Showing posts with label Signature Patterns. Show all posts
Showing posts with label Signature Patterns. Show all posts

February 21, 2018

From Malware To Malevolent People

So in virus protection on the computer, there are 2 common ways antivirus software works:

1) Signature Detection - There are known patterns of viruses and the antivirus software looks for a match against one of these. 

2) Behavior Detection - There are known patterns of normal behavior on the computer, and the antivirus software looks for deviations from this. 

Each has certain weaknesses:

- With signature detection, if there is a zero-day exploit (i.e. a virus that is new and therefore which has no known signature) then it will not be caught by a blacklist of known viruses.

- While with behavior detection, some viruses that are designed to look like normal network or application behavior will not be caught by heuristic/algorithm-based detection methods. 

For defense-in-depth then, we can see why employing a combination of both methods would work best to protect from malware. 

It's interesting that these same techniques for recognizing bad computer actors can be used for identifying bad or dangerous people. 

We can look for known signatures/patterns of evil, abusive, and violent behaviors and identify those people according to their bad actions.

Similarly, we generally know what "normal" looks like (within a range of standard deviations, of course) and people who behave outside those bounds could be considered as potentially dangerous to themselves or others. 

Yes, we can't jump to conclusions with people -- we don't want to misjudge anyone or be overly harsh with them, but at the same time, we are human beings and we have a survival instinct. 

So whether we're dealing with malware or malevolent individuals, looking at patterns of bad actors and significant deviations from the normal are helpful in protecting your data and your person. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

March 21, 2014

Safely Detonate That Malware


I like the potential of the FireEye Malware Protection System (MPS).

Unlike traditional signature-based malware protections like antivirus, firewalls, and intrusion prevention systems (IPS), FireEye is an additional security layer that uses a dynamic Multi-Vector Virtual Execution (MVX) engine to detonate even zero-day attacks from suspicious files, web pages, and email attachments. 

According to Bloomberg Businessweek, Target's implementation of FireEye detected the malware attack on Nov 30, 2013 and it alerted security officials, but allegedly "Target stood by as as 40 million credit card numbers--and 70 million addresses, phone numbers, and other pieces of personal information--gushed out of its mainframes"over two weeks!

In fact, FireEye could've been set to "automatically delete [the] malware as it's detected" without human intervention, but "Target's team apparently "turned that function off."

FireEye works by "creating a parallel computer network on virtual machines," and before data reaches its endpoint, they pass through FireEye's technology.  Here they are "fooled into thinking they're in real computers," and the files can be scanned, and attacks spotted in safe "detonation chambers."

Target may have been way off target in the way they bungled their security breach, but using FireEye properly, it is good to know that attacks like this potentially can be thwarted in the future. ;-)

[Note: this is not an endorsement of any product or vendor]
Share/Save/Bookmark

March 4, 2012

Sniffing Out Cancer

Metabolomx
A few years ago, researchers found that Dogs could actually identify people with cancer at a 99% accuracy rate by simply smelling human's breath. 

One of the problems with this diagnostic method though is that hospitals and doctors offices have not been inclined to house and care for these animals in medical facilities treating people.

Technology to the rescue and this one has no dog in the fight...

The Metabolomx is a computing machine with attached breathing tube that can be rolled over to a patient who breathes into it for just 4 minutes to can get a diagnose on the spot.

This is very different from current methods and is without painful and intrusive tests (such as biopsies) or waiting weeks for lab results to come back and be read by your doctor.  

The machine captures and analyzes the chemistry of the person's exhaled breath in the form of aerosolized molecules and determines it's "smell signature".

According to Bloomberg BusinessWeek (5-11 March 2012), by comparing the sample smell to the biomarkers for cancer, the Metabolomx has already achieved an 80% success rate for detecting lung cancer.

A newer version of the machine is 100 to 1,000 times more sensitive, which should greatly improve accuracy, hopefully hitting at or above 93%, which will make it viable for commercial use.

The Metabolomx is envisioned be able to detect and differentiate between various types of cancer such as lung, breast, colon, and more. 

Moreover, this technology is not limited to just cancer--but other companies such  as Menssana are testing it with tuberculosis and pediatric asthma.  

Further, another benefit of the Metabolonx is that is can not only be used to diagnose cancer, but to signal reduction or elimination of the cancer with various treatments.

I hope the next step for technology like the Metabolomx is to not only detect the cancer, but be able to "zap it" and rid it from our bodies--then we'll have a technology that can really snuff out the cancer.

Share/Save/Bookmark