Wednesday, August 24, 2011

The Malware Race and Honeypots

Google just released a report on malware that follows by a week another report by NSS Labs, an independent security testing organization. NSS had given Explorer 9 high marks for stopping socially engineered malware. this is malware that entices a user to download it in the mistaken belief that it is a security software update, or something similar.

Google agreed that Explorer is effective in detecting such software but did point out that it comprises only 2% of the malware out there. One might counter that it's growing, though.

A value in the report is an assessment of several of the conventional defences against the more common types of malware.  They said that a much more common form of malware is that of drive-by malware, which exploits known vulnerabilities in browsers to surreptitiously download malware when the browser passes by.

Conventional defences are various forms of honeypot, which are digital lures away from the real system. These are widely used but Google says not effective in themselves. They say that a combination of defences is the most effective.

For an interesting writeup on these reports, click this reference.

No comments: