New model for anti-virus and security solutions.
Fundamental # 1: The basic model
Anti-virus software vendors still rely on yesterday's methods for solving today's problems: they wait for the next virus play havoc, and then to find a solution. This has for a long time, if a virus would take years to traverse the world. But in this fast-paced Interet-crazed world we live in today, this type of solution is no longer applicable. Now a virus can traverse the world and infect millions of computers in a few minutes.....
In the good old days a virus traveled from disk. Insert a floppy disk in your computer and save some data to him and the virus would infect the floppy. Then the unknowingly infected floppy disk to another computer and presto the new computer would be infected. (I'm skimming over many details here by one point). So the virus' progress was slow and steady. Anti-virus vendors had time on their side. They had the time to get a copy of the virus, dissect, run it through a series of tests for a signature string (definition see below), insert the string in a database of strings to search if the scan your hard drive (and disks) and the release of the new database to the public. Ten years ago, this system works very well.
But now, all over the Internet. Now, by e-mail as a means of transport, it does not take years to gather momentum, instead it takes a matter of minutes. And here is where the model breaks. Step back and ask the following question: If suppliers can catch "known and unknown viruses" as its literature states, how is it then that we continue to have virus problems?
The answer lies in the fact that virus writers were more creative new ways to infect and play havoc and the software industry has not responded in kind, rather remain embedded in its old-fashioned methods.
Why not the old ways no longer work, you may ask? It is relatively easy. Let's go through the steps.
-- A virus unleashes NewVirus author by e-mail. It mass-mails to his virus thousands of people. Some, not all, unwittingly opening the plant think it's from a friend or the subject is so tempting that they misled to open it without thinking it is a problem (see nude pictures of Anna Kournikova). The e-mail attachment via e-mail immediately starts everyone in his contact list and embeds in its operating system, so that each time, it switches on his computer.
The people he in turn e-mails fooled into thinking the e-mail address is valid and they open the facility. Very quickly hell breaks off. Agencies, the monitoring of Internet traffic are problems associated with the sudden spikes in e-mail traffic, and they start to get calls or e-mails warn them of the fact that there are new problem. The samples come from and sent to anti-virus vendors. They pass the e-mails through a series of tests to analyse what exactly the virus does and how it does it. Additional analysis is to extract a unique string of 1's and 0 to identify this plant as nothing more than NewVirus. This is called the signature string. It is important that regardless of string has arrived in does not exist in any other program or piece of software, otherwise you will get what is commonly known as false positives.
Quick digression about "false positives": When a manufacturer comes at a unique string, which only coincidentally be embedded in Microsoft Word, then each time a user a scan of their hard drive, Microsoft Word is found that they are infected with NewVirus. Word users uninstall and reinstall only to learn that they were still infected. There are complaints, the provider forced a reassessment of signature string and re-released its list of strings and admit the error.
Typically signature strings match against a whole boatload of commonplace software only to protect against this event, but it still happens and suppliers to learn about new software to test their beds.
OK, so the vendor came up with a signature string. Continue? Implementation of the string to string their database, so that when their scanners to scan they find it in your hard drive, which in the database. After the database was updated, they let the database to their customers, which commonly referred to as "push" send, where the updates to its primary users.
If you do not buy into this service, you must know enough to get in your anti-virus manufacturers and update your software for you to stay up to date.
So, where are we? The bad Guy or teenage problem has unleashed NewVirus. NewVirus has infected thousands of computers; suppliers were alerted; NewVirus continues to infect; solutions and "pushed" to corporate customers; NewVirus continues to infect hundreds and thousands of computers, corporate customers breathe a sigh of relief and alerting users than to the new threat.
Thousands, if not millions of computers infected and must be cleaned because the best way to solve the problem virus is to wait for each new virus to come together and resolve on a case by case basis.
But if you sat back and said: What if? What if you categorized all things a virus can do (or could do), built a number of computers to allow any e-mail attachment or program to have full run of a computer (similar to how it would be on your own computer -- Like a computer is called "honey pot") and then analyze that computer for undesirable behaviour?
That would be a genuine pre-emptive attack against all malicious software. This is the behavior-based model. Such a model would actually protect you unknown viruses, along with all the 70000 known viruses.
In Part 2 we will discuss the risks and security failures that distributes software on your provider desktop.http: / / www.checkinmyemail.com
No comments:
Post a Comment