Verdasys Promotes Anti-Malware Software
by Blight Crusader
Breaking news on more than one internet security blog is the announcement from Verdasys of their new anti-malware software. But upon examination, their scheme isn’t as all-encompassing as they would like the world to believe.
The concept that Verdasys has engineered is an interesting one, to be sure. While corporations can protect their end of an internet transaction from fraud, they cannot assume that the customer’s computer on the other end of such a transaction is free of malware which could steal passwords, logins, or financial data before it is even transmitted to them. Hence, their scheme of installing software on the customer’s computer which would preclude such malware from grabbing this data, by virtue of operating at a lower level on the customer’s computer than the malware itself. This would mean locking out access to such data before the malware is even aware of it.
This sounds like an interesting scheme, until the details are fully examined. From a typical blog posting about Verdasys, an overview of the process:
…the only sure way to protect sensitive data—say, when a bank’s customers are online, managing their accounts—is to assume that their computers are compromised, and keep the data out of malware’s reach.
That’s the strategy behind SiteTrust, a new service that Verdasys is launching today for banks, brokerages, and other big companies that serve customers over the Internet—and that are legally liable for losses from online fraud. A privately backed company founded in 2003, Verdasys has served many of these same companies for years with a product called Digital Guardian that keeps sensitive data from slipping outside a company’s walls. SiteTrust is its first foray into the consumer world.
“The leading anti-virus products today are only about 50 percent effective against the current crop of malware, let alone against some of the newer techniques that do a much better job of hiding themselves,” says Bill Ledingham, Verdasys’s new CTO. “A lot of our online-broker customers, given the losses they are encountering, need a new approach. Given that malware is already resident, how do we insert ourselves and protect just the transaction that is happening between the customer and the corporate website?”
In theory, it’s easy to secure the data passing between a user’s Web browsers and a corporate server by encrypting it using established standards such as SSL. But this technique doesn’t work if the user’s PC is infected with malware that’s peeking at the data before it gets encrypted—for example, when a user is typing a password.
The first drawback of the software they’re promoting is that it’s available only on Windows-based systems — although they do say they’re working on Mac and Unix versions as well. Their spokesman goes on to state:
Ledingham says that since only the originating company’s Web servers have the keys needed to decrypt the data, the SiteTrust technology protects against all sorts of attacks, including keyloggers, unauthorized screen captures, code injection attacks, so-called “man in the browser” and “man in the middle” attacks, and phishing and website spoofing. In studies funded by Verdasys, two independent security consulting firms found that this approach was “100 percent effective against all known malware threats,” in the words of a company statement.
The biggest drawback to their scheme, however, is that it requires every user to install software on their home computers before using any other services. This is not exactly a proven method of assuring security, as MIT’s Technology Review points out:
SiteTrust bypasses malware because it is essentially a rootkit–a program designed to bury itself deep in a user’s operating system, where it can take fundamental control of most of the software running on the machine. The idea, Ledingham says, is that SiteTrust will burrow down to a lower level than any malware on the system. Verdasys has put a lot of research into ensuring that SiteTrust does just that, Ledingham says, but he acknowledges that if the tool becomes successful, online criminals will probably focus on finding ways to go even deeper. He says that Verdasys plans to keep improving the tool, hoping to stay a step ahead of attackers.
So we’ll just have to assume that it’s a work in progress…
Tags: anti-malware, malware, rootkit, verdasys
