1/6/05

Malware -- the threat is real (Updated)

A friend was spending part of his day last week cleaning up malware (adware, spyware) from a home computers, including his business computer in his home office. (Search for "spyware review" will turn up a lot of sites including this review in PC Magazine. Friday, he IMed me the following:
Remember I told you I was battling spyware and the like? Well, my debit card was denied yesterday. I checked the bank statement on-line and found an unexplained charge for over $1K from [name1 omitted]. Turns out I made a legit purchase from [name2 omitted] for $100 and some trojan program tagged along and xferred over $1K to someone else's account at [name1 omitted]. They tagged it as suspicious and blocked further withdrawals. I talked to them and they will refund (and I hope will prosecute).
Now, this wasn't your average spyware... or was it? It did what any spyware/adware/malware can do. It just did something illegal.

Yesterday (12Dec04), Marcus Ranum posted the following in the firewall-wizards list.
... What is the cost of enumerating viruses and malware and running antivirus software ($19/year/desktop...) versus the cost of telling the system exactly what code you want to allow to run. (Hmmm, let's see - I could define my desktop computer's "allow" list in 3 seconds: Eudora, Opera, Photoshop, Powerpoint, Word, and directory toolkit) The obvious answer is "default deny" rather than "default permit and block/enumerate all evil."

Good idea. Where can I (average consumer) buy it? And will any average consumer want to run it?
On the list, Marcus suggested:
There are a few products out that do this. Citadel has a pretty cool package ( SecurePC) that's designed for kiosk applications. I've considered using it as a lock down tool for my laptop but the tool is a bit more "enterprisy" than I need. I think it's designed for locking down ATMs and stuff like that from a central point. What I want is something that has a ZoneAlarm-like "smart interface" that lets me reverse-engineer a policy over time.
I agree, it is overkill. Another friend and colleague, Jon McCown, pointed me to Prevx (neither Jon nor I work for them). Looks worth a field test. It works on XP and 2000. See http://www.prevx.com/prevxhome.asp.


A reader sent me a Google-discovered link to http://force.coresecurity.com/. It is in a beta-test period, apparently. The screenshots indicate program-level control (what can execute) as well as authorization (what that program may do). It may also be worth a look.


And today in a newsfeed this article mentioned another product with a free version, AntiHook 2.0. Lots to check out...


Okay, enough already! Marcus sent a pointer to FreezeX. Where have all of these been? Where have I been? :-)


A friend tested PrevX on his home computers. He wrote:
It is very happy (and effective) on my wife's Win2K computer. The kids go "various places" on it an tend to pick up barnacles, which seem to have a much tougher time now. I passworded the PrevX console so they can't just click "shoot me" as easily. And the best news was that it didn't break anything. :-)

No comments: