Security players form alliance to tackle malware

AVG & other AV experts join forces to develop industry standards & best practices to keep consumers protected online

by Michael Smith (Veshengro)

IEEE's Industry Connections Security Group aims to formalize sharing of malware data among security players, while an analyst warns its focus may be too narrow.

A new security alliance has been established to formalize information sharing on security protection and develop industry standards and best practices.

The Industry Connections Security Group (ICSG) is parked under the IEEE Standards Association and includes mostly security heavyweights and antivirus players. The founding members are AVG Technologies, McAfee, Microsoft, Sophos, Symantec and Trend Micro.

Announcing the group in a blog post on Monday, Mark Harris, vice president of SophosLabs, said security researchers had a tradition of sharing virus samples, but that the sharing arrangements are often "based on individual relationships rather than formal agreements".

The formation of the group makes for a "more organized" security industry in the current landscape, where attacks are increasingly structured and malware samples grow at "astonishing rates", Harris said.

The ICSG currently has a malware working group but intends to add other working groups over time.

According to a presentation document dated 20 July, the group aims to improve the efficiency of collection and processing of the millions of malware file samples handled by security vendors each month by focusing on an XML-based metadata sharing standard. The standard is expected to undergo ratification by the end of this month.

Graham Titterington, principal analyst at Ovum, noted that the announcement of the group was both interesting and confusing. The rationale for the new alliance was the need for a more comprehensive approach to countering malware writers, but the focus of the group appears to be limited, he said.

"The group addresses all aspects of malware and its membership includes most of the main antimalware vendors – Kaspersky being the most notable absentee – and so the ICSG represents progress on countering the so-called 'blended threats'," he said.

"However, it does not seem to be taking the battle to the criminals or probing the criminals' business networks. The focus is on setting up the infrastructure and protocols to allow rapid information sharing on threats and making the day-to-day operation of the members more efficient."

Titterington added: "I would have expected a body affiliated with the IEEE to be putting more emphasis on the development of improved methods for disrupting criminal activity and on new ways of protecting users."

The problem with all of this still does not and never can address the real problem in the equation and that is called “stupidity”.

Too many users fall prey to their own stupidity by replying to certain emails or by opening things they should know better not to.

Many users have first of all no idea that they need AV and other anti-malware software and the most important thing is that most do not understand that their protection – if they have it – is only as good as the latest update.

“Update? What you mean update”, I get from many people, showing that they have no understanding that they need to update their AV and anti-malware software. Help!

Also, too many people think that (1) they cannot afford AV and anti-malware software and (2) because they think that only bought proprietary software will perform.

Both of those fears are, obviously, unfounded and for the ordinary user and the SOHO and SME, free versions of, say, AVG and others are more than adequate and in many instances it has been shown that the free versions outperform expensive, paid-for software.

The important thing, as mentioned before, is to keep any such software updated for your protection is only as good as the latest update.

Although many such software use heuristic systems to recognize patterns in an attempt to catch the “zero-day” attacks this may not always be successful and hence one should try to update with the latest signatures several times a day ideally.

The biggest problem as to infections of computers and networks are users that do not use their brains. Why would anyone want to click on a link to that says, for instance “see Brittney Spears' naked pictures” or that claims that something is breaking news such as “war with Russia declared” when there has been nothing about that on the radio, for instance.

The user often is the weakest link.

© 2009