Posted  by 

Military Grade Antivirus Software

The Failure of Anti-Virus Companies to Catch Military Malware

Mikko Hypponen of F-Secure attempts to explain why anti-virus companies didn't catch Stuxnet, DuQu, and Flame:

When we went digging through our archive for related samples of malware, we were surprised to find that we already had samples of Flame, dating back to 2010 and 2011, that we were unaware we possessed. They had come through automated reporting mechanisms, but had never been flagged by the system as something we should examine closely. Researchers at other antivirus firms have found evidence that they received samples of the malware even earlier than this, indicating that the malware was older than 2010.

What this means is that all of us had missed detecting this malware for two years, or more. That’s a spectacular failure for our company, and for the antivirus industry in general.

AES is an encryption standard used and approved worldwide by governments, cybersecurity experts, and cryptography enthusiasts. NordVPN uses AES with 256-bit keys, which is recommended by the NSA for securing classified information, including the TOP SECRET level. How secure is AES? No known practical attack can break this encryption. Therefore, the Department of Defense offers free antivirus licenses to all Military Personnel to be installed on their home PCs. The Defense Information Systems Agency (DISA) has licensed free anti-spyware software for all government employees and armed forces.

  1. Kevin. June 19, 2012 7:52 AM. Also, American anti-virus companies are forbidden to do business with Iran. That knocks out the two industry leaders, Symantec and McAfee, so Iran was probably not running enterprise-grade security software with behavioral analysis that could identify and neutralize 0.
  2. Traditional antivirus software is useless against military malware. Signature-based antivirus software won't protect you when a virus is new, before the signature is added to the detection.
  3. Lightweight Portable Security (LPS) is a simple Linux-based Live CD which can be booted from just about any Intel-based computer (PC or Mac) via either a CD or USB flash drive. It includes Firefox.
  4. ENTERPRISE SOFTWARE. Enterprise antivirus software is available for download via the DOD Patch Repository website. McAfee VirusScan Enterprise; SIGNATURE UPDATES. In order to ensure the effectiveness of the antivirus software, you must keep your signature files - which identify characteristic patterns of viruses - up to date.

It wasn’t the first time this has happened, either. Stuxnet went undetected for more than a year after it was unleashed in the wild, and was only discovered after an antivirus firm in Belarus was called in to look at machines in Iran that were having problems. When researchers dug back through their archives for anything similar to Stuxnet, they found that a zero-day exploit that was used in Stuxnet had been used before with another piece of malware, but had never been noticed at the time. A related malware called DuQu also went undetected by antivirus firms for over a year.

Stuxnet, Duqu and Flame are not normal, everyday malware, of course. All three of them were most likely developed by a Western intelligence agency as part of covert operations that weren’t meant to be discovered.

His conclusion is simply that the attackers -- in this case, military intelligence agencies -- are simply better than commercial-grade anti-virus programs.

The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well-resourced nation-states with bulging budgets. They can protect you against run-of-the-mill malware: banking trojans, keystroke loggers and e-mail worms. But targeted attacks like these go to great lengths to avoid antivirus products on purpose. And the zero-day exploits used in these attacks are unknown to antivirus companies by definition. As far as we can tell, before releasing their malicious codes to attack victims, the attackers tested them against all of the relevant antivirus products on the market to make sure that the malware wouldn’t be detected. They have unlimited time to perfect their attacks. It’s not a fair war between the attackers and the defenders when the attackers have access to our weapons.

We really should have been able to do better. But we didn’t. We were out of our league, in our own game. Workshop technology notes.

I don't buy this. It isn't just the military that tests its malware against commercial defense products; criminals do it, too. Virus and worm writers do it. Spam writers do it. This is the never-ending arms race between attacker and defender, and it's been going on for decades. Probably the people who wrote Flame had a larger budget than a large-scale criminal organization, but their evasive techniques weren't magically better. Note that F-Secure and others had samples of Flame; they just didn't do anything about them.

I think the difference has more to do with the ways in which these military malware programs spread. That is, slowly and stealthily. It was never a priority to understand -- and then write signatures to detect -- the Flame samples because they were never considered a problem. Maybe they were classified as a one-off. Or as an anomaly. I don't know, but it seems clear that conventional non-military malware writers who want to evade detection should adopt the propagation techniques of Flame, Stuxnet, and DuQu.

EDITED TO ADD (6/23): F-Secure responded. Unfortunately, it's not a very substantive response. It's a pity; I think there's an interesting discussion to be had about why the anti-virus companies all missed Flame for so long.

Posted on June 19, 2012 at 7:11 AM • 59 Comments

Then click the “Start” button / Windows logo. Select the “Control Panel” option. Quarkxpress 10 free download for windows 7. Click the Add or Remove Programs icon. Complete the Uninstall process by clicking on “YES” button. Select “QuarkXPress” from apps that displayed, then click “Remove/Uninstall.”.

Take the time to equip your own PC with an antivirus package, firewall, maybe a specialist spyware removal tool, and you can be reasonably sure that you'll be safe online.

If you ever need to access the web via someone else's system, though, it's a very different story.

Internet cafe PCs, for instance, are sometimes targeted by criminals, who install spyware on them to capture your personal information.

Even if you completely trust the PC's owner, if they've been at all lax in their security then it's possible the system has been infected by malware, which again may be able to steal your logons and other personal details.

And if nothing else, your internet activities may leave traces which will let others who use the system know what you've been doing.

You're not alone, though. These are common concerns for just about everyone who travels regularly, particularly those who really do need to maintain their security. It's a particular worry for the US military, but fortunately they've developed a solution which can help - and it's available to everyone.

Protect your privacy

Lightweight Portable Security (LPS) is a simple Linux-based Live CD which can be booted from just about any Intel-based computer (PC or Mac) via either a CD or USB flash drive. It includes Firefox, a PDF viewer, Java and more, everything you need to get online via wired or wireless network connections.

The big advantage here is that you're booting from LPS, avoiding any malware or other nasties which might be infesting the host system: they won't be running and so can't harm you.

But a privacy plus point is that LPS never actually writes anything to a host drive, which means you can't leave any traces of your activities for others to find.

As a bonus, if you run into any malware yourself then it can only run within the current session. Reboot and it'll be gone.

And best of all, it's staggeringly easy to use.

First, download the LPS-Public ISO image file from the public home page.

Next, burn it to a CD. (If you don't have a disc burning tool which can handle this, the free ImgBurn will be able to help.)

You'd like to boot from a USB flash drive, instead? Connect it to your PC, browse the CD in Explorer, and run the InstallToUSBUABInstall.bat file.

And that's it, you're ready to go. Just boot from the disc or Flash drive to see how it works.

Don't be worried if you've never used Linux before, LPS pops up with a GUI which bears a strong resemblance to Windows XP; you boot into a simple desktop, a Firefox shortcut is waiting for your double-click, and a Start button leads you to a basic menu if you need to go further.

As long as the computer can get online via a network connection, then, you'll almost certainly be browsing within seconds, without even having to check the documentation. Security doesn't come much easier than this.

----------------------------------------------------------------------------------------------------

Liked this? Then check out 14 must-have security apps

Sign up for TechRadar's free Week in Tech newsletter
Get the hottest tech stories of the week, plus the most popular reviews delivered straight to your inbox. Sign up at http://www.techradar.com/register

Military Grade Security Software

Follow TechRadar on Twitter * Find us on Facebook