The Groundswell Begins:
Stand on the observation deck of the Empire State building on a quiet, spring evening and you can almost here them whispering.
Server Rails
Who? safety analysts and end-users.
What are they saying? "Blacklist anti-virus technology is dead."
Somewhere in the length a hacker laughs and a Cso wails.
It doesn't take a lot of searching on the Internet to find articles and reports from analyst firms like Hurwtiz, Gartner, and Yankee clearly detailing the impending demise of former anti-virus technology. The evidence is indubitably mounting, results damning and sentiment railing against the very solutions that had "protected us" for years! With each new viral exploit and hack it is clear that former solutions are neither able to deter nor protect our infrastructures from the proliferation of new attacks. It is no hidden that inoculation databases are bloated and growing. McAfee made the prediction that by the year 2008 their databases will comprise over 400,000 inoculations. recent studies by Yankee showed that databases mean 9Mb in size causing the scan of a 100,000 file law to take 90 minutes or more, inflicting requisite impact on Cpu cycles. integrate this with the explosive increase of disk space and the increase in malware variants - the death knoll rings.
These same analysts also go on to say that the rejoinder to the problem is Hips, Host Intrusion prevention Systems, also known to many in the manufactures as "whitelisting". For all intents and purposes, these statements are correct...for the most part. The problem lies in the inclination to take a purist view of effectiveness and use of black versus white technologies. By not fully insight the basal strengths and weaknesses of each arrival we omit distinguished weapons in the war against viral intrusion.
Blacklisting: The Weaknesses
At the risk of making blatant statements of the obvious, think what most safety pro know to be the Achilles heal(s) of blacklisting.
Time
Marketing managers call this frailness the Zero Day problem. Blacklisting technology is unfortunately a reactionary solution, meaning that it relies upon the discovery of a new viral exploit before it can provide a deterrent. Once detected, high-priced time ticks away as computer scientists trap, dissect and enumerate the virus in order to release a new inoculation or heuristic. Once developed, more time is accrued waiting for the new cure to be disseminated, deployed and scanned through petabytes of disk space. Time is clearly the friend of hackers, not Cso's as downtime is critically calculated in hours and dollars spent.
Sacrificial
The often ignored and yet potentially more detrimental aspect of this arrival is the necessity of sacrificing a "few" in order to protect the many. New viruses and assault vectors typically don't announce themselves; rather their nearnessy is manifest only once their impact reaches a requisite and requisite level. This absolute is of no consolation to hundreds or thousands of systems first infected by the unknown intruder.
Expensive
As in any business, the cost of creating goods, providing services and maintaining a product is always passed on to the consumer. Constant vigilance has a requisite price attached to it! The cost of analyzing billions of data packets, maintaining countless honeypots, and the building of the actual inoculation is eventually going to reach the consumer's wallet. As the whole of hacker exploits rise, so to the costs of deterrence escalate. Simultaneously and in opposition, shop dynamics commoditize these same products reducing profit margin and forcing A/V vendors to cut costs thus negatively impacting effectiveness.
Cycle Stealing
Regardless of the computing power built into a system, blacklisting technology robs systems of not only requisite Cpu cycles but also heavily impacts disk I/O through scanning. Gains in Cpu power, bus speed, and I/O have been mitigated by the increase in virus definition/inoculation databases as well as the data volumes requiring scanning.
Whitelisting: The Weaknesses
Embracing the premise that whitelisting is the next nirvana can be just as risky as believing that blacklisting is dead. think the following:
Friendly Fire
Everyone knows a coworker who plainly lacks the contact or savvy to understand the ramifications of downloading all things and anyone that comes their way. It is to these individuals that even the most intuitive solutions will be rendered ineffective. Whitelisting solutions, although straight forward in approach, examine the user to have some level of contact as interceptions of new malware normally need direct interaction with the user. That casual user is now faced with a decision, "Is the intercepted file friend or foe?" Depending upon the selection that is made, the supervene is either a explication or a problem.
Provisioning Systems
Corporations looking to deploy whitelisting technology are faced with the daunting task of analyzing tens of thousands of systems in order to create both a law specific and an enterprise-wide listing of popular ,favorite applications. Without this effort, provisioning of definite whitelisting solutions is near impossible. Additionally incomplete pathology can lead to the inadvertent approval of malicious software which is hidden surrounded by the good. Without a means to recognize both, the deployment attempt will be both cumbersome and ineffective.
Management Overhead
If implemented incorrectly, whitelisting approaches may sap high-priced time, energy, and funding. Whitelist technologies that are based on a client-server architecture rely heavily upon staff to manage and disseminate popular ,favorite application signatures or push out rules. Both efforts are time oppressive and will speedily dip deeply into It budgets. These implementations are clearly high-priced to rollout, high-priced to maintain, create lots of inbound help desk activity, and worst of all are vulnerable to denial of service attacks and malicious code injection.
The explication - Think Zebra
In reality, the analysts and manufactures experts are not wrong. Whitelisting is the only path forward but what they neglect to recognize is that whitelisting alone will fail without the nearnessy of a sustained and complimentary blacklisting effort. A far stronger explication will be derived from the combined use of both technologies.
Whitelisting will, by the very nature of what it does, intercept anyone new or unknown that comes along regardless of the delivery vector; email, browsing, media etc.
Whitelisting addresses Zero day issues by effectively closing the release day hole. It also provides time for the blacklisting technology to catch up (inoculations, rules or heuristics) which is requisite to users who need added data in order appropriately rejoinder to interceptions. Even if the decision is taken out of the end-users hands and managed centrally, smart decision makers will do study before handing over the keys to the castle. This is one place where the blacklisting technology advanced over the last decade excels. But there is more...
Traditional blacklisting technology enhances and indubitably saves whitelisting, by virtue of its capability to clean systems of known malicious code before the systems are whitelisted. Corporations will invariably have "dirty" systems in their midst that must be cleansed. This is clearly a job that former whitelisting is ill distinguished for but one in which blacklisting thrives. Once the network is cleansed, only then can whitelisting achieve to its top expectations and capabilities.
Enter the Zebra: An advanced safety arrival that embraces the best highlight functionalities of both. In the arrival decade, the many hope corporations will have in defending their infrastructures against malware is to embrace a primarily whitelist explication that has the capability of employing a blacklisting technology on examine - a zebra or hybrid anti-malware solution. Not only is this perfect news for fellowships wishing to protect their speculation in blacklisting technology, it allows the manufactures to move ahead without making the requisite mistake of giving hackers the upper hand. By taking a purist's view of blacklisting versus whitelisting we will create occasion for attackers to undermine both technologies. Without doubt, the many mistake the safety manufactures could make. The wise selection is to embrace complimentary technologies to fortify infrastructures on multiple levels. The wisest selection is to embrace solutions that have integrated the best of multiple technologies.
Savant - Hybrid at its best
Savant provides the industries only self-learning hybrid whitelisting technology. Designed to comprise and eliminate the spread of any known or unknown malware, Savant creates an data insurance environment aimed at company continuity without the high-priced overhead of law scanning, whitelist deployment and management.
The safety industry's first hybrid solution, Savant combines the compel of its preemptive spread mitigation technology with on-demand viral analysis. The Savant explication provides a robust tool for immediately determining the validity and safety of applications before allowing them entrance to computing cycles.
Savant provides dynamically enhanced operational operate of company safety to the corporation in their battle against escalating hacker intrusions and mandates to keep law integrity at optimum levels.
search for the greatest Blunder In The History of Anti-VirusFriends Link : Good Memcard
ไม่มีความคิดเห็น:
แสดงความคิดเห็น