In my last post I talked about getting rid of the PDF file format completely in order to rid our networks of the most prevalent attack platforms to date. Then I realized, would it really make a difference? I am sure the hackers and cyber criminals that use the PDF file format for their dirty work would just band together and choose another format within a relatively short period of time. So would nuking the PDF file format be a good thing even if this were absolutely true? Absolutely! Right now the bad guys have the rest of us on our heels! They have no need to change their Modus Operandi. Force them to stay ahead of the game, make them work for every scrap at our table! Eventually they will make mistakes, they will be busted and brought to justice!
In reality, this is probably nothing more than a pipe dream. As much effort as we think they will have to go through to implement a bypass will only be half as much work as any solution we could come up with that could be viable in the enterprise.
The only real solution I could ever see would be a new file format that is nothing more than a zip file. One that is encrypted on the network and consists of xml, transforms and uncompressed image data. Have run scans on the zip files, opening them in sandboxed virtual machines. Then have an application that is capable of reconstituting the data from the zip file into the necessary file type (sans PDF) on the host machine. The process would be invasive and slow. But the days of low hanging fruit would be a thing of the past for would be hackers and cyber criminals.
Just my two cents anyway...
No comments:
Post a Comment