This is the second in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions.
Reason #2: the Desktop Security Software Risks
The risks of placing software on the desktop are such that I will be breaking this article into two parts.
Fundamentally we think of having software on our desktops as a good thing. I love downloading or installing new packages and seeing what new creative things people do to the user interface or what they do to make certain aspects of my life easier or more fun.
But there are problems inherent with software that resides on the desktop, especially security software. All developers will know what I mean. First and foremost, desktop software can be reverse engineered. What's that mean? Have you ever inadvertently double-clicked on a file and had garbage show up or seen something that looks similar to this?
http://www.checkinmyemail.com/Articles/image001.jpg
The old hex dump. Programmers will know it well. We actually spend a good deal of time trying to read this stuff. Basically, if there are programs that can (and do) turn instructions like the following
If UserBirthDate < "01/01/1960" then
IsReallyOld = "Yes
Else
IsReallyOld = "No"
End If
into something like the picture above, then the reverse is true: people have developed software that can take that gobbeldy-gook in the picture above and turn it somewhat into the if-statement I wrote out. The reversing software won't know that I had an item called UserBirthDate, but it will know I was testing for a value of January 1, 1960 and it will be able to say that based on that value I set another item to Yes or No.
So now we install our fool-proof anti-virus software on our desktop (or our firewall for that matter). Well, so too can a virus author. And that virus author or hacker will also have gotten a copy of the latest reverse-engineering software from his local hacking site. He now goes upon his task of reverse-engineering the software and then trying to decipher the results. It's not easy but it can be done. Unfortunately, vendors know this and understand this as an acceptable risk.
The problem here is that your security software is at risk. If your vendor codes an error, the virus author can and will detect it. For example, if your vendor should exclude a file from scanning, it's possible the virus author will figure out which file (or type of file) that is and bury his code there. If the vendor excludes files from scanning or heuristics, it's possible that virus author will figure out a way to corrupt that file.
That being said, there are other risks. As we have said, once software is on the desktop it affords virus authors an opportunity to reverse-engineer security software. The knowledge that reverse-engineering provides is invaluable to a virus author when building his next software attack. Third, virus authors can learn where the anti-virus vendors put there software and put the links to their software (directory folders, registry entries, etc.). This too is invaluable information. In fact, in some ways it teaches people intent on writing malicious software clues as to how to infiltrate the computers' operating system, where registry entries need to be made to force software to be loaded every time a computer is started, etc.
This information is generally available all over the web and in manuals for operating systems, especially manuals on such subjects as the Windows Registry. But having the software teach you where things belong to be effective is powerful knowledge.
Lastly, and perhaps most significantly, is the issue of forebearance. The anti-virus vendors usually know more about the potential exploits inherent in programs than virus authors but they are bound by the fact that should they try to prevent them before the exploits occur, they could be branded as irresponsible for teaching virus authors about these very exploits.
For example, when Microsoft first released the macro capabilities of Word, anti-virus vendors immediately realized the potential for danger in macros, but they were handcuffed. If they released software that disabled macros before the first macro virus was ever released, they would signal to virus authors the inherent destructive powers of macros. They chose instead to wait, handcuffed by the limitations of desktop software.
Until the Internet there really has been no better medium for delivering virus solutions than desktop software. It was relatively inexpensive to deploy (either market the software and sell it in stores or provide free downloads on bulletin boards and web sites). It is, however, expensive to keep updated in terms of time and effort, even with automated update systems.
The Internet caused several things to happen: by becoming a powerful medium for sharing files, whole families of viruses disappeared practically overnight (boot sector viruses, for example); by becoming the option of choice for sharing files, it was easier to infect a single file and have thousands download it.
A better solution is to place the security software in an offsite appliance of its own making. All Internet, intranet, networking connections flow through the appliance.
Selling off the shelf hardware appliances with built-in security software is better than a desktop software solution but it still suffers ?to a lesser extent- from the pratfalls that desktop software falls prey to.
Even better is to create a service that a 3rd party vendor manages in a secure environment. In such an instance both the software and the hardware are away from the prying eyes of the malicious software authors. This further reduces the opportunity for malicious authors to discover the tricks and techniques employed by the security vendors to protect you.
About The Author
Tim Klemmer
CEO, OnceRed LLC
http://www.checkinmyemail.com
Tim Klemmer has spent the better part of 12 years designing and perfecting the first true patented behavior-based solution to malicious software.
Have you seen the web site, www.freestuff.com? Or have you... Read More
When the Internet first came about, it was realized it... Read More
There has not been a time in the history of... Read More
Spyware is software or hardware installed on a computer without... Read More
It's late. You've been scouring the web for that perfect... Read More
You'd better learn news from media, not from emails, security... Read More
There are folks out there who use their powers for... Read More
"Phishing," the latest craze among online evil-doers, has nothing to... Read More
A crowded marketplace can lead to unethical webmasters using underhand... Read More
Spyware and adware are becoming major problems for online surfers... Read More
IPv6, IntroductionThe high rate at wich the internet continualy evolves... Read More
WHAT IS HACKING?Hacking, sometimes known as "computer crime" has only... Read More
This is not some new fangled techno-speak, it is a... Read More
Identity theft rates one of the fastest growing crimes in... Read More
Whether we like it or not, we are all living... Read More
Identity theft ? also known as ID theft, identity fraud... Read More
If you are a parent, you have probably wondered at... Read More
When we think of adware, what comes to mind are... Read More
Over £5 billion pounds was spent on online shopping in... Read More
Only the top spyware removers are successful at detecting and... Read More
Virus damage estimated at $55 billion in 2003. "SINGAPORE -... Read More
Pharming is one of the latest online scams and rapidly... Read More
First the basic definition of Spyware: It is a type... Read More
In a word, no - an email message has always... Read More
No, this article isn't about some new, lose-20-pounds-in-a-week, certified-by-some-tan-Southern-California-doctor diet.... Read More
To blog or not to blog? Well, why not? Lots... Read More
Remember the television show about the nosy neighbor Mrs. Kravitz... Read More
Security leaks can be a big problem for any site... Read More
As more people are logging onto the Internet everyday, Network... Read More
So you want to know who your kids are chatting... Read More
Paypal is a great site and is used by many... Read More
Phishing: (fish'ing) (n.)This is when someone sends you an email... Read More
History and BackgroundThe virus was one of the first ever... Read More
The menacing campaigns that drive the corporate spyware and adware... Read More
Phishing is the act of some individual sending an email... Read More
No auntie Sookie, not earth worms, computer virus worms that... Read More
The top five online scams on the Internet hit nearly... Read More
We all know that it's dangerous to use the same... Read More
If you have used a Windows machine for a while,... Read More
The trash folder in my main inbox hit 4000 today.... Read More
Spyware, viruses and worms... oh my!If you are connected to... Read More
Much has been said on the theory of password protection... Read More
Electronic Fraud and Identity Theft Human beings are pretty... Read More
Ebay is a great site and is used by many... Read More
What is computer security? Computer security is the process of... Read More
The average computer is packed with hidden software that can... Read More
A week or so ago, I received an inquiry from... Read More
In 1997, I decided after 15 years as a practicing... Read More
Have you ever got an email asking you to confirm... Read More
Phishing: (fish'ing) (n.)This is when someone sends you an email... Read More
Chris Simpson, head of Scotland Yard's computer crime unit was... Read More
As soon as almost all computer users already got used... Read More
Recently, my site and other internet accounts ( http://www.nabaza.com/sites.htm )... Read More
Recently I have received email from my bank/credit Card Company,... Read More
Well, this is an article I never thought I would... Read More
Industrial Espionage. These methodologies are being used on a daily... Read More
They're out there. Individuals trying to make a quick buck... Read More
You've seen it in the news - 40 million credit... Read More
A couple of days ago, I was searching for a... Read More
It's late. You've been scouring the web for that perfect... Read More
On December 8, 2004 Webroot, an award winning anti-spyware solution... Read More
Shopping for horse gifts or other gift items on the... Read More
"Phishing," the latest craze among online evil-doers, has nothing to... Read More
Spyware is the most troublesome software to appear on the... Read More
You may not realize it, but as you are surfing... Read More
A friend called me one day and asked if I... Read More
Internet Security |