APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

AV companies security flaws

All of the major anti-virus vendors have had recent security vulnerabilities announced: www.informationweek.com/news/showArticle.jhtml?sssdmh=dm4.161850&articleID=175007929 (link dead, sorry) Symantec, McAfee Problems May Lead To Sea Change In Antivirus Industry .

Heap overflows and file overwrites? For crying out loud, shouldn't AV vendors do better than this? At least Microsoft can use the excuse (valid or not) that it has to work with a lot of crappy old legacy code; these AV guys have a blank slate any time they want. How can they possibly be excused for these kind of sloppy programming mistakes?

There is no excuse.

The Information Week article suggests that these problems will help Microsoft's entry into the AV market. Oh, but wait: silly me, the Least User Privilege in Microsoft's next OS is going to fix all this, isn't it? Microsoft Vista will be secure, so who needs all this AV stuff anyway? Yeah, right.

The sad thing is that almost all AV programs would be unnecessary if it weren't for "helpful" email and browser applications. If you eliminate automatic downloading and execution (including Javascript and VBscript on web pages), almost all of this becomes nothing of concern. But very few people will do that, so the dance continues.

Sometimes I think the future of computing looks very bleak. That same article says:

The long-term solution to the antivirus epidemic is more likely to
come in the form of trusted computing initiatives where digital
keys, certificates, and passwords are stored on microprocessors in
PCs, servers, and other hardware.
 

Envision a world where buying a computer requires that the hardware be registered to you. The network card is specifically responsible for stamping all outgoing packets with a certificate identifying their source, and no other machine or router will accept packets whose provenance can't be vetted all the way back to a known entity. Is that what is being suggested there? While it might solve some security problems, it also lets governments control free speech: if every packet can be tracked to its creator, repressive governments can tightly control all communication.

I don't know that there are good answers for any of this. Compromises and concessions, sure. But final solutions seem unreachable.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> AV companies security flaws


2 comments



Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Anthony Lawrence







Thu Dec 29 09:10:57 2005: 1464   drag


Hrm...

Anti-virus is a issue that kinda pisses me off.

People think that just because they can uninstall a virus, spyware, or a worm then they are 'safe'. It's been a VERY long time since that was remotely true.

Seriously. Anti-virus is what happens after you security has been violated. This is post-failure, this is post-you've-been-screwed. This is not fixing the problem, this is the problem is already done and left last week and now is the first time you noticed.

From what I understand from talking to many people is that the whole Windows world was pretty much unaware of the concept of driver level rootkits and what modifications to system kernels and binaries mean. All the anti-virus and heuristics in the world isn't going to help you much when your own OS is now your enemy.

I've tried to tell people 'oh, your done for. Take a image of the drive then format and reinstall from scratch. Don't trust any data unless you've gone through it yourself. Don't trust backups unless you can determine for certain when the first successful attack occured'. Then another guy will say that I am a alarmist and that a format is unnessicary and that he has removed rootkits _plenty_ of times.

*shrug*

The point is that you can trust it, you can trust that a 'security analizer' has detected it properly, and even if it does you don't know if it's the only problem with your computer. There is only one fool-proof and sure-fire way to make sure that your system is safe again... to format and reinstall from scratch.

I suppose you can put a lot of work and effort into removing a rootkit and be reasonably sure.. but it's going to require more work then the other way and it's not as likely to succeed.

Then you have MS advertising that they are going to integrate this anti-malware directly into the computer and try to tell people that this will keep them safe. It boggles the mind.

Then you have people asking about anti-virus for linux and weither or not they need it. The answer is no/yes/no. No because there isn't any viruses for Linux, there was a couple active ones years ago that were copies of each other, but unless your running a unpatched version of Redhat 7, then you'll be fine. Yes because if your running services for Windows you want to try to stop the windows computers from infecting each other if they can. (One thing that anti-virus is good for though is if your using Windows and you can scan files before they come in contact with your OS.) And finally No because commercial anti-virus software for Linux has caused much more exploitable holes in a Linux server then they ever stopped (which is zero).

That's not to say that Linux will never have viruses in the wild again, but it's silly to pay money for something that has no value currently and is actually likely to make things worse.

To the 'yes' part of the no/yes/no thing I tend to recommend ClamAV. It's nice, it's high quality, it's GPL'd.

But the whole anti-virus/malware thing is almost a scam sometimes. It's the modern computer equivelent to 'miracle cures' from the 1800's. That it's designed to relieve the symptoms and then hook people on the product.



Thu Dec 29 16:03:13 2005: 1465   BigDumbDinosaur


Conceptually, I've always thought of anti-virus software as the computer equivalent of the gang that shows up after a train wreck. Wouldn't it be better if the train ran on good track so it wasn't necessary for a crew to be standing by waiting to clean up the mess when a derailment occurs?

In the Windows world, the train runs on weak rails spiked to rotten ties that have been set into an inferior roadbed by a mediocre section gang. A wreck is almost a certainty, which assures that the wreckmaster and his boys will enjoy steady employment.

------------------------
Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





The man who receives five thousand dollars a year wants six thousand dollars a year, and the man who owns eight or nine hundred thousand dollars will want a hundred thousand dollars more to make it a million, while the man who has his millions will want everything he can lay his hands on and then raise his voice against the poor devil who wants ten cents more a day. (Samuel Gompers)

The difference between e-mail and regular mail is that computers handle e-mail, and computers never decide to come to work one day and shoot all the other computers. (Jamais Cascio)







This post tagged: