Discussion in 'other anti-virus software' started by lotuseclat79, Dec 1, 2005.
Viral cure could 'immunise' the internet Story.
Interesting but as far as i know Kaspersky Lab and McAfee (and probably others too) are already doing similar thing for quiet some time.
My guess is that if Microsoft didn't release buggy software in the first place, that would "immunise" the internet against 99% of viruses. But then Microsoft wouldn't be able to jump on the AV bandwagon and sell us all their soon to be released AV product
Call me synical...
Check out what MS has been doing - not in defence of their buggy SW:
Strider HoneyMonkey Exploit Detection
Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities
Also, the difference in the Story at NewScientist and what Kaspersky Lab and McAfee and others might have been doing for some time is one of scale across the Internet.
Yes, it's certainly interesting (I'd seen it before), but to me it's the wrong approach. It's like blaming the burglar for robbing your house because you left the door open. Microsoft have a social responsibility also as their software is directly rsponsible for the spread of the vast majority of malwares - they can't simply continue to burry their heads in the sand and roll out yet another batch of patches every time a vulnerability is exploited by the bad guys.
All very noble, but wouldn't it be better to supply those unsuspecting users (who I thought were also cash paying customers) with software that doesn't allow malware to be installed in the first place without the permission of the system administrator? I can't remember the last time a box popped up asking for the admin password when a virus happily installed itself in my system directories and registry!
For me, there reaches a point where you realise that no matter how many sticking plasters you apply, you're never going to fix something that can't be fixed. You're better off throwing the lot away and starting again from the ground up and doing the job properly. Microsoft had a chance to do it with Windows 95, and another chance with the move to a 64-bit OS platform. Lets wait and see if they do any better this time than they did the last time. If they need any pointers, they'd do well to take a look at the *nix security model - it's simple and effective
...and sorry for the rant!
Yet another brilliant idea which will be compromised by a smart cracker.
Remember the car that was supposed to be 'thief-safe'? It took the thiefs 5 minutes to figure it out. The industry behind it spent millions on this, yet it failed bigtime.
Cracker = Badguys
Hacker = Goodguys
No problemo on the rant - you make some very good and reasonable points.
As for throwing the lot away, have you heard of Singularity from Microsoft?
There is no Windows influence - and, as far as I'm concerned, the faster MS can set its sites on productizing it, i.e. throwing out Vista if necessary, and implementing the suggestions about Limited user accounts, the better off we all will be from a security point of view - for those who must stay with the MS OS product offerings.
* Microsoft OS Singularity - microkernel-based OS (no Windows roots)
* PDF 44-page technical research report about Singularity: Note: to download it right-click select Save as to Desktop
However, back at the reality ranch, their investment in software will be what keeps them from doing so - i.e. why throw away the golden goose?
Also, looking at the Strider Ghostbuster research project at MS, http://research.microsoft.com/rootkit/ , I would be happy if they would hurry it up and get it productized:
Strider GhostBuster Rootkit Detection
Strider GhostBuster detects API-hiding rootkits by doing a "cross-view diff" between "the truth" and "the lie". It's not based on a known-bad signature, and it does not rely on a known-good state. It targets the fundamental weakness of hiding rootkits, and turns the hiding behavior into its own detection mechanism. There are three versions of Strider GhostBusters:
And I'll always blame the burgler....he has absolutely no business stepping on my property getting close enough to see if I left my door unlocked, or if I left it open...he has no business even walking into my house. That's my property, I didn't invite him in.
Microsoft has been doing pretty well as their responsibility of patching their software. You know how much money they have invested simply in their windows/microsoft/office update servers? And bandwidth? Not to mention the staffing for those departments? Yes it's still "free".
Not long ago, when CrApple started having some exploits...they didn't even offer update fixes...they flipped the middle finger at users and said "Too bad...just go purchase the latest version." They've since gone to free updates I believe...since many people probably balked.
The reality of the world is....somebody has to be in the spotlight. And whoever that somebody is....will be the main target. If it was not Microsoft...it would be someone else. It's already been proven that CrApple and *nix can be hit. It's just such a small percentage, well, malware coders want to do maximum damage...and for now, that's Microsoft. It's always "Who's in the spotlight". Internet Explorer was always the big target, so people turned to Firefox. I kept telling people "wait as FF catches in popularity..you'll see"...sure enough starting this spring, we started seeing quite a few security exploits and updates in FF.
I'm posting from Opera now...since the adware version went free a while ago, it's gaining in popularity...I'm sure we'll see some exploits here soon too. Else, I'm posting from FF when I boot this laptop here to Ubuntu (a *nix distro)
And if Linux gain the popular support and market penitration that Microsoft has it's a safe bet that the number of malware,spyware, worms, trojans, exploites and adware that would afflict it would be as numerous as they are for Windows. Especially as Linux is open source and the "bad guys" would have free access to the whole OS code.
Ahh - the great urban myth surrounding open source. Open source also means that many more pairs of eyes examine the code, discover bugs and fix those bugs before anyone is able to exploit them in a malicious manor. This point is illustrated with alarming frequency on security sites such as Secunia where known vulnerabilities for Windows XP and Internet Explorer dating back as far as Sept 2002 remain unpatched. In fact, 27 of 122 known vulnerabilities in Windows XP and 21 of 89 known vulnerabilities in Internet Explorer 6 remain unpatched. Compare that to a popular and comparable Linux-based product, such as Red Hat ES4, which currently has zero known unpatched vulnerabilities (http://secunia.com/product/4668/). Do you find it acceptable that Microsoft can't be bothered to fix vulnerabilities in it's software that you pay for and use, that it has known about for over 4 years? So open source means the vulnerabilities get fixed in a timely fashion whereas closed source means the vulnerabilities sometimes get fixed if the vendor can be bothered. I hope this clearly illustrates that open source is a good thing
Sure, of course malware writers are going to target the most widely used platforms and software, but viruses targeted against *nix-based OS platforms are far less effective due to the inherently more secure nature of those OSes. For example, worms and trojans are unable to bind key ports without root priviledges. Further, software (including malware) simply can't be installed on a *nix-based system without entering the root password (unless of course the user is silly enough to be running as the root user) as system files and directories are protected from restricted users. The simple fact of the matter is that if *nix-based OSes had the 90% plus market share that Microsoft currently enjoys, then there would be less malware, and what did exist would be far less widespread.
There is absolutely no reason why a non-server box that is not running any public services (such as a web or ftp server) should be vulnerable to malware. The absolute worst any malware should be able to do is take out a single user - under no circumstances should it be able to touch the system in any way, shape or form.