[ISN] Computer Security: The New Wave

From: InfoSec News (alerts@private)
Date: Sun Jan 21 2007 - 22:26:56 PST


By Robin Bloor
January 22, 2007

Antivirus technology is a crock. It fails to prevent computers from 
getting infected with viruses, and this failure contributes to many 
other security woes that plague the world's computers.

Because viruses spread, hackers find it easier to compromise computers, 
identity theft is better enabled, and computer fraud is easier to 
perpetrate. Virus-infected computers become a resource for hackers to 
exploit. Some hackers assemble and control networks of thousands of such 
computers and use them to distribute huge volumes of spam, mount 
sophisticated phishing attacks, and launch targeted "denial of service" 
attacks on companies.

The level of virus infection is high. It's not an epidemic; it's a 
pandemic. How bad is it? That depends on how you look at it.

For the home computer user and small-business user, infection is 
chronic. In June, 2006, Microsoft (MSFT) revealed the results of a 
15-month test of its Malicious Software Removal Tool on home PCs and 
small-business PCs. The utility had been used to scan and clean 5.7 
million PCs, and it found backdoor Trojans, or programs that let hackers 
gain entry, on about 62% of them. And during the 15-month period, 20% of 
PCs that were cleaned were reinfected.

Big companies aren't immune, either. The 2005 Yankee Group Security 
Leaders & Laggards Survey indicated that while 99% of enterprises have 
deployed antivirus programs, 62% got infected by viruses. The situation 
for large enterprises is, it seems, not much better than for other PC 
users. They may be better able to recover from infection, but they still 
get infected.

Faulty "Burglar Alarms."

So why is it that AV technology does such an inept job? Consider the 
following information, published last year by AusCERT, Australia's 
Computer Emergency Response Team.

The most popular AV products fail to prevent 80% of new viruses. AusCERT 
declined to name the AV companies publicly, but in case you didn't know, 
the leading AV vendors are Symantec (SYMC), McAfee (MFE), and Trend 
Micro (TMIC), in that order.

Mind you, it isn't necessarily the case that these products are 
technically inferior to other AV products. It's just that most virus 
writers test their viruses against the popular AV products before 
unleashing them on the world.

Because of this, AV technology is doomed to be ineffective, and it is 
never going to be effective. The AV vendors have built "burglar alarms" 
that alert you only if a known burglar tries to enter your house. Any 
burglar that they don't recognize gets in unopposed.

The practical solution is to have a "burglar alarm" that sounds when 
anyone you don't know tries to enter the house. Deceptively simple, 
isn't it? But security products that work in this way have only recently 
been introduced.

The first company to offer such a product was SecureWave, in 2001. Since 
then three other companiesAppSense, Bit9, and Savant Protectionhave 
introduced products that work in this way. Instead of focusing on 
identifying malware, these products manage a full recorda so-called 
white listof the valid programs, and prevent other programs from 
running, or, if necessary, run unrecognized programs in quarantine until 
their nature becomes clear.

Not Solved Yet

At the moment these products are focused only on the enterprise market. 
As the persistent failure of AV products becomes increasingly visible 
and as the popularity of these newer products grows, they will become 
available to the home user. Until then, the computer virus pandemicand 
all the evils it engendersis likely to continue.

Symantec Chief Executive John Thompson declared in a speech in October 
that the problem of "worms and viruses is solved." It was a bewildering 
declaration, coming at a time when virus infection rates are as bad as 
they have ever been and cybercriminals are better able to exploit such 

But he was partly right. Only it's not Symantec that has solved the 
problem. Technically, the malware blocking problem is solvedby the 
handful of companies that deliver a whitelisting-based solution. Yet 
cybercrime is rampant, and it will remain a blight until the use of this 
newer wave of products is widespread.


Bloor is a partner and analyst with Hurwitz & Associates, a 
Massachussetts-based IT research and consulting firm. He is also chief 
research officer and founder of Bloor Research, an IT research and 
consulting firm based in Northamptonshire, England, and co-author of 
Service Oriented Architecture for Dummies..

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Sun Jan 21 2007 - 22:44:41 PST