Corporate PCs cluttered with malware

Despite the efforts of IT departments, many PCs in the corporate and government world are littered with unauthorized software, most notably malware, says application-whitelisting company Bit9.

The results of Bit9's "2010 What's Running on Your Users' Desktops?" survey, released Monday, uncovered PCs with a significant amount of non-business software, including games, toolbars, and torrent software. Of greater concern, IT pros surveyed also discovered malware, such as ransom-ware, Trojans, and Chinese spyware.

Among the 1,282 IT professionals questioned for the survey, 68 percent of them said they have software restrictions in place, but 45 percent said they still found unauthorized software on more than half of their client PCs.

Specifically, 46 percent of the IT folks surveyed said that spyware, malware, and unlicensed software continue to pose a problem by getting past traditional security methods. They also found that unauthorized or malicious software caused up to 25 percent of user downtime and calls to the help desk, leading to a drop in productivity. But 39 percent of the respondents also admitted they don't have a software usage policy that specifically prohibits employees from downloading their own software.

Now of course, Bit9 has a vested interest in the results of the survey since the company does sell whitelisting security products that help IT administrators lock down the applications their users can run.

But I know from my days in IT that keeping users from downloading and installing their own personal and sometimes harmful software is an ongoing challenge. People would download toolbars, torrent software, and other unauthorized programs and then complain when their PCs started to crash or slow down.

Cutting down on the amount of harmful software installed at a company has always required the right policies from IT but also the right cooperation from end users.

To learn more about the survey results, I spoke with Kate Munro, director of product marketing for Bit9. She said that this year's response from 1,282 IT folks was a big leap over last year when only 257 people answered the survey. The higher participation could be seen as a sign that IT people are more in tune with and naturally concerned about the malware threats surfacing today, said Munro.

She particularly noted IT concerns over the Advanced Persistent Threat, a buzzword that describes organized cyberattacks that specifically try to steal information from such sectors as financial services, manufacturing, and of course government.

Some of the non-malicious but still unauthorized software found on user PCs by IT included Skype, BitTorrent, and iTunes.

Munro added that Skype can pose a problem when people use the personal version on their work PCs, since it doesn't have the same restrictions as the enterprise edition and relies on the user to keep it patched and properly updated.

Munro also said that malicious programs are being installed despite the best efforts of IT departments. Almost all of the participants said they deploy antivirus software on their network PCs. Many take away admin rights (which are typically needed to install a program), while others lock down the desktop using tools like Microsoft's Group Policy. But malware writers continue to sneak past security defenses to launch their payloads.


Source: news.cnet.com

New malware attack laughs at your antivirus software

How do you get a malware exploit to bypass antivirus protection? By making it work the same way the antivirus software does.

A new exploit outlined this week is so effective, say researchers, that it can slip by “virtually all” antivirus protection undetected.

It works the same way an antivirus app does, by hooking directly into Windows and masquerading as harmless software. It tricks Windows by sending sample code to the OS, like any antivirus app that looks completely benign, then at the last microsecond it swaps in malicious code, which is then executed.

If an antivirus application uses the traditional method of interacting with Windows — a system called SSDT — then it will be vulnerable to attack via this method. And they all use SSDT. As the researchers at matousec.com noted during their investigation, “100 percent of the tested products were found vulnerable.” It didn’t matter if the user had administrator rights or not, the exploit was able to sneak through.

The good news is that the attack isn’t completely realistic, since the size of the code required would have to be large to work. A quickie download wouldn’t be possible, so the attack would likely have to find its way onto a target computer by other means. But that also worries researchers, since commonly downloaded software could be intentionally infected with the malware and during installation your antivirus software wouldn’t bat an eyelash. The malware could actually uninstall your antivirus application in its initial volley, leaving you wide open to attack.

Antivirus software companies have yet to respond to the threat, and it may take some time for them to do so, eventually requiring a full reworking of everything we know about the way antimalware software works.


Source: news.yahoo.com