Time To Change The Way We Fight Viruses And Worms

from the proactive,-not-reactive dept

We've complained before about anti-virus companies overhyping the threat of every other virus or worm that shows up. However, a bigger concern may be the fact that their incentives really aren't to stop viruses. I've read a bunch of articles over the last week saying how good SoBig and MSBlaster have been for the anti-virus industry. Everyone is rushing out to get their products. Yet, the viruses still hit, and they still do damage. As the SoBig virus showed by flooding email boxes far and wide - it didn't even matter if you had anti-virus protection. You were still likely to get flooded by email. Thus, (finally!) some people are pointing out that the current way we fight viruses and worms is no good. It's a reactive method of cleaning up a virus and stopping its spread after it's already done damage. The article here suggests that it's time we started moving towards "behavior blocking technology" which would stop actions based on behavior, and not recognizing a specific virus or plugging a specific hole. It's an interesting idea and people have talked about it for a while - but it also has unintended consequences. It's difficult to recognize all behavior that should be blocked - and virus writers will simply figure out ways to piggyback their efforts on technology that has a "legitimate" behavior. I agree that we need better ways to fight off viruses and worms - but I'm not sure there's a simple solution.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    LittleW0lf, 27 Aug 2003 @ 11:00pm

    Mountains out of Molehills...

    I agree with you there, Mike. Behaviorial anti-virus is a great theory, but the practice usually sucks. My research lately has been on the younger brother of the virus-scanners: personal firewalls, and their ilk. And they have pretty much gone where this author wants to see virus scanners go.

    The problem has been, and always will be, the lack of information on behavorial characteristics of an attacker. By attempting to define what an attacker is and how it opperates, they place themselves into a very narrow frame of reference, and are completely baffled when an attacker does something completely unexpected (as usually happens.) Then, to make up for this, they cut down on the number of behavorial aspects which trigger an alert, which means that the user is left with far more false positives. The user freaks, and then when they calm down, they start turning off checks that appear to be extraneous, which introduces holes into the system.

    The problem usually isn't the crappy software, it is the lack of maintenance, and that isn't going to change just by putting a better scanner in place. We have to, as a civilization, accept that technology isn't the only solution, and look for other solutions to fill in the gaps. People, for the most part, are lazy (myself included,) and we are much happier not being bothered with worrying about whether our system is patched. People need to be educated as to what the dangers truely are, how to fix them, and then options to make the fixes easier to do and manage. But they aren't alone in the blame, nor are they alone in the fix. Most ISPs are so unbelievably insecure, and they are blatent about it. They will need to change too.

    To fight with behavioral scanning is making mountains out of molehills, and ultimately will destroy any positive outcome they are attempting to achieve.

    link to this | view in thread ]

  2. identicon
    aumouse, 28 Aug 2003 @ 3:07am

    lack of clue

    i think that virii & trojans are just darwins way of telling you to stop using an os that was insecurely designed from the get go. if management is willing to continue to spend time & money on anti-virus products, why not get a clue, go that bit extra & replace all your windoze with linux or osx. if you just keep drinking the ms koolaid, then you deserve the pain it brings...

    link to this | view in thread ]

  3. identicon
    Linux & BetaMax ..., 28 Aug 2003 @ 8:16am

    Re: lack of clue

    Betamax was better than VHS too ... but marketing will ALWAYS determine which product wins ... Bill is a better marketer.
    I love when I get tech calls from Linux users and Mac users that are frustrated because they bought or use a product ( they don't understand & are angry that you won't support ) that 90% of computer users couldn't care less about ...
    Note: I'm NOT disagreeing with you that Windows blows ... but so does many other monopolies our pansy government is to chicken to break up ...

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 28 Aug 2003 @ 9:15am

    No Subject Given

    Be careful what you wish for - Palladium and various other DRM technologies will virtually eliminate this threat, but will carry thier own baggage as well.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.