Panda Security

You are currently browsing articles tagged Panda Security.

Beslutsfattardagen on the 6th of October

September 21, 2009 in work by Daniel Nyström | No comments

Beslutsfattardagen

I’m the first speaker in the security track on Beslutsfattardagen (in english, something like “Decision maker day”) in Sundsvall on the 6th of October.

I’m going to talk some about the situation that we’re facing today with maicious code and more about our cloud based solutions that aim to solve it.

I have an extremely tight schedule for that week and I’ll go directly from Sundsvall to Malmö in order to attend Panda Security Days that starts there the next day. I have something like 20 minutes between connecting planes on my way there… last time I was in that situation I had to spend a night in Madrid ;) but it would be extremely weird if that happened now, hehe.

Day after that, on the 8th, we’ll go to Gothenburg and finish off in Stockholm on the 9th.

I’ll post some more info on Panda Security Days soon… a bit too tired atm.

Tags: , ,

IT-SecurityWorld & Panda Security Days in .FI

February 4, 2009 in work by Daniel Nyström | 2 comments

Panda Security/work related post. This is a personal blog but from time to time I’m posting things that may relate to my employer. More info, read “About this blog”.
Panda Security - www.pandasecurity.com - www.pcm.se
Tomorrow afternoon I’m holding a shorter live demo on MalwareRadar (a corporate scan-in-the-cloud service from Panda) at IT-SecurityWorld in Kista, Stockholm tomorrow, and I’m going to be there for the whole day. Come by and say hi if you’re attending.

My colleagues Sebastian Zabala and Rickard Uddenberg are also going to make appearances during the day and we’ve coordinated our efforts under the phrases “Antivirus, is it really an effective protection?” and “We don’t trust antivirus, do you?”. It’s going to be fun, heh.

I’m also going to Finland next week to participate in the “Panda Security Days” over there, and I’ll be staying in Tampere for two days. This will also be a good opportunity to handle some administrative issues on-site in our Finnish office, so double niceness. The only downside to this trip apart from having to be away from home is that I’ll miss the next “Pirate” meeting here in Stockholm, but I’ll catch up through our blog (Swedish) and Skype channels.

Cheers,

Tags: , , , , ,

PCI DSS: What’s in the cloud?

November 4, 2008 in malware, security, work by Daniel Nyström | 1 comment

Warning: Panda Security/work related post. This is a personal blog but from time to time I’m posting things that may relate to my employer. Read “About this blog”.

tricky ™ on Flickr - http://flickr.com/photos/sovietuk/
Photo: tricky ™ on Flickr.

Found an interesting article by Martin McKeay through “Security Bloggers Network” which discusses PCI compliance and the implications of hosting applications and data in the cloud.

He boils everything down to one simple point; If you store/transmit/handle cardholder data in a service provider’s network, that network becomes part of the cardholder data environment and needs to be PCI compliant:

“So I made several comments on the post, most of which boil down to referencing PCI requirement 12.8: If you’re sharing cardholder information, i.e. credit card numbers, with a third party service provider, you need to have a clause in your contract that makes the service provider responsible for the PCI compliance of their systems. With the example given, Amazon’s EC2, the chances of getting such a clause in your contract are almost non-existent.”

A subject similar to this has been of interest for me before as Panda MalwareRadar is a cloud service where files deemed interesting are ‘fingerprinted’. Those fingerprints are then communicated to our Collective Intelligence servers in order to be analyzed deeper. For more info on CI, see this whitepaper by Panda Research.

In other words no complete files ever leave the client’s network, but some clients that are in the process of becoming PCI compliant are unsure of what implications services such as this might have. Their general feeling is that they aren’t 100% comfortable handing out fingerprints of possibly malicious processes or files, as it might (theoretically at least) be a false positive. This will lead to unforeseen information disclosure to a third party (PandaLabs and CI servers). We also do inventory of the current patchstatus with the same tool and the same thing goes for that.

I trust our systems with the information gathered, but I understand their position as well as they have to be able to prove compliance. But is there any need to worry?

It all seems to come down to two questions; “Can you trust your security vendor?” and “What requirements in PCI DSS might be implicated by this type of services?”.

Personally I think that some level of trust must exist between a security vendor and their customers so for me the answer to the first one is Yes. Many security products and services are placed in such sensitive locations that it would be impossible to use them otherwise (not only talking about anti-malware here).

I’m unsure about the second one though and would appreciate any comments on this. From what I’ve been able to find information on, there really shouldn’t be any problems. The one thing that might be troubling is the patchstatus information, but the information sent can be anonymized to not include data such as computernames or IP-adresses so that you only get an overview of the current situation (same goes for the malware detections).

Any PCI DSS experts that feel like commenting on what their experiences are with Collective- or Herd-intelligence technologies and services such as this?

EDITED TO ADD: Mike at Aegenis comments below and recommends reading his follow-up post.

Tags: , , , ,

Q.P. – On my way to Luleå…

October 23, 2008 in personal by Daniel Nyström | No comments

… in the north of Sweden to hold some seminars. As I guessed in a previous post this week has been hard so far and it’s not going to get better. I’ve got a splitting headache that I think comes from not sleeping more than 4 hours a day for the past four days. I’m gonna have to straighten that up by going to bed early tonight.

Tomorrow I’m going to try and write a summary of the second “Internetdagarna ‘08″ day, but if there’s no time or energy I’m going to finish it during the weekend.

My Aspire One (8GB SSD/Linux) is still working fine, but my colleagues Windows variant has been in on guarantee service _two times_ since he bought it. What conclusions can you make from that? ;)

Tags: , , , ,

My comments on Secunia’s exploit testing

October 20, 2008 in security, work by Daniel Nyström | No comments

Warning: Panda Security/work related post. This is a personal blog but from time to time I’m posting things may realte to my employer. Read “About this blog”.

EricGjerde on Flickr - http://flickr.com/photos/origomi/
Photo: EricGjerde on Flickr.

Weren’t going to comment on this really, but after reading up on all the different posts on the issue I’m feeling that some things are being missed. Specially if looking at Secunias CTOs (Thomas Kristensen) last blog post.

What I’m reacting to are these comments:

Our point is not that Internet Security Suites are useless (they are quite useful for most users). Instead, our point is that they protect insufficiently against hackers and that it is better to prevent attacks by patching rather than relying on other security measures alone.

When have we (the anti-malware vendors) said that our users do not need to patch? Sure we have protections that will catch things pro-actively, but that is meant for 0-day exploits etc. and is not meant as replacement for patches.

Also, our products (Panda Securitys) for home-users will scream bloody murder with annoying (but configurable) pop-ups if you do not have all MS patches installed. And I know that other vendors do this as well. Our corporate products also contain MalwareRadar which by default (not configurable) does inventory of installed patches and includes it in the report.

Next comment from Secunias CTO:

In my opinion it would serve the security industry well if AV-vendors would admit that the security provided by their products rely on a reasonably updated and well administrated system. If they really could protect systems without patches, then I’m quite confident that software vendors would stop making patches and instead provide these fabulous security solutions themselves.

Again, who said we do not need patches? Let me translate this to what I’m actually reading (my parody below):

In my opinion it would serve you guys in the anti-malware business good if you could tone down the “we take all proactively”-attitude so that we could make some money out of helping people see what needs to be patched. Also, plz be quick or Microsoft will start pushing this attitude as well and then I’m pretty much screwed.

But a bit more seriously. This is a publicity stunt and there’s no point in discussing it further. A company that publishes a report promoting their solution to a problem that has been incorrectly researched.

And when it comes to the test itself I think the other commentators have been too nice.

The methods used for testing illustrates great lack of knowledge on how to test client security solutions these days, and the worst thing is that I think they knew it. I can’t imagine the testers at Secunia being so stupid, when they’ve shown such skill before, that they didn’t realise that their methodology was flawed.

I mean, testing by scanning a bunch of exploit files? What are they after? That we detect their specific exploits by signature? Who would have anything to gain from that?

They then move on to say that we should detect exploits in a more generic way… Alright, how do you want us to do that? Look for shellcode in the files? Look for format exploit strings in the files? This is a false positive waiting to happen.

If we were to look for exploits (still, KNOWN EXPLOITS) we would have to first include a lot of new crap in the signature (as if it were not enough) and then implement detection routines that span whole files as we do not know where the crap might be. Good-bye CPU and memory, I’ll see you when your done…

The report really shows a total lack of understanding on how AV’s work today and the problems that we face with signatures.

What we and other has done INSTEAD is to create protections that “see” when an application does something it shouldn’t do or if it does something suspicious. These protections also monitor network traffic and can pro-actively detect and block traffic that shouldn’t bee there.

This is why a test against 300 files lying on your hard-drive do not give any accurate results whatsoever. Our protection stops genuinely active malicious code or applications that are being actively exploited by looking at the system and stopping things that does not look normal.

Ah well… Long story short this kinda ruins Secunia for me as an information resource.

For several years I’ve been using their web-based resources for unbiased information, but I guess that’s over now.

PS. Tired as hell now, so please excuse any linguistic or grammatical errors in the text above. ;) .DS

Tags: , , , , ,

Next weeks schedule is tight…

October 14, 2008 in personal, work by Daniel Nyström | No comments

…and only leaves me one day in the office (Monday).

First we have;

Internetdagarna

Tuesday and Wednesday I’m attending InternetDagarna (“The Internet Days”) in Stockholm. These will be packed with interesting seminars ranging between DNSSEC, youths on the internet to IT in the politics. It’ll be a very interesting two days and I promise to take a lot of photos. Probably going to do some posts from the event if wireless is available. From their site:

All in all the conference will feature close to 100 national and international speakers in more than 30 sessions, organized in five parallel tracks:

1. IP and networking
2. Security
3. Public Internet policy
4. Web / Mobile web
5. Domain names

The central theme for Internetdagarna 2008 is the transition to IP version 6. We dedicate a full day on the IP and networking track to various aspects of IPv6, from a basic tutorial to experiences from those who have taken the leap.

And then there’s…

Panda

…Thursday, when I’m going up to Luleå in the north of Sweden to have a seminar on evolving malware threats and how our solutions tackle these threats. I’ll do a post on this later on.

And on Friday I travel to Umeå (also in the north) to have the same seminar.

I’m going to be tired Friday night ;)

Tags: , , ,

“Panda Security Day”-seminars this week

September 30, 2008 in work by Daniel Nyström | No comments

Warning: Panda Security/work related post. This is a personal blog but from time to time I’m posting things about my employer. Read “About this blog” for details.

Panda Security Days 2008

For those interested. Kinda late notice, but anyways. The dates are:

1 October: Stockholm, Skandiabiografen, Drottninggatan 82
2 oktober: Gothenburg, Biopalatset Salon 5, Kungstorget 2
3 oktober: Malmö, Filmstaden 2, Storgatan 22

I’m not speaking, but if someone wants to meet me I’ll be there answering questions before, during breaks and after. I’ll also be demonstrating TruPrevent policy creation with practical examples for those interested.

The schedule for the day is:

09.00 Breakfast and registration
09.30 Introduction Bo Hasse Gustafsson, CEO, PCM International AB
09.45 Sebastian Zabala, Security Expert, PCM International AB
10.30 Break (Coffee etc.)
10.45 Pedro Bustamante, Senior Research Advisor, Panda Security International
11.45 End notes
12.00 Lunch until 13.00.

Almost all material is going to be in Swedish, but Pedro’s presentation is in english as always.

Bringing my camera and will post photos of the event later on (CC Attribution).

Tags: , , , , ,

Panda AdminSecure version 4.03 to be released…

September 8, 2008 in malware, security, work by Daniel Nyström | No comments

Panda Security - From Press graphics kit
Warning: Panda Security/work related post. ;)

… this week.

The main news in the 4.03 release is:

* Optimized console performance
* Reduced installation package size
* More auto-uninstallers for competitor products
* Improved update features for mobile users
* Full support for XP SP3 and Vista SP1
* Full support for Exchange 2007 SP1
* Full NAP support in our desktop protections

A lot of other news and bugfixes also included.

Ask you local Panda office for the complete document of changes.

If you’re a client you can download the upgrade here.

Cheers,

Tags: , , , , ,