Vulnerabilities and Viruses in Vista

1
Vulnerabilities and Viruses in Vista

• Keynote Speech for AICE
• Chris Imafidon, PhD, FAAO, MBCS, FRSH
• Acknowledgements Anne-Marie

2
Myths of Viruses

• The original computer virus was not located on a
  pc
• It was not on an apple
• It was not on a mini or mainframe
• It was not located on computer hardware or
  software of any kind

3
computer virus?

• It was in a work of fiction!

4
Fred Cohen, PhD, first theorised viruses
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing1
line
5
Virus or vulnerability?

• Computer virus have become todays headline news
• With the increasing use of the Internet, it has
  become easier for virus to spread
• Virus show us loopholes in software
• Most virus are targeted at the MS Windows OS

6
Robert Morris wrote the internet worm in 1988
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing1
line
VIRUS
7
Trojan Horse programs come from the Odyssey!
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing1
line
8
computer virus/MP?

• Today, viruses are only one type of a whole
  menagerie of computer ills that are collectively
  known as Malicious programs - malware
• From spam to spyware,
• We need to detect, prevent and protect against
  all kinds of content security ills

9
(No Transcript)
10
DEMO ANALYSIS

• Lovebug
• Anna
• Melisa
• Kornikova

11
Definition

• Virus A true virus is capable of self
  replication on a machine. It may spread between
  files or disks, but the defining character is
  that it can recreate itself on its own with out
  traveling to a new host

12
Overview

• Background
• Symptoms
• Classifying Viruses
• Examples
• Protection/Prevention
• Conclusion

13
Background

• There are estimated 30,000 computer viruses in
  existence
• Over 300 new ones are created each month
• First virus was created to show loopholes in
  software

14
Virus Languages

• ANSI COBOL
• C/C
• Pascal
• VBA
• Unix Shell Scripts
• JavaScript
• Basically any language that works on the system
  that is the target

15
Symptoms of Virus Attack

• Computer runs slower then usual
• Computer no longer boots up
• Screen sometimes flicker
• PC speaker beeps periodically
• System crashes for no reason
• Files/directories sometimes disappear
• Denial of Service (DoS)

16
Virus through the Internet

• Today almost 87 of all viruses are spread
  through the internet (source ZDNet)
• Transmission time to a new host is relatively
  low, on the order of hours to days
• Latent virus

17
Classifying Virus - General

• Virus Information
• Discovery Date
• Origin
• Length
• Type
• SubType
• Risk Assessment
• Category

18
Classifying Virus - Categories

• Stealth
• Polymorphic
• Companion
• Armored

19
Classifying MP - Types

• Trojan Horse
• Worm
• Macro

20
Virus du Jour
1987
Boot Sector
1990
File Infector
Macro Virus
1995
Email Worm
1999
Blended Threat
2001
21
Zero day attack brought by network virus is
coming?
SASSER
MSBLAST
NACHI
Days required viruses to appear after
vulnerability announced.
NIMDA
CodeRed
SQLP
Internet
22
ADWARE, SPYWARE, UPWARE, DOWNWARE, MEWARE, YOUWARE
23
HOW MANY VIRUSES????

• 122,000?
• 2,000?
• 260?

24
HOW MANY VIRUSES????

• 122,000!all viruses ever discovered including
  zoo (never infected anyone) samples.
• 2,000!viruses discovered or reported in the wild
  (actually infecting computer systems)
• 260!mean number of viruses in circulation at any
  given month
• 5!number of viruses active on any single day

25
HOW MANY VIRUSES????

• WHY AM I TELLING YOU THIS?
• It has taken fifteen years for there to have ever
  been 1,100 ITW viruses.
• In a little less than two years, there are more
  than TWENTY THOUSAND spyware.
• That is the difference that profit motivation
  makes.

26
Can you spot the wildlist founders in the photo?
X
X
X
Joe Wells and Sara Gordon
27
Wildlist Data
28
Spyware-Adware Detection

• What is Spyware?
• Software application that monitors a users
  computing habits and personal information, and
  sends this information to third parties without
  the users authorization or knowledge
• Key loggers, event loggers, cookies, screen
  captures or a combination of these forms
• What is Adware?
• Software application that displays advertising
  banners while the program is running
• Gray Area
• Some users view them as useful tools or
  utilities, while others view them as malicious
  applications that should be detected.
• Some companies that make Adware have attempted to
  sue AV companies that categorize their software
  as Spyware or a virus.

29
Malware vs. Adware Gray Area
30
Anti-spyware Capability of Trend Micro IWSS

• Detects and blocks malicious/illicit spyware via
  standard virus pattern file
• Can be set by administrator to block legitimate
  but unwanted spyware, adware, remote access
  tools, hacking tools and more - via a separate
  spyware pattern file
• Anti-phishing feature can also block
  communication to spyware related URLs

31
SPAM and Phishing
32
How Can We Eliminate SPAM 100
Switch to another medium of communications?
33
Trend Micro SPS
Trend Micro Spam Prevention Service
Admin Tools Integration APIs
Postini Anti-Spam Engine
Message Parser Decoder
Rule Weighting file and Engine downloads
2
Content Analysis
Trend Micro Gateway Product
Header Analysis
1
3
4
Internal Mail Server
Sending Mail Servers
End User Machines
34
New Threats
35
New threats coming...

• Cell phone viruses
• Threats against Windows embedded devices like POS
  terminal, ATM and more
• Any network enabled devices is facing threats of
  malware.

36
Windows ATMs raise security issues in XPe platform
37
Antivirus for Windows embedded devices
MVP Appliance
?MVP Appliance will protect Windows embedded
devices from network viruses . Itll reside
outside of these devices as separate box.
MVP appliance will monitor packets and
detect/eliminate network viruses before these get
to these devices. Once it detects network virus
infected packets, it'll block them to avoid virus
outbreak.
KIOSK terminal
POS
Clean Packet
ATM
MFP
38
Trend Micro EPS

• SERVICE BASED AV

39
Our Approach
Trend Micro Antivirus and Content Security
Products
Network Layer
Centralized Management LIFECYCLE management,
deployment, and reporting
40
DEMO

• DEMO

41
Scholarships/admissions to top 6th form schools

• How many GCSEs in Year 10?
• Mock exams vs Predicted grades
• Relevant subjects vs Best subjects

42
The main difference between IB, A-levels and AVCE

• IB coursework, uni simulation
• A-level traditional and theoretical
• AVCE vocational, post-1992 unis

43
Scholarships/admissions to top secondary schools

• Years 3 and 4
• Non-verbal and Verbal
• Bond Series
• Drilling and training

44
QA?

• Any questions?