About the Sana Labs team

« December 2005 | Main | February 2006 »

January 30, 2006

Rootkit Webcast

Jeremy Pickett and I are giving a webcast on rootkits tomorrow. We will be giving a relatively general introduction to them, followed by a description of Sana's new product Primary Response SafeConnect. This contains our behavior based malware detection and removal technology "Active Malware Defense Technology". SafeConnect is currently in beta.

We will also be showing some information about the malware that we have found (and removed!) from the beta program.

You can sign up from http://www.sanasecurity.com.

Posted by matt at 11:44 PM | Comments (0)

January 24, 2006

Non corporate use of corporate machines

In a recent survey of computer use in Europe , there are some interesting statistics about the lack of perimeter around corporate machines.

21% of workers allow family and friends to access the internet.

51% of workers connect their own gadgets to their computers.

McAfee also identified 4 sterotypical types of employee that put organizations at risk

  • The Security Softie – This group comprises the vast majority of employees. They have a very limited knowledge of security and put their business at risk through using their work computer at home or letting family members surf the internet on their work PC.
  • The Gadget Geek – Those that come to work armed with a variety of devices/gadgets, all of which get plugged into their PC.
  • The Squatter – Those who use the company IT resources in ways they shouldn’t (i.e. by storing content or playing games).
  • The Saboteur – A very small minority of employees. This group will maliciously hack into areas of the IT system to which they shouldn’t have access or infect the network purposely from within

What is often lost in these types of analysis is the business benefits of more freedom, as opposed to the business losses due to security issues. There is often a knee jerk reaction to clamp down, while a bigger picture view might swallow the risk of attack in the face of happier and more productive employees.

See also Bruce Schneier's blog entry on this

Posted by matt at 10:36 AM | Comments (0)

January 05, 2006

Cool tool for packed executables

I have been playing with a cool tool to detect which packer an executable is packed with. It is PEID. It uses signatures to determine which packer has been used, and if there is not a signature, you can add one of your own.

It also does some generic measurements of whether executables are packed.

Posted by matt at 04:49 PM | Comments (0)