Embed Size (px)
Citation preview
The Future of PC Protection
1 The Presentation is sole property of Aspenmas and cannot be used without permission.
When do you see a Virus or Malware?
• After it is in your PC and already effecting your machine, right.
• How does a virus really infect and effect your machine?
• The virus or malware is an executable piece of program that runs in your machine. Everything that happens on your PC is a program execution of some form or another.
• Most of these executions are good and some are bad.
2 The Presentation is sole property of Aspenmas and cannot be used without permission.
What are some of the primary characteristics of the current malware today?
• Sources: All media forms, usually controlled by a Botnet.
• Who’s the target: Anyone, any company any individual.
• What happens to a typical victim:
1 System is compromised
2 Information is stolen, sold, exploited.
3 PC is subjugated to a bot-network.
• What does an Infection look like:
1 Primary objective is to remain unseen.
2 Make tracking almost impossible.
3 Setup shop and not effect the PC operation.
4 Your PC is then controlled by the Botnet.
3 The Presentation is sole property of Aspenmas and cannot be used without permission.
A Little Analysis
• So when you see a problem, there has been an execution of a program.
• What else can be associated with this execution event?
• There can be several:
• First, the piece of code or program that was run. This is called a “binary”.
• Second might be a file copied or saved and the address or path.
• The Third association, to the event, is the preceding or “parent event”.
• So now we have a parent event and the child event that we found from the original problem we discovered.
4 The Presentation is sole property of Aspenmas and cannot be used without permission.
What is the “binary” that is associated with an event?
• Bottom line is, it is a program. It might be MS Word or Outlook or your browser or anything else has been installed or run on your PC.
• What does a virus binary do?
• Basically, it can do anything that any other program can do.
• It can copy itself from place to place.
• It can attach itself to other binaries, in order to hide, like a windows system file or other programs.
• It can even delete files or itself and, if it want to, it could destroy your entire hard drive.
5 The Presentation is sole property of Aspenmas and cannot be used without permission.
So what can we do with this information?
• If we knew all of the events, we can trace from one event to another.
• If we have each of the original “binaries” we can do three things.
1. We can replace a damaged binary with the original one.
2. We can compare this binary to know bad programs.
3. We could see the original malware or virus when it
entered the PC and its source point.
6 The Presentation is sole property of Aspenmas and cannot be used without permission.
The original event Discovered while using the PC (O.E.)
7 The Presentation is sole property of Aspenmas and cannot be used without permission.
O.E.
Parent event. (P.E.)
8 The Presentation is sole property of Aspenmas and cannot be used without permission.
P.E.P.E.
Trace back to the event that started the chain.
O.E.
9 The Presentation is sole property of Aspenmas and cannot be used without permission.
The origin event will give up the source of the problem.
O.E.
P.E.P.E.
10 The Presentation is sole property of Aspenmas and cannot be used without permission.
P.E.
P.E. O.E.
From the entry parent event we can trace each of the child events and the effects of those events in the PC and what each future event has effected.
C.E.
C.E.
11 The Presentation is sole property of Aspenmas and cannot be used without permission.
C.E.
C.E.
C.E.
C.E.
C.E.
C.E.
P.E.
P.E.
One original virus event can create many effects in different parts of your PC.
12 The Presentation is sole property of Aspenmas and cannot be used without permission.
Bad News and Good News
• The bad news is, this is real. The actions of a virus or malware binary are very serious.
• In the past, it used to be that virus would send you a nasty note and do its nasty business. Now they don’t tell you anything. As a mater of fact, one primary goal is to NOT be detected or tracked. This way it can continue to do its business without you knowing it exists and you removing it.
• The good news is this entire process has been built into a tool that we install on our clients machines to assist in identifying and cleaning problems that occur.
13 The Presentation is sole property of Aspenmas and cannot be used without permission.
The Better News
• The current anti-virus and anti-malware software compares the programs (binaries) against a list of binaries that are known copies of the bad virus’s and malware. These lists are called a signature files. A search, with the signature file, will identify programs on your PC that are similar to or are bad binaries. They then can then be removed and your PC can now be cleaned.
• The problem is no one anti-virus program will find all of the bad software.
• The great news is our tool has the ability to compare all of the binaries in your system to ALL of the signature files from All of the major software programs on the market. This can be done with in minutes of a new binary being introduced into your PC.
14 The Presentation is sole property of Aspenmas and cannot be used without permission.
AspenMAS
• Aspenmas is a Colorado based MSP.
• We provide one of the most effective PC and Server protection systems available today.
• Our security Plans include Firewalls, software, monitoring and Pro-Active Security Systems.
• If we can’t stop the problem, our systems can identify and allow us to correct the infection.
15 The Presentation is sole property of Aspenmas and cannot be used without permission.
What do you do now
• The AspenMAS security Plans are available to our regular MSP clients.
• If you are interested in becoming an AspenMAS client contact us at:
AspenMAS40 W. Littleton BlvdSuite 210-284Littleton, CO [email protected]
16 The Presentation is sole property of Aspenmas and cannot be used without permission.
