Tuesday, January 6, 2009

Stopping Zero Day Malware

This month the security news was all about a new vulnerability in Microsoft Internet Explorer. Here at ByStorm headquarters we were safe - we're using FileSure to identify and block malware. Of course it's easy - we added one rule to stop writing to executable files to the disk. Woohoo, no more malware! We're using a separate, permitted, user id for downloading program files and adding browser extensions, a bit of extra work but well worth it.

What's really cool is that we're protected against both known and unknown attacks. Antivirus programs are only good against known vulnerabilities - with our "no new executables" rule we're protected against malware that hasn't even been written yet!

I'll post the rule in the forum - try it out!

No comments: