Panda feeds safer transactions

Panda Security launched a new application on Tuesday aimed at thwarting customized attacks carried out against users of online transactional systems.

The system, Panda Security for Internet Transactions, promises to utilize real-time data aggregated from the machines of the company’s existing customers to allow the application to protect against highly customized threats.

As server-side polymorphism and other malware authoring techniques have allowed for the creation of nearly endless numbers of attack variants and made traditional signature-based methods of exploit prevention less effective, many industry watchers have begun to recommend that security vendors move to embrace more proactive defensive strategies.

By using their customers’ machines as frontline malware collectors and feeding data about newly emerging attacks back to their central operations — and then passing that data on to their other clients — Panda and other vendors contend that they can defend against nascent threats more effectively.

Built around the company’s Collective Intelligence system — which claims to track targeted attacks by associating new malware strains with those being sent to other users of its software in the cloud — Panda claims to have invented a product that can help people avoid legitimate transactional sessions secretly under the watch of spyware programs.

In the world of online transaction, that system is particularly useful for helping to protect users against banking Torjans, spyware, and attacks on legitimate sites, including so-called cross-site scripting threats, company officials maintain.

“Hackers are constantly developing new malware techniques and actively testing their work to see what anti-virus software catches it. By using the behavioral information displayed by individual attacks to identify them and sending that information back to be correlated with other data, we can create vaccines for new attacks much faster,” said Ryan Sherstobitoff, chief corporate evangelist at Panda. “We think that we’re setting ourselves apart with what we do with the gathered intelligence and how we reference that with previous data on previous attacks in a structured model.”

The notion is simple: Once a Panda customer has encountered a specific attack and information on the threat has been sent to the company’s central systems, a vaccine for the exploit can be created and shared with the firm’s other users, the company maintains.

When a user of the new Panda application logs onto to an e-commerce or e-banking site armed with the application, the tool completes a scan of their machine to search for any potential attacks, which takes roughly five seconds to complete, the company claims. Once the scan is completed, they are allowed to move forward and carry out their intended business.

By working with banks and e-commerce sites to stay abreast of the latest attacks on their specific brands, and protecting customers against those threats, the vendor contends that the system can help block many popular forms of fraud, particularly through the use of Trojans that lie in wait until users go to specific Web sites where they might share valuable data.

Even though transaction-based virus scans have not found favor with users in the past — based largely on their slow performance — Panda officials promise that their application moves quickly and does not interrupt normal online behavior.

By communicating with threat data stored in the cloud versus attempting to save that information onto end-user’s machines, the system works much faster than previous transaction-based technologies, the company said.

“To do a scan at the time of the transaction hasn’t traditionally worked, but through using collective intelligence, we’re able to provide broader and immediate protection, to know what’s going on right at that moment,” said Gary Leibowitz, head of U.S. security operations at Panda.

“The end-user merely downloads an ActiveX client once, and then the e-commerce or banking sites invoke the scan at the time of the transaction; we believe this provides companies and end-users with the ability to make smarter decisions about whether or not to allow something to go through,” said Leibowitz.

Some analysts are pushing for more anti-malware vendors to begin using their customers’ computers as harvesting points for new attacks based on the wide variety of threats being distributed on the Web today.

Andrew Jaquith, analyst with Yankee Group, has dubbed the approach as “herd mentality” for security.

“By turning every end point into a malware collector, the herd network effectively turns into a giant honeypot that can see more than existing monitoring networks,” said Jaquith. “Scale enables the herd to counter malware authors’ strategy of spraying huge volumes of unique malware samples with, in essence, an Internet-sized sensor network.”