SlideShare una empresa de Scribd logo

IE Exploit Protection

Kim Jensen
Kim Jensen

NSS Labs on IE Exploit Protection... Does ex. Anti-Virus products protect at all ??

TecnologíaEmpresariales
1 de 10
Descargar para leer sin conexión
Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT TESTED PRODUCTS: AVG Internet Security Network Edition v8.0 Kaspersky Total Space Security v6.0 McAfee Total Protection for Endpoint Sophos Endpoint Security and Control v8.0 Symantec Endpoint Protection 11.0.2 MR2 Trend Micro Officescan 8.0 SP1 R3 DECEMBER 20, 2008
Published by NSS Labs. © 2008 NSS Labs CONTACT: 5115 Avenida Encinas Suite H Carlsbad, CA 92008 Tel: +1.847.553.4300 E-mail: info@nsslabs.com Internet: http://www.nsslabs.com All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the authors. Please note that access to or use of this Report is conditioned on the following: 1. The information in this Report is subject to change by NSS Labs without notice. 2. The information in this Report is believed by NSS Labs to be accurate and reliable, but is not guaranteed. All use of and reliance on this Report are at your sole risk. NSS Labs is not liable or responsible for any damages, losses or expenses arising from any error or omission in this Report. 3. NO WARRANTIES, EXPRESS OR IMPLIED ARE GIVEN BY THE NSS LABS. ALL IMPLIED WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT ARE DISCLAIMED AND EXCLUDED BY NSS LABS. IN NO EVENT SHALL NSS LABS BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL OR INDIRECT DAMAGES, OR FOR ANY LOSS OF PROFIT, REVENUE, DATA, COMPUTER PROGRAMS, OR OTHER ASSETS, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. 4. This Report does not constitute an endorsement, recommendation or guarantee of any of the products (hardware or software) tested or the hardware and software used in testing the products. The testing does not guarantee that there are no errors or defects in the products, or that the products will meet your expectations, requirements, needs or specifications, or that they will operate without interruption. 5. This Report does not imply any endorsement, sponsorship, affiliation or verification by or with any companies mentioned in this report. For PCI-related reports, this does not constitute an endorsement by the PCI Security Standards Council. 6. All trademarks, service marks, and trade names used in this Report are the trademarks, service marks, and trade names of their respective owners, and no endorsement of, sponsorship of, affiliation with, or involvement in, any of the testing, this Report or NSS Labs is implied, nor should it be inferred. © 2008. NSS Labs, Inc.
CONTENTS 1  Introduction ..................................................................................................... 1  1.1  Affected systems................................................................................................... 1  1.2  Microsoft Response .............................................................................................. 1  1.3  Test Relevance ..................................................................................................... 1  2  Results ............................................................................................................ 2  2.1  Security Effectiveness ............................................................................................ 2  2.2  Memory Utilization Post-Exploit .............................................................................. 3  2.3  Partial Exploit Code ............................................................................................... 4  3  NSS Labs Recommendations ........................................................................... 4  4  The Products Under Test .................................................................................. 5  4.1  Products tested .................................................................................................... 5  4.2  Settings Used ....................................................................................................... 5  5  Endpoint Protection Test Environment ............................................................... 6  5.1  Client Host Description .......................................................................................... 6  5.2  Network Description .............................................................................................. 7  © 2008. NSS Labs, Inc.
1 INTRODUCTION On December 10, 2008 Microsoft published Microsoft Security Advisory (961051), detailing a vulnerability in Internet Explorer that could allow arbitrary Remote Code Execution. This vulnerability in IE5, IE6, IE7 and IE8 Beta allows an attacker to take complete control of an affected system. Active exploits have been seen in the wild. There are two known variants: an Active X variant, and a Javascript variant. Users with vulnerable versions of Internet Explorer are at high risk of being exploited if they visit a website hosting the exploit code. Sources indicated over 10,000 web sites are hosting these exploits, and potentially even more variants of malware. Based on the potential impact as well as concerns from a number of enterprises, NSS Labs conducted a series of tests of popular endpoint protection products to evaluate their ability to protect clients from exploits targeting the IE vulnerability. 1.1 AFFECTED SYSTEMS Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008. Microsoft Internet Explorer 5.01 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1, Microsoft Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 on all supported versions of Microsoft Windows are potentially vulnerable. http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx 1.2 MICROSOFT RESPONSE Microsoft has reacted extremely quickly and by providing a patch within 7 days of the vulnerability being disclosed. At the time of testing, Dec 18, 2008, Microsoft had just released a patch. For those unable to update immediately, Microsoft offers some mitigating steps at: http://www.microsoft.com/technet/security/advisory/961051.mspx 1.3 TEST RELEVANCE Internet Explorer is the most popular web browser on the planet, owning the lion’s share of the market. This increases the importance of this vulnerability and the potential reach of exploits. Most Enterprises have change control procedures governing patching of systems. As a result, the adoption rate of this patch will likely occur over an extended period of time. Therefore, Endpoint Protection products will be relied upon heavily during the period of exposure to this vulnerability. Enterprise Briefing Report - Internet Explorer Vulnerability Protection © 2008. NSS Labs, Inc. p. 1
2 RESULTS During the week of December 15, NSS Labs performed a focused test of popular Endpoint Protection products to evaluate the protection offered against this exploit. This section provides a quick overview of the test results collected during live testing conducted through Thursday, December 18th 2008. 2.1 SECURITY EFFECTIVENESS All of the products tested were classified as Enterprise class Endpoint Protection by the vendor, meaning they had both Client Host Intrusion Prevention (HIPS) and anti-malware components. In addition, they also all included a reputation-based component – meaning they block and warn users about malicious web-sites in order to prevent them from downloading malware. Each vendors system works differently, but they generally rely on collective intelligence and back-end analysis of specific URLs and files to supplement the local signatures and heuristics. This was first and foremost a test of intrusion prevention, and not anti-malware, capabilities. Our goal was to clearly identify the protective layers within the products to combat the exploits against IE. In this scenario there are two distinct attacks against the IE vulnerability. Exploits could deliver any number of different malicious payloads to be executed. Preventing either the URL from being accessed or the exploit from executing would be the ideal solution. To do this properly, an in-line intrusion prevention system must be able to prevent the requested web page from reaching the web browser before it can be analyzed and declared safe. For a more complete discussion of exploits and drive-by downloads, refer to the article on NSS Labs’ website: http://nsslabs.com/white-papers/exploits-vs-drive-by-downloads.html Test  AVG Kaspersky McAfee Sophos Symantec  Trend 1. Block URL Access  Missed Blocked & Missed Warned but Missed  Missed Warned did not block properly 2. Block Exploit  Missed Blocked Missed Blocked but Missed  Missed Exploit called it malware (mislabel) 3. Malware Detection  Missed N/A Missed N/A Quarantined Quarantined Malware  the first but Unable to Quarantine the second    Enterprise Briefing Report - Internet Explorer Vulnerability Protection © 2008. NSS Labs, Inc. p. 2
Our investigation showed that most products are looking for so-called “Drive-by downloads” and focusing on detecting the malware downloaded in step 3, thereby missing the opportunity to prevent the initial exploit from occurring. Preventing the exploit would eliminate the necessity to research and detect multiple variants of malware. Kaspersky Antivirus (part of Total Space Security) was the only product we tested, which effectively blocked the exploit using its reputation-based system, The product apparently has a blocking function that delays display of a website until after the URL has been verified. Total Space Security was also the only product to block the javascript exploit and classify it correctly. Sophos Endpoint Security and Control correctly identified the website as malicious, however it did not prevent the javascript exploit from running. This was a puzzle until we realized that their Reputation-based product is not does not block access to the URL while it is looking up the reputation. Thus, Sophos reputation solution is akin to Intrusion Detection, and not Intrusion Prevention. The approach is not effective where the browser itself is being exploited since the Reputation system is in a race with the web browser, and the browser is nearly always going to win. Both Symantec and Trend were able to identify the malware that was included in the payload of the exploit, but failed to prevent the exploit itself from running. Symantec was able to accurately identify and quarantine the malware. Trend was able to accurately identify the malware, but unable to quarantine one of the two pieces of malware inserted into our test system by the exploit. 2.2 MEMORY UTILIZATION POST-EXPLOIT Average normal memory utilization of Internet Explorer ranges between 21 and 40MB depending on a range of factors (e.g. operating system, plugins and number of open windows). Successfully exploited browsers consume more than 230MB, as shown in the example here. Note, that different systems and endpoint protection products react differently to the exploit. In some cases the browser closed or crashed, while in others it continued to operate. Enterprise Briefing Report - Internet Explorer Vulnerability Protection © 2008. NSS Labs, Inc. p. 3
2.3 PARTIAL EXPLOIT CODE In this case, an attack against the data binding engine which delivered a keylogger. 3 NSS LABS RECOMMENDATIONS Due to the lack of protection provided by Endpoint Protection products, NSS recommends that all companies patch immediately. Also, a Network IPS product with current signatures for the vulnerability will provide an additional layer of protection. Most companies have already scheduled maintenance for updates and patches over the next week due to the upcoming holidays and end of year cycles. Even those companies that have not had time to run the patch through a full testing regime, should consider patching due to the severity of the vulnerability. It is NSS Labs opinion that the risk of being exploited outweighs the risk of patching without full testing. NSS Labs plans to test network IPS products as well as retest endpoint products for IE exploit protection in the near future. For further information please check our website (www.nsslabs.com) or contact us to schedule a briefing at +1 760-412-4627. Enterprise Briefing Report - Internet Explorer Vulnerability Protection © 2008. NSS Labs, Inc. p. 4
4 THE PRODUCTS UNDER TEST The Endpoint Protection products were downloaded from the vendors’ sites. All products were updated immediately prior to testing in order to provide the latest protection. 4.1 PRODUCTS TESTED Product & Version Engine & Signatures AVG Internet Security Network Edition v8.0 v. 8.0.200 Virus DB: 270.9.19/1855 Kaspersky Total Space Security v6.0 12/18/2008 12:21:56am McAfee Total Protection for Endpoint • Host Intrusion Prevention 7.0 HIPS: 2373 • VirusScan Enterprise 8.5i Scan Engine Ver. 5300.2777 • SiteAdvisor Enterprise 1.5 DAT: 5469.0000 BOAP DAT: 354 Sophos Endpoint Security and Control v8.0 • Anti-virus 7.6 SAV v.7.6.3 • Client Firewall v1.53 Threat Detection data: 4.37E Symantec Endpoint Protection 11.0.2 MR2 AVAS: Dec 17, 2008 r50 Proactive: Dec 17, 2008 r19 Network: Dec 12, 2008 r1 Trend Micro Officescan 8.0 SP1 R3 VSE: 8.910.1002 VP: 5.717.00 4.2 SETTINGS USED Where possible, we tested with the most aggressive settings. While vendors may have advanced in-the-cloud technologies, they are often deployed in their home-user products before rolling them into corporate offerings. Also, some (like Trend) offer a separate application as an add-on. Note: This testing represents a point in time, and it is quite feasible (and desirable) for vendors to add protection depending on their implementations - some quicker than others. Enterprise Briefing Report - Internet Explorer Vulnerability Protection © 2008. NSS Labs, Inc. p. 5
5 ENDPOINT PROTECTION TEST ENVIRONMENT ABOUT THIS TEST The NSS Labs test reports are designed to address the challenges faced by IT professionals in selecting security products. This NSS Labs report provides readers with empirically validated evidence about a product’s features and capabilities. NSS Labs tests host anti-malware and endpoint protection products against a comprehensive methodology including: Security Effectiveness (Anti-malware and Intrusion Prevention) Management and Usability Performance The scope of this test was limited to on-access protection of the browser application while surfing to live sites on the internet which had been infected. Client machines accessed live exploits hosted on malicious web sites on the internet and were tested simultaneously. Availability of the malicious sites was validated before, during and after the test to ensure validity of the sample set. 5.1 CLIENT HOST DESCRIPTION The Systems Under Test were installed on the following Operating System and service pack. • Windows XP, SP3 • Internet Explorer 7 (without the Security Update released by Microsoft on 12/17) HARDWARE: DELL SC440 Two 3.0 GHz processors 2 GB RAM Enterprise Briefing Report - Internet Explorer Vulnerability Protection © 2008. NSS Labs, Inc. p. 6
5.2 NETWORK DESCRIPTION The endpoint protection product was tested in a live environment, connected directly to the internet. The host system has one network interface card (NIC) and is connected to the network via a 1Ge switch port. The NSS Labs test network is a multi-Gigabit infrastructure based around Cisco Catalyst 6500-series switches (with both fiber and copper Gigabit interfaces). Enterprise Briefing Report - Internet Explorer Vulnerability Protection © 2008. NSS Labs, Inc. p. 7

Recomendados

Mac review 2012_en
Mac review 2012_enMac review 2012_en
Mac review 2012_enAnatoliy Tkachev
 
Miercom Report Websense Web Security Gateway Competitive For 30 Apr10
Miercom Report Websense Web Security Gateway Competitive For 30 Apr10Miercom Report Websense Web Security Gateway Competitive For 30 Apr10
Miercom Report Websense Web Security Gateway Competitive For 30 Apr10John Skovgaard
 
Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report Kim Jensen
 
Technology auto protection_from_exploit
Technology auto protection_from_exploitTechnology auto protection_from_exploit
Technology auto protection_from_exploitКомсс Файквэе
 
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017Jermund Ottermo
 
Avtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıAvtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıErol Dizdar
 
January2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikJanuary2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikLANDESK
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesLumension
 

Recomendados

Mac review 2012_en
Mac review 2012_enMac review 2012_en
Mac review 2012_enAnatoliy Tkachev
 
Miercom Report Websense Web Security Gateway Competitive For 30 Apr10
Miercom Report Websense Web Security Gateway Competitive For 30 Apr10Miercom Report Websense Web Security Gateway Competitive For 30 Apr10
Miercom Report Websense Web Security Gateway Competitive For 30 Apr10John Skovgaard
 
Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report Kim Jensen
 
Technology auto protection_from_exploit
Technology auto protection_from_exploitTechnology auto protection_from_exploit
Technology auto protection_from_exploitКомсс Файквэе
 
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017Jermund Ottermo
 
Avtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıAvtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıErol Dizdar
 
January2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikJanuary2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikLANDESK
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesLumension
 
Malware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojanMalware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojanCyphort
 
Avc prot 2016a_en
Avc prot 2016a_enAvc prot 2016a_en
Avc prot 2016a_enAndrey Apuhtin
 
December2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikDecember2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikLANDESK
 
Avc prot 2012b_en
Avc prot 2012b_enAvc prot 2012b_en
Avc prot 2012b_enAnatoliy Tkachev
 
The SCADA That Didn't Cry Wolf - Kyle Wilhoit
The SCADA That Didn't Cry Wolf - Kyle WilhoitThe SCADA That Didn't Cry Wolf - Kyle Wilhoit
The SCADA That Didn't Cry Wolf - Kyle WilhoitMatt Loong
 
Antivirus Comparative junio 2014
Antivirus Comparative junio 2014Antivirus Comparative junio 2014
Antivirus Comparative junio 2014Doryan Mathos
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideJeremiah Grossman
 
Antivirus test-wholedynamic2010
Antivirus test-wholedynamic2010Antivirus test-wholedynamic2010
Antivirus test-wholedynamic2010nuttakorn nakkerd
 
Astaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths DispelledAstaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths Dispelledlosalamos
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 
Security Testing
Security TestingSecurity Testing
Security TestingBJ Edward Taduran
 
20111204 intro malware_livshits_lecture02
20111204 intro malware_livshits_lecture0220111204 intro malware_livshits_lecture02
20111204 intro malware_livshits_lecture02Computer Science Club
 
2012 browser phishing
2012 browser phishing2012 browser phishing
2012 browser phishingКомсс Файквэе
 
Secrets of SolarWinds SAM
Secrets of SolarWinds SAMSecrets of SolarWinds SAM
Secrets of SolarWinds SAMSolarWinds
 
CIS 333 Entire Course NEW
CIS 333 Entire Course NEWCIS 333 Entire Course NEW
CIS 333 Entire Course NEWshyamuopfive
 
November2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikNovember2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikLANDESK
 
Zbot/Zeus And Antivirus
Zbot/Zeus And AntivirusZbot/Zeus And Antivirus
Zbot/Zeus And AntivirusKim Jensen
 
Why One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughWhy One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughGFI Software
 
Zero days-hit-users-hard-at-the-start-of-the-year-en
Zero days-hit-users-hard-at-the-start-of-the-year-enZero days-hit-users-hard-at-the-start-of-the-year-en
Zero days-hit-users-hard-at-the-start-of-the-year-enAnatoliy Tkachev
 
10 security enhancements
10 security enhancements10 security enhancements
10 security enhancementsVishal Gurujuwada
 
An evaluation of two host based intrusion prevention systems
An evaluation of two host based intrusion prevention systemsAn evaluation of two host based intrusion prevention systems
An evaluation of two host based intrusion prevention systemsUltraUploader
 
Avc prot 2013a_en
Avc prot 2013a_enAvc prot 2013a_en
Avc prot 2013a_enAnatoliy Tkachev
 

Más contenido relacionado

La actualidad más candente

Malware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojanMalware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojanCyphort
 
December2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikDecember2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikLANDESK
 
The SCADA That Didn't Cry Wolf - Kyle Wilhoit
The SCADA That Didn't Cry Wolf - Kyle WilhoitThe SCADA That Didn't Cry Wolf - Kyle Wilhoit
The SCADA That Didn't Cry Wolf - Kyle WilhoitMatt Loong
 
Antivirus Comparative junio 2014
Antivirus Comparative junio 2014Antivirus Comparative junio 2014
Antivirus Comparative junio 2014Doryan Mathos
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideJeremiah Grossman
 
Antivirus test-wholedynamic2010
Antivirus test-wholedynamic2010Antivirus test-wholedynamic2010
Antivirus test-wholedynamic2010nuttakorn nakkerd
 
Astaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths DispelledAstaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths Dispelledlosalamos
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 
20111204 intro malware_livshits_lecture02
20111204 intro malware_livshits_lecture0220111204 intro malware_livshits_lecture02
20111204 intro malware_livshits_lecture02Computer Science Club
 
Secrets of SolarWinds SAM
Secrets of SolarWinds SAMSecrets of SolarWinds SAM
Secrets of SolarWinds SAMSolarWinds
 
CIS 333 Entire Course NEW
CIS 333 Entire Course NEWCIS 333 Entire Course NEW
CIS 333 Entire Course NEWshyamuopfive
 
November2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikNovember2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikLANDESK
 
Zbot/Zeus And Antivirus
Zbot/Zeus And AntivirusZbot/Zeus And Antivirus
Zbot/Zeus And AntivirusKim Jensen
 
Why One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughWhy One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughGFI Software
 

La actualidad más candente (18)

Malware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojanMalware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojan
 
Avc prot 2016a_en
Avc prot 2016a_enAvc prot 2016a_en
Avc prot 2016a_en
 
December2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikDecember2016 patchtuesdayshavlik
December2016 patchtuesdayshavlik
 
Avc prot 2012b_en
Avc prot 2012b_enAvc prot 2012b_en
Avc prot 2012b_en
 
The SCADA That Didn't Cry Wolf - Kyle Wilhoit
The SCADA That Didn't Cry Wolf - Kyle WilhoitThe SCADA That Didn't Cry Wolf - Kyle Wilhoit
The SCADA That Didn't Cry Wolf - Kyle Wilhoit
 
Antivirus Comparative junio 2014
Antivirus Comparative junio 2014Antivirus Comparative junio 2014
Antivirus Comparative junio 2014
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers Guide
 
Antivirus test-wholedynamic2010
Antivirus test-wholedynamic2010Antivirus test-wholedynamic2010
Antivirus test-wholedynamic2010
 
Astaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths DispelledAstaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths Dispelled
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
20111204 intro malware_livshits_lecture02
20111204 intro malware_livshits_lecture0220111204 intro malware_livshits_lecture02
20111204 intro malware_livshits_lecture02
 
2012 browser phishing
2012 browser phishing2012 browser phishing
2012 browser phishing
 
Secrets of SolarWinds SAM
Secrets of SolarWinds SAMSecrets of SolarWinds SAM
Secrets of SolarWinds SAM
 
CIS 333 Entire Course NEW
CIS 333 Entire Course NEWCIS 333 Entire Course NEW
CIS 333 Entire Course NEW
 
November2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikNovember2016 patchtuesdayshavlik
November2016 patchtuesdayshavlik
 
Zbot/Zeus And Antivirus
Zbot/Zeus And AntivirusZbot/Zeus And Antivirus
Zbot/Zeus And Antivirus
 
Why One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughWhy One Virus Engine is Not Enough
Why One Virus Engine is Not Enough
 

Similar a IE Exploit Protection

Zero days-hit-users-hard-at-the-start-of-the-year-en
Zero days-hit-users-hard-at-the-start-of-the-year-enZero days-hit-users-hard-at-the-start-of-the-year-en
Zero days-hit-users-hard-at-the-start-of-the-year-enAnatoliy Tkachev
 
An evaluation of two host based intrusion prevention systems
An evaluation of two host based intrusion prevention systemsAn evaluation of two host based intrusion prevention systems
An evaluation of two host based intrusion prevention systemsUltraUploader
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)Scott Sutherland
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsCisco Canada
 
Packet capture and network traffic analysis
Packet capture and network traffic analysisPacket capture and network traffic analysis
Packet capture and network traffic analysisCARMEN ALCIVAR
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorialtutorialsruby
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorialtutorialsruby
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Adrian Sanabria
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...Orbid
 
Stopping threats with Votiro's Advanced Content Disarm and Reconstruction tec...
Stopping threats with Votiro's Advanced Content Disarm and Reconstruction tec...Stopping threats with Votiro's Advanced Content Disarm and Reconstruction tec...
Stopping threats with Votiro's Advanced Content Disarm and Reconstruction tec...Jasmin Hami
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsLondon School of Cyber Security
 
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...Jose Lopez
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management SystemIRJET Journal
 
Testing software security
Testing software securityTesting software security
Testing software securityAbdul Basit
 

Similar a IE Exploit Protection (20)

Zero days-hit-users-hard-at-the-start-of-the-year-en
Zero days-hit-users-hard-at-the-start-of-the-year-enZero days-hit-users-hard-at-the-start-of-the-year-en
Zero days-hit-users-hard-at-the-start-of-the-year-en
 
10 security enhancements
10 security enhancements10 security enhancements
10 security enhancements
 
An evaluation of two host based intrusion prevention systems
An evaluation of two host based intrusion prevention systemsAn evaluation of two host based intrusion prevention systems
An evaluation of two host based intrusion prevention systems
 
Avc prot 2013a_en
Avc prot 2013a_enAvc prot 2013a_en
Avc prot 2013a_en
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
 
Avc fdt 201303_en
Avc fdt 201303_enAvc fdt 201303_en
Avc fdt 201303_en
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
 
smpef
smpefsmpef
smpef
 
Packet capture and network traffic analysis
Packet capture and network traffic analysisPacket capture and network traffic analysis
Packet capture and network traffic analysis
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorial
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorial
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
 
Stopping threats with Votiro's Advanced Content Disarm and Reconstruction tec...
Stopping threats with Votiro's Advanced Content Disarm and Reconstruction tec...Stopping threats with Votiro's Advanced Content Disarm and Reconstruction tec...
Stopping threats with Votiro's Advanced Content Disarm and Reconstruction tec...
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and Forensics
 
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management System
 
False alarms
False alarmsFalse alarms
False alarms
 
Testing software security
Testing software securityTesting software security
Testing software security
 

Más de Kim Jensen

Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsKim Jensen
 
OpenDNS presenter pack
OpenDNS presenter packOpenDNS presenter pack
OpenDNS presenter packKim Jensen
 
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedInfoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedKim Jensen
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
5 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 20035 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 2003Kim Jensen
 
Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Kim Jensen
 
Cisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportCisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportKim Jensen
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat ReportKim Jensen
 
Security Survey 2013 UK
Security Survey 2013 UKSecurity Survey 2013 UK
Security Survey 2013 UKKim Jensen
 
DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012Kim Jensen
 
Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)Kim Jensen
 
Data Breach Investigations Report 2012
Data Breach Investigations Report 2012Data Breach Investigations Report 2012
Data Breach Investigations Report 2012Kim Jensen
 
State of Web Q3 2011
State of Web Q3 2011State of Web Q3 2011
State of Web Q3 2011Kim Jensen
 
Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011Kim Jensen
 
Corporate Web Security
Corporate Web SecurityCorporate Web Security
Corporate Web SecurityKim Jensen
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Kim Jensen
 
Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011Kim Jensen
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Kim Jensen
 
Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010Kim Jensen
 
Sådan kommer du i gang med skyen (pdf)
Sådan kommer du i gang med skyen (pdf)Sådan kommer du i gang med skyen (pdf)
Sådan kommer du i gang med skyen (pdf)Kim Jensen
 

Más de Kim Jensen (20)

Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security Predictions
 
OpenDNS presenter pack
OpenDNS presenter packOpenDNS presenter pack
OpenDNS presenter pack
 
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedInfoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updated
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015
 
5 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 20035 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 2003
 
Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014
 
Cisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportCisco 2013 Annual Security Report
Cisco 2013 Annual Security Report
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat Report
 
Security Survey 2013 UK
Security Survey 2013 UKSecurity Survey 2013 UK
Security Survey 2013 UK
 
DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012
 
Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)
 
Data Breach Investigations Report 2012
Data Breach Investigations Report 2012Data Breach Investigations Report 2012
Data Breach Investigations Report 2012
 
State of Web Q3 2011
State of Web Q3 2011State of Web Q3 2011
State of Web Q3 2011
 
Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011
 
Corporate Web Security
Corporate Web SecurityCorporate Web Security
Corporate Web Security
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011
 
Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011
 
Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010
 
Sådan kommer du i gang med skyen (pdf)
Sådan kommer du i gang med skyen (pdf)Sådan kommer du i gang med skyen (pdf)
Sådan kommer du i gang med skyen (pdf)
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 

Último (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

IE Exploit Protection

  • 1. Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT TESTED PRODUCTS: AVG Internet Security Network Edition v8.0 Kaspersky Total Space Security v6.0 McAfee Total Protection for Endpoint Sophos Endpoint Security and Control v8.0 Symantec Endpoint Protection 11.0.2 MR2 Trend Micro Officescan 8.0 SP1 R3 DECEMBER 20, 2008
  • 2. Published by NSS Labs. © 2008 NSS Labs CONTACT: 5115 Avenida Encinas Suite H Carlsbad, CA 92008 Tel: +1.847.553.4300 E-mail: info@nsslabs.com Internet: http://www.nsslabs.com All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the authors. Please note that access to or use of this Report is conditioned on the following: 1. The information in this Report is subject to change by NSS Labs without notice. 2. The information in this Report is believed by NSS Labs to be accurate and reliable, but is not guaranteed. All use of and reliance on this Report are at your sole risk. NSS Labs is not liable or responsible for any damages, losses or expenses arising from any error or omission in this Report. 3. NO WARRANTIES, EXPRESS OR IMPLIED ARE GIVEN BY THE NSS LABS. ALL IMPLIED WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT ARE DISCLAIMED AND EXCLUDED BY NSS LABS. IN NO EVENT SHALL NSS LABS BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL OR INDIRECT DAMAGES, OR FOR ANY LOSS OF PROFIT, REVENUE, DATA, COMPUTER PROGRAMS, OR OTHER ASSETS, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. 4. This Report does not constitute an endorsement, recommendation or guarantee of any of the products (hardware or software) tested or the hardware and software used in testing the products. The testing does not guarantee that there are no errors or defects in the products, or that the products will meet your expectations, requirements, needs or specifications, or that they will operate without interruption. 5. This Report does not imply any endorsement, sponsorship, affiliation or verification by or with any companies mentioned in this report. For PCI-related reports, this does not constitute an endorsement by the PCI Security Standards Council. 6. All trademarks, service marks, and trade names used in this Report are the trademarks, service marks, and trade names of their respective owners, and no endorsement of, sponsorship of, affiliation with, or involvement in, any of the testing, this Report or NSS Labs is implied, nor should it be inferred. © 2008. NSS Labs, Inc.
  • 3. CONTENTS 1  Introduction ..................................................................................................... 1  1.1  Affected systems................................................................................................... 1  1.2  Microsoft Response .............................................................................................. 1  1.3  Test Relevance ..................................................................................................... 1  2  Results ............................................................................................................ 2  2.1  Security Effectiveness ............................................................................................ 2  2.2  Memory Utilization Post-Exploit .............................................................................. 3  2.3  Partial Exploit Code ............................................................................................... 4  3  NSS Labs Recommendations ........................................................................... 4  4  The Products Under Test .................................................................................. 5  4.1  Products tested .................................................................................................... 5  4.2  Settings Used ....................................................................................................... 5  5  Endpoint Protection Test Environment ............................................................... 6  5.1  Client Host Description .......................................................................................... 6  5.2  Network Description .............................................................................................. 7  © 2008. NSS Labs, Inc.
  • 4. 1 INTRODUCTION On December 10, 2008 Microsoft published Microsoft Security Advisory (961051), detailing a vulnerability in Internet Explorer that could allow arbitrary Remote Code Execution. This vulnerability in IE5, IE6, IE7 and IE8 Beta allows an attacker to take complete control of an affected system. Active exploits have been seen in the wild. There are two known variants: an Active X variant, and a Javascript variant. Users with vulnerable versions of Internet Explorer are at high risk of being exploited if they visit a website hosting the exploit code. Sources indicated over 10,000 web sites are hosting these exploits, and potentially even more variants of malware. Based on the potential impact as well as concerns from a number of enterprises, NSS Labs conducted a series of tests of popular endpoint protection products to evaluate their ability to protect clients from exploits targeting the IE vulnerability. 1.1 AFFECTED SYSTEMS Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008. Microsoft Internet Explorer 5.01 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1, Microsoft Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 on all supported versions of Microsoft Windows are potentially vulnerable. http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx 1.2 MICROSOFT RESPONSE Microsoft has reacted extremely quickly and by providing a patch within 7 days of the vulnerability being disclosed. At the time of testing, Dec 18, 2008, Microsoft had just released a patch. For those unable to update immediately, Microsoft offers some mitigating steps at: http://www.microsoft.com/technet/security/advisory/961051.mspx 1.3 TEST RELEVANCE Internet Explorer is the most popular web browser on the planet, owning the lion’s share of the market. This increases the importance of this vulnerability and the potential reach of exploits. Most Enterprises have change control procedures governing patching of systems. As a result, the adoption rate of this patch will likely occur over an extended period of time. Therefore, Endpoint Protection products will be relied upon heavily during the period of exposure to this vulnerability. Enterprise Briefing Report - Internet Explorer Vulnerability Protection © 2008. NSS Labs, Inc. p. 1
  • 5. 2 RESULTS During the week of December 15, NSS Labs performed a focused test of popular Endpoint Protection products to evaluate the protection offered against this exploit. This section provides a quick overview of the test results collected during live testing conducted through Thursday, December 18th 2008. 2.1 SECURITY EFFECTIVENESS All of the products tested were classified as Enterprise class Endpoint Protection by the vendor, meaning they had both Client Host Intrusion Prevention (HIPS) and anti-malware components. In addition, they also all included a reputation-based component – meaning they block and warn users about malicious web-sites in order to prevent them from downloading malware. Each vendors system works differently, but they generally rely on collective intelligence and back-end analysis of specific URLs and files to supplement the local signatures and heuristics. This was first and foremost a test of intrusion prevention, and not anti-malware, capabilities. Our goal was to clearly identify the protective layers within the products to combat the exploits against IE. In this scenario there are two distinct attacks against the IE vulnerability. Exploits could deliver any number of different malicious payloads to be executed. Preventing either the URL from being accessed or the exploit from executing would be the ideal solution. To do this properly, an in-line intrusion prevention system must be able to prevent the requested web page from reaching the web browser before it can be analyzed and declared safe. For a more complete discussion of exploits and drive-by downloads, refer to the article on NSS Labs’ website: http://nsslabs.com/white-papers/exploits-vs-drive-by-downloads.html Test  AVG Kaspersky McAfee Sophos Symantec  Trend 1. Block URL Access  Missed Blocked & Missed Warned but Missed  Missed Warned did not block properly 2. Block Exploit  Missed Blocked Missed Blocked but Missed  Missed Exploit called it malware (mislabel) 3. Malware Detection  Missed N/A Missed N/A Quarantined Quarantined Malware  the first but Unable to Quarantine the second    Enterprise Briefing Report - Internet Explorer Vulnerability Protection © 2008. NSS Labs, Inc. p. 2
  • 6. Our investigation showed that most products are looking for so-called “Drive-by downloads” and focusing on detecting the malware downloaded in step 3, thereby missing the opportunity to prevent the initial exploit from occurring. Preventing the exploit would eliminate the necessity to research and detect multiple variants of malware. Kaspersky Antivirus (part of Total Space Security) was the only product we tested, which effectively blocked the exploit using its reputation-based system, The product apparently has a blocking function that delays display of a website until after the URL has been verified. Total Space Security was also the only product to block the javascript exploit and classify it correctly. Sophos Endpoint Security and Control correctly identified the website as malicious, however it did not prevent the javascript exploit from running. This was a puzzle until we realized that their Reputation-based product is not does not block access to the URL while it is looking up the reputation. Thus, Sophos reputation solution is akin to Intrusion Detection, and not Intrusion Prevention. The approach is not effective where the browser itself is being exploited since the Reputation system is in a race with the web browser, and the browser is nearly always going to win. Both Symantec and Trend were able to identify the malware that was included in the payload of the exploit, but failed to prevent the exploit itself from running. Symantec was able to accurately identify and quarantine the malware. Trend was able to accurately identify the malware, but unable to quarantine one of the two pieces of malware inserted into our test system by the exploit. 2.2 MEMORY UTILIZATION POST-EXPLOIT Average normal memory utilization of Internet Explorer ranges between 21 and 40MB depending on a range of factors (e.g. operating system, plugins and number of open windows). Successfully exploited browsers consume more than 230MB, as shown in the example here. Note, that different systems and endpoint protection products react differently to the exploit. In some cases the browser closed or crashed, while in others it continued to operate. Enterprise Briefing Report - Internet Explorer Vulnerability Protection © 2008. NSS Labs, Inc. p. 3
  • 7. 2.3 PARTIAL EXPLOIT CODE In this case, an attack against the data binding engine which delivered a keylogger. 3 NSS LABS RECOMMENDATIONS Due to the lack of protection provided by Endpoint Protection products, NSS recommends that all companies patch immediately. Also, a Network IPS product with current signatures for the vulnerability will provide an additional layer of protection. Most companies have already scheduled maintenance for updates and patches over the next week due to the upcoming holidays and end of year cycles. Even those companies that have not had time to run the patch through a full testing regime, should consider patching due to the severity of the vulnerability. It is NSS Labs opinion that the risk of being exploited outweighs the risk of patching without full testing. NSS Labs plans to test network IPS products as well as retest endpoint products for IE exploit protection in the near future. For further information please check our website (www.nsslabs.com) or contact us to schedule a briefing at +1 760-412-4627. Enterprise Briefing Report - Internet Explorer Vulnerability Protection © 2008. NSS Labs, Inc. p. 4
  • 8. 4 THE PRODUCTS UNDER TEST The Endpoint Protection products were downloaded from the vendors’ sites. All products were updated immediately prior to testing in order to provide the latest protection. 4.1 PRODUCTS TESTED Product & Version Engine & Signatures AVG Internet Security Network Edition v8.0 v. 8.0.200 Virus DB: 270.9.19/1855 Kaspersky Total Space Security v6.0 12/18/2008 12:21:56am McAfee Total Protection for Endpoint • Host Intrusion Prevention 7.0 HIPS: 2373 • VirusScan Enterprise 8.5i Scan Engine Ver. 5300.2777 • SiteAdvisor Enterprise 1.5 DAT: 5469.0000 BOAP DAT: 354 Sophos Endpoint Security and Control v8.0 • Anti-virus 7.6 SAV v.7.6.3 • Client Firewall v1.53 Threat Detection data: 4.37E Symantec Endpoint Protection 11.0.2 MR2 AVAS: Dec 17, 2008 r50 Proactive: Dec 17, 2008 r19 Network: Dec 12, 2008 r1 Trend Micro Officescan 8.0 SP1 R3 VSE: 8.910.1002 VP: 5.717.00 4.2 SETTINGS USED Where possible, we tested with the most aggressive settings. While vendors may have advanced in-the-cloud technologies, they are often deployed in their home-user products before rolling them into corporate offerings. Also, some (like Trend) offer a separate application as an add-on. Note: This testing represents a point in time, and it is quite feasible (and desirable) for vendors to add protection depending on their implementations - some quicker than others. Enterprise Briefing Report - Internet Explorer Vulnerability Protection © 2008. NSS Labs, Inc. p. 5
  • 9. 5 ENDPOINT PROTECTION TEST ENVIRONMENT ABOUT THIS TEST The NSS Labs test reports are designed to address the challenges faced by IT professionals in selecting security products. This NSS Labs report provides readers with empirically validated evidence about a product’s features and capabilities. NSS Labs tests host anti-malware and endpoint protection products against a comprehensive methodology including: Security Effectiveness (Anti-malware and Intrusion Prevention) Management and Usability Performance The scope of this test was limited to on-access protection of the browser application while surfing to live sites on the internet which had been infected. Client machines accessed live exploits hosted on malicious web sites on the internet and were tested simultaneously. Availability of the malicious sites was validated before, during and after the test to ensure validity of the sample set. 5.1 CLIENT HOST DESCRIPTION The Systems Under Test were installed on the following Operating System and service pack. • Windows XP, SP3 • Internet Explorer 7 (without the Security Update released by Microsoft on 12/17) HARDWARE: DELL SC440 Two 3.0 GHz processors 2 GB RAM Enterprise Briefing Report - Internet Explorer Vulnerability Protection © 2008. NSS Labs, Inc. p. 6
  • 10. 5.2 NETWORK DESCRIPTION The endpoint protection product was tested in a live environment, connected directly to the internet. The host system has one network interface card (NIC) and is connected to the network via a 1Ge switch port. The NSS Labs test network is a multi-Gigabit infrastructure based around Cisco Catalyst 6500-series switches (with both fiber and copper Gigabit interfaces). Enterprise Briefing Report - Internet Explorer Vulnerability Protection © 2008. NSS Labs, Inc. p. 7