The annual conference of the Association of Anti Virus Asia Researchers, “AVAR 2010,” was held last November 17–19, 2010 in Bali, Indonesia. More than 30 papers were presented covering the latest threat landscape updates, the roles of governments in information security, mobile malware, testing methodologies, malware sample handling, polymorphic malware detection, sandboxing, and other topics of interest to the security industry.
Trend Micro presented on two topics during the conference. Software architect Liang-Seng Koh and I presented “Buckle Up Security Belt When Enjoying Ride on Internet of Things,” which talked about the security challenges in relation to the “Internet of things.” The Internet of things is a concept that refers to the idea of ordinary objects being wirelessly interconnected via technologies like radio frequency identification (RFID) tags and near field communication (NFC).
I talked about the opportunities and challenges that these emerging technologies posed and the security challenges that would accompany the said opportunities. To effectively protect users from the new threats that may take advantage of the Internet of things, we proposed a new security model to take into consideration the concept’s unique characteristics with the use of the power of cloud computing. One aspect of this new model requires outsourcing content security to the cloud. Another is authentication, for which a three-way authentication scheme based on public keys and the existing ISO 9798-2 standard was proposed to serve as the first layer of protection.
The second Trend Micro presentation entitled “Cleanup to Damage Recovery” was presented by senior development manager Zhihe Zhang and staff engineer Xiaodong Huang. It talked about the cleanup challenges associated with malware families that can hijack Windows’ boot sequence. These considerably complicate removal, as cleanup from traditional anti-malware solutions can easily leave the user with a corrupted and an inoperable system.
A potential solution to this can be found in using system backups to restore the system files that have been hijacked by malware. One might think the embedded Windows feature System Restore can be used for such a purpose but it is not flexible enough.
Instead, the presenters proposed a brand new approach for creating intelligent backup and restore system files. A driver was used to monitor modifications made to key system files. The backup module used a heuristic rating algorithm to skip unnecessary backups. A system file repository was used, which held key system files that can be recovered on demand from the cleanup module. A community-based recovery module was also introduced to leverage the wisdom of crowds in this area.