#1 – Agentless is not really agentless While it’s true that with agentless products you don’t install the vendor’s components on the endpoint itself, the vendor’s server still utilizes existing OS functionality and built-in “agent” to perform the security tasks that are usually implemented in a dedicated agent. This means that the endpoint’s resources are Read more about Endpoint protection & misconceptions[…]
In our last two posts we’ve shown how vendors like Symantec and Microsoft (among others) miss detecting threats due to the nature of how their engines operate. So how do malware authors know if an environment is safe for them to attack or not? There are plenty of indicators about a system that they check Read more about Tricks used by malware authors to protect their malicious code from detection[…]
Symantec’s Endpoint Protection is not the only Anti-malware engine that has issues related to detection, as we stated before. We have found issues with Microsoft’s Windows Defender engine, which is integrated into Windows since Vista. Test-case: Microsoft Windows Defender Let’s look at Windows Defender and cases where it missed detecting potential threats. Malicious macros In Read more about Deceptive Bytes found detection issues in Microsoft’s Windows Defender[…]
In previous posts we explained that traditional Anti-malware software is not working anymore and we gave tips on how to improve your security with non-security tools. But why is your Anti-malware not enough? One of the reasons is that it doesn’t handle changes too well (which is commonplace knowledge among security experts). Background Malware uses Read more about Deceptive Bytes found detection issues in Symantec Endpoint Protection[…]
It’s been a while since we posted but we’ve been very busy presenting at CyberTech’s pavilion, meeting Gartner’s Avivah Litan, interviewing with accelerators and much more. We’re happy to officially announce that Deceptive Bytes was selected and is currently participating in CyLon accelerator’s fifth cohort. Different online media sources like Private Equity Wire, Tech City Read more about Deceptive Bytes is participating in CyLon accelerator[…]
Background Code injection is the exploiting of a bug or a system’s design in order to change the behavior of a process, a website or a system. Malware authors usually exploits such bugs in order to infect computers and devices, install malicious viruses and perform different tasks like stealing user’s passwords and banking information, spying Read more about Mozilla Firefox vulnerable to injection via Gecko configuration file[…]
In my previous post, I wrote that Anti-malware signatures are dead. Just days after, Check Point published on their blog that it’s estimated that nowadays traditional antivirus software detect between 20%-40% of malware, a decline from 2014, when a Symantec’s VP estimated the number at 45%, calling Antivirus software “dead”. Your Firewall and other similar Read more about Hello new and innovative security technologies[…]
Anti-malware signatures departure is imminent. For several years traditional antivirus companies are a few steps behind malware authors, unable to cover the millions of malwares created yearly. For example, check the latest posts and hashes at Malware Traffic Analysis with VirusTotal. Often, many engines may not recognize new threats, even from known malware families and Read more about Goodbye Anti-malware Signatures[…]