Educational

Speaking at the Virus Bulletin Conference 2020: ‘One year later: Challenges for young anti-malware products today’

Source: https://vblocalhost.com/presentations/one-year-later-challenges-for-young-anti-malware-products-today/ A year ago, at VB2019 we presented for the first time an overview of how the anti-malware world looks from the perspective of a young company trying to enter the market: how they try to build products, how they try to enter the market, how they try to convert users, and what challenges they face in these activities. In this new paper we will present an overview of the situation for such a company after one year of experience. We will look at the situation from several angles: that of the consulting company helping them to build the product and enter the market that of working with certification companies regularly, checking the products for detection and performance that of working with Microsoft to make the company compliant and keep them compliant One year later, many still have a hard time understanding that the security market is no longer the Wild Wild West, but we also see that a lot of visible efforts are being made to improve. This means that compliance with ‘clean software’ regulations is becoming an issue. We will present some interesting statistics and compare data from the past with current data. The young companies still…

Read More

The Ultimate Parent Guide for Protecting Your Child on the Internet Series

You can see in the next 8 weeks a post per week about this topic. The short versions of these posts will be published here (from the RSS feed). The full version will always be on Improve-your-security.org Start reading here: The Ultimate Parent Guide for Protecting Your Child on the Internet Series   Happy reading and try to apply some of these.    


Microsoft Updates Guideline on Windows Driver Security

Microsoft has released an updated guide on driver security. This new guide offers advice that developers could use to ensure Windows drivers are secured against basic attacks and preventable flaws.   Driver Security Guidance This section contains information on enhancing driver security. In this section Topic Description Driver security checklist This topic provides a driver security checklist for driver developers. Threat modeling for drivers Driver writers and architects should make threat modeling an integral part of the design process for any driver. This topic provides guidelines for creating threat models for drivers. Windows security model for driver developers This topic describes how the Windows security model applies to drivers and explains what driver writers must do to improve the security of their devices. Use the Device Guard Readiness Tool to evaluate HVCI driver compatibility This topic describes how to use the tool to evaluate the ability of a driver to run in a Hypervisor-protected Code Integrity (HVCI) environment.   The nice part is that all this is also available as PDF. I am starting to like these new initiatives from Microsoft. I wrote that they are taking a clear stance on PUA and now I see that they are actually…


How to block the Skype Ads

Since Microsoft took over Skype, only bad things are happening. Really, I hate Skype since they started to get their orders from Redmond. 🙁 Once of the nerving things are the ads. Yes, these:       Here is how to get rid of it: Open Control Panel, go to Network and Internet Options. If you’re in Win10, goto Settings -> Internet Options It looks like this: Then click on “Security” and select “Restricted Sites”: Then click on “Sites” and you will see this window popping up. Add there this URL: https://apps.skype.com/   Close the window and restart Skype.   The ads are gooone! PS: the arrow and the smiley are from me 😉  


Love statistics? Read here what went wrong with the USA presidential election polls

Source: http://stats.stackexchange.com/questions/245063/us-election-results-2016-what-went-wrong-with-prediction-models   Original question: First it was Brexit, now the US election. Many model predictions were off by a wide margin, and are there lessons to be learned here? As late as 4 pm PST yesterday (n.b. on 08.11), the betting markets were still favoring Hillary 4 to 1. I take it that the betting markets, with real money on the line, should act as an ensemble of all the available prediction models out there. So it’s not far-fetched to say these models didn’t do a very good job. I saw one explanation was voters were unwilling to identify themselves as Trump supporters. How could a model incorporate effects like that? One macro explanation I read is the rise of populism. The question then is how could a statistical model capture a macro trend like that? https://www.foreignaffairs.com/articles/2016-10-17/power-populism Are these prediction models out there putting too much weight on data from polls and sentiment, not enough from where the country is standing in a 100 year view? I am quoting a friend’s comments. Even if a different response won, I like these two more: The USC/LA Times poll has some accurate numbers. They predicted Trump to be in the lead….


Annoying Internet Ads: An Open Letter To Digital Marketers Everywhere

I gave a nice interview to MICHAEL O’DWYER for IPSwitch and he wrote the following article: Annoying Internet Ads: An Open Letter To Digital Marketers Everywhere “Ads consume bandwidth, especially those delivered as Flash or code. If you’re on a mobile device, with a small screen, the ads will also cover a good portion of the screen, thus making it difficult or even impossible to see the desired content you want to see,” says Sorin Mustaca, CSSLP, Security+, Project+, an independent IT security consultant. “[Over] the last 3 years, we hear[d] more and more about malvertising — the delivery of malicious software instead of ads, or in parallel with ads,” adds Mustaca. Read the entire article using the link above.   What can be done? Certainly, the solution is not to remove ads completely. They finance a large part of the free Internet. Make them not so intrusive anymore. Make them smart and useful – make them related to the content you’re reading. How? On this site and especially on www.ITSecurityNews.info I use Adsense through Google’s own WordPress plugin for Adsense. It inserts up to 3 dynamic ads on a page and if there is the danger of having too many ads…


What’s the deal with a PhD?

I found long time ago this animated GIF on the Internet and now I managed to download it. I don’t know who created it, so I can’t give credit to anyone. Why I post this here? Because it matters and because it is exactly my experience which I like to share. Not many know, but I have been part of the PhD program of the Politehnica University Bucharest in Romania for 5 years, immediately after graduating the same university’s Computer Science faculty (field: Software Engineering). My diploma was related to Distributed Systems as well, namely about how to use CORBA to write software for distributed systems. It took me 5 years to go through because I had to do it in my spare time. I was working all this time and then I left Romania to move to Germany and work for Avira. The field I chose was Distributed Systems and my thesis was supposed to be “Distributed Malware and Spam detection using a Reputation system”. It might not sound very cool now, but  remember, this was between 1997-2002 (university) and 2002-2007 (Phd)!   So, why did I not finish it despite the fact that I wrote most of the dissertation and…


Web Services: SOAP vs REST

There is a permanent discussion going on and I have seen quite a lot of answers. SOAP (Simple Object Access Protocol) vs. REST (Representational State Transfer) Which one to use and when? Let’s see first the main characteristics of both: S.No SOAP REST 1. SOAP stands for Simple Object Access Protocol. REST stands for Representational State Transfer. 2. SOAP is a protocol. It defines some standards that should be followed strictly. REST is an architectural style. It doesn’t define so many standards like SOAP. 3. SOAP is highly secure as it defines its own security. REST inherits security measures from the underlying transport(SSL, TLS). 4. SOAP message request is processed slower as compared to REST. REST message request is processed faster as compared to SOAP. 5. SOAP supports only XML data format. REST supports data formats like plain text, XML, HTML, JSON, etc. 6. SOAP is not very easy to implement. You need to call methods in an API. REST is easier to implement. You need to call paths on a server (usually). 7. SOAP requires more bandwidth and resources. REST requires less bandwidth and resources. 8. In java SOAP web services are implemented using JAX-WS API. In java RESTful web…


Do you actually need a security product in your car? Part 3 : Intrusion Prevention and Detection Systems

I ended part 2 with the promise that we will discuss about : 2) Intrusion detection and prevention systems (IDS/IPS or IDPS) From Wikipedia: Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address.   IDPS for cars? Once inside, an attacker can utilize the vehicle’s internal communication bus and take control of additional modules inside the vehicle, including safety critical systems like the ABS and Engine Electronic Control Units (ECUs). Therefore, there is no “trusted device” anymore. Everything has to be assumed to be compromised. The…


Cybersecurity vs. Information Security (infosec)

Somebody asked me why do I have in my LinkedIn profile “IT Security Expert” and in my company website www.mustaca.com “Sorin Mustaca Cybersecurity”. In order to answer that, I need to clarify the difference between Cybersecurity and Information Security (infosec). I googled a bit because I don’t have too much time and I did find something which is closest to my opinion. See Sources for a list.   Information security (or “InfoSec”) is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical). The CIA triad of confidentiality, integrity, and availability is at the heart of information security. The members of the classic InfoSec triad — confidentiality, integrity and availability — are interchangeably referred to in the literature as security attributes, properties, security goals, fundamental aspects, information criteria, critical information characteristics and basic building blocks. There is continuous debate about extending this classic trio. Other principles such as Accountability have sometimes been proposed for addition and it has been pointed out in various sources that issues such as Non-Repudiation do not fit well within the three core concepts. Well, no…


%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close