Symantec tracks commercialisation of malware

Application firewalls are designed to make data safer by analysing traffic at a higher layer of the network stack. Rather than simply conducting port-level analysis they carry an awareness of the application that is being accessed and are able to see what traffic packets are doing, comparing them against pre-configured sets of rules.

There are challenges associated with the design, implementation and maintenance of firewall systems. For example, what happens when analysing encrypted traffic, and should designers implement a positive or negative security model? What is the likely performance impact on the application, and how can application developers and network administrators work together effectively when deploying and maintaining application firewalls? Security expert Tom Rowan takes an in-depth look at the choices to make when configuring an application firewall system, and the pros and cons of each. Turn to page 4

The geneology of malware Malware used to be simple. Viruses, then worms, were written by individuals or small numbers of people and were discrete, static examples of malicious code. Now that the malware world has become commercially focused, however, malware writers have stepped up the battle to take control of PC platforms. This has resulted in a myriad of different malware types and variants that are used to create new attacks.

Fernando de la Cuadra examines how these malware variants develop, exploring the ways that different malware groups adapt each other's code. Thanks to a graphing mechanism that visually illustrates the functional structure of malware variants, we can see how this constant adaptation leads not to refinement, but to additional complexity and inefficiency as malware groups trade off elegance for time to market. This development also sheds new light on best practice methods for spotting and neutralising new malware variants more quickly.