Presentation is loading. Please wait.

Presentation is loading. Please wait.

Antimalware Smackdown Name: Frank Simorjay Title: TwC Sr. Product Manager Microsoft Corporation Name: Scott Wu Title: MMPC Technical Program Manager Microsoft.

Published byAlexia Hunt Modified over 9 years ago

Similar presentations

Presentation on theme: "Antimalware Smackdown Name: Frank Simorjay Title: TwC Sr. Product Manager Microsoft Corporation Name: Scott Wu Title: MMPC Technical Program Manager Microsoft."— Presentation transcript:

1 Antimalware Smackdown Name: Frank Simorjay Title: TwC Sr. Product Manager Microsoft Corporation Name: Scott Wu Title: MMPC Technical Program Manager Microsoft Corporation SIA308

2 Welcome What is the biggest security threat you currently face? Expert security scale where are you on the scale today?

3 Agenda Threat Landscape Antimalware Technologies and Services Demos

4

5

6 Enabler Threats Industry Microsoft Mass Mailers via Office OS & SW Design Abuse Mass Browser Adoption Exploits & Social Engineering 6

7 Enabler Threats Industry Microsoft Mass Mailers via Office OS & SW Design Abuse Mass Browser Adoption Exploits & Social Engineering 7 Social Media and Cloud Computing 2011 and beyond Rogues Botnet M&A Cloud based attacks Cross platforms

8 8 Industry-wide vulnerability disclosures

9 Vulnerability disclosures

10 10 Google Enterprise Linux Apple Microsoft Adobe Oracle

11 Unique computers

12

13 13

14 2002 typical signature files were < 1 MB 2012 signature files range to > 100 MB (uncompressed) In 2011 Microsoft added more than 22,000 signatures to detect key threat families In 2011, more than 49,000 different unique threat families were reported to the MMPC from customers 14 Percentage increase in the number of files submitted to the MMPC since 2005 Many of these reported families were variations, polymorphic versions of key threat families

15 15 Source: AVSubmit Source: Virus Bulletin CompressEncryptPack ASPack1337ACProtect BeriaAlex ProtectorAntiDote BeRoEXEPackerAnskya NTPackerArm Protector CDS SSAnslym PackerArmadillo CexeArea51 CryptorASProtect DragonArmorARM ProtectorBITLOK EPackAspack ScramblerBJFnt ExE PackAT4RE asm ProtecterCode Virtualizer exe32packaUSCrunch eXPressorAverCryptorDotFix EZIPAZProtectEncryptPE FSGCDSS SSEnigma hmimys-PackerCelsius CryptExcalibur JDPackCode CrypterExe Wrapper JExeCompressorCodeCryptEXECryptor JexePackCrypticExeShield KBySCRYPToCRACk ProtectorGHF Protector kkrunchyCrypTOXGPcH Protect MEWCryptXHide&Protect MKFPackDaemon CryptID Application Protector mpackDarkCryptJDProtect MPRESSDrony Application ProtectKrypton MZ0oPEDropper CreatorNiceProtect NakedPackerDual EncryptorNTkrnl Packer NeoLiteEP ProtectorNTkrnl Protector netshrinkEscargotObsidium nPackExe GuarderORiEN NSAntiEXE StealthPC Guard NSPackExeSaxPE-Armor NTPackerExeShield DeluxePE-Lock Pack MasterFake NinjaPE-PROTECT PackmanfEaRz CrypterPE-SHiELD PCShrinkFly-CrypterPECRYPT32 PE DiminisherFrench LayorPELock PE-PACKGoat PE MutilatorPELOCKnt PECompactICryptPeP PetiteLameCrpytPESpin PeXMaskPEPowerProtect PKLite32MinkePowerShield PolyBoxMoleBoxPrivate exe Protector PolyEnEMorphinePUNiSHER Private Personal PackerMorphnahSDProtector Pro RejoiceMoruk Crew CrypterSoftDefender RLPackMR UndetectableST Protector RoguePackMSLRHSVKP SecuPacknckleytElock SimplePackNCPHThemida SkD Undetectabler ProNFOTTProtect Software CompressNMEVisual Protect SylmNoodleCryptVMProtect UndetectorNSPack ScramblerVProtector UPackOpen CrypterXProtector UPXPackItBitchZprotect VPackerPE NINJA VXPackPE-Encrypter WWPack32PE-Hide XCompPECrypt YZPackPEncrypt Source: http://en.wikipedia.org/wiki/Executable_compression#List_of_packers

16

17

18 Demo Packed malware

19 Social engineering

20 20

21 21

22 22 Trustworthy Computing Prevalent adware Zwangi Hotbar ClickPotato

23 23

24 24

25 25

26 Rogue Security Software Demo

27 Outfoxing the fox

28

29

30

31

32 Automation Firewall & Configuration Management Browser Protection Heuristics Conventional (Signature Based) Antimalware Behavior Monitoring BigData and Cloud Protection Service BigData and Cloud Protection Service Malware Research & Response Anti-Rootkit Network Intrusion Protection Static Analysis Dynamic Analysis Classification Signing

33 BigData and Cloud Based Detection

34 Protect your environment 34

35 Breakout Sessions SIA202 | Microsoft Trustworthy Computing Cloud Security, Privacy, and Reliability in a NutshellMGT310 | Microsoft System Center 2012 Endpoint Protection Overview SIA203 | Security Experts Panel Discussion: (BYOD + Hactivism) = Gen Y Hacker MGT311 | Microsoft System Center 2012 Configuration Manager Deployment and Infrastructure Technical Overview MGT312 | Deep Application Management with Microsoft System Center 2012 Configuration Manager MGT318 | Patch and Settings Management in Microsoft System Center 2012 Configuration Manager

36 www.microsoft.com/twc www.microsoft.com/security www.microsoft.com/privacy www.microsoft.com/reliability

37 Connect. Share. Discuss. http://northamerica.msteched.com Learning Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet Resources for Developers http://microsoft.com/msdn

38 Required Slide Complete an evaluation on CommNet and enter to win!

39 Scan the Tag to evaluate this session now on myTechEd Mobile

40

41

42 42 0%

43 43

44 44

45 45

46

Download ppt "Antimalware Smackdown Name: Frank Simorjay Title: TwC Sr. Product Manager Microsoft Corporation Name: Scott Wu Title: MMPC Technical Program Manager Microsoft."

Similar presentations

Microsoft Exchange Server 2010 SP2 Tips & Tricks Scott Schnoll Principal Technical Writer Microsoft Corporation EXL305_R.

Microsoft Exchange Server 2010 SP2 Tips & Tricks Scott Schnoll Principal Technical Writer Microsoft Corporation EXL305_R.
What's New in Microsoft Deployment Toolkit 2012 Michael Niehaus Senior Program Manager Microsoft Corporation.

What's New in Microsoft Deployment Toolkit 2012 Michael Niehaus Senior Program Manager Microsoft Corporation.
Windows Intune: Cloud Based PC Management (Technical Overview) Elias Mereb Erdal Ozkaya MVP – Windows Expert-IT Pro WideTech Consulting FastLane – AP.

Windows Intune: Cloud Based PC Management (Technical Overview) Elias Mereb Erdal Ozkaya MVP – Windows Expert-IT Pro WideTech Consulting FastLane – AP.
Troubleshooting Windows 7 Deployments Michael Niehaus Senior Program Manager Microsoft Corporation.

Troubleshooting Windows 7 Deployments Michael Niehaus Senior Program Manager Microsoft Corporation.
Sysinternals Primer: Gems Aaron Margosis Principal Consultant Microsoft Corporation SIA311.

Sysinternals Primer: Gems Aaron Margosis Principal Consultant Microsoft Corporation SIA311.
Customizing the User State Migration Tool Michael Niehaus Senior Program Manager Microsoft Corporation WCL322.

Customizing the User State Migration Tool Michael Niehaus Senior Program Manager Microsoft Corporation WCL322.
Windows Defender Next Generation Anti-malware

Windows Defender Next Generation Anti-malware
Business Intelligence in Microsoft Office and SharePoint 2010 Seayoung Rhee Product Marketing Manager Microsoft Corporation OSP201.

Business Intelligence in Microsoft Office and SharePoint 2010 Seayoung Rhee Product Marketing Manager Microsoft Corporation OSP201.
Designing a Private Cloud Infrastructure for Microsoft SQL Server: Financial Services Case Study Ross Mistry Principal Enterprise Architect Microsoft Corporation:

Designing a Private Cloud Infrastructure for Microsoft SQL Server: Financial Services Case Study Ross Mistry Principal Enterprise Architect Microsoft Corporation:
Dev-Ops Best Practices on the Microsoft Stack Victor Mushkatin Group Program Manager Microsoft Corporation DEV363.

Dev-Ops Best Practices on the Microsoft Stack Victor Mushkatin Group Program Manager Microsoft Corporation DEV363.
Inside Windows Azure Virtual Machines Vijay Rajagopalan Microsoft Corporation.

Inside Windows Azure Virtual Machines Vijay Rajagopalan Microsoft Corporation.
WCL209. GA3/23GA3/23 Manage & Secure PCs Anywhere All you need is an internet connection The Best Windows Experience Standardize your OS on the latest.

WCL209. GA3/23GA3/23 Manage & Secure PCs Anywhere All you need is an internet connection The Best Windows Experience Standardize your OS on the latest.
The Busy Developer’s Guide to Virtualization Brian A. Randell Senior Consultant MCW Technologies AAP301.

The Busy Developer’s Guide to Virtualization Brian A. Randell Senior Consultant MCW Technologies AAP301.
Visual Studio Tips & Tricks Dustin Campbell Microsoft Corporation Scott Cate EventDay.com DEV319.

Visual Studio Tips & Tricks Dustin Campbell Microsoft Corporation Scott Cate EventDay.com DEV319.
Delivering KPIs with Microsoft SQL Server Analysis Services

Delivering KPIs with Microsoft SQL Server Analysis Services
Making the most of Search in Microsoft SharePoint Online Corey Roth Applications Architect Infusion OSP338.

Making the most of Search in Microsoft SharePoint Online Corey Roth Applications Architect Infusion OSP338.
4/19/2017 7:47 PM DBI311 Microsoft SQL Server Data Tools: Database Development from Zero to Sixty Gert Drapers (@DataDude) Principal Group Program Manager.

4/19/2017 7:47 PM DBI311 Microsoft SQL Server Data Tools: Database Development from Zero to Sixty Gert Drapers Principal Group Program Manager.
Rob Hwacinski Sr. Program Manager Lead Microsoft Corporation WEM206 Ashwin Kulkarni Sr. Product Manager Microsoft Corporation.

Rob Hwacinski Sr. Program Manager Lead Microsoft Corporation WEM206 Ashwin Kulkarni Sr. Product Manager Microsoft Corporation.
Configuring Kerberos for Microsoft SharePoint 2010 BI in 7 Steps (SQL Server 2012) Chuck Heinzelman Senior Program Manager – BPD CX Microsoft Corporation.

Configuring Kerberos for Microsoft SharePoint 2010 BI in 7 Steps (SQL Server 2012) Chuck Heinzelman Senior Program Manager – BPD CX Microsoft Corporation.
Enabling Disaster Recovery for Hyper-V Workloads Using Hyper-V Replica Shreesh Dubey Principal Group Program Manager Microsoft Corporation VIR302.

Enabling Disaster Recovery for Hyper-V Workloads Using Hyper-V Replica Shreesh Dubey Principal Group Program Manager Microsoft Corporation VIR302.

Similar presentations

Ads by Google