The virus arms race? is locking down systems the key?



The securityfix has a post on the “dirty little secret” about antivirus. Eugene Kaspersky of Kaspersky antivirus has posted an introspective article on the antivirus industry and it’s current problems. The biggest problem with antivirus is that it’s always one step behind the virus writers. Antivirus software only can prevent you being infected by those viruses that the antivirus software knows about. In other words a quick, fast spreading infection can hit you anywhere between hours-days before your AV vendor has an update.


(Speed of updates should be one point to look at in choosing antivirus software.) But the point is valid, antivirus is on the wrong side of the arms race. It’s like the old sports question about whether offence or defence wins the game. Usually if you have a team that does NOTHING (no offensive capabilities, pure defence) but defend, they lose because no defence is perfect. Current antivirus is a reactionary solution to the problem of malware.

At this same time, I found this post at the sunbeltblog referring to an eweek article on locking down systems to prevent/limit the impact of malware. What eweek found is that forcing people into unpriviliged user accounts DID impact overall system security (hello – this is what linux/unix advocates have claimed for YEARS.)

I’ve known people that used limited permission profiles to deal with spyware. When one profile became infected they migrated to another login leaving behind their malware. I know one individual that’s looking at using virtual pc to sandbox his OS in so that he can jettison an infested instance if necessary more easily.

Unfortunately, under windows the “Power User” right’s group in the eweek article suffered a good deal of malware infections. All told, there are pros and cons to the “severe” lockdown of user accounts. Some software, unfortunately, still requires local administrator access due to the legacy of Windows more open permissions of the past. It’s an interesting analysis of the benefits and costs of this approach. Personally, I like the linux/unix permissions model with average users being unable to install system software without the administrator password, etc. My only concern with that is being too non-chalant about installing software. (It does shift the responsibility somewhat for WHO allowed the software to be installed (security bug/user input)).

It does all come to educating users though. I mean, say you’re locked down, software starts to install and asks for an administrator password. Do you just give the password without a thought and grumble over the extra hurdle to see a web page? Or do you think ” woah… what’s trying to install? why do I need that?” This is one area where the “dumbing down” of the “new computer user information guide”‘s is really letting the public down.

Realistically you have a better chance of getting malware infested on your pc by browsing the seemier side of the net, other smaller/little known sites, etc. So, locking down browser defaults could go a long way. (Locking down the habits of the browser him or herself?) There was an old joke that goes something like this — what is the most dangerous part of a car? The nut behind the wheel… a good deal of that truth could be applied to computers.

Don’t open attachments, even if the message claims to be from someone you know, unless it was an attachment that you were expecting. I used to say, unless it was about something that you have discussed with that person, but realistically the varied subjects and techniques of virus writers make that too risky. I once saw a virus that looked like a reply to a 6 month old conversation. Don’t assume that if you’ve received it, it’s clean. In other words don’t be overconfident in your antivirus. Ultimately, be cautious…. it’s “computer smarts” that blunts the spread of malware.

Related Posts

Blog Traffic Exchange Related Posts
  • Nero for Linux The news is that Nero has announced NeroLinux a version of their cd burning software that will run under the linux operating system. The software is available in either rpm or deb binary (for either debian based or red-hat based package managed systems.) I've noticed that Nero install under wine......
  • How to Remove Windows Enterprise Defender (Removal Guide) Windows Enterprise Defender is a rogue antivirus application that uses the name of Windows Defender and the similarities of their name to appear as an official product or add on to windows. Of course, the real Windows Defender is a legitimate application, but Windows Enterprise Defender is a rogue antivirus......
  • Network Security guide for the home or small business network - Part 12 - Antispyware I've talked about Antivirus software as an essential. Today we're going to look at Antispyware software. There is a difference. By definition a virus is a piece of software that infects other files or copies itself. A worm is a virus that spreads without user intervention. (From one open network......
Blog Traffic Exchange Related Websites
  • What Kind Of Software Runs Successfully On A VPS Host? Nowadays, the VPS or the virtual server provider is being provided by various webhosting companies. This kind of hosting is being offered as a more preferred choice than the typical shared server innovations. Moreover, this is more economical than the dedicated server. The UK VPS host includes special mail sending......
  • How to Remove Antivirus 2009, Spyware Guard 2008 and Other Malware My wife, kids, and I spent this past Christmas at my parents' house. It wasn't long after we arrived before I gravitated to their computer to check my email, read the news, check the stock market, etc. Much to my dismay, I found a barrage of malware, spyware, and......
  • 10 Essential Tips for Online Shopping Safety The guest post is by Annie Wallace who blogs on viral marketing for moms as well as loves collecting DIY gadgets. I know, this blog is rather about saving money than spending - but for the most part smart shopping is the most effective way to save! You can save......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site