Security Bites from CNET

To put it simply, the concept of "white listing" is to define a set of software, a set of vendors, and allow only those trusted applications or files from those vendors to run on your machine. If a file or application is not approved, it will not run. This is the opposite of how we've blocked malware from our machines in the past. In 2007, Symantec detected more than 1 million viruses, with two-thirds created within the calendar year. Loading 1 million antivirus signatures or even a percentage of that if generic signatures are used is a pretty serious undertaking. The idea here is that maybe we should only be loading signatures for the good files. So far, the idea is only being implemented in the enterprise space. Still, it's a interesting idea. On the desktop it's already being used to stop spam, so why not use white lists to block malware as well? Massachusetts-based Bit9 has created one of the largest catalogs of "known good" and "known bad" applications. Its Global Software Registry (GSR) serves as the policy enforcement center for Bit9's enterprise offerings. Recently, desktop antivirus vendor Kaspersky announced a partnership with Bit9 that will allow it to use the GSR in its upcoming desktop products in 2009. This week on the Security Bites podcast, CNET's Robert Vamosi talks with Tom Murphy, chief strategy officer for Bit9, about white listing and its potential for the future. Listen now: Download today's podcast

Dan Kaminsky at DefCon in 2006.(Credit: Declan McCullagh / CNET News)In the middle of a flood of news surrounding a serious vulnerability within the fundamental structure of the Domain Name System (DNS) is the story of how researcher Dan Kaminsky chose to handle his discovery and, hopefully, it's mitigation. What Kaminsky did was coordinate several vendors in a multiparty, simultaneous release of a patch--a patch that he feels doesn't lend itself to easy reverse engineering. For the moment, Kaminsky is not talking details. He's hoping that people will apply the various patches, update their DNS servers and clients, and do so before the bad guys can craft their exploits. He's giving everyone 30 days before he spills the technical details at this year's Black Hat conference in Las Vegas in August. Kaminsky, director of penetration testing at IOActive, is no stranger to discovering vulnerabilities. In this case, however, he says he wasn't looking for the DNS flaw but after three days of testing he knew he had something important. In this week's Security Bites podcast interview, Kaminsky talks about what goes through his mind when he hits upon a suspected vulnerability and how he decides to proceed from there, and what he's learned thus far from the whole DNS patch experience. Listen now: Download today's podcast

Dan Kaminsky at DefCon in 2006(Credit: Declan McCullagh / CNET News)In the middle of a flood of news surrounding a serious vulnerability within the fundamental structure of the Domain Name System (DNS) is the story of how researcher Dan Kaminsky chose to handle his discovery and, hopefully, it's mitigation. What Kaminsky did was co-ordinate several vendors in a multiparty, simultaneous release of a patch--a patch that Kaminsky feels doesn't lend itself to easy reverse engineering. For the moment Kaminsky is not talking details. He's hoping that people will apply the various patches, update their DNS servers and clients, and do so before the bad guys can craft their exploits. He's giving everyone 30 days before he spills the technical details at this year's Black Hat conference in Las Vegas in August. Kaminsky, director of penetration testing at IOActive, is no stranger to discovering vulnerabilities. In this case, however, he says he wasn't looking for the DNS flaw but after three days of testing he knew he had something important. In this week's Security Bites interview, Kaminsky talks about what goes through his mind when he hits upon a suspected vulnerability, and how he decides to proceed from there. And what he's learned thus far from the whole DNS patch experience. Listen now: Download today's podcast

McAfee released on Tuesday the results of a monthlong spam experiment. The security company provided 50 people worldwide with a clean laptop armed only with antivirus protection (no anti-spam protection) and a brand new domain for e-mail. McAfee then asked them to surf the Net and blog about their experiences. Within the first 24 hours, the individuals received their first spam e-mail in the S.P.A.M. (Spammed Persistently All Month) Experiment. Over the course of 30 days, McAfee's test subjects accumulated 104,000 spam e-mails, or roughly 70 spam messages per day per recipient. Put another way, 87 percent of all the e-mail captured on the test laptops was considered to be spam. I spoke with Dave Marcus, director of security research and communications for McAfee Avert Labs, about the experiment and the results. Listen now: Download today's podcast

McAfee released on Tuesday the results of a monthlong spam experiment. The security company provided 50 people worldwide with a clean laptop armed only with antivirus protection (no anti-spam protection) and a brand new domain for e-mail. McAfee then asked them to surf the Net and blog about their experiences. Within the first 24 hours, the individuals received their first spam e-mail in the S.P.A.M. (Spammed Persistently All Month) Experiment. Over the course of 30 days, McAfee's test subjects accumulated 104,000 spam e-mails, or roughly 70 spam messages per day per recipient. Put another way, 87 percent of all the e-mail captured on the test laptops was considered to be spam. I spoke with Dave Marcus, director of security research and communications for McAfee Avert Labs, about the experiment and the results. Listen now: Download today's podcast

McAfee released on Tuesday the results of a monthlong spam experiment. The security company provided 50 people worldwide with a clean laptop armed only with antivirus protection (no anti-spam protection) and a brand new domain for e-mail. McAfee... -

This week CNET's Robert Vamosi talks with Eva Chen, co-founder and CEO of Trend Micro. For more than 20 years Chen has been active in the antimalware community and has kept her company competitive worldwide against competition such as Symantec and McAfee Chen visited CNET to talk about Trend Micro's ambitious goal of putting anti-malware protection in the cloud. She argues that signature-based protection is still faster than running a full heuristic sandbox to detect new malicious software. Chen thinks that by having your desktop ping a signature database in the cloud you'll get a faster, lighter, and more accurate, anti-malware protection for your desktop. Also, when new malware is discovered on your desktop, a sample can be sent to the cloud, analyzed, and if necessary, a new signature created--protecting not only you but anyone else who finds it. Clearly threats and protection have both changed over the years. Recently, some security experts have been talking about doing away with antivirus protection, saying that most of the threats today are coming from Web 2.0 sources, and can be better blocked with firewalls and secure Web browsers. Of course, Chen disagrees. Listen now: Download today's podcast

This week CNET's Robert Vamosi talks with Eva Chen, co-founder and CEO of Trend Micro. For more than 20 years Chen has been active in the antimalware community and has kept her company competitive worldwide against competition such as Symantec and McAfee Chen visited CNET to talk about Trend Micro's ambitious goal of putting anti-malware protection in the cloud. She argues that signature-based protection is still faster than running a full heuristic sandbox to detect new malicious software. Chen thinks that by having your desktop ping a signature database in the cloud you'll get a faster, lighter, and more accurate, anti-malware protection for your desktop. Also, when new malware is discovered on your desktop, a sample can be sent to the cloud, analyzed, and if necessary, a new signature created--protecting not only you but anyone else who finds it. Clearly threats and protection have both changed over the years. Recently, some security experts have been talking about doing away with antivirus protection, saying that most of the threats today are coming from Web 2.0 sources, and can be better blocked with firewalls and secure Web browsers. Of course, Chen disagrees. Listen now: Download today's podcast

This week CNET's Robert Vamosi talks with Eva Chen, co-founder and CEO of Trend Micro. For more than 20 years Chen has been active in the antimalware community and has kept her company competitive worldwide against competition such as Symantec... -

Greg Hoglund is no stranger to security. In the last few years, he's founded Bugscan, Cenzic, and HBGary, where he is currently CEO. He is also the co-author of Exploiting Software, Rootkits: Exploiting the Windows Kernel, and Exploiting Online Games. Hoglund has presented at numerous Black Hat Briefings and taught several training sessions there as well. This week he stopped by the Security Bites studio for a conversation with CNET's Robert Vamosi on rookits, software vulnerabilities, and online gaming. Listen now: Download today's podcast

Greg Hoglund is no stranger to security. In the last few years, he's founded Bugscan, Cenzic, and HBGary, where he is currently CEO. He is also the co-author of Exploiting Software, Rootkits: Exploiting the Windows Kernel, and Exploiting Online Games. Hoglund has presented at numerous Black Hat Briefings and taught several training sessions there as well. This week he stopped by the Security Bites studio for a conversation with CNET's Robert Vamosi on rookits, software vulnerabilities, and online gaming. Listen now: Download today's podcast

Greg Hoglund is no stranger to security. In the last few years, he's founded Bugscan, Cenzic, and HBGary, where he is currently CEO. He is also the co-author of Exploiting Software, Rootkits: Exploiting the Windows Kernel, and Exploiting Online... -

IronPort's Pat Peterson joins Robert Vamosi this week to talk about how online criminals make money using botnets. Listen now: Download today's podcast How do online criminals make money off of botnets? Previously, we've explored how parts of the Storm worm botnet may have been rented out to others. No matter who owns the botnet, the traffic is usually the same: spam. But what kind of spam? IronPort Systems, a divison of Cisco, released a report this week (registration required) that identified some of the specific spam messages being used. Not surprising is the pharmaceutical spam. But criminals are also luring unsuspecting individuals with various "work from home" scams. People who fall for this are told to buy expensive products in the United States for delivery overseas. For their effort, they'll receive a percentage of the purchase price. These "money mules," as they are called, are actually cashing out stolen credit cards for foreign criminals. CNET's Robert Vamosi spoke via phone with Pat Peterson, who is vice president of technology at IronPort.

IronPort's Pat Peterson joins Robert Vamosi this week to talk about how online criminals make money using botnets. Listen now: Download today's podcast How do online criminals make money off of botnets? Previously, we've explored how parts of the Storm worm botnet may have been rented out to others. No matter who owns the botnet, the traffic is usually the same: spam. But what kind of spam? IronPort Systems, a divison of Cisco, released a report this week (registration required) that identified some of the specific spam messages being used. Not surprising is the pharmaceutical spam. But criminals are also luring unsuspecting individuals with various "work from home" scams. People who fall for this are told to buy expensive products in the United States for delivery overseas. For their effort, they'll receive a percentage of the purchase price. These "money mules," as they are called, are actually cashing out stolen credit cards for foreign criminals. CNET's Robert Vamosi spoke via phone with Pat Peterson, who is vice president of technology at IronPort.

IronPort's Pat Peterson joins Robert Vamosi this week to talk about how online criminals make money using botnets. Listen now: Download today's podcast How do online criminals make money off of botnets? Previously, we've explored how... -

Jonathan Nightingale of Mozilla joins CNET's Robert Vamosi to talk about the latest version of the browser and its built-in security features. - -

Jonathan Nightingale of Mozilla joins CNET's Robert Vamosi to talk about the latest version of the browser and its built-in security features. -

Jonathan Nightingale of Mozilla joins CNET's Robert Vamosi to talk about the latest version of the browser and its built-in security features.

Jonathan Nightingale of Mozilla joins CNET's Robert Vamosi to talk about the latest version of the browser and its built-in security features. Listen now: Download today's podcast If you haven't tried Firefox, what are you waiting for? The latest version, Firefox 3, will soon be out, and the release candidates are stable enough these days for daily use. (Currently, RC2 is the latest build.) What's good about Firefox 3 is that it's light on resources (even if you have 15 tabs open) and very fast--an improvement over Firefox 2 by far. What's even better are all the built-in security features. CNET's Robert Vamosi spoke this week with Jonathan Nightingale. He is Mozilla's "Human Shield," aka its security user interface designer. Nightingale, along with Window Snyder and others on the security team at Mozilla, developed some of the cool new security features baked into Firefox 3.

Jonathan Nightingale of Mozilla joins CNET's Robert Vamosi to talk about the latest version of the browser and its built-in security features. Listen now: Download today's podcast If you haven't tried Firefox, what are you waiting for? The latest version, Firefox 3, will soon be out, and the release candidates are stable enough these days for daily use. (Currently, RC2 is the latest build.) What's good about Firefox 3 is that it's light on resources (even if you have 15 tabs open) and very fast--an improvement over Firefox 2 by far. What's even better are all the built-in security features. CNET's Robert Vamosi spoke this week with Jonathan Nightingale. He is Mozilla's "Human Shield," aka its security user interface designer. Nightingale, along with Window Snyder and others on the security team at Mozilla, developed some of the cool new security features baked into Firefox 3.

Jonathan Nightingale of Mozilla joins CNET's Robert Vamosi to talk about the latest version of the browser and its built-in security features. Listen now: Download today's podcast If you haven't tried Firefox, what are you waiting for?... -

CNET's Robert Vamosi speaks with Ari Takanen of Codenomicon about whether companies do a good job of finding and fixing their own vulnerabilities. Listen now: Download today's podcast Last week, an independent security researcher announced that it was possible to install a rootkit on the Cisco IOS network, which is used for routers and voice over Internet Protocol. This week, CNET's Robert Vamosi spoke with Ari Takanen, co-founder and chief technology officer of Codenomicon. While Takanen's company doesn't engage in vulnerability research, it creates the tools by which enterprises can check their own software for vulnerabilities. That raises a question. Previous Security Bites episodes have featured independent researchers who, outside of a given company, have identified and made public serious vulnerabilities. One would think an independent voice might be better than one located inside a company. Takanen disagrees. He thinks companies are doing a good job finding and fixing their own vulnerabilities outside the public's attention.

CNET's Robert Vamosi speaks with Ari Takanen of Codenomicon about whether companies do a good job of finding and fixing their own vulnerabilities. Listen now: Download today's podcast Last week, an independent security researcher announced that it was possible to install a rootkit on the Cisco IOS network, which is used for routers and voice over Internet Protocol. This week, CNET's Robert Vamosi spoke with Ari Takanen, co-founder and chief technology officer of Codenomicon. While Takanen's company doesn't engage in vulnerability research, it creates the tools by which enterprises can check their own software for vulnerabilities. That raises a question. Previous Security Bites episodes have featured independent researchers who, outside of a given company, have identified and made public serious vulnerabilities. One would think an independent voice might be better than one located inside a company. Takanen disagrees. He thinks companies are doing a good job finding and fixing their own vulnerabilities outside the public's attention.

CNET's Robert Vamosi speaks with Ari Takanen of Codenomicon about whether companies do a good job of finding and fixing their own vulnerabilities. Listen now: Download today's podcast Last week, an independent security researcher... -

CNET's Robert Vamosi speaks with Ari Takanen of Codenomicon about whether companies do a good job of finding and fixing their own vulnerabilities. - -

CNET's Robert Vamosi speaks with Ari Takanen of Codenomicon about whether companies do a good job of finding and fixing their own vulnerabilities. -

CNET's Robert Vamosi speaks with Ari Takanen of Codenomicon about whether companies do a good job of finding and fixing their own vulnerabilities.

This week, CNET's Robert Vamosi talks with Matt Sergeant, senior antispam technologist for MessageLabs. Listen now: Download today's podcast This week, CNET's Robert Vamosi talks about spam with Matt Sergeant, senior antispam technologist for MessageLabs. About two weeks ago, MessageLabs discovered that spammers were publishing to Google Docs. What this does, says Sergeant, is allow spammers to use Google's incredible bandwidth and also have a Web site that is never going to get blacklisted. Also, MessageLabs this week reported an uptick in the number of spam e-mails related to the Storm worm and botnet. A few weeks ago, MessageLabs said that Storm was going away, its numbers decreasing. To paraphrase Mark Twain, the rumors of its death have been greatly exaggerated. The new burst of infections, according to Sergeant, number around 80,000.

This week, CNET's Robert Vamosi talks with Matt Sergeant, senior antispam technologist for MessageLabs. Listen now: Download today's podcast This week, CNET's Robert Vamosi talks about spam with Matt Sergeant, senior antispam technologist for MessageLabs. About two weeks ago, MessageLabs discovered that spammers were publishing to Google Docs. What this does, says Sergeant, is allow spammers to use Google's incredible bandwidth and also have a Web site that is never going to get blacklisted. Also, MessageLabs this week reported an uptick in the number of spam e-mails related to the Storm worm and botnet. A few weeks ago, MessageLabs said that Storm was going away, its numbers decreasing. To paraphrase Mark Twain, the rumors of its death have been greatly exaggerated. The new burst of infections, according to Sergeant, number around 80,000.

This week, CNET's Robert Vamosi talks with Matt Sergeant, senior antispam technologist for MessageLabs. Listen now: Download today's podcast This week, CNET's Robert Vamosi talks about spam with Matt Sergeant, senior antispam... -