IEEE Launches Anti-malware Services To Improve Security 51
New submitter Aryeh Goretsky writes: The IEEE Standards Assocation has launched an Anti-Malware Support Service to help the computer security industry respond more quickly to malware. The first two services available are a Clean file Metadata Exchange (PDF), to help prevent false positives in anti-malware software, and a Taggant System (PDF) to help prevent software packers from being abused. Official announcement is available at the offical website."
Taggant (Score:4, Interesting)
I can't get the linked PDF to load
This probably isn't the same thing, but it explains what they're trying to do and why
https://media.blackhat.com/bh-us-11/Kennedy/BH_US_11_KennedyMuttik_IEEE_Slides.pdf [blackhat.com]
Re: (Score:2)
It probably won't help much, if at all, but the number of legitimate applications which are self-modifying is comparatively very rare compared to those which done.
Regards,
Aryeh Goretsky
In reply to "Anonymous Coward" at Wednesday July 02, 2014 @12:34AM:
Re: (Score:3)
"Portable Document Format (PDF) is a file format used to present documents in a manner independent of application software, hardware, and operating system"
http://en.wikipedia.org/wiki/P... [wikipedia.org]
You don't have to use Adobe to view or edit PDFs.
Re: (Score:2)
Try pdf.js -- it is the implementation of a pdf reader in one of the most secure code execution runtimes -- a js engine. It is slow and lacks much pdf features, but for these slides pdf.js is enough.
Re: (Score:3)
I can't get the linked PDF to load
Basically they want the people who write malware packers to tag the packed malware as malware so it can be easily identified. Sort of like asking burglars to wear a shirt with I AM A BURGLAR printed on it in large letters, and perhaps notify the police when they're planning to break into a house.
It's a cunning plan, but somehow I can't see it catching out many bad guys.
Re: (Score:2)
They already wear masks, striped shirts, and carry their stolen goods in burlap bags. I'm pretty sure that "I AM A BURGLAR" is unnecessary.
Re: (Score:2)
I got just the opposite from the PDF.
I thought what they are proposing is that "good" companies will sign their executables with certificates that can be revoked in the future if it turns out that the certificate is being used to sign malware.
Re: (Score:2)
Hello,
I believe the idea is to allow legitimate developers of packers, cryptors, etc. a means of identifying their software. I would not expect those folks on the malware side of things to take any action as a result of this activity under the IEEE's auspices as it does not apply to them.
Regards,
Aryeh Goretsky
Re: (Score:2)
Hello,
No problems viewing either PDF file via Sumatra PDF Reader. Perhaps you could try that.
Regards,
Aryeh Goretsky
Re: (Score:2)
No need to be cross platform. Any platform that is not Windows is impervious to malware, /. says so.
Re: (Score:2)
I really do think that Windows trains users in the worst possible behaviours - download and install from any website and if you see a dialog, don't bother reading it, just keep clicking "next" or "ok" until it's done.
Re: (Score:2)
I've thought that with windows store Microsoft people wanted to solve this problem, but unfortunately they have only enabled this mechanism for metro apps. I hope that rumors are right about windows store apps being abled to also run on desktop windows.
I different approach on network operating systems (Score:2)
Network operating systems such as Linux take a different approach from the Windows line of disk operating systems. You CAN get some Windows-style anti-malware stuff for Linux or Mac, but it's main use is to scan emails on the server in order to protect the Windows clients. To protect the Linux/BSD/Mac systems, we take the opposite approach. Not anti-malware, loading up another 75,000 virus signatures to try in vain to identify the bad stuff, but a pro-goodware approach, identifying the 20 or so programs t
spam less than you (Score:2)
N/m
Officially* (Score:1)
Re: (Score:2)
Hello,
Oops. Thanks for catching this!
Regards,
Aryeh Goretsky
cyberoam firewall web filter (Score:1)
IEEE (Score:5, Funny)
My head is defective. I always see "IEEE" and transform it into "Internet Explorer Enterprise Edition". Makes me cringe every time.
slashvertized service is commercial (Score:2)
CMX Consumer and/or Taggant SSV (price US $8,000.00)
Access to CMX for 1 year
Access to Taggant System IEEE Public Root Key, and blacklist for one year
http://standards.ieee.org/deve... [ieee.org]
Most TI vendors at least offer some free feeds to suggest they have valuable content before asking you to pay up. Adoption of this new service isn't going to very good if no one can try it out/use it for free. *shrug*
Re: (Score:2)
Hello,
Software vendors are not charged for submitting to the CMX, and the Taggant System is free for packer authors, as well.
It is the developers of anti-malware software who are paying for access to the CMX and Taggant System metadata, since they get the most value out of using that information. They are essentially underwriting the costs for everyone else in order to help provide a mechanism that helps clean up the ecosystem.
While there are probably some anti-malware software developers for whom this wou
Why anti-malware software don't work .. (Score:2)
Re: (Score:1)
This is the very best summary I've ever read on the current state of security.
Thanks for the link.
Taggant vs. any other digital signature scheme (Score:2)
While I'm admittedly not an expert in cryptography or trusted computing schemes in general, I don't see how this differs on a technical level from numerous other code-signing schemes with a central certificate authority (CA) (and its chain of delegations) blessing "good" code and revoking such blessings. Well known examples include Securicode / Windows Driver Signing, the anti-consumer bits of UEFI, etc. Can anyone shed some further light on how this is different?
As with other such systems, it assumes the e