General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsWhy antivirus companies like mine failed to catch Flame and Stuxnet (this is a holy shit moment)
Mikko Hypponen is the Chief Research Officer of F-Secure. He has been working with computer security for over 20 years and has fought the biggest virus outbreaks in the net, including Loveletter, Blaster, Conficker and Stuxnet. His TED Talk on computer security has been seen by almost a million people and has been translated to over 35 languages.A couple of days ago, I received an e-mail from Iran. It was sent by an analyst from the Iranian Computer Emergency Response Team, and it was informing me about a piece of malware their team had found infecting a variety of Iranian computers. This turned out to be Flame: the malware that has now been front-page news worldwide.
When we went digging through our archive for related samples of malware, we were surprised to find that we already had samples of Flame, dating back to 2010 and 2011, that we were unaware we possessed. They had come through automated reporting mechanisms, but had never been flagged by the system as something we should examine closely. Researchers at other antivirus firms have found evidence that they received samples of the malware even earlier than this, indicating that the malware was older than 2010.
What this means is that all of us had missed detecting this malware for two years, or more. Thats a spectacular failure for our company, and for the antivirus industry in general.
It wasnt the first time this has happened, either. Stuxnet went undetected for more than a year after it was unleashed in the wild, and was only discovered after an antivirus firm in Belarus was called in to look at machines in Iran that were having problems. When researchers dug back through their archives for anything similar to Stuxnet, they found that a zero-day exploit that was used in Stuxnet had been used before with another piece of malware, but had not been noticed at the time. A related malware called DuQu also went undetected by antivirus firms for over a year
http://arstechnica.com/security/2012/06/why-antivirus-companies-like-mine-failed-to-catch-flame-and-stuxnet/
This is the holy shit moment
Flame was a failure for the antivirus industry. We really should have been able to do better. But we didnt. We were out of our league, in our own game
hobbit709
(41,694 posts)Egalitarian Thug
(12,448 posts)hobbit709
(41,694 posts)It's impossible to make things foolproof because fools are so damn ingenious.
HopeHoops
(47,675 posts)snot
(10,538 posts)does this suggest that electronic voting and tabulation can never be secured?)
hobbit709
(41,694 posts)Even if you can see the source code on the machines, doesn't mean I trust anything without a paper trail.
lastlib
(23,309 posts)...difficult even to detect. Few machines would be safe from it.
RC
(25,592 posts)The same goes for Vote Tabulators. There is never any real need, but there are plenty of reasons why they should NOT be.
The same goes for any machines that have any Official vote tallies before they are made official.
For proper voting security, voting needs to be done on paper ballots, which then can then be scanned into a stand alone card reader. The finally tally can then be downloaded to a Flash Drive and taken separately to a secure storage place.
Paper trails are not good enough. If machine generated at any point, they can be faked, spoofed, tampered with and rendered untrustworthy or even moot.
spinbaby
(15,090 posts)Flame selectively steals PDF, Word, and AutoCAD files. It sends screen shots "home," taking a special interest when applications such as IM and email are being used. It can even record conversations using a computer's microphone and eavesdrop on VoIP. It can rifle through your contact lists. The beast is linked to a worldwide network of spoofed addresses that have been established under fake names for years and which immediately went down when the malware was detected.
The question of interest is, which government developed Flame?
HopeHoops
(47,675 posts)There is no proactive. The malcreants will always be two steps ahead. For every hole that's plugged, ten more open up. M$ operating systems are a malcreant's wet dream, but any OS will have back doors. Oh, and for "smart" phone users, they've got an app for that...
DainBramaged
(39,191 posts)HopeHoops
(47,675 posts)trumad
(41,692 posts)I'm in the Network security business and shit like this is why the business I am in is booming.
HopeHoops
(47,675 posts)Unfortunately, that's the main source of infection. People use the root user (usually the only one) and clicking on popups like that essentially says "HEY! Come give me whatever the STD du jour is. Here are my credit cards and bank info. The house is totally unlocked. The silverware's in the top left drawer of the buffet. There's plenty of beer in the fridge. I keep my stash in the blue coffee mug in the cabinet to the left of the sink. Here are the car keys - tank's full. All of my jewelry is in this bag - take it - TAKE IT ALL!"
The sad thing is that it works, especially with those who panic when they see a warning that tells them the printer is low on ink. I keep telling people - just shut the machine down, boot into safe mode with networking and run MalwareBytes AntiMalware. My kids are about as tech-aware as any but they've still picked up some nasties. So far I've only had two incidents I couldn't figure out. Going back to factory condition (and applying SPs and installing apps) is a long process and a royal pain in the ass - to be avoided whenever possible! "Honey, have you seen the 20 character activation code for this software anywhere?"
DainBramaged
(39,191 posts)delete the start up line using CCleaner and go back to work. While scanning your Java cache of course, because it is hiding there from unpatched Java (at least that's what I've found in almost every case).,
Wellstone ruled
(34,661 posts)that was developed in Salt Lake City in the late 90's? Novell,LSI and University of Utah.
madokie
(51,076 posts)I simply got tired of having to run all kinds of anti bullshit programs that was slowing my old computer down. Recently I tried a new AMD quad core with 8 gig of memory with 1 terabit hd and it using windblows 7 compared to my 10 year old computer running Linux, my machine left the new one in the dust. Also ran it back to the point of purchase as unacceptable, an agreement we arrived at prior to my bringing it home.
Go Linux and be happy.
I use autocad 2000 and It runs faster under wine than it did using compatibility mode on the high performance winblows AMD powered 8 gig memory computer. AutoCad 2000 is the best version of AutoCad I've tried too as it is internet ready but with out all the bling that the newer versions have.
DainBramaged
(39,191 posts)madokie
(51,076 posts)DainBramaged
(39,191 posts)Duqu is a computer worm discovered on 1 September 2011, thought to be related to the Stuxnet worm. The Laboratory of Cryptography and System Security (CrySyS)[1] of the Budapest University of Technology and Economics in Hungary discovered the threat, analysed the malware, and wrote a 60-page report[2] naming the threat Duqu.[3] Duqu got its name from the prefix "~DQ" it gives to the names of files it creates.[4]
Do you DUQu? LOLOL
madokie
(51,076 posts)Hell I might have that who knows