The virus arms race? is locking down systems the key?



The securityfix has a post on the “dirty little secret” about antivirus. Eugene Kaspersky of Kaspersky antivirus has posted an introspective article on the antivirus industry and it’s current problems. The biggest problem with antivirus is that it’s always one step behind the virus writers. Antivirus software only can prevent you being infected by those viruses that the antivirus software knows about. In other words a quick, fast spreading infection can hit you anywhere between hours-days before your AV vendor has an update.


(Speed of updates should be one point to look at in choosing antivirus software.) But the point is valid, antivirus is on the wrong side of the arms race. It’s like the old sports question about whether offence or defence wins the game. Usually if you have a team that does NOTHING (no offensive capabilities, pure defence) but defend, they lose because no defence is perfect. Current antivirus is a reactionary solution to the problem of malware.

At this same time, I found this post at the sunbeltblog referring to an eweek article on locking down systems to prevent/limit the impact of malware. What eweek found is that forcing people into unpriviliged user accounts DID impact overall system security (hello – this is what linux/unix advocates have claimed for YEARS.)

I’ve known people that used limited permission profiles to deal with spyware. When one profile became infected they migrated to another login leaving behind their malware. I know one individual that’s looking at using virtual pc to sandbox his OS in so that he can jettison an infested instance if necessary more easily.

Unfortunately, under windows the “Power User” right’s group in the eweek article suffered a good deal of malware infections. All told, there are pros and cons to the “severe” lockdown of user accounts. Some software, unfortunately, still requires local administrator access due to the legacy of Windows more open permissions of the past. It’s an interesting analysis of the benefits and costs of this approach. Personally, I like the linux/unix permissions model with average users being unable to install system software without the administrator password, etc. My only concern with that is being too non-chalant about installing software. (It does shift the responsibility somewhat for WHO allowed the software to be installed (security bug/user input)).

It does all come to educating users though. I mean, say you’re locked down, software starts to install and asks for an administrator password. Do you just give the password without a thought and grumble over the extra hurdle to see a web page? Or do you think ” woah… what’s trying to install? why do I need that?” This is one area where the “dumbing down” of the “new computer user information guide”‘s is really letting the public down.

Realistically you have a better chance of getting malware infested on your pc by browsing the seemier side of the net, other smaller/little known sites, etc. So, locking down browser defaults could go a long way. (Locking down the habits of the browser him or herself?) There was an old joke that goes something like this — what is the most dangerous part of a car? The nut behind the wheel… a good deal of that truth could be applied to computers.

Don’t open attachments, even if the message claims to be from someone you know, unless it was an attachment that you were expecting. I used to say, unless it was about something that you have discussed with that person, but realistically the varied subjects and techniques of virus writers make that too risky. I once saw a virus that looked like a reply to a 6 month old conversation. Don’t assume that if you’ve received it, it’s clean. In other words don’t be overconfident in your antivirus. Ultimately, be cautious…. it’s “computer smarts” that blunts the spread of malware.

Related Posts

Blog Traffic Exchange Related Posts
  • Nero for Linux The news is that Nero has announced NeroLinux a version of their cd burning software that will run under the linux operating system. The software is available in either rpm or deb binary (for either debian based or red-hat based package managed systems.) I've noticed that Nero install under wine......
  • How to Remove Windows Enterprise Defender (Removal Guide) Windows Enterprise Defender is a rogue antivirus application that uses the name of Windows Defender and the similarities of their name to appear as an official product or add on to windows. Of course, the real Windows Defender is a legitimate application, but Windows Enterprise Defender is a rogue antivirus......
  • Network Security guide for the home or small business network - Part 3 - Antivirus Ok, the first two entries thus far, hardware firewalls and software firewalls have been fairly operating system independant. A hardware firewall is best, but if that's not possible a software firewall will do until you get a hardware firewall setup. This next item is (currently) a must have for Windows......
Blog Traffic Exchange Related Websites
  • Review of Windows Live Writer When you find a tool that makes life easier, there is nothing more exciting. The need for corporations to simplify and systematize their processes has to do with working smart and taking advantage of things that allow workers to reach their goals without having to work quite as hard. One......
  • Most Popular and Useful Security Apps for a Smart Phone The following is a post from staff writer Crystal at Budgeting in the Fun Stuff, where she writes about finding the balance between paying your bills, saving for your future, and budgeting in the fun stuff along the way. Buying a smart phone is a major investment because you spend......
  • FAQ about computer security Q: The virus blocked the registry access and how to get rid of it?A: You can deal with like this: 1. Click on Start -> Run (or Start Search in Windows Vista). 2. Enter GPEdit.msc and then press Enter. 3. Navigate to the following location: User Configuration -> Administrative Templates......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site