This is the second in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions.
Reason #1: the Basic Model
Anti-virus software vendors still rely on yesterday's methods for solving today's problems: they wait for the next virus to wreak havoc and then produce a solution. That worked for a long time when a virus would take years to traverse the world. But in this fast-paced Interet-crazed world we live in today, this type of solution is no longer applicable. Now a virus can traverse the world and infect millions of computers in minutes.
In the good old days a virus traveled by floppy disk. Put a floppy in your computer and save some data to it and the virus would infect the floppy. Then unwittingly put the infected floppy in another computer and presto the new computer would become infected. (I'm skimming over a lot of detail here to make a point). So the virus' progress was slow and steady. Anti-virus vendors had time on their side. They had the time to get a copy of the virus, dissect it, run it through a series of tests to come up with a signature string (see below for definition), put the string into a database of strings to search for when scanning your hard drive (and floppies) and release the new database to the public. Ten years ago this system worked very well.
But now everyone is connected via the Internet. Now, using email as a transport point, it doesn't take years to gather momentum, instead it takes a matter of minutes. And here is where the model breaks. Step back and ask yourself the following question: if vendors can catch "known and unknown viruses" as their literature states, how then is it that we continue to have virus problems?
The answer lies in the fact that virus authors have been more creative in coming up with new ways to infect and wreak havoc and the software industry has not responded in kind, preferring to stay embedded in its old fashioned methodologies.
Why don't the old ways work any more, you might ask? It's relatively simple. Let's go through the steps.
A virus author unleashes NewVirus via email. He mass mails his virus to thousands of people. Some, not all, unwittingly open the attachment thinking it's from a friend or the subject is so enticing that they are fooled into opening it without thinking it's a problem (cf. nude pictures of Anna Kournikova). The email attachment immediately starts emailing everyone in his contact list and embeds itself into his operating system so that it's activated every time he turns on his computer.
The folks he emails in turn get fooled into thinking the email is valid and they open the attachment. Very quickly all hell breaks loose. Agencies which monitor Internet traffic see problems arising with the sudden spikes in email traffic and they begin to get calls or emails alerting them to the fact that there's a new problem. Samples are obtained and sent off to anti-virus vendors. They pass the emails through a series of tests to analyze what exactly the virus does and how it does it. Additionally analysis is performed to extract a unique string of 1's and 0's to identify this attachment as none other than NewVirus. This is called the signature string. It's important that whatever string is arrived at does not exist in any other program or piece of software; otherwise, you will get what is commonly called a false positive.
Quick digression on "false positives": if a vendor arrives at a unique string that just happens to be embedded in Microsoft Word, then every time a user runs a scan of their hard drive, Microsoft Word will be identified as being infected with NewVirus. Users will uninstall Word and re-install only to learn that they are still infected. There will be complaints; the vendor will be forced to re-assess the signature string and re-release his list of strings and admit the error.
Typically signature strings are matched against a whole boatload of commonplace software just to protect against this occurrence, but it still happens and vendors learn to add new software to their test beds.
OK, so the vendor has arrived at a signature string. Next? Implement the string into their string database so that when their scanners are scanning they will match what's on your hard drive to what's in the database. After the database has been updated they release the database to their customers in what's commonly called a "push" where they send the updates to their primary users.
If you did not buy into this service, you must know enough to log into your anti-virus vendor and update your software so that you stay current.
So where are we? The bad guy ?or problem teenager- has unleashed NewVirus. NewVirus has infected thousands of computers; vendors have been alerted; NewVirus continues to infect; solutions are achieved and "pushed" to corporate clients; NewVirus continues to infect hundreds and thousands of computers; corporate clients breathe a sigh of relief and alert their users as to the new threat.
Thousands, if not millions, of computers become infected and need to be cleaned because the best way to solve the virus problem is to wait for each new virus to come along and solve on a case by case basis.
But if you sat back and said: what if? What if you categorized all the things a virus can do (or could do), built a series of computers to allow any email attachment or program to have full rein of a computer (much like it would have on your own computer ? such a computer is called "honeypot") and then analyze that computer for unwelcome behavior?
That would be a true pre-emptive strike against all malicious software. This is the behavior-based model. Such a model would actually protect you unknown viruses, along with all the known 70,000 viruses.
In part 2 we'll discuss the risks and security failures of having distributed vendor software on your desktop.
About The Author
Tim Klemmer
CEO, OnceRed LLC
http://www.checkinmyemail.com
Tim Klemmer has spent the better part of 12 years designing and perfecting the first true patented behavior-based solution to malicious software.
I am in the midst of Oscar Wilde's The Picture... Read More
Spyware/adware is a new major concern for PC users everywhere.... Read More
Identity Theft is one of the most serious problems facing... Read More
Internet scams and frauds are on the rise! The quantity... Read More
If you know what is the 'Fishing' then it's very... Read More
I got a virus the other day, Thursday I believe... Read More
Yes, I'm wearing my encryption hat again. Why you may... Read More
Over the past few years as the internet has become... Read More
The money being spent online is steadily growing. With billions... Read More
You are at your computer, checking out software on EBay.... Read More
In today's times spyware is a very serious issue and... Read More
Virus damage estimated at $55 billion in 2003. "SINGAPORE -... Read More
Ebay is a great site and is used by many... Read More
First, let's do a little recap'. As I stated in... Read More
Today,on most internet user's computers, we have the ability to... Read More
Spyware SolutionProbably Today's Biggest Computer Problem. You Suffer Without Knowing... Read More
The movie Little Black Book features a young woman, Stacy,... Read More
Let us take the example of scrambling an egg. First,... Read More
Electronic Fraud and Identity Theft Human beings are pretty... Read More
The most frustrating part of having Spyware on your computer... Read More
Do you sometimes notice your computer running slower. Is your... Read More
Well, this is an article I never thought I would... Read More
Spyware symptoms happen when your computer gets bogged down with... Read More
So called phishers try to catch the information about the... Read More
Ok, you've got a computer, and you get online. You... Read More
Afraid that someone is monitoring your PC or installed a... Read More
There are folks out there who use their powers for... Read More
I'm in the Anti-Spyware business, and I'm doing a lot... Read More
Chris Simpson, head of Scotland Yard's computer crime unit was... Read More
If you constantly deal with bank or electronic accounts, it... Read More
Have you ever had to call Symantec or McAfee to... Read More
File sharing on p2p is soaring despite the music and... Read More
Spyware, viruses and worms... oh my!If you are connected to... Read More
Fishing on the Internet has come a long way. However,... Read More
You are at your computer, checking out software on EBay.... Read More
Have you ever had to call Symantec or McAfee to... Read More
Some months ago, before there was much publicity regarding phishing... Read More
Phishing: (fish'ing) (n.)This is when someone sends you an email... Read More
Computer security for most can be described in 2 words,... Read More
Is your enterprise following the rules?The bulk of financial information... Read More
You may not realize it, but as you are surfing... Read More
Phishing in its "classic" variant is relatively well-known. Actually, 43.4... Read More
Beware of a New Scam Aimed at Bargain-HuntersTrying to buy... Read More
If you use the internet, you have probably been infected... Read More
Imagine my surprise when I received a phone call from... Read More
There are several basic concepts to keep in mind when... Read More
Glieder (Win32.Glieder.AK), Fantibag (Win32.Fantibag.A) and Mitglieder (Win32.Mitglieder.CT) are not names... Read More
Recently I have received email from my bank/credit Card Company,... Read More
The 1998 Data Protection Act was not an extension to,... Read More
Have been an Internet user for more than 9 years,... Read More
In a word, no - an email message has always... Read More
I'm in the Anti-Spyware business, and I'm doing a lot... Read More
Spelt phishing, but pronounced as above, this despicable act is... Read More
In 1997, I decided after 15 years as a practicing... Read More
A little bit of time invested into learning about internet... Read More
WHAT IS HACKING?Hacking, sometimes known as "computer crime" has only... Read More
Someone recently told me, "You would have to be a... Read More
Before we start, I want to make it clear that... Read More
Spyware SolutionProbably Today's Biggest Computer Problem. You Suffer Without Knowing... Read More
The Federal Bureau of Investigation has identified "phishing" as the... Read More
My first experience with a spyware BHO based infection was... Read More
A crowded marketplace can lead to unethical webmasters using underhand... Read More
A couple of years back, I paid my dues the... Read More
"Male. Obsessed with computers. Lacking a girlfriend. Aged 14 to... Read More
Long gone are the days that we could feel secure... Read More
Remember the television show about the nosy neighbor Mrs. Kravitz... Read More
Internet Security |