Neil MacDonald

Do Macintosh machines need AV?
My answer: Forget the OS. Do users download and install arbitrary code/applications? (don’t forget, this includes browser plug-ins as well). If so, I don’t care if you are running Macintosh, Linux, or Windows the answer is you need protection from malware, including signature-based mechanisms (historically referred to as AV…). Just like [...]

[Read more →]

Symantec recently announced the latest release of its consumer protection technology which includes a new malware technology code-named “Quorum”. Essentially the technology uses visibility (or lack thereof) of behavior of executable code across a community to aid in the determination if a given piece of code is “good” or “bad”. We are working on our [...]

[Read more →]

Mostly for legacy reasons, many of us continue to run users with administrative privileges on their Windows workstations.
Running as standard user reduces exposure to malware by preventing users from updating protected parts of the file system and registry or accessing sensitive Windows operations. An analysis by BeyondTrust showed that 92% of the critical Windows vulnerabilities [...]

[Read more →]

A computing paradigm based on the exchange and execution of arbitrary code is inherently risky.Yet, that’s pretty much the foundation of what we do today with personal computers. Consider that this model is the primary reason we pay billions of dollars to AV vendors to scan our machines for known malicious executable code. Consider that [...]

[Read more →]

I saw today on this website that Microsoft has released the beta offering of its free consumer-oriented antivirus/antispyware protection solution called Microsoft Security Essentials (MSE – previously code-named “Morro”). The offering is available to the first 75,000 visitors to the site starting today. Gartner’s full analysis and advice for clients will be available shortly, but [...]

[Read more →]

I had a conversation with a client last week where their incumbent antivirus provider was trying to charge them separately for antispyware capabilities in addition to their antivirus solution.
Sigh. I thought we put this issue to rest years ago.
In 2005, I wrote ”How to Get Free Anti-spyware (or Antivirus) Protection” so I was a [...]

[Read more →]

Let me summarize my security no-brainers to date:
The first was in reference to a global, industry-wide effort to create a shareable, standards-based application whitelist database built directly from feeds from ISVs.
The second was in reference to the use of whitelisting in the hypervisor/VMM (especially the “parent” or Dom0 partition) layer to prevent the execution of [...]

[Read more →]

I had an interesting discussion with a client this week. They were trying to understand how several recent outbreaks of malware had gotten past their existing defenses.
In reviewing their architecture, it became clear that while they had an established process for patching Windows and Office, they hadn’t yet extended the process up the stack to [...]

[Read more →]

As I have discussed, x86 hardware virtualization creates a new IT platform that must be securely maintained (e.g. patch, configuration and vulnerability management) like any other IT platform we are responsible for. This layer is extremely sensitive as a compromise of this layer puts all of the hosted VMs at risk.
I’ve also discussed the foundational [...]

[Read more →]

My previous post on whitelisting has generated a lot of comments. Buried in the comment stream, I made this statement:
I look forward to the time (hopefully soon) when an industry consortium or worldwide standards effort brings together legitimate ISVs to create a shareable whitelist for all to use.

Whitelisting is foundational to any information security protection [...]

[Read more →]