Tuning up a dual-engine anti virus machine

As data becomes big so it also becomes more complex, we know this.

So-called ‘big data’ and its proximity to complex event processing and extended algorithmic analysis are inherent elements of the IT landscape today.

With big data also comes big trouble, potentially.

As the flow of data-driven “events” increases across an increased number of communication and data exchange channels, a multiplicity of malware dissemination attack vectors now starts to have a greater impact upon users.

If we accept this state-of-the-data-nation to be true, then what can we do at the back office level to ensure that we tighten security controls to the nth degree?

In other words, what can software developers do to help?

Commercial anti-virus suites come in many forms at the consumer and SMB/enterprise level. Originally developed by Sunbelt Software, the Vipre (pronounced “vi-per”) anti-malware set of tools now resides in new reptilarium looked after by the head keepers at GFI Software, who have just released version 5.0 into the world.

GFI’s Dodi Glenn, Vipre consumer, SDK and OEM product manager and Vipre enterprise product manager Jason Chronowitz spoke to the Computer Weekly Developer Network blog to explain more.

“It’s a blended threat landscape today with social engineering techniques being used to compromise users — even Google images (other similar sites) can harbour malicious links via a redirect. Search Engine Poisoning is also going on here,” said Glenn.

Technical Note: Search Engine Poisoning attacks work to manipulate search results with links to malware. Techniques here include complete website takeover, using the search’s “sponsored links” channel and/or injecting HTML code.

But GFI has an interesting level of openness on its web-based Malware Protection Centre. Its Software Development Kit (SDK) installation options open up the opportunity for developers to work close to the coalface of its technology.

“We provide a Vipre service interface if a company wants to do some preliminary analysis of data. This scenario could come into play if a company wanted to run a dual-engine environment where more than one anti-virus suite is used — and this might be needed by a security specialist company themselves, rather than a bank or other end-user customer for example,” said Glenn.

The software engineering team then gets to “look under the hood” to see what product (or products) actually does; and this may mean that eventually the second (least effective) engine is dropped. Glenn and Chronowitz predictably point to what they claim to be Vipre’s healthy positioning on the RAP score malware-scale.

“If you look at our sample flows, we have 500,000 samples every day and it’s just not possible to analyse all these samples from a human perspective, so a lot of it is automated. The GFI Sandbox is a digital behavioural analysis system to look at code behaviour once it becomes active in a user’s system. It doesn’t even need to be active in RAM, we also look at archive-based files; so as soon the data is dropped onto disk, we want to keep track of the file and see where it sits on the server,” said Chronowitz.

“Since the beginning of VIPRE, we highlight performance and ease of use. If you look at the SDK we provide, we have great documentation to support this and this theme is carried through throughout our product set,” he added.

Whether GFI’s approach could lead us towards safer technology futures may be too much to say. The fact that the company works at a level to open up its SDK up in this way should surely be a positive though.

Is this akin to a restaurant cooking with a wide-open kitchen hatch so that diners can see all the ingredients used in this mix? It might just be so… Food for thought then? Ouch! Sorry 🙂

Enhanced by Zemanta