Cuil? Cool? Kool?

So, we now have a new search engine called ‘Cuil’ and pronounced ‘Cool’. Well a catchy name never tripped up a good product, but an obscure spelling could. That being said, the arrival of Cuil was welcomed in most parts.  The company goes onto explain why it is different from what is out there already:”The search engine goes beyond today’s search techniques of link analysis and traffic ranking to analyse the context of each page and the concepts behind each query”. So, there you have it, a kind of deeper more relevant search.

So what did Google make of it? They seemed quite ‘cool’ about it, however, in a blog entry they did outline that they still felt they had the biggest web index out there. Now, the people behind Cuil do have a good pedigree in this area, being ex Google and IBM people. So, they know what it takes to build a successful search engine. The arrival of Cuil brings with it many questions. The most prosaic of which being, how will they make money (there is no advertising for the moment). They will be on a steep learning curve and the story today of an embarrassing snafu is testament to this.  As to how they will handle the security side of operating a search engine, we will also have to wait and see what they come up with.

August 5, 2008 | Filed Under Technology, Uncategorized | Leave a Comment 

Farewell Neosploit?

The past couple of years has seen a dramatic rise in the sheer number of pieces of malware out there on the internet, hence, associated attacks. One of the contributory factors to the dramatic volume increase in attacks  has been the arrival of ‘do-it-yourself’ infections kits. One of the most infamous of these is Neosploit, but there are many others such as Mpack, IcePack, Cyber Bot, Zunker etc.

Neosploit allowed a budding ‘hacker’ to launch their own exploits  and amass a sizable botnet. There were regular updates and even a user forum. However, the other day, a posting appeared on a Russian web site announcing that the authors of Neosploit were going to retire the product. The translation in effect announced:

 “Unfortunately, supporting our product is no longer possible. We apologize for any inconvenience, but business is business since the amount of time spent on this project does not justify itself.
We tried hard to satisfy our clients’ needs during the last few months, but the support had to end at some point. We were 1.5 years with you and hope that this was a good time for your business.”

So, it seems that the authors of Neosploit just couldn’t make it work from a commercial sense. That  got me to thinking, why? Is it because the cost of them coming up with new exploits is becoming more difficult, hence costly? I do not see any particular evidence as to this. There are other tool-kits out there and many new exploits being developed on-going.

Could it be, that they are being ‘boxed in’ by better security? Well, to be fair on this one, we are finding many more exploits, so this may not be the case. Is it that the market dynamics of the ‘under-ground economy’, ultimately played against them? Well, like every efficient market, there have been new entrants and competitors to Neosploit, who could compete with them on product and price. Therein may well be the answer.

So, farewell Neosploit, but there are other exploit tool-kits out there and no doubt, new ones will make it onto the ‘market’. 

July 31, 2008 | Filed Under Security, Spam, Technology | Leave a Comment 

Testing times!

I read, with some interest, that Trend have decided to withdraw from the Virus Bulletin 100 (VB-100) anti-virus test, here is the article. I also then had my attention drawn that Trend had failed the latest VB-100 tests: their performance on VB-100 has been somewhat ‘mixed’ of late. VB-100 tests aim to assess how security products fare in detecting a set of viruses in the WildList, an up-to-date list of malware samples known to be in circulation.  It numbers circa 700 viruses. Trend stated that the test had become out-dated and no longer reflect the fast changing threats that security products need to counter day-to-day.

Now, Trend’s announcement further highlights the understood requirement within the security industry for a new testing methodologies. We need approaches that will better reflect the complex and dynamic nature of the threats that anti-malware products are trying to counter. Notably, the Anti Malware Testing Standards Organisation (AMTSO), has been created to address this.

Whilst, we can all debate the relative merits of the current tests, Virus Bulletin themselves did comment that their test is not the only way to test anti-malware products, but products should be able to detect items in circulation. Furthermore, VB-100 is a measure of product competence and on-going reliability.

So, we all have to live in an ‘imperfect’ world of testing and expect for better days ahead. I am hopeful that the AMTSO initiative will deliver. But I think it is much better to stay the course - rather than decide to wander off.

 

June 10, 2008 | Filed Under Announcements, Market trends, Security, Technology | Leave a Comment 

UAC: the hero of silent security?

There has been a lot of comment since Microsoft stated at RSA that it set out to make User Access Control (UAC) ‘annoying’.  There seems to be general consensus that they achieved their goal.

UAC is an interesting approach. Interestingly, at the very heart of it, it uses the metaphor of asking a user to make a decision to allow an application to run.  On the face of it, you would think there is nothing wrong in that: or would you? We have seen a veritable avalanche of attacks that are all promulgated on getting a user to ‘click’ on something.  So, people view UAC as irritating and not effective given today’s threat landscape.

Users I talk to, on the whole, tell me one of two things in relation to how they want to interact with security programs: “ can you keep that security stuff out of my face” and/or “you are the expert - you solve it for me”. Now, if you line up UAC against these criteria you can see how it scores well it the ‘annoy’ category.

If I were to take a slightly contrary view, what UAC has helped bring focus to is the latent desire from users for smarter and more silent security products.  In going after this request from users (and as Symantec, this is very much the philosophy and direction we are following with the Norton products), we can also help the on-going battle to reduce the attack surface. So, perversely, the current and new generation of smart, silent security products have much to thank UAC for.

May 16, 2008 | Filed Under Security, Technology | Leave a Comment