Did Virus Scanners Just Become Obsolete?

from the were-they-that-necessary-before? dept

It’s become something of a joke when you look at just how many anti-something software products you need these days just to keep your computer safe (anti-virus, anti-spam, anti-spyware, firewall, anti-trojan, anti-phishing, anti-hijack, etc., etc., etc.), but the list usually begins with anti-virus software. ?According to one security researcher, though, anti-virus software may have just become a lot more insecure. ?Because the software needs to scan so many files so quickly, there are some programming shortcuts put into the products — and the researcher has basically figured out a way to use those shortcuts to trick plenty of anti-virus products into completely skipping over malicious files. ?The claim, also, is that the only way to fix this is to really rewrite how the scanning works. ?Looks like, once again, people are going to need security software to protect themselves from their security software.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Did Virus Scanners Just Become Obsolete?”

Subscribe: RSS Leave a comment
not today says:

Re: solve your virus problems!

Oh goodie, then you can come and train all 4500 of my users on a new OS, software, and do tech support for them too.

Don’t forget to rewrite all our financial software, convert all our databases and custom apps, set up remote networking across WAN’s, VPN, and dial up, and Deliver a new e-mail system that doesn’t change a thing about how users work.

Since it’s so easy I’ll expect it done ASAP.

How many more time do we have to see this uninteligent response from the “it just works” ditto-heads??

cc says:

Re: Re: solve your virus problems!

Agreed, the “get a Mac” comment is getting old.

I’m no Win advocate either, though. I have a Wintel and a Mac at home. Assuming that the Mac is a more secure OS than Win, Win is more vulnerable to virus attacks because of its ubiquity. If Mac was 90%+ of the market, you’d see more viruses than you do now. It might be harder, but it’s not impossible.

SuperJudge says:

Re: Re: Re: solve your virus problems!

“If Mac was 90%+ of the market, you’d see more viruses than you do now. It might be harder, but it’s not impossible.”

That’s a narrow minded fallacy. I can’t see the future, so I would definitely not try to say what would happen there.

It’s possible though. History tends to repeat itself.

Maybe there will be a balance in the force.

Jeff says:

Re: Re: Re: solve your virus problems!

“If Mac was 90%+ of the market, you’d see more viruses than you do now. It might be harder, but it’s not impossible.”

You mean we might see 1 virus? That would be a lot more, because as of right now there are 0 viruses for OS X, 0 viruses for Linux, 0 viruses for Solaris and how many for Windows? Detect a pattern here? Its called Unix-based OS’s.

Anonymous Coward says:

Re: Re: Re:2 solve your virus problems!

You sir, are full of shit.

A simple Google reveals that there are numerous Linux virii, numerous Mac virii, numerous Solaris virii.

They are not as prevalent as Windows virii, true, but that’s sort of a no-brainer — there are one hell of a lot more Windows machines than Max+Linux+Solaris put together.

But the point is valid: to some extent, Mac (et. al) is relying upon security through obscurity. If you reversed the situation, to where Mac was ~90% and Windows ~8%, you’d see Mac virii really take off. Even more so, in my opinion, because of the “it just works” attitude — Mac users are trained to not want to think about what’s happening behind the scenes, so as long as the machine doesn’t crash, it could be spewing out billions of little virus copies and the Mac user would be happily clicking his shiny smiling icons.

But the “there are 0 viruses” comment is either a lie or flat out wrong. There are plenty of virii for Mac (and all flavors of Unix), and they would almost certainly take off in popularity if the Mac platform ever “took over.”

seenitall says:

Re: Re: solve your virus problems!

Then come to my company, do all of the same for about 25,000 salaried employees worldwide. PLUS convert all the manufacturing systems and Human Machine Interfaces that run on Windows AND train our 40,000 hourly employees on the new OS?s and new interfaces at our 30 manufacturing facilities. Don?t forget, of course, that this all needs to be done seamlessly so our customers see no interruptions in their deliveries, and aren’t tempted to buy from our competitors.

Anonymous Coward says:

Re: Re: solve your virus problems!

While i totally agree that the ditto-heads are annoying, I think you’re exaggerated the extent of the logistical nightmare.

What kind of system are you running that your desktops are intimately tied in an OS lock-step with your servers? That’s hideously poor planning that went into that eggbasket, and for the sake of any shred of security you should decouple the clients from the servers.

.. and remove the hard drives from the clients too, but that’s next quarter.

Bill Ray (user link) says:

Re: Re: solve your virus problems!

Beautiful thing about Mac is that it will virtually train the users on its own.

Mac is more intuitive, and any end-user with half a brain can look into the common windows tasks and find a quick and friendly solution.

Sure the “get a mac” arguement is getting old but, as a die-hard Windows user since 3.1, I gave it up a year ago for Mac.

what I can say is this: Windows is for folks who like to work on cars, and Mac is for people who like to drive.

Fharfernugen here…..

Jesse McNelis (user link) says:

Re: solve your virus problems!

umm…a Mac will not save you. MacOS has vurnabilities just like any other operating system.

But seeing as a virus’s soul purpose is to copy itself and spread, it doesn’t actual need root prilivedges to do this.

The only solution to virii, worms, spyware etc. is basic common sense.It can be sumed up in 3 rules that have been know to many since before the Web was in common use.
1. Don’t run an executable that you don’t completely turst the source of.
2. Run every process with the minimum priviledges required to perform it’s job.
3. Don’t run any unnescessary services from your system.

Very basic rules that have keep me virii, worm and spyware free since 1985.

Rikko says:

What are they currently doing?

To me the on-access scan methodology is dreadful – it’s like a police state that uses up resources (and now we learn that they also cut corners) at every turn.

Why can’t we just scan every file being created? Isn’t that a fairly effective border guard? If a file has to be scanned immediately after being written to disk or into memory (some intelligence would be necessary to prevent scanning the loading of an old app vs something that your browser just pulled down), where is the potential for infection?
I don’t claim to be an expert, but I see it as a pretty severe chokepoint when any new file is suspect and any citizens are not – even unzipping a file with a virus would be writing that new file somewhere, and then the scanner would pounce.

Anonymous Coward says:

Re: What are they currently doing?

yeah scanning every file that’s created is a great idea. Except how long does it take before a virus is “caught” and included in the virus definitions? Probably not before thousand and thousands of people are infected.

What would be so hard about windows having the antivirus capabilities built right in as a system process optimized to not bog down systems? It runs constantly and is always scanning; especially when CPU process is low (middle of night). This sounds like the best option that doesn’t exist.

Microsoft already has 243982734987 patches released each week that users are required to update if they wanna avoid vulnerabilities. What’s so hard about adding virus definitions to the mix?

Anonymous Coward (user link) says:

Re: Re: What are they currently doing?

The option you suggest is the best indeed. However, you, sir, sound like an auto-MS-bashing Slashbot. You know what’s hard about this option? Microsoft simply doesn’t make antivirus software.
The biggest names in antivirus software are all third-party vendors. Go bug them if you would like virus definition updates to be integrated with the main Windows Update that downloads Microsoft’s updates du jour.

Timothy Purdy says:

Re: Re: What are they currently doing?

I almost totally agree with your idea. I like the thought of having something tied into the OS that scans continuously, however, like some have already said, Microsoft just doesn’t do Anti-virus. [ But of course Google could do just that, conquer every realm of the computing world…]. A 3rd party does need to create a new kind of scanning. One thought from me, is not looking for the signatures of known threats, but instead, WHAT a virus does. Stop scanning for each individual object, which in turn has caused programs to take shortcuts. Instead, try to find the specific actions taken by viruses and worms alike and take those out. of course you could double check and find its name and specific type and thus find all of the files associated with it, but I believe its the type of scanning that needs to be changed. And, I do of course know that programs may already be taking this action and I could be just sounding stupid, although, I don’t try to declare myself as an expert on this matter. However, what i see in the scanning is that it tries to find the files associated with the threats on the list, which of course has to be updated all the time. What if you don’t need to go and find its true identity? Firewalls and apps alike tell you when something ‘hinky’ is going on, like an attack on your computer. Why not put that aspect into the scanning of viruses and find the apps and files which is used and associated with malicious and ‘bad’ acts?
I’m just throwing stuff out there, but, i believe something needs to be done. Something new needs to be made and these threats to be either lessened, or more favorably, non-existent.Please, e-mail me if I am totally wrong or what i just said is allready true. I would like to know if this action has allready been taken, or its just something totally stupid.

Anonymous Coward says:

Re: Re: Re: What are they currently doing?

A lot of software has most of these features, but people turn them off, or never know to turn them off. How come? Because it makes everything run slow. Scanning files when they are opened uses a lot of processor cycles, and heuristic scanning (searching for behaviors, not definitions) takes noticeably longer than regular scanning, so at some point people find the virus scan to be too much of a nuisance and turn it off, even though a virus will be more of a nuisance. I have my software scan accessed files, all mail files, I manually scan all downloaded files, and it does a full scan every week (it takes several hours in which my computer is useless), all of these using heuristic scanning. I feel like it is somewhat worth it, I haven’t had a virus in years, but in the last year or so, it has only detected 3 virii, all on the e-mail system, and all in attachments of obviously spam e-mails (most virii are already removed by my mail server before they hit me). A good antivirus is only part of the story, you have to set it up right, be smart on the internet (no IE!) and scan any files you can’t vouch for. It is also important to secure whatever network you are on. I am at a college where all the students laptps were bought through the school, and the IT department makes sure the security settings are uniformly high. This does wonders for preventing viruses on campus, and the occasional AIM virus is usually squashed in less then a day. In my case I use Symantec, which was set up very well by the IT department at my college, but I am sure that if you buy the full version of any commercial product it will work similarly (I like macAfee’s online virus database better, and I haven’t looked at the others). Again, the real trick is being smart about the internet and securing your entire network.

Thomas Crummett (user link) says:

Virii arent easy to get

I am online 24/7. I host and maintain several sites and servers. I run Windows XP SP1. I have 0 virii infections in over 5 years. I have had 3 virii get to my computer, 2 of which I was expecting.
The 1, was a fairly complex virii, but Bullguard killed it before it did anything.
The 2, one of which a friend sent me because he was trying to fix it (don’t ask, hes weird), Bullguard killed it before it was done downloading. The other, I had my friend remotely hack into my computer to show how secure it was. Took him a long time, and he only manage to give me the file, nothing happened. Then I enabled bullguard and it died 🙂

I said Bullguard a lot. Mainly because it is all that. There are 2 main types of software, those made to protect, and those made to profit.
Norton, McAffee, and many others, are made to profit. The make the anti-virus software ASAP, and release it to sell it. Sure it gets some virii, but what it doesn’t get is what really matters.
Others, like Bullguard, are made to protect. These types of software usually have very few updates because they werent released half-assed to make a profit. They were made to be final.
I’m not saying Bullguard doesn’t have updates. Infact, sometimes they have hourly virus definition updates, keeping you on the razor’s edge of new definitions.

All in all, Bullguard isn’t the only protection. Using Internet Explorer puts you at great risk for getting adware or other malicious software. Firefox seems to block most of anything you could ever get. ActiveX is the plugin of the devil.

PB says:

Re: The simple 'anti-' answer ...

Ndean, SecureWave sounds like a great solution. I have never had a virus infect my PC and I have no Spyware, Adware or Trojans either, I myself use Deep Freeze on my PC at home, which is somewhat similar to SecureWave. I just “freeze” my C drive, which has my programs and OS on it. My frozen drive cannot be written to, it’s like RAM…everything I do on the C drive evaporates when I reboot. My data I keep on an external USB drive. Anytime I need to write something, I just plug the external drive in, otherwise I keep it disconnected.

Although I really don’t need to, I still run a NAT, SW Firewall, AV and the other “anti’s” but it really doesn’t matter if I get a virus because I started out with a clean install of XP and immediately froze the drive, so as soon as I reboot the PC loses any viruses or rootkits that install.

Whenever I need to update my PC (or write to my USB drive), I reboot to be sure it’s clean and update it, then refreeze. It might sound like a hassle to some, but I’m so used to it now, I hardly notice the minor inconvenience, plus it’s kind of empowering to know I can surf *anywhere* I want and know my PC can’t be infected, (and I do surf everywhere and you should see the stuff that gets in even with all my ?protection?).

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...