Download presentation
Presentation is loading. Please wait.
Published byAlexia Hunt Modified over 9 years ago
1
Antimalware Smackdown Name: Frank Simorjay Title: TwC Sr. Product Manager Microsoft Corporation Name: Scott Wu Title: MMPC Technical Program Manager Microsoft Corporation SIA308
2
Welcome What is the biggest security threat you currently face? Expert security scale where are you on the scale today?
3
Agenda Threat Landscape Antimalware Technologies and Services Demos
6
Enabler Threats Industry Microsoft Mass Mailers via Office OS & SW Design Abuse Mass Browser Adoption Exploits & Social Engineering 6
7
Enabler Threats Industry Microsoft Mass Mailers via Office OS & SW Design Abuse Mass Browser Adoption Exploits & Social Engineering 7 Social Media and Cloud Computing 2011 and beyond Rogues Botnet M&A Cloud based attacks Cross platforms
8
8 Industry-wide vulnerability disclosures
9
Vulnerability disclosures
10
10 Google Enterprise Linux Apple Microsoft Adobe Oracle
11
Unique computers
13
13
14
2002 typical signature files were < 1 MB 2012 signature files range to > 100 MB (uncompressed) In 2011 Microsoft added more than 22,000 signatures to detect key threat families In 2011, more than 49,000 different unique threat families were reported to the MMPC from customers 14 Percentage increase in the number of files submitted to the MMPC since 2005 Many of these reported families were variations, polymorphic versions of key threat families
15
15 Source: AVSubmit Source: Virus Bulletin CompressEncryptPack ASPack1337ACProtect BeriaAlex ProtectorAntiDote BeRoEXEPackerAnskya NTPackerArm Protector CDS SSAnslym PackerArmadillo CexeArea51 CryptorASProtect DragonArmorARM ProtectorBITLOK EPackAspack ScramblerBJFnt ExE PackAT4RE asm ProtecterCode Virtualizer exe32packaUSCrunch eXPressorAverCryptorDotFix EZIPAZProtectEncryptPE FSGCDSS SSEnigma hmimys-PackerCelsius CryptExcalibur JDPackCode CrypterExe Wrapper JExeCompressorCodeCryptEXECryptor JexePackCrypticExeShield KBySCRYPToCRACk ProtectorGHF Protector kkrunchyCrypTOXGPcH Protect MEWCryptXHide&Protect MKFPackDaemon CryptID Application Protector mpackDarkCryptJDProtect MPRESSDrony Application ProtectKrypton MZ0oPEDropper CreatorNiceProtect NakedPackerDual EncryptorNTkrnl Packer NeoLiteEP ProtectorNTkrnl Protector netshrinkEscargotObsidium nPackExe GuarderORiEN NSAntiEXE StealthPC Guard NSPackExeSaxPE-Armor NTPackerExeShield DeluxePE-Lock Pack MasterFake NinjaPE-PROTECT PackmanfEaRz CrypterPE-SHiELD PCShrinkFly-CrypterPECRYPT32 PE DiminisherFrench LayorPELock PE-PACKGoat PE MutilatorPELOCKnt PECompactICryptPeP PetiteLameCrpytPESpin PeXMaskPEPowerProtect PKLite32MinkePowerShield PolyBoxMoleBoxPrivate exe Protector PolyEnEMorphinePUNiSHER Private Personal PackerMorphnahSDProtector Pro RejoiceMoruk Crew CrypterSoftDefender RLPackMR UndetectableST Protector RoguePackMSLRHSVKP SecuPacknckleytElock SimplePackNCPHThemida SkD Undetectabler ProNFOTTProtect Software CompressNMEVisual Protect SylmNoodleCryptVMProtect UndetectorNSPack ScramblerVProtector UPackOpen CrypterXProtector UPXPackItBitchZprotect VPackerPE NINJA VXPackPE-Encrypter WWPack32PE-Hide XCompPECrypt YZPackPEncrypt Source: http://en.wikipedia.org/wiki/Executable_compression#List_of_packers
18
Demo Packed malware
19
Social engineering
20
20
21
21
22
22 Trustworthy Computing Prevalent adware Zwangi Hotbar ClickPotato
23
23
24
24
25
25
26
Rogue Security Software Demo
27
Outfoxing the fox
32
Automation Firewall & Configuration Management Browser Protection Heuristics Conventional (Signature Based) Antimalware Behavior Monitoring BigData and Cloud Protection Service BigData and Cloud Protection Service Malware Research & Response Anti-Rootkit Network Intrusion Protection Static Analysis Dynamic Analysis Classification Signing
33
BigData and Cloud Based Detection
34
Protect your environment 34
35
Breakout Sessions SIA202 | Microsoft Trustworthy Computing Cloud Security, Privacy, and Reliability in a NutshellMGT310 | Microsoft System Center 2012 Endpoint Protection Overview SIA203 | Security Experts Panel Discussion: (BYOD + Hactivism) = Gen Y Hacker MGT311 | Microsoft System Center 2012 Configuration Manager Deployment and Infrastructure Technical Overview MGT312 | Deep Application Management with Microsoft System Center 2012 Configuration Manager MGT318 | Patch and Settings Management in Microsoft System Center 2012 Configuration Manager
36
www.microsoft.com/twc www.microsoft.com/security www.microsoft.com/privacy www.microsoft.com/reliability
37
Connect. Share. Discuss. http://northamerica.msteched.com Learning Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet Resources for Developers http://microsoft.com/msdn
38
Required Slide Complete an evaluation on CommNet and enter to win!
39
Scan the Tag to evaluate this session now on myTechEd Mobile
42
42 0%
43
43
44
44
45
45
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.