Press Center

Malware and antivirus software

News

Interview with ESET CTO Palo Luka

Created: 2015-12-30 04:22:49

Protecting the Security Solutions

Security software protects us – but how does it fare in self-protection?

 

AV-TEST, an independent institute specializing in testing Antivirus solutions and security software has published the results of its self-test of security solutions. The testing looked at how security vendors protect their solutions from possible exploitation via security gaps in the code. More precisely, it scrutinized whether ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) technologies are enabled. These technologies are based on open-source security mechanisms and are generally recommended as part of standard protection for software (for detailed technical description, see the Box below). In its historically first test in 2014, the only product that has achieved 100% success rate came from ESET. The following year, in 2015, ESET has defended this record. So what does all this mean for the end-users? We asked Palo Luka, ESET’s CTO.

 

Does security software have to be more secure than other applications?

 

That almost goes without saying – and it is not only because some security applications run on millions of computers, which in-and-of-itself makes them an interesting target. The main reason is that security apps by definition operate with a high level of privileges, and come into contact with unknown or suspicious content. So you have to really devote a lot of time to ensuring a high level of protection. For us at ESET, we take every opportunity to boost the security of our applications ‒ including by employing ASLR and DEP technologies, which were the subject of the AV-TEST.

 

How important are these technologies?

 

They are important tools for boosting the security of applications. Simply put, these methods when properly executed significantly limit the possibility that software gets exploited via security holes in applications. At the same time, it has to be said that this is not a silver bullet ‒ we are seeing more and more attacks trying a range of techniques to circumvent ASLR or DEP defenses.

 

Should security software users be concerned whether their manufacturer employs ASLR and DEP?

 

They should definitely ask this question. Using these technologies has become a standard (or it should). Of course, there are also other methods to strengthen the security of applications against exploitation, and the good news is that all of them play nice with ASLR and DEP. All the more reason to use them.

 

Some security software manufacturers not using ASLR and DEP, claim that some 3rd party file libraries don’t use them either...

 

This makes some sense, but it does not make for a convincing argument, as DEP was introduced to the kernel inside the Windows OS ten years ago, and ASLR followed shortly after that.

 

...or that individual files work with proprietary technologies, which themselves are not compatible with ASLR and DEP...

 

We should exercise some caution in making such claims, as this would imply that the software is written in a way that does not allow for implementing standard security methods. Sure, there could be some modern ways of securing it, but I suspect they are the remnants of old programming techniques. So I would strongly advise against this.

 

Other arguments follow that files that are not protected with ASLR and DEP are no longer actively used, and thus do not represent a risk.

 

That also makes some sense, until we ask why such files still part of the application are in the first place. Frankly, I’d avoid making this type of arguments, because it is admitting that the software is cluttered with historical relics, which then does not reflect well on its maker.

 

...and finally they say their software employs other methods of protection, such as CFI - Control Flow Integrity or sandboxing.

 

Yes, these are some of the more advanced protection techniques out there and I fully recommend using them, but only as a complement to, and not a replacement for standard methods. I actually think that using ASLR and DEP technologies should not be an option, but a requirement.

 

In 2014 ESET was the only manufacturer to get 100% in the self-protection test, and this year it was joined by 5 additional vendors. What are your thoughts on this?

 

I don’t want to speculate about the motivations − whether other manufacturers secure their applications for the benefit of their customers or just to look good in tests. For us at ESET, good test showings are only a welcome side effect of giving our customers the best service we can, including the best possible protection.

 

     
 

Protecting the security solutions

Malware tries to disable security solutions by blocking them. Employing protection technologies, such as DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) lowers the risk of attack, while increasing the overall level of protection of a program.

ASLR or Address Space Layout Randomization stands for a shuffling of memory sectors, making it more difficult to exploit security gaps in computer systems. Using ASLR, stack addresses are randomly allocated to applications. This is intended to prevent, or at least impede, attacks via a buffer overflow.

DEP or Data Execution Prevention is also referred to as NX-Bit (No eXecute). The protection is already based on the hardware. Chip producers AMD and Intel have already been implementing this technology for more than 10 years under the proprietary names of EVP and XD-Bit in all their processors. It is intended to prevent programs from executing random data as programs and thus launching malicious code in this manner.

Source: https://www.av-test.org

 
     

 

 


 

About ESET
ESET®, the pioneer of proactive protection and the maker of the award-winning ESET NOD32® technology, is a global provider of security solutions for businesses and consumers. For over 26 years, the Company continues to lead the industry in proactive threat detection. By obtaining the 80th VB100 award in June 2013, ESET NOD32 technology holds the record number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. In addition, ESET NOD32 technology holds the longest consecutive string of the VB100 awards of any AV vendor. ESET has also received a number of accolades from AV-Comparatives, AV-TEST and other testing organisations and reviews. ESET NOD32® Antivirus, ESET Smart Security®, ESET Cyber Security® (solution for Mac), ESET® Mobile Security and IT Security for Business are trusted by millions of global users and are among the most recommended security solutions in the world.

ESET recently updated its two-factor authentication (2FA) application, adding a secure validation to weak and static user passwords. This updated version of ESET’s 2FA application provides flexibility and deeper integration of 2FA into bespoke applications, making it the best cost-effective solutions for SMBs everywhere.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Jena (Germany), Prague (Czech Republic) and Sao Paulo (Brazil). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia) and an extensive partner network for more than 180 countries. For more information visit www.eset.sg or follow us on Facebook and Twitter.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. Headquartered in Hong Kong, the Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Version 2 Singapore Pte Ltd is the local office of Version 2 Limited.
For more information, please visit www.version-2.com.sg or call (65) 6296-4268.

Why ESET?

ESET has over 25 years' experience of helping people to Enjoy Safer Technology. Our software is light on hardware, but hard on malware.

Our Technology

ESET’s award-winning NOD32® Antivirus technology is at the cutting edge of digital security. It’s updated daily to keep you secure.

Free Support

Enjoy your free, industry-leading customer support locally. For technical, sales and marketing enquires dial +65 6296 4268.