Presentation is loading. Please wait.

Presentation is loading. Please wait.

Antimalware Smackdown Name: Frank Simorjay Title: TwC Sr. Product Manager Microsoft Corporation Name: Scott Wu Title: MMPC Technical Program Manager Microsoft.

Similar presentations


Presentation on theme: "Antimalware Smackdown Name: Frank Simorjay Title: TwC Sr. Product Manager Microsoft Corporation Name: Scott Wu Title: MMPC Technical Program Manager Microsoft."— Presentation transcript:

1 Antimalware Smackdown Name: Frank Simorjay Title: TwC Sr. Product Manager Microsoft Corporation Name: Scott Wu Title: MMPC Technical Program Manager Microsoft Corporation SIA308

2 Welcome What is the biggest security threat you currently face? Expert security scale where are you on the scale today?

3 Agenda Threat Landscape Antimalware Technologies and Services Demos

4

5

6 Enabler Threats Industry Microsoft Mass Mailers via Office OS & SW Design Abuse Mass Browser Adoption Exploits & Social Engineering 6

7 Enabler Threats Industry Microsoft Mass Mailers via Office OS & SW Design Abuse Mass Browser Adoption Exploits & Social Engineering 7 Social Media and Cloud Computing 2011 and beyond Rogues Botnet M&A Cloud based attacks Cross platforms

8 8 Industry-wide vulnerability disclosures

9 Vulnerability disclosures

10 10 Google Enterprise Linux Apple Microsoft Adobe Oracle

11 Unique computers

12

13 13

14 2002 typical signature files were < 1 MB 2012 signature files range to > 100 MB (uncompressed) In 2011 Microsoft added more than 22,000 signatures to detect key threat families In 2011, more than 49,000 different unique threat families were reported to the MMPC from customers 14 Percentage increase in the number of files submitted to the MMPC since 2005 Many of these reported families were variations, polymorphic versions of key threat families

15 15 Source: AVSubmit Source: Virus Bulletin CompressEncryptPack ASPack1337ACProtect BeriaAlex ProtectorAntiDote BeRoEXEPackerAnskya NTPackerArm Protector CDS SSAnslym PackerArmadillo CexeArea51 CryptorASProtect DragonArmorARM ProtectorBITLOK EPackAspack ScramblerBJFnt ExE PackAT4RE asm ProtecterCode Virtualizer exe32packaUSCrunch eXPressorAverCryptorDotFix EZIPAZProtectEncryptPE FSGCDSS SSEnigma hmimys-PackerCelsius CryptExcalibur JDPackCode CrypterExe Wrapper JExeCompressorCodeCryptEXECryptor JexePackCrypticExeShield KBySCRYPToCRACk ProtectorGHF Protector kkrunchyCrypTOXGPcH Protect MEWCryptXHide&Protect MKFPackDaemon CryptID Application Protector mpackDarkCryptJDProtect MPRESSDrony Application ProtectKrypton MZ0oPEDropper CreatorNiceProtect NakedPackerDual EncryptorNTkrnl Packer NeoLiteEP ProtectorNTkrnl Protector netshrinkEscargotObsidium nPackExe GuarderORiEN NSAntiEXE StealthPC Guard NSPackExeSaxPE-Armor NTPackerExeShield DeluxePE-Lock Pack MasterFake NinjaPE-PROTECT PackmanfEaRz CrypterPE-SHiELD PCShrinkFly-CrypterPECRYPT32 PE DiminisherFrench LayorPELock PE-PACKGoat PE MutilatorPELOCKnt PECompactICryptPeP PetiteLameCrpytPESpin PeXMaskPEPowerProtect PKLite32MinkePowerShield PolyBoxMoleBoxPrivate exe Protector PolyEnEMorphinePUNiSHER Private Personal PackerMorphnahSDProtector Pro RejoiceMoruk Crew CrypterSoftDefender RLPackMR UndetectableST Protector RoguePackMSLRHSVKP SecuPacknckleytElock SimplePackNCPHThemida SkD Undetectabler ProNFOTTProtect Software CompressNMEVisual Protect SylmNoodleCryptVMProtect UndetectorNSPack ScramblerVProtector UPackOpen CrypterXProtector UPXPackItBitchZprotect VPackerPE NINJA VXPackPE-Encrypter WWPack32PE-Hide XCompPECrypt YZPackPEncrypt Source: http://en.wikipedia.org/wiki/Executable_compression#List_of_packers

16

17

18 Demo Packed malware

19 Social engineering

20 20

21 21

22 22 Trustworthy Computing Prevalent adware Zwangi Hotbar ClickPotato

23 23

24 24

25 25

26 Rogue Security Software Demo

27 Outfoxing the fox

28

29

30

31

32 Automation Firewall & Configuration Management Browser Protection Heuristics Conventional (Signature Based) Antimalware Behavior Monitoring BigData and Cloud Protection Service BigData and Cloud Protection Service Malware Research & Response Anti-Rootkit Network Intrusion Protection Static Analysis Dynamic Analysis Classification Signing

33 BigData and Cloud Based Detection

34 Protect your environment 34

35 Breakout Sessions SIA202 | Microsoft Trustworthy Computing Cloud Security, Privacy, and Reliability in a NutshellMGT310 | Microsoft System Center 2012 Endpoint Protection Overview SIA203 | Security Experts Panel Discussion: (BYOD + Hactivism) = Gen Y Hacker MGT311 | Microsoft System Center 2012 Configuration Manager Deployment and Infrastructure Technical Overview MGT312 | Deep Application Management with Microsoft System Center 2012 Configuration Manager MGT318 | Patch and Settings Management in Microsoft System Center 2012 Configuration Manager

36 www.microsoft.com/twc www.microsoft.com/security www.microsoft.com/privacy www.microsoft.com/reliability

37 Connect. Share. Discuss. http://northamerica.msteched.com Learning Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet Resources for Developers http://microsoft.com/msdn

38 Required Slide Complete an evaluation on CommNet and enter to win!

39 Scan the Tag to evaluate this session now on myTechEd Mobile

40

41

42 42 0%

43 43

44 44

45 45

46


Download ppt "Antimalware Smackdown Name: Frank Simorjay Title: TwC Sr. Product Manager Microsoft Corporation Name: Scott Wu Title: MMPC Technical Program Manager Microsoft."

Similar presentations


Ads by Google