Will Patent Battles Make Your Computer Less Secure?

from the hurray-for-patents dept

Just as a new study is coming out suggesting that anti-virus software is getting worse at actually protecting your computer comes some other news that there's a brewing patent battle in the anti-virus world, with one firm, Trend Micro, going after a bunch of other companies for daring to use similar techniques in trying to protect computer equipment. If ever there were a perfect example of patents being used to hold back progress, this would be it. Computer security is incredibly important -- but it's a rapidly changing field, as both the "good guys" and the "bad guys" need to be constantly adjusting. Preventing firms from being able to use one method (and to improve on it, change it, build on it, etc.) simply gives the malware writers a huge leg up. They have no such qualms about building off of others' work, and this will simply lead to malware getting further and further ahead of security software, as security companies are held up in their ability to continue to adapt.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    drew, Dec 27th, 2007 @ 2:33am

    ok so i'm going to write some cheesy malware and then patent how to safely remove it then sue anybody that removes it = PROFIT

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Patrick, Dec 27th, 2007 @ 4:24am

    Great Idea Drew

    That is in fact the way they think it is done, Complete BS, But still ... This article makes a good point, The Malware is going to improve while security is at a stand still - All I have to say about that is .. " DUH"!!!

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Rich Kulawiec, Dec 27th, 2007 @ 5:11am

    AV software is unimportant to security

    AV software companies exist almost entirely because of the pathetic weakness of Microsoft products. (For example, to a very good first approximation, there is no such thing as an email virus; they are only Outlook viruses, and that is because despite its enormous financial and human resources, Microsoft has completely, utterly failed to write even a modestly-secure email client.)

    I don't use AV -- I don't have to, because I take the far superior approach of not using operating systems and applications that are vulnerable to malware written by children. So if the parasites at the AV companies want to hobble each others' efforts by engaging in a foolish patent war, so be it. This will have no impact whatsoever on the security measures used by qualified professionals.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Dec 27th, 2007 @ 5:48am

    Re: AV software is unimportant to security

    Please.... Put any OS into a majority of desktop computer use it catogory and point the full force of the hacker community at it and it will be crack hacked and virus infected. You can however keep your rose colored glasses on for the time being.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Rich Kulawiec, Dec 27th, 2007 @ 6:19am

    Re: AV software is unimportant

    Of course, this has already happened and the results have not turned out to be what you've predicted. Moreover, as all competent security people know, there is no correlation between popularity and susceptibility.

    If there are "rose-colored glasses" being worn, then they're perched on the noses of those who rely on AV technology -- which is guaranteed to fail when it will be needed most. For an excellent article which touches on this point, find Marcus Ranum's "The Six Dumbest Ideas in Computer Security", and read thoroughly.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Dec 27th, 2007 @ 7:26am

    Re: Re: AV software is unimportant to security

    You forgot the ubuntu hackers, the linux hackers, the GNU hackers, and KDE hackers and more.

    I think there are more hackers than crackers so we'll be pretty to tough to beat if crackers want to start manufacturing computer viruses for the Linux OS.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Rich Kulawiec, Dec 27th, 2007 @ 8:14am

    Re: AV software is unimportant to security

    I've forgotten none of them, actually. I simply recognize that (and this is one reason why I referenced Ranum's excellent article) defenses which rely on frequent signatures updates (or their equivalent) are inherently flawed. AV products aren't the only things that fall into this category, they're just one of the more prevalent.

    Real security does not come from band-aids like AV. Real security comes from OS and application software that is written to be secure, which is subjected to peer review, which is thoroughly audited for weaknesses, and which utilizes concepts such as default-deny, least-privilege, etc. Now, granted, sometimes it happens that even though all those things are done, there's still a problem. We are, after all, still learning. But it should be obvious to everyone who's watched the last 20-30 years of computer security unfold that this approach actually has a fighting chance of working, whereas use of band-aids (like AV) is a path to certain failure.

    Ranum's article, by the way, is here.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Matt, Dec 27th, 2007 @ 8:57am

    Re: Re: AV software is unimportant to security

    I would have to disagree with both of you. I have been using a Microsoft OS for years. I used to get the AV softwares, but I haven't had one for the past few years (4-5) and I have never gotten a virus or spyware. It has nothing to do with the software, but educating the user. If you can educate the user on proper and safe web browsing. Then all malware and viruses will be obsolete.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Rich Kulawiec, Dec 27th, 2007 @ 9:30am

    Re: AV software is unimportant to security

    You've got to be kiddding, Matt. There's plenty of malware that relies on propagation vectors other than HTTP to gain entry to systems. A pointed example would be the Slammer (aka Sapphire) MSSQL-exploiting worm. Internet != web.

    Moreover, "educating the user", as Ranum points out in the article that I've now repeatedly referenced, is clearly a total failure and should be abandoned as a strategy. As he says, "if it was going to work, it would have worked by now". It doesn't. It won't.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Joe Krahn, Dec 27th, 2007 @ 9:35am

    Re: Re: AV software is unimportant to security by

    Matt, that is wrong. For example, a bad e-mail client can be so susceptible to viruses that the only way to ensure safety is to never open any email that has not been scanned. Lately, this has gotten easier because service providers scan email even if the user does not, and Microsoft is finally starting to add security to it's products (even though adding security as an after-thought causes the sort of hassles seen in Vista).

    As for non-Microsoft platforms, they do have vulnerabilities to hacking, but not viruses. Viruses are a Microsoft feature. Linux does not need AV software, but does need the firewall and other built-in security features.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Walter Dnes, Dec 27th, 2007 @ 3:01pm

    Re: Re: Re: AV software is unimportant to security

    > If you can educate the user on proper and safe web browsing.

    That doesn't work anymore. Used to be if you stayed away from porn and warez sites, you were safe. The bad guys have responded with...

    - compromising trusted domains, like the official websites of the Superbowl teams almost a year ago

    - compromising the adservers that serve ads to a lot of mainstream trusted domains

    - cache-poisoning (Microsoft Windows based) DNS servers, so that *EVEN IF YOU PROPERLY TYPE IN THE NAME OF A "SAFE" SITE*, you still end up being re-directed to an evil site.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    Technofear (profile), Feb 13th, 2008 @ 12:02am

    Popularity does indirectly correlate to susceptibi

    “Moreover, as all competent security people know, there is no correlation between popularity and susceptibility.”

    We also know that as the popularity of an OS increases so does the amount of malware that targets it.

    Much of the reason many OSs are considered ‘safe’ is that no one bothers to investigate / create attack methods for them.

    If these ‘secure’ OSs had the same market share (== probability of finding a target fro your malware) as Windows then they would have many more security vulnerabilities exposed.

    Why spend time creating malware that attacks

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    Technofear (profile), Feb 13th, 2008 @ 12:04am

    Popularity does indirectly correlate to susceptibi

    “Moreover, as all competent security people know, there is no correlation between popularity and susceptibility.”

    We also know that as the popularity of an OS increases so does the amount of malware that targets it.

    Much of the reason many OSs are considered ‘safe’ is that no one bothers to investigate / create attack methods for them.

    If these ‘secure’ OSs had the same market share (== probability of finding a target fro your malware) as Windows then they would have many more security vulnerabilities exposed.

    Why spend time creating malware that attacks

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This