Thursday, July 29, 2004

Fight Virus With Virus - microsoft folks display once again that they just don't get it

ok, technically it's slate, not microsoft... but microsoft *owns* slate, so...

Fight Virus With Virus - That's the only way to stop MyDoom. By Paul Boutin

this is such a dead horse these days that i don't know if i should even bother with a rebuttal except to point the reader to Are "Good" Computer Viruses Still A Bad Idea? and then answer - of course they are!...

people who think anti-virus viruses are a good idea either don't have the background to know what they're talking about or haven't thought things through...

Wednesday, July 21, 2004

this public roasting is long overdue

check out
Billgates

and
Fewster.1781

notice anything amiss? no? well you should...

both of these are examples of anti-virus companies FAILING to comply with a long standing naming standard that (among other things) states that viruses must not be named after real people unless you know for sure the virus was written by them.... rod fewster is an anti-virus professional and did not write the virus named after him - i dare say bill gates didn't write any virus named billgates either...

both of these examples are quite old, but they don't outdate the naming convention of which i speak... further, it doesn't take a rocket scientist to figure out what's wrong with letting viruses be named after real people...

not only are these companies showing a distinct lack of concern for the reputations of these people, they're also showing a distinct lack of concern for the public at large... naming standards are made for good reasons, not the least of which being reducing confusion and making it easier for people with virus problems to find information on the virus they have...

and it's not like virus names don't get changed - they do, quite regularly, it's the only way to coordinate a common name used across multiple products... but those 2 examples have been sitting around for nearly a decade now... where's the effort to make your life easier? where's the concern for the customer? certainly doesn't look like it's anywhere near these 2 companies right now...

(thanks to art kopp for digging up these examples...)

Monday, July 19, 2004

IDG News Service gets it wrong

it's a short article, give it a read..

InfoWorld: First Windows CE virus emerges: July 19, 2004: By : APPLICATION_DEVELOPMENT : SECURITY

notice right at the beginning how it says the new WinCE virus was designed to demonstrate security holes in the WinCE operating system? this is a subtle point, one that far too many people fail to grasp, but the ability of viruses to infect a platform has nothing to with security holes in that platform... virus infectability is a 'feature' of all general purpose computing platforms... *all of them*... you can't create a general purpose computing platform that isn't susceptible to viruses...

therefore you cannot (as the article's author does) infer security holes in an OS simply because the system is vulnerable to viral infection... it's a shame mass media doesn't have a better grasp on what they're talking about when they're talking about viruses... this one article is being picked up by a number of tech related news sites, spreading this rubbish far and wide...

Sunday, July 18, 2004

all anti-virus products fail

if you haven't figured this out yet (and apparently most folks haven't) there is no such thing as a perfect anti-virus product... they all fail to stop a virus at one time or another either because the virus is too new, or it spread in ways that the anti-virus couldn't do anything about (network share enumeration, exploits, etc), or a host of other reasons...

for years now i've seen people 'discover' the lack of perfection in their anti-virus and the overwhelming response to this is to jump ship and try a different product... the assumption is that because their anti-virus didn't protect them there must be something wrong with it and they should try and find a better one...

the reality is that no matter what product you use, or even how many you use, your anti-virus product will fail at some point... the fact that it failed to prevent an incident (or 2 or 4 or however many it failed to prevent) does not necessarily mean there's anything wrong with the product - it could be that there's something wrong with the user...

the security of a system is only as strong as it's weakest link and most of the time that link is the computer operator - either s/he takes unnecessary risks, or s/he doesn't keep the anti-virus up to date, or s/he doesn't take any other safe-hex measures, etc . . . there's only so much these products can do to protect someone from themselves...

i'll be blunt - the knee-jerk reaction to blame the anti-virus for failing to prevent a virus incident needs to change... users need to start asking themselves if there was something they could have done to prevent the incident - some security precaution they could have taken, some policy they could have put in place... the anti-virus should not be the sole defence against malware, it should be one of many and it should be the one that acts when all other measures fail to prevent the incident...

and what other measures are those?
  1. the use of a firewall
  2. the closing of network shares and unnecessary ports
  3. keeping up to date with security patches and the migration away from the most often targeted applications (to minimize the impact of patch maintenance failure)
  4. minimizing the amount of outside active content (applications, word documents, excel spreadsheets, etc) that are introduced into the system
  5. turning off unnecessary active content support in your browser
  6. not accepting attachments from strangers
  7. not accepting attachments from legitimate contacts until after verifying that they intended to send it and what it is
  8. the use of strong passwords
  9. the scanning of all incoming material, preferably after a suitable 'cool down' period so that it's novelty doesn't play a part in avoiding detection of any malware that may be present


even after all that, you can still expect a virus/worm/malware incident once in a while... no security is perfect, that's just something we have learn to accept and plan for (i.e. make sure you have a plan for disaster recovery)...