CoreTrace's Application Whitelisting Solution Stops 100 Percent of Computer Viruses During DEFCON 16 "Race-to-Zero" Competition.BOUNCER Submitted As Single Whitelisting Application and Outshines Traditional Antivirus Products AUSTIN, Texas -- CoreTrace, a provider of Application Whitelisting solutions, announced today the results of the "Race-to-Zero" contest held at DEFCON DEFCON Defense Readiness Condition DEFCON Defense Condition DEFCON Define Constant (mathematics) DEFCON Defence Contract Condition 16 in Las Vegas Las Vegas (läs vā`gəs), city (1990 pop. 258,295), seat of Clark co., S Nev.; inc. 1911. It is the largest city in Nevada and the center of one of the fastest-growing urban areas in the United States. , Nevada. "Race-to-Zero" contestants were asked to pass various exploits through antivirus engines without detection. CoreTrace's BOUNCER, the only application whitelisting product utilized in the event, was the single-most successful solution for stopping the malware (MALicious softWARE) Software designed to destroy, aggravate and otherwise make life unhappy. See crimeware, virus, worm, logic bomb, macro virus and Trojan. . CoreTrace's BOUNCER stopped 100 percent of the entered viruses while traditional blacklist-based antivirus solutions detected an average of 60 percent. "Race-to-Zero" contestants, consisting of both teams and individuals, were asked to pass malicious software and application exploits, remaining undetected, through various antivirus products from companies like McAfee, Trend Micro, Kaspersky and Sophos. The contest utilized ten well-known viruses, some of which have been in the wild for more than a decade. The first contestant to bypass all antivirus engines won that round. Within the "Race-To-Zero" contest, there were several rounds, each increasing in complexity as the contest progressed. The winning team was a group of researchers from Mandiant (www.mandiant.com) that went by the name of chicagostreetsweepers. chicagostreetsweepers bypassed all the blacklist-based antivirus engines with valid samples in just over six hours. Another team, retem, completed the contest in a little over two hours. Some of their samples were considered "invalid but cleverly out-of-the-box" by the contest organizers. Overall, the average detection rate of the antivirus engines was 60 percent. For some of the attacks like Netsky.P and MS07-014, the average plummeted to 15-20 percent. Among the blacklist-based solutions, McAfee had the best overall detection at 90 percent, but still only detected 24 percent and 13 percent of Netsky.P and MS07-014 variants, respectively. In contrast to the blacklist-based antivirus engines, CoreTrace's application whitelisting solution, BOUNCER, prevented 100 percent of the viruses from executing. "After the blacklist-focused contest was completed, we ran the samples through CoreTrace's whitelisting solution, BOUNCER," said "Race-to-Zero" organizer, Simon Howard. "By not allowing any of the samples to execute on the host computer, BOUNCER stopped 100 percent of the viruses. I strongly recommend that companies add application whitelisting solutions like BOUNCER to their arsenal." "The 'Race-To-Zero' contest demonstrates the difficulties traditional antivirus programs Software that searches for known viruses. Also known as a "virus scanner." As new viruses are discovered by the antivirus vendor, their binary patterns are added to a signature database that is downloaded periodically to the user's antivirus program via the Web. have in detecting progressively more complex malware," said Toney Jennings, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of CoreTrace. "In lieu of Instead of; in place of; in substitution of. It does not mean in addition to. blacklisting solutions, many companies are moving toward the next generation of endpoint security, whitelisting, in order to defend their IT networks." For information about DEFCON 16, please visit: www.defcon.org. About CoreTrace CoreTrace is leading the movement to the next-generation of endpoint control solutions. The company develops and sells the most flexible and tamper-proof application whitelisting solution, BOUNCER by CoreTrace[TM]. BOUNCER flips the antivirus model by enforcing a whitelist of good applications rather than relying on a malware blacklist (1) A list of e-mail addresses of known spammers. See spam, spam filter, Blacklist of Internet Advertisers, greylisting and blackholing. Contrast with white list. (2) A list of Web sites that are considered off limits or dangerous. . By only allowing approved applications to execute, BOUNCER stops malware -- even zero-day exploits An attack that takes place immediately after a security vulnerability is announced. If a user discovers a vulnerability, it might wind up on one or two blogs, and the news travels fast. If a software vendor finds it, the tendency is to keep it under wraps until it has a patch to fix it. , rootkits and buffer overflow A common cause of malfunctioning software. If the amount of data written into a buffer exceeds the size of the buffer, the additional data will be written into adjacent areas, which could be buffers, constants, flags or variables. attacks. CoreTrace is a privately held company privately held company A firm whose shares are held within a relatively small circle of owners and are not traded publicly. based in Austin, Texas. For more information about CoreTrace, please visit: www.CoreTrace.com. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion