Will Patent Battles Make Your Computer Less Secure?
from the hurray-for-patents dept
Just as a new study is coming out suggesting that anti-virus software is getting worse at actually protecting your computer comes some other news that there’s a brewing patent battle in the anti-virus world, with one firm, Trend Micro, going after a bunch of other companies for daring to use similar techniques in trying to protect computer equipment. If ever there were a perfect example of patents being used to hold back progress, this would be it. Computer security is incredibly important — but it’s a rapidly changing field, as both the “good guys” and the “bad guys” need to be constantly adjusting. Preventing firms from being able to use one method (and to improve on it, change it, build on it, etc.) simply gives the malware writers a huge leg up. They have no such qualms about building off of others’ work, and this will simply lead to malware getting further and further ahead of security software, as security companies are held up in their ability to continue to adapt.
Filed Under: computer security, patents, security
Companies: trend micro
Comments on “Will Patent Battles Make Your Computer Less Secure?”
ok so i’m going to write some cheesy malware and then patent how to safely remove it then sue anybody that removes it = PROFIT
Great Idea Drew
That is in fact the way they think it is done, Complete BS, But still … This article makes a good point, The Malware is going to improve while security is at a stand still – All I have to say about that is .. ” DUH”!!!
AV software is unimportant to security
AV software companies exist almost entirely because
of the pathetic weakness of Microsoft products. (For example,
to a very good first approximation, there is no such thing
as an email virus; they are only Outlook viruses,
and that is because despite its enormous financial and human
resources, Microsoft has completely, utterly failed to write even
a modestly-secure email client.)
I don’t use AV — I don’t have to, because I take the far
superior approach of not using operating systems and applications
that are vulnerable to malware written by children. So if the
parasites at the AV companies want to hobble each others’
efforts by engaging in a foolish patent war, so be it. This
will have no impact whatsoever on the security measures used
by qualified professionals.
Re: AV software is unimportant to security
Please…. Put any OS into a majority of desktop computer use it catogory and point the full force of the hacker community at it and it will be crack hacked and virus infected. You can however keep your rose colored glasses on for the time being.
Re: Re: AV software is unimportant to security
You forgot the ubuntu hackers, the linux hackers, the GNU hackers, and KDE hackers and more.
I think there are more hackers than crackers so we’ll be pretty to tough to beat if crackers want to start manufacturing computer viruses for the Linux OS.
AV software is unimportant
Of course, this has already happened and the results
have not turned out to be what you’ve predicted. Moreover,
as all competent security people know, there is no correlation
between popularity and susceptibility.
If there are “rose-colored glasses” being worn, then they’re perched on the noses of those who rely on AV technology — which is guaranteed to fail when it will
be needed most. For an excellent article which touches on this point, find Marcus Ranum’s “The Six Dumbest Ideas in Computer Security”, and read thoroughly.
AV software is unimportant to security
I’ve forgotten none of them, actually. I simply recognize that
(and this is one reason why I referenced Ranum’s excellent article)
defenses which rely on frequent signatures updates (or their equivalent) are inherently flawed. AV products aren’t the only
things that fall into this category, they’re just one of the more
prevalent.
Real security does not come from band-aids like AV.
Real security comes from OS and application software that
is written to be secure, which is subjected to peer review,
which is thoroughly audited for weaknesses, and which utilizes
concepts such as default-deny, least-privilege, etc.
Now, granted, sometimes it happens that even though
all those things are done, there’s still a problem. We are, after
all, still learning. But it should be obvious
to everyone who’s watched the last 20-30 years of computer security unfold that this approach actually has a fighting chance of working, whereas use of band-aids (like AV) is a path to certain failure.
Ranum’s article, by the way, is
here.
Re: AV software is unimportant to security
I would have to disagree with both of you. I have been using a Microsoft OS for years. I used to get the AV softwares, but I haven’t had one for the past few years (4-5) and I have never gotten a virus or spyware. It has nothing to do with the software, but educating the user. If you can educate the user on proper and safe web browsing. Then all malware and viruses will be obsolete.
Re: Re: AV software is unimportant to security
> If you can educate the user on proper and safe web browsing.
That doesn’t work anymore. Used to be if you stayed away from porn and warez sites, you were safe. The bad guys have responded with…
– compromising trusted domains, like the official websites of the Superbowl teams almost a year ago
– compromising the adservers that serve ads to a lot of mainstream trusted domains
– cache-poisoning (Microsoft Windows based) DNS servers, so that *EVEN IF YOU PROPERLY TYPE IN THE NAME OF A “SAFE” SITE*, you still end up being re-directed to an evil site.
AV software is unimportant to security
You’ve got to be kiddding, Matt. There’s plenty of malware that
relies on propagation vectors other than HTTP to gain entry to systems. A pointed example would be the Slammer (aka Sapphire) MSSQL-exploiting worm. Internet != web.
Moreover, “educating the user”, as Ranum points out in the article that I’ve now repeatedly referenced, is clearly a total failure and should be abandoned as a strategy. As he says, “if it was going to work, it would have worked by now”. It doesn’t. It won’t.
AV software is unimportant to security by
Matt, that is wrong. For example, a bad e-mail client can be so susceptible to viruses that the only way to ensure safety is to never open any email that has not been scanned. Lately, this has gotten easier because service providers scan email even if the user does not, and Microsoft is finally starting to add security to it’s products (even though adding security as an after-thought causes the sort of hassles seen in Vista).
As for non-Microsoft platforms, they do have vulnerabilities to hacking, but not viruses. Viruses are a Microsoft feature. Linux does not need AV software, but does need the firewall and other built-in security features.
Popularity does indirectly correlate to susceptibi
“Moreover, as all competent security people know, there is no correlation between popularity and susceptibility.”
We also know that as the popularity of an OS increases so does the amount of malware that targets it.
Much of the reason many OSs are considered ‘safe’ is that no one bothers to investigate / create attack methods for them.
If these ‘secure’ OSs had the same market share (== probability of finding a target fro your malware) as Windows then they would have many more security vulnerabilities exposed.
Why spend time creating malware that attacks
Popularity does indirectly correlate to susceptibi
“Moreover, as all competent security people know, there is no correlation between popularity and susceptibility.”
We also know that as the popularity of an OS increases so does the amount of malware that targets it.
Much of the reason many OSs are considered ‘safe’ is that no one bothers to investigate / create attack methods for them.
If these ‘secure’ OSs had the same market share (== probability of finding a target fro your malware) as Windows then they would have many more security vulnerabilities exposed.
Why spend time creating malware that attacks