Антивірусні програми світових брендів: порівняльна оцінка можливостей, рекомендації з їх вибору, новий метод прогнозування антивірусної безпеки

Надаються порівняльна оцінка світових лідерів антивірусних програм, рекомендації по їх вибору, а також метод прогнозування антивірусної безпеки в комп’ютерних системах і мережах.The guidelines on their selection, and also method of forecasting (prediction) of anti-virus safety are given a comparative estimation of the world (global) leaders of the anti-virus programs

Pricing Security Software: Theory and Evidence

Information Systems Working Papers Serie

Sistema de Control de Inventario y Registro de Servicio al Cliente para la Empresa ENABLE COMPANY S.A

Presenta un Sistema de Control de Inventario y Registro de servicios al cliente para la empresa ENABLE COMPANY S.A, en el cual propone la solución a problemas encontrados en el sistema de negocios. Plantea un análisis y diseño de sistemas con todas las etapas que conlleva desde la captura de requerimientos pasando por el desarrollo de software hasta llegar a la etapa de prueba del sistema, además contiene aspectos importantes en la administración de bases de datos parte fundamental de un sistema

Bibliography for computer security, integrity, and safety

A bibliography of computer security, integrity, and safety issues is given. The bibliography is divided into the following sections: recent national publications; books; journal, magazine articles, and miscellaneous reports; conferences, proceedings, and tutorials; and government documents and contractor reports

On the malware detection problem : challenges and novel approaches

Orientador: André Ricardo Abed GrégioCoorientador: Paulo Lício de GeusTese (doutorado) - Universidade Federal do Paraná, Setor de Ciências Exatas, Programa de Pós-Graduação em Informática. Defesa : Curitiba,Inclui referênciasÁrea de concentração: Ciência da ComputaçãoResumo: Software Malicioso (malware) é uma das maiores ameaças aos sistemas computacionais atuais, causando danos à imagem de indivíduos e corporações, portanto requerendo o desenvolvimento de soluções de detecção para prevenir que exemplares de malware causem danos e para permitir o uso seguro dos sistemas. Diversas iniciativas e soluções foram propostas ao longo do tempo para detectar exemplares de malware, de Anti-Vírus (AVs) a sandboxes, mas a detecção de malware de forma efetiva e eficiente ainda se mantém como um problema em aberto. Portanto, neste trabalho, me proponho a investigar alguns desafios, falácias e consequências das pesquisas em detecção de malware de modo a contribuir para o aumento da capacidade de detecção das soluções de segurança. Mais especificamente, proponho uma nova abordagem para o desenvolvimento de experimentos com malware de modo prático mas ainda científico e utilizo-me desta abordagem para investigar quatro questões relacionadas a pesquisa em detecção de malware: (i) a necessidade de se entender o contexto das infecções para permitir a detecção de ameaças em diferentes cenários; (ii) a necessidade de se desenvolver melhores métricas para a avaliação de soluções antivírus; (iii) a viabilidade de soluções com colaboração entre hardware e software para a detecção de malware de forma mais eficiente; (iv) a necessidade de predizer a ocorrência de novas ameaças de modo a permitir a resposta à incidentes de segurança de forma mais rápida.Abstract: Malware is a major threat to most current computer systems, causing image damages and financial losses to individuals and corporations, thus requiring the development of detection solutions to prevent malware to cause harm and allow safe computers usage. Many initiatives and solutions to detect malware have been proposed over time, from AntiViruses (AVs) to sandboxes, but effective and efficient malware detection remains as a still open problem. Therefore, in this work, I propose taking a look on some malware detection challenges, pitfalls and consequences to contribute towards increasing malware detection system's capabilities. More specifically, I propose a new approach to tackle malware research experiments in a practical but still scientific manner and leverage this approach to investigate four issues: (i) the need for understanding context to allow proper detection of localized threats; (ii) the need for developing better metrics for AV solutions evaluation; (iii) the feasibility of leveraging hardware-software collaboration for efficient AV implementation; and (iv) the need for predicting future threats to allow faster incident responses

Análisis y estudio de los virus y antivirus informáticos del mercado local. Caso práctico elaboración de un virus que recopile la mayor cantidad de procesos que pueden causar daños en los computadores.

Uno de los cambios más sorprendentes del mundo de hoy es la rapidez de las comunicaciones. Modernos sistemas permiten que el flujo de conocimientos sea independiente del lugar físico donde nos encontremos. En ese sentido, ya no sorprende la transferencia de información en tiempo real o instantáneo y debido a que el conocimiento es poder; para adquirirlo, las empresas se han unido en grandes redes internacionales para transferir datos, sonidos e imágenes, y realizar el comercio en forma electrónica, con objeto de ser más eficientes. No obstante, al unirse en forma pública se han vuelto vulnerables, pues cada sistema de computadoras involucrado en la red es un blanco potencial y apetecible para obtener información. El escenario electrónico actual en el cual las organizaciones enlazan sus redes internas a la Internet, crece a razón de más de un 10% mensual. Al unir una red a la Internet se tiene acceso también a las redes de otras organizaciones. De la misma forma en que accedemos a la oficina del frente de nuestra Universidad, se puede recibir información de un servidor en Australia, conectarnos a una supercomputadora en Inglaterra o revisar la literatura disponible desde Alemania. Del universo de varias decenas de millones de computadoras interconectadas, no es difícil pensar que pueda haber más de una persona con perversas intenciones respecto de una organización. Por ello, es fundamental tener protegida adecuadamente la red y particularmente nuestro computadores de potenciales ataques informáticos que solo buscan dañar la información que se genera a diario por nuestras propias actividades

Changing the way the world thinks about computer security.

Small changes in an established system can result in larger changes in the overall system (e.g. network effects, émergence, criticality, broken Windows theory). However, in an immature discipline, such as computer security, such changes can be difficult to envision and even more difficult to amplement, as the immature discipline is likely to lack the scientific framework that would allow for the introduction of even minute changes. (Cairns, P. and Thimbleby, H, 2003) describe three of the signs of an immature discipline as postulated by (Kuhn, 1970): a. squabbles over what are legitimate tools for research b. disagreement over which phenomenon are legitimate to study, and c. inability to scope the domain of study. The research presented in this document demonstrates how the computer security field, at the time this research began, was the embodiment of thèse characteristics. It presents a cohesive analysis of the intentional introduction of a séries of small changes chosen to aid in maturation of the discipline. Summarily, it builds upon existing theory, exploring the combined effect of coordinated and strategie changes in an immature system and establishing a scientific framework by which the impact of the changes can be quantified. By critically examining the nature of the computer security system overall, this work establishes the need for both increased scientific rigor, and a multidisciplinary approach to the global computer security problem. In order for these changes to take place, many common assumptions related to computer security had to be questioned. However, as the discipline was immature, and controlled by relatively few entities, questioning the status quo was not without difficulties. However, in order for the discipline to mature, more feedback into the overall computer security (and in particular, the computer malware/virus) system was needed, requiring a shift from a mostly closed system to one that was forced to undergo greater scrutiny from various other communities. The input from these communities resulted in long-term changes and increased maturation of the system. Figure 1 illustrates the specific areas in which the research presented herein addressed these needs, provides an overview of the research context, and outlines the specific impact of the research, specifically the development of new and significant scientific paradigms within the discipline

Understanding the trust relationships of the web PKI

TLS and the applications it secures (e.g., email, online banking, social media) rely on the web PKI to provide authentication. Without strong authentication guarantees, a capable attacker can impersonate trusted network entities and undermine both data integrity and confidentiality. At its core, the web PKI succeeds as a global authentication system because of the scalability afforded by trust. Instead of requiring every network entity to directly authenticate every other network entity, network entities trust certification authorities (CAs) to perform authentication on their behalf. Prior work has extensively studied the TLS protocol and CA authentication of network entities (i.e., certificate issuance), but few have examined even the most foundational aspect of trust management and understood which CAs are trusted by which TLS user agents, and why. One major reason for this disparity is the opacity of trust management in two regards: difficult data access and poor specifications. It is relatively easy to acquire and test popular TLS client/server software and issued certificates. On the other hand, tracking trust policies/deployments and evaluating CA operations is less straightforward, but just as important for securing the web PKI. This dissertation is one of the first attempts to overcome trust management opacity. By observing new measurement perspectives and developing novel fingerprinting techniques, we discover the CAs that operate trust anchors, the default trust anchors that popular TLS user agents rely on, and a general class of injected trust anchors: TLS interceptors. This research not only facilitates new ecosystem visibility, it also provides an empirical grounding for trust management specification and evaluation. Furthermore, our findings point to many instances of questionable, and sometimes broken, security practices such as improperly identified CAs, inadvertent and overly permissive trust, and trivially exploitable injected trust. We argue that most of these issues stem from inadequate transparency, and that explicit mechanisms for linking trust anchors and root stores to their origins would help remedy these problems

Strategic alliances in the high-tech industry

[i]Keywords: high-tech industry; innovation systems in Poland and in the world; strategic management \u2013 value chain; technology management; analisis of innovation \u2013 technology mapping and data mining[/i] S\u142owa kluczowe: przemys\u142 wysokiej techniki; systemy innowacji w Polsce i na \u15bwiecie; zarz\u105dzanie strategiczne \u2013 \u142a\u144cuch warto\u15bci; zarz\u105dzanie technologi\u105; analiza innowacyjno\u15bci \u2013 mapowanie technologii i [i]data mining[/i