Blacklists, whitelists and heuristics: Symantec describes new threats

Inbetween blacklists and whitelists, Symantec hopes to build a system that protects users from unexpected threats.

“To an average user who wants to go to lots of new sites, [blacklists and whitelists] have been restrictive. How do you bring out whitelisting in a way that allows you more flexibility but still provides an excellent security network?”

Weafer says that the solution lies in heuristic models.

“We use blacklisting to prevent malware, whitelisting for the most prevalent software, and heuristics for everything in the middle.”

The system is known as STAR: the Security Technology and Response organisation, a worldwide team of security engineers, threat analysts and researchers. It is housed in nine locations around the world, reporting on security in 180 countries and more than 35,000 technologies. STAR’s technology is leveraged across all of Symantec’s corporate and consumer security product lines.

STAR’s first release of data and security was in August this year.

Looking forward to 2009

Asked about the future, Weafer said that malware would increasingly move towards local attacks.

“We think the volume of attacks will continue to increase. But specifically we’re going to see more localisation and regionalisation. Attacks will be region specific – like phishing attacks are – based on local events and businesses.

“We’re seeing a decline of the IRC botnet. They’re too inflexible to attackers. Attackers would prefder to go to DNS, which is web-based attacks, which allows them to change their address rapidly and cycle through multiple IP addresses.

“P2P distribution also helps them evade detection.”

Lastly, he said that users can expect attacks from unusual places.

“We’re seeing an increase in attacks originating from devices that now have computer drives. Earlier this year we saw a virus originate from a digital photo frame. People in the factory were copying viruses onto the digital photo frames, and the viruses would spread after they were sold.”

and blacklisting new security servers & storage solutions symantec talks threats whitelisting