A lot has been written in the last few weeks about both the continued effectiveness of anti-virus solutions and the potential problems with the popular TrueCrypt encryption platform. Having read much in the press about these revelations, it would be easy to consider that the hackers are winning and that our computers are no longer secure – the truth is that while there are problems, it’s not all doom and gloom.
It’s true that Advanced Persistent Threats, or APTs are on the rise and that they are much more difficult to detect using traditional anti-virus techniques, however there is still a place for existing AV solutions. Like any defensive model, the best architectures rely on defence in depth – that is a layered model where no one aspect or technique provides the bulk of your defence. This is especially true with computer networks – solutions offered by companies like FireEye and LastLine provide an effective APT defence when working in conjunction with next generation firewalls and traditional AV solutions.
APTs aren’t going away and will increase in number and complexity as time moves on, however the ambient levels of malware which continue to plague internet users hasn’t gone away either, meaning AV solutions should remain a part of our defences for a while yet. As the FBI recently commented, “this is the new normal”.
The situation with TrueCrypt is a little more complicated – a few weeks ago, the TrueCrypt website stopped offering versions capable of encrypting data whilst simultaneously stating that the software has ‘security issues’. Many took this at face value indicating that it has been compromised and offers back-doors to those in the know – typically state level intelligence agencies.
Others have opined that the shut down of the website is actually a ‘warrant canary’ – a technique used to inform users that a National Security Letter (NSL) had been issued by the US Government demanding back-door access and making it illegal to inform anyone of this – rather than concede to the government’s wishes and crippling the encryption, the authors simply shut the shop. This action is designed to inform the community that access was demanded without breaking the gagging order included in the demand.
This is relevant for two reasons: firstly it indicates that TrueCrypt would appear to be beyond the US Governments ability to break, and secondly it therefore tells us that we can reasonably rely on the older full version, 7.1a.
Certainly it’s the case that if you’re dealing with highly sensitive data that may result in peoples safety being compromised if accessed, then you should probably stop using TrueCrypt for protecting this type of data. However, for the rest of us who just need a reliable way of keeping corporate data secure from internal and external threats, TrueCrypt remains a secure and sensible choice. It may well be that state level actors like the NSA or the Chinese military do have some sort of back-door, but if that’s true, they probably already have access to your data from other sources anyway; TrueCrypt vulnerabilities are the least of your worries.
So, the sky isn’t falling and your data is still (reasonably) safe. You should continue to keep your AV up to date, absolutely keep your systems patched – and look towards next generation firewall technologies and consider APT defences too, as part of a multi-layered network defence.
By John Douglas – Technical Director, First Response