Security Experts:

Kaspersky To Add Exploit Prevention, SSL Certificate Validation

MOSCOW, Russia – Kaspersky Lab provided a sneak peek and demonstration of the 2013 edition of its Kaspersky Internet Security suite today at the Kaspersky Lab Security Summit 2012 taking place this week in Moscow—just miles away from the company’s headquarters.

In a hyper-competitive market, anti-virus vendors are constantly looking to innovate and design new features and bring performance enhancements in order to gain market share and fend off competition. While Kasperksy Lab has added several new features to its soon-to-be-released flagship Internet security software, two features standout that appear to be Industry firsts in the category.

By far the most important new feature, and one that Kaspersky hopes will help differentiate its newest offering from other competitive products on the market, is a new technology dubbed “Automatic Exploit Prevention.”

This added layer of security will help users defend against targeted attacks, and advanced attacks that may otherwise go undetected by a traditional antivirus scanning engines. The company says that the technology significantly reduces the chances of being infected via web-based malware via drive-by-downloads, or falling victim to a targeted attack.

Kaspersky Security Summit 2012, MoscowAutomatic Exploit Prevention goes beyond traditional signature-based malware detection, a technology that is still important, but one that is increasingly viewed as a commodity, based on the massive growth in malware that makes use of a signature-based approach as a sole protection measure less effective. Kaspersky, which says they detect approximately 125,000 unique malicious software samples each day, says the new exploit prevention technology targets the most sophisticated threats that target vulnerabilities in popular software products such as Adobe Flash, Adobe Reader, and Java.

“The purpose of any exploit is to trigger certain vulnerabilities in software in order to launch various types of malicious code,” the company explained. Relying on traditional scanning engines to defend against new and advanced attacks can be risky. “This is especially true when it comes to zero-day vulnerabilities – those which are either unknown or very recently discovered. In this case it is hard for security vendors to recognize exploits targeting a zero-day vulnerability using signature-based methods.”

While there are enterprise-class solutions available that help organizations defend against such attacks and block exploit attempts, consumer-focused security solutions have not yet enjoyed such protections. Kasperksy Lab says this new layer of protection brings a significant level of added protection that is much needed to address the ever-increasing level of threats.

“It’s not 100 percent protection, but it makes it makes it more expensive and drives up the cost of exploits,” added Vitaly Kamluk, Chief Malware Expert, Global Research & Analysis Team at Kaspersky Lab. The exploit prevention technology comes as natural evolution of security protection, something that is much needed by users, and something that Kamluk beleives other vendors will eventally implement as well.

Crowd Sourced SSL Certificate Validation

A second feature of significance, and something not found in other competitive offerings, is a way to check for valid SSL certificates when visiting Web sites. The company has introduced a special cloud-based check that triggers when a browser attempts to establish a secure (https) connection to a Web site. When the site returns the certificate in response to a browser request, Kaspersky Internet Security checks to determine if the certificate is valid, using what is essentially a crowd sourced model that looks to see if others have received the same certificate from a site.

“We do not just check different keys in the certificates,” Nikolay Grebennikov, CTO at Kaspersky Lab explained. “We also check and analyze what certificate—for example one thousand users—received previously when connecting to the same site. If they got one certificate, and you got another, you probably connected to a fake site or you are experiencing a Man-In-The-Middle attack.”

Other enhancements in the new version of Kaspersky Internet Security include a new antivirus engine with improved speed and detection rates, a new anti-spam module, a “Safe Money” feature designed to provide maximum protection during online banking sessions, and an enhanced user interface.

The product is expected to start shipping in mid August 2012.

Disclosure: Travel and accommodations for SecurityWeek to attend the Kaspersky Lab Security Summit 2012 were provided by Kaspersky Lab, under the condition that no coverage was guaranteed nor would positive coverage be guaranteed.