Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc

When your traditional AV lets you down…

Dodi Glenn, PC Pitstop

30-November-2015 Better have backups. Or pay the ransom.

Security researchers build trust with malware authors by going onto forums and watching what gets posted online. A security researcher had to change his last name legally, because the bad guys he was probing found his family. Another was warned to stop and to be careful or he’d be targeted some way.

“The anti-malware industry isn’t all unicorns and rainbows,” said Dodi Glenn of PC Pitstop. “There are things not done fairly. And it’s not just the bad guys… it’s also vendors and testers who manipulate test scores to make themselves look better. That’s why we’re a member of AMTSO, which exists to ensure testing is fair. Not doing anything to incorrectly call out AM app as good or bad. Competitive companies and appliance vendors and platform vendors are there. There’s a thing that’s in all of our hearts, and that’s to make technology safer.”

PC Pitstop has taken a whitelist approach – treat everything as unknown, so it doesn’t run until allowed to.

Its USA-based research team looks for files that are good. So when new CryptoWall variants come out, the PC Pitstop application views it as unknown or malicious, so it won’t run on the endpoint.

“They can keep releasing updated variants as fast as they want, and because none of them are trusted they won’t run,” Glenn said. “Our whitelist approach is similar to that of the Apple Store. We know MS Office is trusted, for example, so if you download and run that it’s ok.”

If you try to download something else that’s not approved, it won’t run.

“The other cool part is we don’t have to rely on heuristic detection for malware,” he said. “And we don’t have to run within a safe environment to check a new file.”

Signatures are often complicated. Malware authors try to put anti-emulation and anti-virtualization into their functionality to trick the anti-malware. They want their malware to look as benign as possible.

“But we don’t rely on signatures. We only know it’s not a trusted file and therefore won’t run,” Glenn said. “It makes my life a heckuva lot easier, because I only have to look for good files. I make sure the product isn’t allowing server-side polymorphic variants or whatever malware to run. I’ll block it continuously.”

While PC Pitstop targets consumers, it also has MSP and Enterprise offerings. View the application as part of the layered security approach.

“We also look after driver updates and vulnerability updates/patches of third party applications,” said Glenn. “We do things in a specific way to avoid conflicts. We can see what our customers are currently running. Technically adept users typically update their own apps.”

PC Pitstop researchers also examine whatever comes from vendors that are constantly updating, such as Shockwave, Flash, java, and Reader, to ensure even if an update contains AV/toolbars and other junky stuff, they don’t run.

The application automatically updates whenever a new version is available, so the customer doesn’t have to click Run every time.

“What I like about technology is you don’t know what’s going to come around the corner next,” Glenn said. “You can’t predict.”