Zero-Day Malware Attacks You Can't Block
Members of another class of security products try to resist new threats by changing the user's computing environment to limit damage from a successful invasion. Some (like GreenBorder Pro) create a "sandbox," or virtually walled-off environment, for frequently targeted programs such as Web browsers and e-mail clients. An attack might break through IE, for instance, but any attempt to install spyware or make other malicious changes would not escape the sandbox.
Other programs, in lieu of creating a virtual environment, modify users' rights so as to remove an application's ability to make deep system changes. This category of utility includes the free DropMyRights applet from Microsoft.
Still other types of programs, such as the free VMWare Player, install a distinct, encapsulated operating system that includes its own browser. The cordoned-off browser is completely detached from your regular computing environment. For more information on all these types of damage-mitigation security programs, see Erik Larkin's "Disarm Net Threats."
Windows Vista introduces several security updates that work along some of the same lines. But no one thinks software vulnerabilities or zero-day exploits are going to disappear. Unfortunately, the established black market for stolen data and unwitting spam-senders all but guarantees that criminals will continue to find ways to profit from malware misery.
Nevertheless, David Perry, global director of education for Trend Micro, remains cautiously optimistic about the future state of Internet safety. "I believe eventually we will get the Web to the point where threats are just a nuisance," he says. "But that isn't coming this year."
Focused Doc Strike
May 21, 2006: Targeted attacks are launched from Taiwan and China, exploiting a Microsoft Word bug (one of many zero-day Office flaws reported during 2006), to strike an unnamed company. According to the Internet Storm Center, the attacks mimic an internal company e-mail, increasing the odds that an unsuspecting employee will open a poisoned attachment.