Time To Change The Way We Fight Viruses And Worms
from the proactive,-not-reactive dept
We've complained before about anti-virus companies overhyping the threat of every other virus or worm that shows up. However, a bigger concern may be the fact that their incentives really aren't to stop viruses. I've read a bunch of articles over the last week saying how good SoBig and MSBlaster have been for the anti-virus industry. Everyone is rushing out to get their products. Yet, the viruses still hit, and they still do damage. As the SoBig virus showed by flooding email boxes far and wide - it didn't even matter if you had anti-virus protection. You were still likely to get flooded by email. Thus, (finally!) some people are pointing out that the current way we fight viruses and worms is no good. It's a reactive method of cleaning up a virus and stopping its spread after it's already done damage. The article here suggests that it's time we started moving towards "behavior blocking technology" which would stop actions based on behavior, and not recognizing a specific virus or plugging a specific hole. It's an interesting idea and people have talked about it for a while - but it also has unintended consequences. It's difficult to recognize all behavior that should be blocked - and virus writers will simply figure out ways to piggyback their efforts on technology that has a "legitimate" behavior. I agree that we need better ways to fight off viruses and worms - but I'm not sure there's a simple solution.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Mountains out of Molehills...
The problem has been, and always will be, the lack of information on behavorial characteristics of an attacker. By attempting to define what an attacker is and how it opperates, they place themselves into a very narrow frame of reference, and are completely baffled when an attacker does something completely unexpected (as usually happens.) Then, to make up for this, they cut down on the number of behavorial aspects which trigger an alert, which means that the user is left with far more false positives. The user freaks, and then when they calm down, they start turning off checks that appear to be extraneous, which introduces holes into the system.
The problem usually isn't the crappy software, it is the lack of maintenance, and that isn't going to change just by putting a better scanner in place. We have to, as a civilization, accept that technology isn't the only solution, and look for other solutions to fill in the gaps. People, for the most part, are lazy (myself included,) and we are much happier not being bothered with worrying about whether our system is patched. People need to be educated as to what the dangers truely are, how to fix them, and then options to make the fixes easier to do and manage. But they aren't alone in the blame, nor are they alone in the fix. Most ISPs are so unbelievably insecure, and they are blatent about it. They will need to change too.
To fight with behavioral scanning is making mountains out of molehills, and ultimately will destroy any positive outcome they are attempting to achieve.
[ link to this | view in chronology ]
lack of clue
[ link to this | view in chronology ]
Re: lack of clue
I love when I get tech calls from Linux users and Mac users that are frustrated because they bought or use a product ( they don't understand & are angry that you won't support ) that 90% of computer users couldn't care less about ...
Note: I'm NOT disagreeing with you that Windows blows ... but so does many other monopolies our pansy government is to chicken to break up ...
[ link to this | view in chronology ]
No Subject Given
[ link to this | view in chronology ]