Security informational articles

The move to a new anti-virus model - guarantee


This is the agree with in a chain of articles highlighting reasons why we need a new model for anti-virus and defense solutions.

Reason #1: the Basic Model

Anti-virus software vendors still rely on yesterday's methods for solving today's problems: they wait for the next virus to wreak havoc and then be the source of a solution. That worked for a long time when a virus would take years to go over the world. But in this fast-paced Interet-crazed world we live in today, this type of clarification is no longer applicable. Now a virus can go across the world and infect millions of computers in minutes.

In the good old days a virus traveled by floppy disk. Put a floppy in your laptop and save some data to it and the virus would infect the floppy. Then unconsciously put the infected floppy in an added mainframe and presto the new mainframe would befit infected. (I'm skimming over a lot of aspect here to make a point). So the virus' advancement was slow and steady. Anti-virus vendors had time on their side. They had the time to get a copy of the virus, break down it, run it because of a cycle of tests to come up with a signature filament (see below for definition), put the filament into a list of strings to hunt for when scanning your hard drive (and floppies) and announce the new list to the public. Ten years ago this classification worked very well.

But now each one is allied via the Internet. Now, using email as a carrying point, it doesn't take years to arrange momentum, as a replacement for it takes a be of importance of minutes. And here is where the model breaks. Step back and ask by hand the subsequent question: if vendors can catch "known and nameless viruses" as their journalism states, how then is it that we carry on to have virus problems?

The come back with lies in the fact that virus authors have been more creative in appearance up with new ways to infect and wreak havoc and the software business has not responded in kind, preferring to stay embedded in its old fashioned methodologies.

Why don't the old ways work any more, you might ask? It's more or less simple. Let's go because of the steps.

A virus cause unleashes NewVirus via email. He mass mails his virus to thousands of people. Some, not all, innocently open the attachment assessment it's from a associate or the area under discussion is so beguiling that they are fooled into cavity it devoid of assessment it's a badly behaved (cf. nude movies of Anna Kournikova). The email attachment at once starts emailing each one in his call list and embeds itself into his in service approach so that it's activated every time he turns on his computer.

The folks he emails in turn get fooled into idea the email is valid and they open the attachment. Very abruptly all hell breaks loose. Agencies which observe Internet transfer see evils arising with the abrupt spikes in email travel and they begin to get calls or emails alerting them to the fact that there's a new problem. Samples are obtained and sent off to anti-virus vendors. They pass the emails by means of a run of tests to dissect what closely the virus does and how it does it. Additionally chemical analysis is performed to dig up a exclusive chain of 1's and 0's to associate this attachment as none other than NewVirus. This is called the signature string. It's chief that doesn't matter what line is indoors at does not exist in any other code or piece of software; otherwise, you will get what is normally called a false positive.

Quick aside on "false positives": if a vendor arrives at a exclusive chain that just happens to be embedded in Microsoft Word, then every time a user runs a scan of their hard drive, Microsoft Word will be identified as being infected with NewVirus. Users will uninstall Word and re-install only to learn that they are still infected. There will be complaints; the vendor will be artificial to re-assess the signature cord and re-release his list of strings and admit the error.

Typically signature strings are matched anti a whole boatload of dull software just to defend anti this occurrence, but it still happens and vendors learn to add new software to their test beds.

OK, so the vendor has indoors at a signature string. Next? Instigate the cord into their filament catalog so that when their scanners are scanning they will match what's on your hard drive to what's in the database. After the list has been reorganized they announce the list to their customers in what's regularly called a "push" where they send the updates to their basic users.

If you did not buy into this service, you must know an adequate amount of to log into your anti-virus vendor and inform your software so that you stay current.

So where are we? The bad guy -or catch teenager- has unleashed NewVirus. NewVirus has infected thousands of computers; vendors have been alerted; NewVirus continues to infect; solutions are achieved and "pushed" to corporate clients; NewVirus continues to infect hundreds and thousands of computers; corporate clients breathe a sigh of relief and alert their users as to the new threat.

Thousands, if not millions, of computers develop into infected and need to be cleaned for the reason that the best way to solve the virus challenge is to wait for each new virus to come along and solve on a case by case basis.

But if you sat back and said: what if? What if you categorized all the belongings a virus can do (or could do), built a run of computers to allow any email attachment or agenda to have full rein of a central processing unit (much like it would have on your own laptop - such a cpu is called "honeypot") and then consider that mainframe for unwelcome behavior?

That would be a true pre-emptive air strike adjacent to all malicious software. This is the behavior-based model. Such a model would in point of fact guard you indefinite viruses, along with all the known 70,000 viruses.

In part 2 we'll argue the risks and defense failures of having disseminated vendor software on your desktop.

About The Author

Tim Klemmer
CEO, OnceRed LLC
http://www. checkinmyemail. com

Tim Klemmer has spent the advance part of 12 years deceitful and perfecting the first true unproved behavior-based blend to malicious software.

timklemmer@checkinmyemail. com


Developed by:
home | site map © 2019