Author Topic: Malware Winning Battle Against Antivirus Software  (Read 1354 times)

0 Members and 1 Guest are viewing this topic.

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • Posts: 8453
Malware Winning Battle Against Antivirus Software
« on: October 20, 2010, 10:27:13 am »
Security apps' threat-stopping ability declined 6% over the past year as threats gained sophistication, finds NSS Labs.

"...Cybercriminals have between a 10% to 45% chance of getting past your AV with web malware," said NSS Labs. Furthermore, "cybercriminals have between 25% to 97% chance of compromising your machine using exploits." That variation depends on which product consumers use -- assuming, of course, that they're using any antivirus at all..."

Complete article:
http://www.informationweek.com/news/security/antivirus/showArticle.jhtml?articleID=227900358




Microsoft MVP - Consumer Security

Offline ky331

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • Posts: 291
  • Rascal & Biscuit
Re: Malware Winning Battle Against Antivirus Software
« Reply #1 on: October 20, 2010, 02:32:07 pm »
Does anyone have any experience/knowledge of how effective Microsoft's EMET (Enhanced Mitigation Experience Toolkit) is in blocking/limiting exploits?
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c6f0a6ee-05ac-4eb6-acd0-362559fd2f04

Offline faith_michele

  • Anti - Phishing Staff
  • Gold Member
  • Posts: 1947
    • A Beacon of Light
Re: Malware Winning Battle Against Antivirus Software
« Reply #2 on: October 24, 2010, 06:46:04 am »
That was an interesting article.   :)1

@ky331

I'm going to test it.  It looks pretty good for known exploits.

This is the anouncement (at the bottom they have a link to the User Guide pdf)-

http://blogs.technet.com/b/srd/archive/2010/09/02/enhanced-mitigation-experience-toolkit-emet-v2-0-0.aspx

From the User Guide-

Quote
The current version supports six different mitigation technologies. A training video covering many of the mitigations is available here: http://technet.microsoft.com/en-us/security/ff859539.aspx
Microsoft Consumer Security MVP, July 2007-June 2010

"Fight your fights, find the grace in all the things that you can't change and help somebody, if you can." Van Zant

A Beacon of Light

Offline ky331

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • Posts: 291
  • Rascal & Biscuit
Re: Malware Winning Battle Against Antivirus Software
« Reply #3 on: November 04, 2010, 07:55:43 am »
Faith,
have you gotten anywhere in your testing of EMET?

For others who may be interested in "playing" with it:
1)  I first "discovered" EMET when it was suggested to mitigate a recent 0-day exploit in Adobe Reader/Acrobat:   http://blogs.technet.com/b/srd/archive/2010/09/10/use-emet-2-0-to-block-the-adobe-0-day-exploit.aspx
2)  And now, it's likewise suggested to mitigate a new 0-day exploit in Internet Explorer (link c/o BugBatter):  http://blogs.technet.com/b/srd/archive/2010/11/03/dep-emet-protect-against-attacks-on-the-latest-internet-explorer-vulnerability.aspx
3)   For anyone interested in  trying out  EMET, the following webpage gives detailed pictorial directions on how to download, install, run, and configure EMET... including a suggested list of programs that (this article believes) should be opted-in to EMET's protection:  http://help.artaro.eu/index.php/general-security/other-security-programs/microsoft-emet.html
4)  Caveat:   Microsoft does caution that people should use it with care... it's possible that EMET can have an adverse interaction with [i.e. impede use of] some programs.   There are currently two documented problems running EMET:   interference with BitLocker, and using EAF in debugging mode [EMET User Guide, page 20, section 6.3])


Offline RuyLopez

  • SpywareHammer Staff
  • Silver Member
  • Posts: 576
Re: Malware Winning Battle Against Antivirus Software
« Reply #4 on: December 31, 2010, 04:54:53 pm »
Greetings,

Additional discussions of EMET:

EMET - A new Windows security mitigation toolkit.

Protecting your Windows PC with Microsoft EMET 2.0.

Both articles include discussions of installation, configuration, and provide recommendations regarding applications to be protected.

Best regards,
RL

Offline faith_michele

  • Anti - Phishing Staff
  • Gold Member
  • Posts: 1947
    • A Beacon of Light
Re: Malware Winning Battle Against Antivirus Software
« Reply #5 on: January 01, 2011, 08:00:52 am »
Those are very good articles.

This is the part that concerns me.

From the User Guide-

Quote
EMET 2.0.0 is not currently an officially supported Microsoft product. We are working hard to establish the appropriate agreements to enable that. In the mean time, EMET is being released as an “AS-IS” product.

From the License Agreement-

Quote
SUPPORT SERVICES. Because this software is “as is,” we may not provide support services for it.
Microsoft Consumer Security MVP, July 2007-June 2010

"Fight your fights, find the grace in all the things that you can't change and help somebody, if you can." Van Zant

A Beacon of Light

Offline ky331

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • Posts: 291
  • Rascal & Biscuit
Re: Malware Winning Battle Against Antivirus Software
« Reply #6 on: July 29, 2011, 06:56:33 am »
EMET 2.1 was released on (or about) 18 May 2011.   It is now an OFFICIALLY-SUPPORTED Microsoft product, having an online forum at http://social.technet.microsoft.com/Forums/en/emet/threads

Other changes include (http://blogs.technet.com/b/srd/archive/2011/05/18/new-version-of-emet-is-now-available.aspx):

“Bottom-up Rand” new mitigation randomizes (8 bits of entropy) the base address of bottom-up allocations (including heaps, stacks, and other memory allocations) once EMET has enabled this mitigation.

Export Address Filtering is now available for 64 bit processes. EAF filters all accesses to the Export Address Table which blocks most of the existing shellcodes

Improved command line support for enterprise deployment and configuration

Ability to export/import EMET settings

Improved SEHOP (structured exception handler overwrite protection)  mitigation

Minor bug fixes

======================================

I have been using EMET 2.0.x for quite a while now, and have not noticed any problems with it.   I updated to version 2.1 yesterday, and so am still "playing" with it....

Offline faith_michele

  • Anti - Phishing Staff
  • Gold Member
  • Posts: 1947
    • A Beacon of Light
Re: Malware Winning Battle Against Antivirus Software
« Reply #7 on: July 29, 2011, 09:43:06 am »
Thanks!   :)1
Microsoft Consumer Security MVP, July 2007-June 2010

"Fight your fights, find the grace in all the things that you can't change and help somebody, if you can." Van Zant

A Beacon of Light