an agent for them.
2. Data Loss Pevention - This is designed to prevent users emailing out sensitive documents - it is worth a look but I am not convinced how well it will work in the real world.
3. Device Access Control - Want to lock down USB storage devices in your company? You can now do this with Trend. You can specify the hardware IDs too so that some devices will still work (e.g. Dictation devices).
4. URL Blacklisting - Want to stop users from getting to some websites? You can now do this with Trend. You can specify time periods as well, but I am unsure if you can specify groups of users.

Another interesting development was that the Trend home AV product (called Titanium) no longer uses definitions and instead uses Trends web based "Smart Protection Network" to check for threats.  This is a problem if you are not online, but then Trend say most threats occur from the web (more on this below too!) so this shouldn't be a problem.  They say this means the system resources required for Titanium are much lower than other AV products and they hinted that this will be the way that the business AV product will go in the future - watch this space.

The Changing Threat Landscape

It was the information on the changing face of threats (and how to stop them) that I found most interesting.

It should not be surprising that there are bad guys out there. What is interesting is how the bad guys, and their threats, have changed.  In the past hackers were relatively amateur groups and threats were in your face - if they hacked your computer or website they wanted you, and preferably the world, to know all about it.  So the hackers used to be pimply faced geeks.

These days the hackers are professionals - the FBI estimates the underground economy for illegal computer related activities is $15 Trillion.  So the motivation behind the baddies these days is definitely money.  The threats are also far more stealthy - if they hack your computer or website they do not want you, or the world, to know.  They want you to carry on using the computer or website so that they can harvest your personal information, and then sell that on.  Trend keeps track of the value of personal information in the "Underground Economy" - currently a passport is worth US$20.00, a credit card is US$25.00 etc (You can see this here). So now the hackers are Tony Soprano!

Below is a table that demonstrates how threats have changed:

At the Trend Threat Tracker you can also see how many threats are blocked by Trend's "Smart Protection Network".

Trend are saying that 6,000 new threats are being detected every hour, and often they only exist for seconds - just long enough to download the next part of the threat. This leads Trend to believe that Antivirus programs that rely on definition updates alone are not enough to stop threats - how can an AV company release a new definition for a threat that only exists for 15 seconds?

Trend also say that over 90% of threats are distributed via websites and that the most vulnerable browser is Safari (a browser commonly used on Apple computers) purely because Apple are the slowest to release fixes when vulnerabilities are found.  Conversely Trend say that Internet Explorer and Firefox are the most secure browsers due to speed at which they patch vulnerabilities.

How to Stop the Threats

So if most threats are web based, and are changing so frequently how do we protect against them? Well this is partly technology and partly education.

Firstly the education is making people extremely suspicious of "Phishing" emails with links to bank, paypal, courier websites - any email asking you to send or enter your personal information (usernames, passwords, credit cards etc).  If in doubt, call them up!

These websites can look exactly like the real thing, one example was given of a bank website. The link was one letter away from the legitimate bank website (e.g. old.westpac.com.au instead of olb.westpac.com.au) and it looked exactly the same. When you tried to login it would give you a error saying "Incorrect password please try again" and then take you to the real bank website, where you would login again and of course it would work. Of course by then it was too late - the first website had stripped your username and password and they could now extract money from your account. This comes back to my previous comment on the new hackers being stealthy for good reason.

The second way to prevent against these threats is using technology.

This includes ensuring all your applications are patched and up to date - and this is not just Microsoft products - the example was given of Adobe taking 9 months to fix a vulnerability in Adobe Reader. Another interesting change that has occurred is that in the past if a person found a vulnerability (back door) in a product they would generally let the manufacturer know.  These days you can sell the vulnerability on the market. No, it is not illegal to sell a vulnerability - only to use it for malicious purposes.

Trend also strongly encouraged turning on the "Web Reputation" and "SmartScan" components of their AV products. We have had some issues with these technologies blocking legitimate websites in the past, so caution should be taken when enabling these features, but it may be worth a little pain in enabling and refining these features to block potentially harmful threats.

Kinetics advice is to start with using common sense, if you think something is wrong stop and seek advice.   You can decrease the risk by keeping your computers up to date and keep your staff informed.  Don’t hesitant to pass on to them information like that contained in this article.   You can be proactive by extending Kinetics Kare to your desktops, Windows and Mac.