14 Dec 2013
Firms Eliminate Embedded Code To Foil Targeted Attacks
Security firms have typically taken one of two approaches to protecting their customers: detect bad code and block it, or validate wanted applications and allow them to run.
Yet determining whether a file, script, or executable binary is malicious is not an easy task, and often defensive technologies have missed the more subtle or sophisticated attacks that insert exploit code as part of a common file format, such as Office or portable document format (PDF) files. While some companies banned scripts as a way to fend off macro viruses in the late '90s and early 2000s, now security firms are finding ways to sanitize common file formats, removing or modifying executable code within the files to stymie attackers.
|My System Specs || |