Call for Papers
AAA  AAA 

Archive for 'Anti-Virus'

Stuxnet Panel Afterthoughts

I hope you had a chance to listen in to the Industrial Defender sponsored webinar on Tuesday. If not click on this link to hear Patrick Miller, Eric Byres, Andrew Ginter, Mark Zanotti and myself opine on the subject.
I think the webinar had a great overview on Stuxnet from Patrick Miller and some additional detail [...]

Stuxnet Panel Discussion

On Tuesday I’ll be participating in a panel discussion / webinar on the Stuxnet worm. Industrial Defender is organizing it, and there is still time to register. I’ll post a replay link when it is available as well.
It should be an interesting discussion with Patrick Miller moderating and Eric Byres, Andrew Ginter, myself and Mark [...]

Learning from the Stuxnet/WinCC Malware

SCADA-targeted malware was inevitable and I suspect, despite the fact that it took this long to happen, that we haven’t seen the last of it. There’s a forest and trees lesson here that I hope we learn through this. Before we get too carried away on a specific vulnerability and throwing stones at software vendors, [...]

Anti-Virus Poll Results

We had a poll up this week on the future of anti-virus in control systems, and we will keep it open through this weekend. The results are interesting.
The clear result is the respondents don’t expect current Symantec/McAfee type anti-virus to go away or be replaced anytime soon. 61% indicated that anti-virus will continue to be [...]

Anti Virus Poll

A recent blog entry on a McAfee dat file update problem mentioned the growing realization by security professionals that anti-virus can be easily evaded. Many anti-virus suppliers also have a nasty legacy code base with update timetables that allow for limited QA.
While it seems like heresy to say don’t use anti-virus, even if other malware [...]

Real World Example of Why to Stagger AV Updates

Updating anti-virus signatures is important, and we have yet to see an owner/operator consistently and effectively apply the updates manually. So most are now pushing the signature updates out on a periodic and automated basis. [Note the automation is typically restricted to signature updates not to engine updates which cause problems and reboots more often]
Signature [...]

S4 Preview: An Analysis of White Listing Security Solutions and Their Applicability In Control Systems

I will be previewing some of the papers and presentations in this year’s S4 over the next few weeks.
Digital Bond’s 4th Annual SCADA Security Scientific Symposium [S4] is being held January 20 – 21 in warm and sunny Miami Beach. S4 is a bleeding edge research event where technical papers are presented in detail to [...]

NERC CIP and Application Whitelisting Redux

My recent blog post on application whitelisting, and specifically the Bouncer solution, sparked a lot of offline discussion. One of those conversations was with someone who has a significant stake in NERC CIP and agreed to let me post his comments. I try not to get too involved in hair-splitting discussions about standards compliance but [...]

Conficker beFUDdlement

I’ll start off by saying don’t believe all the FUD that’s been going around, we all know how many members of the media area when they get hold of a story, especially one that can have a date in the future to speculate on.
That said, there are definitely some interesting things going on with the [...]

Finding The Fox In The Hen House – Practical Tips

Let’s face it, no matter how hard we try, or how elaborate the defense, sometimes the fox gets in the hen house (Or sometimes it just eats at McDonald’s). When I was in college taking a computer systems design course my professor stated that computer technology is invented in fits and starts. For [...]