-{ Quote: "Q&A: Stealth malware researcher Joanna Rutkowska discusses her interest in computer security, the threat from rootkits and why the world is not ready for virtual machine technology. " }-Article (http://www.eweek.com/article2/0,1759,2040760,00.asp)

Thanks Ron. Very enlightening/frightening article by one of the true geniuses among the "good guys."

I have been reading about Joanna Rutkowska & her "proof of concept" masterworks for several weeks. I had pictured her as a little old lady in combat boots with a severe bun of gray hair at the nape of her neck, with protruding front teeth, and eyeglasses like the bottom of a Coke bottle. You know -- the standard M1-A1 genius lady. But it turns out (based on her photo) that she's a very lovely young woman. Wow!

-{ Quote: "Thanks Ron. Very enlightening/frightening article by one of the true geniuses among the "good guys."

I have been reading about Joanna Rutkowska & her "proof of concept" masterworks for several weeks. I had pictured her as a little old lady in combat boots with a severe bun of gray hair at the nape of her neck, with protruding front teeth, and eyeglasses like the bottom of a Coke bottle. You know -- the standard M1-A1 genius lady. But it turns out (based on her photo) that she's a very lovely young woman. Wow!" }-


LMAO.

Just read the article. This is kind of frightening if we look at the future development of Malware (Typ III).

Although the proof-theoretic, typed, combinatory logic of polymophisms and coersions has been with us for years, I find it hard to believe that many could put such ideas to "practical" use as per malware. Nearly all malware "authors" are idiots who could not work with such notions. If there be one malware "author," with sufficient mental prowess as to implement these notions, then he would be wise enough to STEAL the notions rather than master them!

Dave

Thanks for the article, Ronjor ;)

You are quite welcome.

Of course she does have a point but I still think an AV/AT/AS is still an important tool that might save your ass, combined with a HIPS of course. ::)

I do have to admit that currently I´m not using an AV, and when I´m installing a new app I first run them in Sandboxie to see how they act. This is of course not the best method to discover malicious behavior. However at the moment I have a lot of confidence in my HIPS, so even if I might be running a virus I´m sure that the malicious behaviour will be blocked.

which HIPS are you using.

I find AVs perfectly capable of what they're meant for. At least for my degree of knowledge where i keep my system clean on my own, AV is just a second line of defense.

Point One: I really cannot understand why people stating such things. Every AV company might have a different type of customer fields. There are also customers which do not like to get interrupted during work. They simply don't want to answer popups "Are you sure you want to allow this program?". Point!
They just expect that something runs in the background without any needed user action. I mean just imagine a big company and everyone is running to the system administrator asking if he/she should grand permission for program "X". The guys running bersek there soon. There's no doubt if HIPS is useful or not, but to be useful it has to match certain requirments. History proves that users are even clueless when a virus scanner says "This is a Trojan and needs to be deleted." Half of the users contacting the support and asking for help. (Remember: They just have to press the delete button - contacting the support because the av cannot disinfect/delete something is however another issue)

You guys should keep in mind that only a minor number of users knows about security forums and would be willing to spend their time there asking for help.
For a lot of users the computer is just a tool. They don't blow a kiss to it when shutting it down and going to bed. They might not even clean the keyboard ;D And now comes the most important fact: It doesn't make any sense to try to educate those people since they simply don't want it. They just want to use the computer.

When u drive a car that doesn't mean automatically you have to be a mechanic. You know basic things (eg. the petrol control flashes, the inspection lights up etc) but most of the drivers wouldn't know how to rate a special engine sound. They drive into a garrage to get help and to let others do the work. Same as for AV programs - you should not interrupt users with things if possible. If you ask the common user he will tell you first "Oh since i installed it never had any problem with it". That means the same as "It never bugged me". As long as it detectes things and does it's job that is the perfect av solution then.

I don't think the current age of antivirus solutions has come and gone yet and they are still relevant to the everyday user, like Inspector Clouseau said, if it runs in the background and does it's thing without bothering the user, that's the perfect antivirus solution. This is what I like also, in an antivirus solution, perfomance and protection, without interruption while I work. Atleast for me, an antivirus is still relevant, but this could change tomorrow.

-{ Quote: "Point One: I really cannot understand why people stating such things. Every AV company might have a different type of customer fields. There are also customers which do not like to get interrupted during work. They simply don't want to answer popups "Are you sure you want to allow this program?". Point!
They just expect that something runs in the background without any needed user action. I mean just imagine a big company and everyone is running to the system administrator asking if he/she should grand permission for program "X". The guys running bersek there soon. There's no doubt if HIPS is useful or not, but to be useful it has to match certain requirments. History proves that users are even clueless when a virus scanner says "This is a Trojan and needs to be deleted." Half of the users contacting the support and asking for help. (Remember: They just have to press the delete button - contacting the support because the av cannot disinfect/delete something is however another issue)

You guys should keep in mind that only a minor number of users knows about security forums and would be willing to spend their time there asking for help.
For a lot of users the computer is just a tool. They don't blow a kiss to it when shutting it down and going to bed. They might not even clean the keyboard ;D And now comes the most important fact: It doesn't make any sense to try to educate those people since they simply don't want it. They just want to use the computer.

When u drive a car that doesn't mean automatically you have to be a mechanic. You know basic things (eg. the petrol control flashes, the inspection lights up etc) but most of the drivers wouldn't know how to rate a special engine sound. They drive into a garrage to get help and to let others do the work. Same as for AV programs - you should not interrupt users with things if possible. If you ask the common user he will tell you first "Oh since i installed it never had any problem with it". That means the same as "It never bugged me". As long as it detectes things and does it's job that is the perfect av solution then." }-

no more no less...

-{ Quote: "Point One: I really cannot understand why people stating such things. Every AV company might have a different type of customer fields. There are also customers which do not like to get interrupted during work. They simply don't want to answer popups "Are you sure you want to allow this program?". Point!
They just expect that something runs in the background without any needed user action. I mean just imagine a big company and everyone is running to the system administrator asking if he/she should grand permission for program "X". The guys running bersek there soon. There's no doubt if HIPS is useful or not, but to be useful it has to match certain requirments. History proves that users are even clueless when a virus scanner says "This is a Trojan and needs to be deleted." Half of the users contacting the support and asking for help. (Remember: They just have to press the delete button - contacting the support because the av cannot disinfect/delete something is however another issue)

You guys should keep in mind that only a minor number of users knows about security forums and would be willing to spend their time there asking for help.
For a lot of users the computer is just a tool. They don't blow a kiss to it when shutting it down and going to bed. They might not even clean the keyboard ;D And now comes the most important fact: It doesn't make any sense to try to educate those people since they simply don't want it. They just want to use the computer.

When u drive a car that doesn't mean automatically you have to be a mechanic. You know basic things (eg. the petrol control flashes, the inspection lights up etc) but most of the drivers wouldn't know how to rate a special engine sound. They drive into a garrage to get help and to let others do the work. Same as for AV programs - you should not interrupt users with things if possible. If you ask the common user he will tell you first "Oh since i installed it never had any problem with it". That means the same as "It never bugged me". As long as it detectes things and does it's job that is the perfect av solution then." }-

Inspector makes a valid point about the criteria of AV's.

More than half of my friends and relatives have no clue about them. I prefer to drive a car to enjoy the views and the breeze. Same thing goes for browsing the internet. Let the engines and the experts take care of the bone.

Sometimes the approach of effective antivirus is the useability issue. Ever notice the tray icon menu of the F-PROT beta - Update, Scan, and Open. Very simple and not clottered like others. Very nice approach in dealing with those who have no clue. All you have to tell them is click the update and next click scan. Simple. Don't waste or spend too much time trying to click or dissect your av. Do more things enjoyable with your computer and internet. :)

Honestly, I spend too much time here reading about various av's when I have one that's running in the background. There are many tempting baits or should I say loose baits. Stick to one and keep it.

-{ Quote: "Sometimes the approach of effective antivirus is the useability issue. Ever notice the tray icon menu of the F-PROT beta - Update, Scan, and Open. Very simple and not clottered like others. Very nice approach in dealing with those who have no clue. All you have to tell them is click the update and next click scan. Simple. Don't waste or spend too much time trying to click or dissect your av. Do more things enjoyable with your computer and internet. :)
" }-

I always like install and forget type of applications. That,s really nice. It,s a painful fact that so many top tier security appliances are not user friendly at all.
I wonder why they don,t put them infront of idiot users before putting them in market, so that they can know whether it is user friendly or not.

Absolute truth Inspector. But for me and the most here it's a concern.

"Nearly all malware "authors" are idiots who could not work with such notions." I don't know the statistics, but enough of them understand and more. They are the ones that already knew of this. That's how i think. And these days, not only lone hackers do this, but groups. Exploiting weaknesses to make money. Steal credit card numbers, etc. Bet your ass they are sofisticated!

We only know the malware that was caught

Its not the idiots that you should be worrying about.

-{ Quote: "which HIPS are you using." }-

I will not tell because I´m afraid you will hack me. No just kidding, I´m using SSM and Neoava Guard, I believe they protect against the most dangerous stuff.

On topic: I can understand why Rutkowska is a bit disappointment with the current state of AV technology (signature + heuristics) I mean the first time I saw AV´s missing stuff on my system I was a bit shocked. And now it´s obvious to me that no AV will recognize 100 % of all malware. But I still think a realtime AV/AT/AS is important, it´s like getting a first opinion and my HIPS is the second opinion, that´s how I see it. :)

-{ Quote: "I don't use any anti-virus products to secure any of my machines. The reason—I just don't like their approach, which is to block only known malware." }-
Voila, that woman could be my sister. :)