| |
| |
|
Security Information |
|
|
|
Desktop Security Software Risks - Part 1
This is the second in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions. Reason #2: the Desktop Security Software Risks The risks of placing software on the desktop are such that I will be breaking this article into two parts. Fundamentally we think of having software on our desktops as a good thing. I love downloading or installing new packages and seeing what new creative things people do to the user interface or what they do to make certain aspects of my life easier or more fun. But there are problems inherent with software that resides on the desktop, especially security software. All developers will know what I mean. First and foremost, desktop software can be reverse engineered. What's that mean? Have you ever inadvertently double-clicked on a file and had garbage show up or seen something that looks similar to this? http://www.checkinmyemail.com/Articles/image001.jpg The old hex dump. Programmers will know it well. We actually spend a good deal of time trying to read this stuff. Basically, if there are programs that can (and do) turn instructions like the following If UserBirthDate < "01/01/1960" then IsReallyOld = "Yes Else IsReallyOld = "No" End If into something like the picture above, then the reverse is true: people have developed software that can take that gobbeldy-gook in the picture above and turn it somewhat into the if-statement I wrote out. The reversing software won't know that I had an item called UserBirthDate, but it will know I was testing for a value of January 1, 1960 and it will be able to say that based on that value I set another item to Yes or No. So now we install our fool-proof anti-virus software on our desktop (or our firewall for that matter). Well, so too can a virus author. And that virus author or hacker will also have gotten a copy of the latest reverse-engineering software from his local hacking site. He now goes upon his task of reverse-engineering the software and then trying to decipher the results. It's not easy but it can be done. Unfortunately, vendors know this and understand this as an acceptable risk. The problem here is that your security software is at risk. If your vendor codes an error, the virus author can and will detect it. For example, if your vendor should exclude a file from scanning, it's possible the virus author will figure out which file (or type of file) that is and bury his code there. If the vendor excludes files from scanning or heuristics, it's possible that virus author will figure out a way to corrupt that file. That being said, there are other risks. As we have said, once software is on the desktop it affords virus authors an opportunity to reverse-engineer security software. The knowledge that reverse-engineering provides is invaluable to a virus author when building his next software attack. Third, virus authors can learn where the anti-virus vendors put there software and put the links to their software (directory folders, registry entries, etc.). This too is invaluable information. In fact, in some ways it teaches people intent on writing malicious software clues as to how to infiltrate the computers' operating system, where registry entries need to be made to force software to be loaded every time a computer is started, etc. This information is generally available all over the web and in manuals for operating systems, especially manuals on such subjects as the Windows Registry. But having the software teach you where things belong to be effective is powerful knowledge. Lastly, and perhaps most significantly, is the issue of forebearance. The anti-virus vendors usually know more about the potential exploits inherent in programs than virus authors but they are bound by the fact that should they try to prevent them before the exploits occur, they could be branded as irresponsible for teaching virus authors about these very exploits. For example, when Microsoft first released the macro capabilities of Word, anti-virus vendors immediately realized the potential for danger in macros, but they were handcuffed. If they released software that disabled macros before the first macro virus was ever released, they would signal to virus authors the inherent destructive powers of macros. They chose instead to wait, handcuffed by the limitations of desktop software. Until the Internet there really has been no better medium for delivering virus solutions than desktop software. It was relatively inexpensive to deploy (either market the software and sell it in stores or provide free downloads on bulletin boards and web sites). It is, however, expensive to keep updated in terms of time and effort, even with automated update systems. The Internet caused several things to happen: by becoming a powerful medium for sharing files, whole families of viruses disappeared practically overnight (boot sector viruses, for example); by becoming the option of choice for sharing files, it was easier to infect a single file and have thousands download it. A better solution is to place the security software in an offsite appliance of its own making. All Internet, intranet, networking connections flow through the appliance. Selling off the shelf hardware appliances with built-in security software is better than a desktop software solution but it still suffers -to a lesser extent- from the pratfalls that desktop software falls prey to. Even better is to create a service that a 3rd party vendor manages in a secure environment. In such an instance both the software and the hardware are away from the prying eyes of the malicious software authors. This further reduces the opportunity for malicious authors to discover the tricks and techniques employed by the security vendors to protect you. About The Author Tim Klemmer Tim Klemmer has spent the better part of 12 years designing and perfecting the first true patented behavior-based solution to malicious software.
MORE RESOURCES:
Security - Google News |
|
|
|
RELATED ARTICLES
3 Simple Steps to Stay Safe from Spyware There are several basic concepts to keep in mind when deciding to stay spyware free for good. This article will outline a spyware checklist for you to keep in mind when getting tough on spyware and taking back control of your computer using two popular free applications, Ad-Aware,and Spybot - S&D. Dont Miss Information Because of Misinformation It has been said that with the wealth of information, freely available, the Internet has the ability to make you smarter, faster, than any other medium on the planet. Of course with an equal amount of mis-information, it also has the ability to make you dumber, faster, than any other medium on the planet. Web Conferencing Readers - So What Do We Do with the PAYPAL SPAMMER From: "Paypal Security" Subject: New Security Requirements Date: Tue, 26 Jul 2005 19:20:51 -0800Dear valued PayPal® member,Due to recent fraudulent transactions, we have issued the following security requirements.It has come to our (attion)**Spelling Mistake**, that 98% of all fraudulent transactions are caused by members using stolen credit cards to purchase or sell non existant items. The Truth About Hiding Your Tracks on the Internet Ok, ok, I know you've seen them. All those pop up windows claiming that "You're being watched!" or banner ads saying "Your computer is under surveillance!" And all you need to do is buy their product and your computer's visbility will disappear from the Internet. SPYWARE - Whos Watching Who? I am in the midst of Oscar Wilde's The Picture of Dorian Gray. "The basis of optimism is sheer terror. If You Steal It, They May Come! Business on the internet is getting down right shameless. This week, my email box was literally filled with hype, overly inflated promises, phish mail, scams, ezines I did not order, and about 14 viagra gimmicks. Firewall Protection - Does Your Firewall Do This? The first thing people think about when defending their computers and networks is an up-to-date antivirus program. Without this most basic protection, your computer will get a virus, which could just slow it down or potentially bring the pc to a complete standstill! So anti-virus software is the answer? An anti-virus solution on it's own is not the answer to all of your problems, it can only protect you so much; in fact test have shown that a new pc running Windows XP if left connected to the Internet unprotected will be infected with viruses and remotely controlled via unauthorised persons within 20 minutes! To protect you against hackers and often to prevent spyware and 'scumware' from communicating directly with their servers about information it may have picked up from your pc, a firewall should form the key part of your e-security solution. Preventing Online Identity Theft Identity theft is one of the most common criminal acts in society today. Criminals will use your personal information such as banking accounts and passwords, to pretend that they are you. Phishing - Its Signs and Your Options Phishing is the act of some individual sending an email to a user in an attempt to scam the user to release personal information. Is it easy to determine if it's a scam? Sometimes - but not always. Spyware, This Time Its Personal! First the basic definition of Spyware: It is a type of software which is installed onto your computer without your permission.. Is Your Email Private? Part 1 of 3 In a word, no - an email message has always been nothing more than a simple text message sent unencrypted to a recipient we choose. So all the email that we so blithely send all over the Internet everyday is neither private nor secure. 8 Surefire Ways to Spot an EBAY Scam E-Mail and Protect Yourself from Identity Theft Ebay is a great site and is used by many to buy and sell new and used Items. It truly is the worlds Largest Garage Sale Unfortunately when an online site becomes as big and popular as E-Bay the scam artists seem to just naturally follow. What is Hacking? Are You a Hacker? WHAT IS HACKING?Hacking, sometimes known as "computer crime" has only recently been taken very seriously. The activities undertaken by the real hackers have been criminalized and they are now being legally persecuted on a scale disproportional to the actual threat they pose. 6 Ways To Prevent Identity Theft These six ways to prevent identity theft offer you valuable tips against the fastest growing crime in America today. In 2004, more than 9. Traditional Antivirus Programs Useless Against New Unidentified Viruses! Every now and then you can read about a new virus and the damage it causes. The millions viruses costs companies each time they strike. The Never Ending Spyware Story It's been with us since 1993, it's gotten more intrusive, more complicated.It's created a whole ecosystem, so to speak. Identity Theft -- 10 Simple Ways to Protect Your Good Name! Identity Theft is one of the most serious problems facing Internet users. Identity Theft is exactly as the name states -- someone steals your Identity and commits fraud in your name. 5 Simple Steps to Protect your Digital Downloads A couple of days ago, I was searching for a popular eBook online. Now I'm not going to tell you the name of this eBook for reasons you'll understand in the next few minutes. Be Alert! Others Can Catch Your Money Easily! So called phishers try to catch the information about the account numbers and passwords of internet users. They deceive people with faked emails and websites that resembles exactly the originals of well known banks or electronic payment systems. Are You Surfing Safe? Ok, you've got a computer, and you get online. You surf your favorite sites, Sports, Shopping, Cowchip Tossing Blogs, and so on.
|
| home | site map |
| © 2006 |
