The Move to a New Anti-Virus Model
This is the second in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions.
Reason #1: the Basic Model
Anti-virus software vendors still rely on yesterday's methods for solving today's problems: they wait for the next virus to wreak havoc and then produce a solution. That worked for a long time when a virus would take years to traverse the world. But in this fast-paced Interet-crazed world we live in today, this type of solution is no longer applicable. Now a virus can traverse the world and infect millions of computers in minutes.
In the good old days a virus traveled by floppy disk. Put a floppy in your computer and save some data to it and the virus would infect the floppy. Then unwittingly put the infected floppy in another computer and presto the new computer would become infected. (I'm skimming over a lot of detail here to make a point). So the virus' progress was slow and steady. Anti-virus vendors had time on their side. They had the time to get a copy of the virus, dissect it, run it through a series of tests to come up with a signature string (see below for definition), put the string into a database of strings to search for when scanning your hard drive (and floppies) and release the new database to the public. Ten years ago this system worked very well.
But now everyone is connected via the Internet. Now, using email as a transport point, it doesn't take years to gather momentum, instead it takes a matter of minutes. And here is where the model breaks. Step back and ask yourself the following question: if vendors can catch "known and unknown viruses" as their literature states, how then is it that we continue to have virus problems?
The answer lies in the fact that virus authors have been more creative in coming up with new ways to infect and wreak havoc and the software industry has not responded in kind, preferring to stay embedded in its old fashioned methodologies.
Why don't the old ways work any more, you might ask? It's relatively simple. Let's go through the steps.
A virus author unleashes NewVirus via email. He mass mails his virus to thousands of people. Some, not all, unwittingly open the attachment thinking it's from a friend or the subject is so enticing that they are fooled into opening it without thinking it's a problem (cf. nude pictures of Anna Kournikova). The email attachment immediately starts emailing everyone in his contact list and embeds itself into his operating system so that it's activated every time he turns on his computer.
The folks he emails in turn get fooled into thinking the email is valid and they open the attachment. Very quickly all hell breaks loose. Agencies which monitor Internet traffic see problems arising with the sudden spikes in email traffic and they begin to get calls or emails alerting them to the fact that there's a new problem. Samples are obtained and sent off to anti-virus vendors. They pass the emails through a series of tests to analyze what exactly the virus does and how it does it. Additionally analysis is performed to extract a unique string of 1's and 0's to identify this attachment as none other than NewVirus. This is called the signature string. It's important that whatever string is arrived at does not exist in any other program or piece of software; otherwise, you will get what is commonly called a false positive.
Quick digression on "false positives": if a vendor arrives at a unique string that just happens to be embedded in Microsoft Word, then every time a user runs a scan of their hard drive, Microsoft Word will be identified as being infected with NewVirus. Users will uninstall Word and re-install only to learn that they are still infected. There will be complaints; the vendor will be forced to re-assess the signature string and re-release his list of strings and admit the error.
Typically signature strings are matched against a whole boatload of commonplace software just to protect against this occurrence, but it still happens and vendors learn to add new software to their test beds.
OK, so the vendor has arrived at a signature string. Next? Implement the string into their string database so that when their scanners are scanning they will match what's on your hard drive to what's in the database. After the database has been updated they release the database to their customers in what's commonly called a "push" where they send the updates to their primary users.
If you did not buy into this service, you must know enough to log into your anti-virus vendor and update your software so that you stay current.
So where are we? The bad guy ?or problem teenager- has unleashed NewVirus. NewVirus has infected thousands of computers; vendors have been alerted; NewVirus continues to infect; solutions are achieved and "pushed" to corporate clients; NewVirus continues to infect hundreds and thousands of computers; corporate clients breathe a sigh of relief and alert their users as to the new threat.
Thousands, if not millions, of computers become infected and need to be cleaned because the best way to solve the virus problem is to wait for each new virus to come along and solve on a case by case basis.
But if you sat back and said: what if? What if you categorized all the things a virus can do (or could do), built a series of computers to allow any email attachment or program to have full rein of a computer (much like it would have on your own computer ? such a computer is called "honeypot") and then analyze that computer for unwelcome behavior?
That would be a true pre-emptive strike against all malicious software. This is the behavior-based model. Such a model would actually protect you unknown viruses, along with all the known 70,000 viruses.
In part 2 we'll discuss the risks and security failures of having distributed vendor software on your desktop.
About The Author
Tim Klemmer
CEO, OnceRed LLC
http://www.checkinmyemail.com
Tim Klemmer has spent the better part of 12 years designing and perfecting the first true patented behavior-based solution to malicious software.
|
|
|
|
|
|
|
|
Beware of Imitations! Security, Internet Scams, and the African Real Estate Agenda
Fishing on the Internet has come a long way. However,... Read More
The Importance of Protecting Your PC from Viruses and Spam
Today the internet is a mine field of malicious code... Read More
The 5 Critical Steps to Protecting Your Computer on the Internet
Spyware, viruses and worms... oh my!If you are connected to... Read More
Top Five Spyware Fighting Tips
Spyware and adware are becoming major problems for online surfers... Read More
Firewalls: What They Are And Why You MUST Have One!
A firewall is a system or gateway that prevents unauthorized... Read More
Road Warrior At Risk: The Dangers Of Ad-Hoc Wireless Networking
Airport Menace: The Wireless Peeping Tom As a network... Read More
Protection for Your PC - Painless and Free!
Viruses, Bugs, Worms, Dataminers, Spybots, and Trojan horses. The Internet... Read More
Dialing Up a Scam: Avoiding the Auto-Dialer Virus
For many, the daily walk to the mailbox evokes mixed... Read More
Dont Fall Victim to Internet Fraud-10 Tips for Safer Surfing
The Internet offers a global marketplace for consumers and businesses.... Read More
Avoid Internet Theft, Fraud and Phishing
Since its birth, the Internet has grown and expanded to... Read More
Is Shopping Online For Your Horse Gifts Safe?
Shopping for horse gifts or other gift items on the... Read More
Spyware Attacks! Windows Safe Mode is No Longer Safe
Many of us have run into an annoying and time-consuming... Read More
Another Fine Mess!
I'm in the Anti-Spyware business, and I'm doing a lot... Read More
How to Protect Your Child from the Internet
When the Internet first came about, it was realized it... Read More
Computer-Virus Writers: A Few Bats In The Belfry?
"Male. Obsessed with computers. Lacking a girlfriend. Aged 14 to... Read More
I Spy...Something Terribly Wrong (In Your Computer)
This really chapped my lips...I recently bought a new computer.... Read More
Preventing Online Identity Theft
Identity theft is one of the most common criminal acts... Read More
Why Malicious Programs Spread So Quickly?
It seems that nowadays cybercriminals prefer cash to fun. That... Read More
Computer Viruses and Other Nasties: How to Protect Your Computer from These Invaders
Can you protect your computer from all possible viruses and... Read More
How to Protect Yourself Against Online Criminals
Credit card fraud is a growing problem for online businesses... Read More
Securing Your Accounts With Well-Crafted Passwords
In the past I've never really paid much attention to... Read More
Can I Guess Your Password?
We all know that it's dangerous to use the same... Read More
Is My PC Vulnerable on the Internet?
No longer are viruses the only threat on the internet.... Read More
Spyware Protection Software
Spyware protection software is the easiest way of removing spyware... Read More
Is That Free Stuff Like An iPod Or Desktop Computer Really Free?
Have you seen the web site, www.freestuff.com? Or have you... Read More
5 Simple Steps to Protect your Digital Downloads
A couple of days ago, I was searching for a... Read More
Wells Fargo Report Phishing Scam
First off I should explain what phishing is. Phishing is... Read More
Money Mule Email Scam Hits U.S.
Imagine this ? you open up your email box and... Read More
SCAMS ? Be Aware ? And Report When Necessary
The Internet is a vast International Network of people and... Read More
Anti-Spyware Protection: Behind How-To Tips
There is no doubt that "how-to articles" have become a... Read More
Delete Cookies: New-Age Diet or Common Sense Internet Security?
No, this article isn't about some new, lose-20-pounds-in-a-week, certified-by-some-tan-Southern-California-doctor diet.... Read More
Identity Theft - Dont Blame The Internet
Identity theft ? also known as ID theft, identity fraud... Read More
Identity Theft Offline -- So Many Possibilities
Chris Simpson, head of Scotland Yard's computer crime unit was... Read More
Beware of Imitations! Security, Internet Scams, and the African Real Estate Agenda
Fishing on the Internet has come a long way. However,... Read More
Five Excellent Indie Encryption And Security Solutions You Have Not Heard About
Geek SuperheroGeek Superhero watches your computer for changes, immediately notifying... Read More
Top Five Online Scams
The top five online scams on the Internet hit nearly... Read More
7 Ways to Spot a PayPal Scam E-Mail
Paypal is a great site and is used by many... Read More
Protect Your Little Black Book
The movie Little Black Book features a young woman, Stacy,... Read More
How to Thwart the Barbarian Spyware!
Today,on most internet user's computers, we have the ability to... Read More
Firewalls: What They Are And Why You MUST Have One!
A firewall is a system or gateway that prevents unauthorized... Read More
Instant Messaging ? Expressway for Identity Theft, Trojan Horses, Viruses, and Worms
Never before with Instant Messaging (IM) has a more vital... Read More
How To Be Your Own Secret Service Agency
So you want to know who your kids are chatting... Read More
Its Time to Sing the Encryption Song - Again!
Yes, I'm wearing my encryption hat again. Why you may... Read More
The Important Steps To Protect Your Kids on the Internet
Internet is the ocean of knowledge. In this ocean you... Read More
3 Pervasive Phishing Scams
Scams involving email continue to plague consumers across America, indeed... Read More
8 Surefire Ways to Spot an E-Mail Identity Theft Scam!
The E-Mail Identity Theft Scam is running Rampant. These E-Mail... Read More
Information Security for E-businessmen: Just a Couple of Ideas
If you constantly deal with bank or electronic accounts, it... Read More
Spyware, What It Is, What It Does, And How To Stop It
Spyware is software that runs on a personal computer without... Read More
Corporate Security for Your Home Business
The words Corporate Security may conjure up images of a... Read More
Web Browsing - Collected Information
You may not realize it, but as you are surfing... Read More
Hacking the Body Via PDA Wireless Device
First I would like to stress I am condoning the... Read More
SCAMS ? Be Aware ? And Report When Necessary
The Internet is a vast International Network of people and... Read More
Virus Prevention 101
Blaster, Welchia, Sobig, W32, Backdoor, Trojan, Melissa, Klez, Worm, Loveletter,... Read More
HackAttack
P C. owners are constantly at risk from attacks by... Read More
Protecting Your Identity On The Internet
Afraid that someone is monitoring your PC or installed a... Read More
Top Ten Spyware and Adware Threats Identified
On December 8, 2004 Webroot, an award winning anti-spyware solution... Read More
Virus Nightmare..Lessons Learned
I got a virus the other day, Thursday I believe... Read More
Computer Viruses - How to Remove a Computer Virus from Your Computer
Computer viruses infect millions of computers every day. Viruses can... Read More
How to Get Rid of New Sobig.F Virus?
As you know, this time the virus under the name... Read More
With the Rise of Internet Crimes, Users are Turning to High-Tech ?PI?s? for Solutions
High-tech private investigators are becoming the answer for many Internet... Read More
Burning Bridges is Bad, But Firewalls are Good
When you signed up for that ultra-fast DSL or Cable... Read More
What to Look for before You Purchase Spyware Software
Huge number of spyware software applications are available in the... Read More
How to Protect Yourself Against Online Criminals
Credit card fraud is a growing problem for online businesses... Read More
The Top Twelve Threats No Computer User Should Ignore
The internet is undoubtedly a fantastic resource for families and... Read More
Avoid Internet Theft, Fraud and Phishing
Since its birth, the Internet has grown and expanded to... Read More
3 Things You Must Know About Spyware
1)Spyware is on your system. Like it or not, statistically... Read More
Internet Security |