Time To Change The Way We Fight Viruses And Worms

from the proactive,-not-reactive dept

We’ve complained before about anti-virus companies overhyping the threat of every other virus or worm that shows up. However, a bigger concern may be the fact that their incentives really aren’t to stop viruses. I’ve read a bunch of articles over the last week saying how good SoBig and MSBlaster have been for the anti-virus industry. Everyone is rushing out to get their products. Yet, the viruses still hit, and they still do damage. As the SoBig virus showed by flooding email boxes far and wide – it didn’t even matter if you had anti-virus protection. You were still likely to get flooded by email. Thus, (finally!) some people are pointing out that the current way we fight viruses and worms is no good. It’s a reactive method of cleaning up a virus and stopping its spread after it’s already done damage. The article here suggests that it’s time we started moving towards “behavior blocking technology” which would stop actions based on behavior, and not recognizing a specific virus or plugging a specific hole. It’s an interesting idea and people have talked about it for a while – but it also has unintended consequences. It’s difficult to recognize all behavior that should be blocked – and virus writers will simply figure out ways to piggyback their efforts on technology that has a “legitimate” behavior. I agree that we need better ways to fight off viruses and worms – but I’m not sure there’s a simple solution.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Time To Change The Way We Fight Viruses And Worms”

Subscribe: RSS Leave a comment
LittleW0lf says:

Mountains out of Molehills...

I agree with you there, Mike. Behaviorial anti-virus is a great theory, but the practice usually sucks. My research lately has been on the younger brother of the virus-scanners: personal firewalls, and their ilk. And they have pretty much gone where this author wants to see virus scanners go.

The problem has been, and always will be, the lack of information on behavorial characteristics of an attacker. By attempting to define what an attacker is and how it opperates, they place themselves into a very narrow frame of reference, and are completely baffled when an attacker does something completely unexpected (as usually happens.) Then, to make up for this, they cut down on the number of behavorial aspects which trigger an alert, which means that the user is left with far more false positives. The user freaks, and then when they calm down, they start turning off checks that appear to be extraneous, which introduces holes into the system.

The problem usually isn’t the crappy software, it is the lack of maintenance, and that isn’t going to change just by putting a better scanner in place. We have to, as a civilization, accept that technology isn’t the only solution, and look for other solutions to fill in the gaps. People, for the most part, are lazy (myself included,) and we are much happier not being bothered with worrying about whether our system is patched. People need to be educated as to what the dangers truely are, how to fix them, and then options to make the fixes easier to do and manage. But they aren’t alone in the blame, nor are they alone in the fix. Most ISPs are so unbelievably insecure, and they are blatent about it. They will need to change too.

To fight with behavioral scanning is making mountains out of molehills, and ultimately will destroy any positive outcome they are attempting to achieve.

aumouse says:

lack of clue

i think that virii & trojans are just darwins way of telling you to stop using an os that was insecurely designed from the get go. if management is willing to continue to spend time & money on anti-virus products, why not get a clue, go that bit extra & replace all your windoze with linux or osx. if you just keep drinking the ms koolaid, then you deserve the pain it brings…

Linux & BetaMax ... says:

Re: lack of clue

Betamax was better than VHS too … but marketing will ALWAYS determine which product wins … Bill is a better marketer.
I love when I get tech calls from Linux users and Mac users that are frustrated because they bought or use a product ( they don’t understand & are angry that you won’t support ) that 90% of computer users couldn’t care less about …
Note: I’m NOT disagreeing with you that Windows blows … but so does many other monopolies our pansy government is to chicken to break up …

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...