Viruses & Spyware: the current threats

By: Osvaldo Callegari
If we think about the extent of the damage caused by computer viruses, are we in a position to really explain which elements stopped working or what part of the computer it affected?

Now, there is a universe of causes that can produce of different kinds. It is clear that when a virus attacks an application or a system produces something, we will start analyzing that something.

Damage caused by a virus.
-Cancels the operation of the affected program
-Propagate copies of it inside the computer
-Does not alter the system but allows leaks
-It remains inert without doing anything
-Works timebomb type with a deadline to activate

We can say that conventional antiviruses are migrating to more complete platforms, given that the demand for threats has grown and our computers need a greater number of protection elements.

As we usually do in our section, we show a technical detail of current and world-renowned tools. We will analyze antivirus programs supplemented by other defensive means. In our case it is the turn of Eset Smart Suite Security in its version number 4. In successive articles we will show other similar systems.

When we talk about suite, we mean a set of security tools. Within a suite we can find the following programs.

* Antivirus
* Anti-spy
* Antispyware
* Antispam
* Firewalls
* Email protection
* Control of computer activities
* Self-defense
* Access control

Eset Smart Suite 4 Contains:
* Proactive protection: Through ThreatSense®, the most advanced heuristic technology on the market, it allows you to always be one step ahead of future threats.
* Lightweight design: Integrates anti-virus, anti-spyware, personal firewall and anti-spam protection consuming a minimal portion of your system resources.
* Speed: Fast file scanning and updating.
* Antivirus
* Antispyware
* Personal Firewall
* Antispam

Due to the combination of next-generation technologies with traditional detection based on virus signatures, ThreatSense® provides superior protection for systems, as it has been and continues to be recognized by a huge number of independent assessments accepted by the industry.

State-of-the-art ThreatSense® Heuristic Technology incorporated new features:
▪ Integration with SysInspector: This diagnostic tool allows a better analysis of various aspects of the operating system, including active processes, registry contents, network connections and startup files.

▪ Support for Cisco Network Admission Control (NAC)
▪ Eset SysRescue: It is a new application that will allow you to create Bootable CDs or USB keys.
▪ Self-Defense: It is a security mechanism to prevent malware from trying to disable or neutralize the protection resident on the computer.
▪ USB Device Access Control: The administrator can block access to certain devices (USB, CD). In addition, the product will automatically scan any device that connects to the equipment, using the advanced heuristics.

▪ Integration with SysInspector: This diagnostic tool allows better analysis of various aspects of the operating system, including active processes, registry contents, network connections, and startup files.
▪ ESET SysRescue: Corrupted file rescue tool.
▪ESET Mobile Antivirus Module: Computer technology is tending to miniaturize. ESET Mobile Antivirus is a tool for protecting Windows® Mobile devices.
Main features of ESET Mobile Antivirus
▪Proactive protection: Detects and removes malware for both known and unknown mobile devices.
▪Light impact: Around 300 KB is required for installation and 1 MB of RAM during scanning.
▪ High scanning speed: ThreatSense© technology detects more files.
▪ Antispam for SMS: Filters unwanted text messages by sending them to the spam folder.
▪Intuitive user interface: For a simple, fast and elegant user experience.

Virus and malware protection success stories
The Italian Hospital of Buenos Aires implemented a malware and antivirus solution. The HI optimized its protection against malware through Eset NOD32 Antivirus

This hospital carries out its important task of assisting the community from 1853 to the present, so its high training, both technical and professional, is one of its main characteristics. In addition to the 900 doctors on its staff and more than 500 beds, it has also advanced in the educational field developing since 2000, a School of Medicine and Nursing together with its digital section with online courses and articles on all kinds of medical and nutritional aspects.

In an era where communication and computer systems are vital for such an institution, the hospital has decided to protect its computers and information using the renowned Eset NOD32 antivirus.

Posing the problem
The Italian Hospital has more than 2,000 computers, all of them connected to a complex network and various subnets, where Windows, Linux and IBM iSeries/AS400 computers coexist.

The Department of Information Systems of the Italian Hospital in its constant task of remaining alert and updated against computer threats, found that they increased rapidly and that its equipment, used mainly for the assistance of its patients, was not fully protected against the evolution of malicious codes. The decision was to quickly implement an action plan to find the solution that would provide the best level of protection.

Solution and Implementation
In order to make a correct choice of antivirus, the hospital decided to implement a test laboratory exposing a network with public addresses, computers with different operating systems and try attacks on them.

After evaluating the main products on the market, the Italian Hospital found the solution sought. "We tested several brands and chose Eset NOD32," says Jorge Severino, Head of IT, who also comments because this antivirus was selected.

"The advantages he showed to others were significant. Eset NOD32, working mainly by heuristic recognition and not by virus signature comparison, does not degrade the performance of the equipment, achieves a high scanning speed and proactively protects against new malicious codes, without the need for a specific update, "said the leader, who added something about the way in which they achieved the results.

Then, Severino added that "the implementation did not present problems, despite the complexity of the institution's network and the wide decentralization of equipment that the hospital has, added to the objective of centralizing the administration of the antivirus in a single control headquarters."

Conclusion
"The experience since December 2005 confirms that we have made the right decision," concluded the Head of IT of the Hospital. "Using Eset NOD32 we reached the level of protection against malicious computer code we were looking for."

Main current threats
IM instant messaging is currently recognized as a legitimate method of communication for personal and business use. IM applications are available on multiple operating system platforms. The range ranges from traditional computers to mobile devices such as PDAs or cell phones. The use of this type of program that is convenient for users is a means of spreading threats and risk both for the one who uses them and for companies.

Attacks include variants of email worms combining with email-related messaging. The uncontrolled use of these applications compromises the sensitive data of companies. The main risks related to MI are the following:

* Malware: Worms, viruses and Trojans are transferred via IM, many bots are controlled by IRC channels.
* Confidentiality of information: The information transferred via IM can be exposed at different points during the communication. Messages generally pass through networks and servers that are not under our control. The vast majority of mi offer shared folders and that remain open once the session ends, this exposes documents that can affect the privacy of a company. They externally allow the attack of networks and increase the volume of data slowing down performance. Denial of Services. Application vulnerabilities, these types of processes can compromise other programs. They can generate errors when updating a system, update errors.

Mobile messaging can in turn present significant risks associated with computers based on that technology. Devices such as IM-capable cell phones often do not possess password protection or encryption of locally stored data. It is difficult to deploy an application that rejects threats on a mobile computer. The nature of mobile devices makes it difficult to implement security services during the use of computer messaging.

Among the most important applications in IM we can mention, AOL® instant messenger, Gaim®, ICQ®, Jabber®, Lotus Sametime®, Live Messenger®, Google Talk®, Trillian®, Yahoo! Messenger®.

Among the communication protocols we can mention: IRC, MSNP, OSCAR, SIMPLE, XMPP and YMSG.

How to protect against IM vulnerabilities and unauthorized use.
* Establish policies for an acceptable use of IM, ensuring that users know the scope of the risks.
* Set passwords and encryption to mobile products.
* The possibility of unrestricted installations should be restricted, only an administrator with privileges can do it.
* Ensure that update patches are deployed.
* Use antivirus and anti-spyware products with proactive detection.
* Use proxies for instant messaging management. In this way it ensures the communication route.
* Implement secure communication paths, i.e. known users only, (in the case of a company).
* Install products designed for IM protection specifically.
* Block public access.
* Use intrusion or detection monitors.
* Set other communication ports than standards.
* Educate users how to share files and techniques to erase data after a session.
* Use access control with password protection, users and levels.

Note: The product and brand names mentioned are registered trademarks and products of their respective companies. Recognition to Sans Org and ZMA Argentina.

If you wish, you can write to the author of this article at [email protected]