Comments on: BLADE: Hacking Away at Drive-By Downloads

By: BrianKrebs

BrianKrebs — Mon, 11 Oct 2010 21:26:55 +0000

That’s incorrect, Vincent. The whole point of BLADE is to block exploits so that malware cannot be written to the hard drive. It does nothing to remove malware.

As I mentioned to several folks who asked questions, please consider reading the MIT Tech Review article linked to at the top of this story for more on the technical details of how this works.

Like or Dislike: 0 0

By: Vincent

Vincent — Mon, 11 Oct 2010 21:22:20 +0000

Hi Brian,
From the article and the last line it looks like this tool detects and removes malware written to the hard drive. So that means it’s based on definition files and heuristics, similar to AV. Is this correct? Please confirm.

Like or Dislike: 0 0

By: Scott

Scott — Mon, 11 Oct 2010 18:23:39 +0000

There are some tests of AV effectiveness against various sorts of not-strictly-virus malware. For example, av-comparitives does look at things like effectiveness against trojans in their main AV reports: http://www.av-comparatives.org/comparativesreviews/main-tests

Executive summary: no tested product managed to catch 60% of trojans.

Obviously, we need to move beyond pattern-matching alone, and use more heuristic (and other) methods of detection and prevention. How interesting BLADE might be as an additional security layer will depend on the (still unavailable) details, e.g., source code and binary licensing terms.

Like or Dislike: 0 0

By: ISN

ISN — Fri, 16 Jul 2010 20:54:04 +0000

I recommend that you try out Sandboxie. Great for malware analysis

Like or Dislike: 1 0

By: Yep, There’s a Patch for That — Krebs on Security

Yep, There’s a Patch for That — Krebs on Security — Fri, 05 Mar 2010 05:32:59 +0000

[...] software vendors, could well reduce the number of Windows users whose machines get trashed by drive-by downloads, as all of these malicious or hacked sites try to silently install malware by targeting security [...]

Like or Dislike: 0 0

By: M Henri Day

M Henri Day — Thu, 25 Feb 2010 22:56:25 +0000

Joe, you may, as I do, find ShadowServer’s (http://preview.tinyurl.com/yetkdb4 ) statistics of use in dealing with those exaggerated claims. I tend to concentrate on the Virus Monthly Stats rather than with the daily counterparts, in order to average out fluctuations….

Henri

Like or Dislike: 0 0

By: Hacking Guy Social Network - Barestar to Celebrities

Hacking Guy Social Network - Barestar to Celebrities — Thu, 25 Feb 2010 21:18:18 +0000

[...] BLADE: Hacking Away at Drive-By Downloads — Krebs on Security [...]

Like or Dislike: 0 0

By: Joe Gibbons

Joe Gibbons — Thu, 25 Feb 2010 15:32:17 +0000

For the past year, I have seen various industry analyses report the lack of effectiveness of AV products detecting zero-day exploits and new threats generally stating a miss rate of between 30 and 60%.
Every AV provider I deal with states their product has an effectiveness of between 99 -100%.
Is there any information out there that enables me to rank AV products on their ability to deal with zero day exploits and “new” threats

Like or Dislike: 0 0

By: Rick

Rick — Wed, 24 Feb 2010 05:01:37 +0000

http://bit.ly/baamQ7

‘BLADE’s approach is to intercept and impose ‘execution prevention’ of all downloaded content that has not been directly consented to by user-to-browser interaction.’

Yep yep yep! That’s essentially the Apple quarantine idea taken down to kernel level – that seems to be a Good Idea™.

Like or Dislike: 0 0

By: Rick

Rick — Wed, 24 Feb 2010 04:54:28 +0000

BLADE might be released as a ‘free tool’ but the white paper describing how it works is anything but free – they want $25 for an electronic download.

http://bit.ly/cIJI70

Like or Dislike: 0 0