Secure connections could allow viruses to proliferate
By Rene Millman,
The encryption used in email messaging and secure web connections could allow virus writers to easily transmit viruses without being detected, according to a new report.
Researchers at anti-virus company Kaspersky Labs wrote in a report, entitled "Secure connections: how secure are they?", that the term "secure connection" is misleading and gives users a false sense of security as while the connection may be encrypted the data contained within could be harmful to corporate networks and user's computers.
The report said that neither firewalls, intrusion prevention systems nor anti-virus products can protect against viruses carried in a secure connection encrypted using PGP or SSL.
"Standard solutions protect computers against threats present in standard network connections, but aren't able to counter threats present in secure connections," said the report's authors. "Verifying the contents of a secure connection is impossible by virtue of its secure nature."
The researchers said that as a result, malicious data within secure channels can cause a significant amount of damage, and sometimes more than if it were to be transmitted via a standard, non-secure connection.
The researchers gave one example of webmail that offer access via a secure connection. If a virus writer sends a malicious payload to a victim, neither the webmail's anti-virus, which hasn't been updated nor will an anti-virus product on the victim's computer detect the virus as it will be encrypted in transmission. This would result in the victim's email database being deleted as it is often impossible to disinfect it.
The researcher said that users accessing secure web servers carrying a virus on a web page would not be able to detect a virus with their anti-virus product would not be able to read the encrypted data.
"Special methods have to be used in order to provide total protection against network threats," said the authors. "Another solution found by anti-virus manufacturers involves traffic verification."
You may also like...
You may also like...
advertisement
Latest Security Features
Are you ready for PCI compliance?
Davey Winder takes a closer look at the financial transaction security standard and what you need to do to get certified.
- Why has Intel bought McAfee?
- The Pirate Bay: the state of play
- The Orwellian Nightmare: Version 2.0
- Inside the mind of a social engineer
- The trials and tribulations of social networking
- NO2ID on fighting the database state
- Building a better password
- Q&A: George Kurtz, CTO, McAfee
- Is mobile malware really a risk?
Latest Security Reviews
Kaspersky Internet Security 2011 review
Rating: 
- G Data Software EndpointProtection Business review
- eSoft InstaGate 806 review
- M86 Security Secure Web Gateway 5000 review
- Google Maps Navigation review
- Netgear ProSecure UTM10 review
- ZoneAlarm DataLock review
- SmoothWall Guardian SWG-1208 review
- Symantec Backup Exec 2010 review
- WatchGuard XCS-770 review
advertisement
Most popular
- Samsung Galaxy Tab review: Hands-on first look
- Sony Ericsson Xperia X10 Mini Pro review
- Nokia N8 review: First look
- iOS update coming next week
- HTC Wildfire review
- Head to Head: Office 2010 vs Open Office 3.1
- Samsung Galaxy S review
- Samsung N130 netbook review
- Top 10 tech advert fails
- Orange launches HD calling in UK
Latest News Videos in Security
Video: Why security is everybody's responsibility
PlayRik Ferguson, senior security advisor at Trend Micro says it's up to all of us to make security work.
Whitepapers
Want more background on today's hottest IT trends?
Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
