Gadget Blog

Conventional security  software is powerless  against today’s sophisticated attacks. But alternative approaches are just getting started.

This summer, computer security labs in Iran, Russia, and Hungary  announced the discovery of Flame,  which Hungary’s CrySyS Lab called “the most complex malware ever found.” 

For at least two years, Flame had been  copying documents, taking screenshots,  and recording audio, keystrokes, and Skype  calls from infected computers. It relayed  this stolen information to servers operated  by its creators. And in all that time, no security software raised the alarm.


The discovery of Flame is just the latest in a series of incidents suggesting that con- ventional antivirus software is an outmoded  way of protecting computers against mal- ware. “Flame was a failure for the antivirus industry,” wrote Mikko Hypponen, the  founder of the antivirus frm F-Secure. “We  really should have been able to do better.

But we didn’t. We were out of our league,  in our own game.”

Computer security programs for businesses, governments, and consumers alike  operate similarly: threats are detected by  comparing the code of programs and their  activity with a database of “signatures” for  known malware. Security companies such as F-Secure and McAfee constantly research  reports of new malware and update their  lists of signatures accordingly. The result is  supposed to be an impenetrable wall that  keeps the bad guys out.

In recent years, however, attacks on  governments and businesses have used software that, although not quite so sophisticated as Flame, also waltzed straight past  signature-based software. Some experts  and companies now say it’s time to demote  antivirus-style protection. “It’s still an integral part [of malware defense], but it’s not  going to be the only thing,” says Nicolas Christin, a researcher at Carnegie Mellon University. “We need to move away  from trying to build Maginot Lines that  look bulletproof but are actually easy to  get around.”

Christin and several security startups are working on new defense strategies to make  attacks more difcult and to help those who  are targeted fght back.

One example is CrowdStrike, a startup  founded by veterans of the antivirus  industry that has received $26 million in  investment funding. Dmitri Alperovitch,  CrowdStrike’s chief technology ofcer and  cofounder, says the company plans to ofer  a kind of intelligent warning system that  can spot even completely novel attacks and  trace their origins. This approach is possible, says Alpero-vitch, because although an attacker could easily tweak the code of a virus like Flame  to evade antivirus scanners, he or she would  still have one goal: to access and extract  valuable data. CrowdStrike understandably won’t reveal details of its technology, but  apparently it will analyze traces of activity  on a customer’s system to fgure out if any  of it could be from an infltrator.

The idea is to thwart the most common  tactics and make life harder for attackers, rather than focusing on the attackers’ specific tools, which are “very changeable,”

Alperovitch says. “We need to focus on the  shooter, not the gun.”

Other companies are talking in similar  terms. “It goes back to that law enforcement slogan ‘Crime doesn’t pay,’” says  Sumit Agarwal, cofounder of Shape Security, another startup. The company has $6  million in funding from investors including Google chairman Eric Schmidt. Shape 

Security is also keeping quiet about its technology, but Agarwal will say that it aims to  raise the cost of cyber assaults relative to  the economic payof, thus making them not  worth the trouble to carry out.

Mykonos Software, too, aims to skew  the economics of an attack. It has devel- oped technology that helps protect websites by wasting hackers’ time. Mykonos was bought by the networking company  Juniper this year. easily tweak the code of a virus like Flame  to evade antivirus scanners, he or she would  still have one goal: to access and extract  valuable data. CrowdStrike understandably  won’t reveal details of its technology, but  apparently it will analyze traces of activity  on a customer’s system to fgure out if any  of it could be from an infltrator.

The idea is to thwart the most common tactics and make life harder for attackers,  rather than focusing on the attackers’ specific tools, which are “very changeable,”  Alperovitch says. “We need to focus on the  shooter, not the gun.”

Other companies are talking in similar  terms. “It goes back to that law enforcement slogan ‘Crime doesn’t pay,’” says  Sumit Agarwal, cofounder of Shape Security, another startup. The company has $6  million in funding from investors including Google chairman Eric Schmidt. Shape 

Security is also keeping quiet about its technology, but Agarwal will say that it aims to  raise the cost of cyber assaults relative to  the economic payof, thus making them not  worth the trouble to carry out. Mykonos Software, too, aims to skew  the economics of an attack. It has devel- oped technology that helps protect websites by wasting hackers’ time. Mykonos  was bought by the networking company  Juniper this year.