Miscreants have released a Trojan specially designed to disable cloud-based anti-virus security defences. The Bohu blocks connections from infected Windows devices and cloud anti-virus services in place to protect them. Malware writers have long included routines to disable components of desktop anti-virus software packages or …
"Only by allowing code that is known to be good to enter a network..."
Surely, that will exclude most of Microsoft's stuff?
Most of Microsoft's stuff. Almost all of Linux. And no one runs Apple stuff on anything but toys these days so we don't need to consider that.
OS code aside, The Register would lose half its stories if drone workers didn't find ways of circumventing security and running stuff they weren't supposed to or copying data they shouldn't.
For the sake of the Reg, keep networks open!
Even if code was whitelisted, exploiters have been known to find ways to turn good programs bad (look up Return-Oriented Programming).
Whitelisting none too practical
Problem with whitelisting is that you have to pay someone like Verisign to auth your code, and that is impractically expensive for small utilities.
Since it seems this malware would have to gain a foothold on the client computer before it can block cloud access, an alternative approach is to limit where, on disk, apps can be launched from, excluding from this definition any download or temp folder.
http://sf.net/projects/softwarepolicy is quite effective in this role (Shameless plug, actually, being as I am the coder <g>)
This would be a problem how and why?
twas a joke, sir!
well, i think it was.
re re er
Hell, you don't do irony, do you?
"It is the first designed to target anti-virus technology that is protecting the cloud. Add to that the fact that it is native to China, and we are seeing yet another new wave of targeted cyber attacks."
Looks like the guy didn't understand peep about it...
It is not targeting AV that is protecting the cloud, but drawing protection FROM the cloud.
And one piece of malware that is not even that widespread does not make a "cyber attack".
Fu**ing "computer security" populists and self proclaimed "experts".
Not only is he talking utter bullshite, but I sense a hidden agenda here.
Bad guys realized if people kept all their eggs in one basket they could get more people at once !!!
route add -net ........
one of the oldest tricks in the book. Used by network admins to get overtime since 1989 (in a specific case).