For, by Andrew Lee, CTO, ESET, LLC
Anti-virus products were originally developed as "best-of-breed" security solutions that were specialized to focus primarily on traditional viruses. As new threats emerged, user demand drove vendors to incorporate more diverse capabilities that increased protection while minimizing maintenance.
As the internet matures, the wide range and increased sophistication of attacks has fueled the need for innovative security solutions. Networks today must fend off blended threats where viruses, trojans, adware, spyware, backdoors and bots are all integrated. Solutions that focus on just one component of an attack severely limit the ability to protect the network.
In addition to holistic protection, a unified, anti-threat solution saves IT administrators the cost and hassle of acquiring, deploying and managing multiple endpoint products. Detection for all aspects of a threat can be addressed with one consolidated update while preserving system resources -- thereby lowering an organization's total cost of ownership.
Against, by Vinay Goel
Very few large and medium sized companies use the same vendor for firewalls, anti-virus and anti-spam, the traditional pillars of enterprise security defenses. The savings associated with unified suites of larger providers cannot compensate for the middle-of-the-road protection their products offer. Compromised security impacts enterprise brands, customer confidence, compliance initiatives, shareholder value and management bandwidth.
Best-of-breed technologies provide the highest quality of protection, in-depth features and granular functionality. Best-of-breed solutions offer the quickest response time to new threats, more focused support resources, and integration flexibility with third-party products that are essential to security professionals building a multi-vendor layered security approach. Hackers, spyware developers, virus and other malware writers are working furiously to circumvent traditional enterprise security systems. Best-of-breed companies have dedicated resources and state-of-the-art technologies that are geared to staying ahead of these emerging threats.
THREAT OF THE MONTH: Perl Scripts
What is it?
Format string vulnerabilities are a result of poor programming techniques, which give an attacker the opportunity to directly manipulate the stack of a vulnerable program. Recent research has shown that the Perl language does not offer sufficient protection against format string attacks.
How does it work?
The vulnerability stems from poor use of the printf and sprintf functions or other functions which allow format strings. Each format string is used by Perl as a single value to pop from the program's stack. If the stack becomes corrupted, the program may crash or allow code supplied by the attacker to run.
Should I be worried?
If your enterprise depends on Perl scripts, which remote users can interact with, there is a possibility that any script may contain such a bug.
How can I prevent it?
Perl has a "taint-checking" mode that can prevent many problems associated with allowing unchecked user input to affect the operation of system resources. However, this still does not fully protect against format string attacks. Organizations should audit the use of printf/sprintf or general format string usage in any Perl-based applications that remote users may have access to.
-Joe Stewart, senior security researcher, LURHQ