Anti-Virus Firm Admits Current Methods Can't Catch Things Like Sony's Rootkit
from the that's-a-problem,-isn't-it? dept
Last week, Bruce Schneier raised the question of why no security firm caught the Sony BMG rootkit earlier and suggested that the anti-virus firms were some how colluding with Sony BMG. At least one anti-virus firm has explained the reasoning, making it clear that it's got much more to do with how they find and classify problems, rather than any nefarious collusion between the entertainment industry and security companies. Basically, the argument is that security firms need to first be alerted to a problem before they can classify it -- and no one was complaining about the rootkit, so they never caught it. In other words, he's basically made it clear that the current method by which many security firms setup their tool is obsolete. Sony "got away" with it, because no one realized what it was doing. This isn't a new concept -- in fact, we've discussed problems with such a reactive method of dealing with malware. As long as you can do change the fingerprint of the malware for long enough, it takes time for the security firms to catch up. That's why a hybrid model that uses both a threat database and some behavioral techniques to note actions, not files, that seem risky can be much more effective. If the security firms were looking for rootkit-like behavior, it seems like they would have picked this up much earlier.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Security
If this is true, then how can a security firm claim to prevent problems before they occur? The statement is contradictory to the claim.
These firms need to be proactive, seek out and fix problems before they occur, instead of just reacting to them after the damage is done.
I don't believe there was any collusion, but still.. there's no excuse for a failure of this magnitude.
[ link to this | view in thread ]
Re: Security
[ link to this | view in thread ]
Which Actions?
[ link to this | view in thread ]
RootKit
Another interesting problem in this debate (and I can't prove this yet), is that I believe that some anti-virus companies install Rootkits of their very own. Sort of, you need a Rootkit to detect another rootkit kind of issue. Can anybody actually confirm the things that I have heard?
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]