21. March 2010 · Comments Off on Vulnerability-based Signatures Are Needed To Defend Against Operation Aurora Variations · Categories: Malware · Tags: , , ,

NSS Labs recently tested seven anti-malware products against the actual and variations of the Operation Aurora attack which was successful against Google, Adobe, and as many as 100 other companies. Six out of seven were successful against the specific attack, but only one provided protection against the variations.

NSS Labs points out that only "vulnerability-based" protection can protect against variations of a specific attack. Here are their key findings:

  • Endpoint security products need to focus more on vulnerability protection. Rather than reactively blocking individual attacks, security product vendors should minimize their customers' risk of exposure by insulating them from the vulnerability.
  • An approach based on preventing specific exploits or malware is less desirable due to the reactive nature of identifying exploits and malicious payloads, as well as the nearly infinite methods to evade detection. Only one of the seven endpoint security products tested demonstrated a focus on the vulnerability and blocked more than one exploit variant.

The report provides a comprehensive description of the vulnerability, the Operation Aurora attack, and specific descriptions of exploit-based vs. vulnerability-based signatures.

Click here to read the whole report and find out which vendor has vulnerability-based signature(s) that were able to cope with Operation Aurora variations.