Forgot your password?
typodupeerror
Security

IEEE Launches Anti-malware Services To Improve Security 51

Posted by Soulskill
from the trickle-down-security dept.
New submitter Aryeh Goretsky writes: The IEEE Standards Assocation has launched an Anti-Malware Support Service to help the computer security industry respond more quickly to malware. The first two services available are a Clean file Metadata Exchange (PDF), to help prevent false positives in anti-malware software, and a Taggant System (PDF) to help prevent software packers from being abused. Official announcement is available at the offical website."
This discussion has been archived. No new comments can be posted.

IEEE Launches Anti-malware Services To Improve Security

Comments Filter:
  • Taggant (Score:4, Interesting)

    by TubeSteak (669689) on Wednesday July 02, 2014 @01:34AM (#47366575) Journal

    I can't get the linked PDF to load
    This probably isn't the same thing, but it explains what they're trying to do and why
    https://media.blackhat.com/bh-us-11/Kennedy/BH_US_11_KennedyMuttik_IEEE_Slides.pdf [blackhat.com]

    • I can't get the linked PDF to load

      Basically they want the people who write malware packers to tag the packed malware as malware so it can be easily identified. Sort of like asking burglars to wear a shirt with I AM A BURGLAR printed on it in large letters, and perhaps notify the police when they're planning to break into a house.

      It's a cunning plan, but somehow I can't see it catching out many bad guys.

      • by mythosaz (572040)

        They already wear masks, striped shirts, and carry their stolen goods in burlap bags. I'm pretty sure that "I AM A BURGLAR" is unnecessary.

      • by dave562 (969951)

        I got just the opposite from the PDF.

        I thought what they are proposing is that "good" companies will sign their executables with certificates that can be revoked in the future if it turns out that the certificate is being used to sign malware.

      • Hello,

        I believe the idea is to allow legitimate developers of packers, cryptors, etc. a means of identifying their software. I would not expect those folks on the malware side of things to take any action as a result of this activity under the IEEE's auspices as it does not apply to them.

        Regards,

        Aryeh Goretsky

    • Hello,

      No problems viewing either PDF file via Sumatra PDF Reader. Perhaps you could try that.

      Regards,

      Aryeh Goretsky

  • Official announcement is officially available at the official website* - FTFY
  • #cyberoam cyberoam güvenlik te üstün koruma hizmei ile dünyada ve türkiyede lider firmalarndandr. kaynak:http://www.cyberoam.web.tr
  • IEEE (Score:5, Funny)

    by war4peace (1628283) on Wednesday July 02, 2014 @06:33AM (#47367263)

    My head is defective. I always see "IEEE" and transform it into "Internet Explorer Enterprise Edition". Makes me cringe every time.

  • CMX Consumer and/or Taggant SSV (price US $8,000.00)

    Access to CMX for 1 year
    Access to Taggant System IEEE Public Root Key, and blacklist for one year

    http://standards.ieee.org/deve... [ieee.org]

    Most TI vendors at least offer some free feeds to suggest they have valuable content before asking you to pay up. Adoption of this new service isn't going to very good if no one can try it out/use it for free. *shrug*

    • Hello,

      Software vendors are not charged for submitting to the CMX, and the Taggant System is free for packer authors, as well.

      It is the developers of anti-malware software who are paying for access to the CMX and Taggant System metadata, since they get the most value out of using that information. They are essentially underwriting the costs for everyone else in order to help provide a mechanism that helps clean up the ecosystem.

      While there are probably some anti-malware software developers for whom this wou

    • This is the very best summary I've ever read on the current state of security.

      Thanks for the link.

  • While I'm admittedly not an expert in cryptography or trusted computing schemes in general, I don't see how this differs on a technical level from numerous other code-signing schemes with a central certificate authority (CA) (and its chain of delegations) blessing "good" code and revoking such blessings. Well known examples include Securicode / Windows Driver Signing, the anti-consumer bits of UEFI, etc. Can anyone shed some further light on how this is different?

    As with other such systems, it assumes the e

Can't open /usr/fortunes. Lid stuck on cookie jar.

Working...