I'm working with enterprise customers who are facing a problem when it comes to virus definitions update to comupters reside in branches with slow links. It takes long time to distribute the definition file across these links. Good move from Trend micro.... hope other vendors start thinking about re-designing their definition delivery mechanisms.
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
Does this save you much in the long run?
If it goes out to the net I suppose machines with no Internet connectivity aren't going to work nicely. So clients are going to hash everything it sees, cross check it via the net then report back on what to do. It doesn't replace pattern files it just replaces the need to have them on your system. Does this save you much? I guess the meat and potatoes is not the actual scanning of memory and files code?
Wouldn't this method introduce a race condition, getting the results of the hash back before execution, seems like a no brainer on who would win, unless of course the executable is "frozen" until results are in which would probably cause a lot of angry impatient clients?
Also if I wrote a piece of malware couldn't I just redirect all Trend traffic or block it or send fake results to the client so it would be ignore it? If your Internet link goes out do you loose detection capabilities? If Trend's signature servers go out or are DDoS'ed is everyone using Trend down? Wasn't this an issue back in the worm days?
Also for companies that have remote locations with all Net traffic routed thru one location it would definitely mean an increase in wan bandwidth. Seems like a sketchy idea to me.
Kvetch, before all, please
Kvetch, before all, please forgive with may bad really bad english.
Your concerns are true, but first at all...
how did the new malware comes from?
you may think...USB, CD-Rom, FileShare...etc.
you may right, but...what made dificult to detect today malware is the capacity of hackers to create new piece of codes and upload it to a web site.. so, if Trend uses the reputation of the IP Address, they will block the download of the new bit o malware before the user can establish the conection.
About the DDoS that you say, I was checking how Trend work with their updates today, and they use the Akamai Network to replicate the pattern files, that could be used to do this check also... so, I'm not an expert, but I think that it's a little bit dificult to do a DDoS to the akamai network.
About the point that you mention concerning the network traffic...how much traffic will DNS queries generate on those companies? maybe you must think about this method in that way.
Tracing back to the first issue that you mention, I think that Trend Micro will not relay ALL the detections on the cloud. I think that they are going to REDUCE the amount of malware being analized by the traditional Pattern File... if they not, all File Infectors Viruses are going wild once again, like the 80's..
I hope that I can be understod.
Regards,
Shad
I wonder if this is the bug they found
http://support.mozilla.com/tiki-view_forum_thread.php?comments_parentId=75676&forumId=1
Post new comment