Toolkit
Story: How cooperation can beat viruses
Posted by: Stuart Morrison (Friday 16 April 2004, 7:27 PM)
I believe the answer is to stop the infection in the first place.
A mitigating technology that prevents infection from these virus threats is described as an “Executable Authorization Management” technique. Executables must first be authorized through a password protected mechanism before they can run on a PC. It provides a similar type of protection as is provided with ACL in recent Windows platforms. However, the proposed technology solution is very easy to operate, applies to all Windows platforms and the protection exists even when a user is operating in the administrator mode. This prevents any malicious activity from infecting a PC without entering a password. Once an executable is authorized it can run without any further notification.
Patch Management currently is the main form of protection against software vulnerability exploit code. Hackers continue to reduce the time between software vulnerability announcement and the existence of the exploit code. Currently, systems are not protected from a Zero-Day attack which could have catastrophic consequences if engineered from a terrorists perspective. Patch Management continues to be a growing expense burden for businesses as the ongoing risk of not patching is too high. Businesses are typically completely exposed until the patches are fully tested and deployed to every PC
A new protection technique exists that stops Buffer Overflow (BOF) exploit code on all un-patched Windows NT based platforms. The technique can be practically applied for any user level.
For additional information please visit www.ossecurity.ca
Full Talkback thread
Story: How cooperation can beat viruses
-
I believe the answer is to stop the infection in t... Stuart Morrison -
Self-defending networks from Cisco.
Don't believe... Anonymous
Back to: How cooperation can beat viruses
