back to article The slow death of AV technology

AV technology is gradually dying and being replaced by far more effective IT security technology based on whitelisting. You could view this as an inevitable development, given the horrible inadequacies of AV technology, or you might want to pin the credit on the AVID (Anti-Virus Is Dead) campaign which has repeatedly drawn …

COMMENTS

This topic is closed for new posts.

DRM a rebour

So it seems ironic this implementation of DRM will give control of what can be run in the hands of computer owners. Not that computer users will be happy about that: "prevent people from running the wrong versions of software, to prevent them loading their own favourite software without permission, to prevent people from running software for which your company has not bought a license, or to prevent them running it on a machine for which it is not licensed". No more running your fav app from your USB dongle.

BTW since SignaCert is trying to work on software certification for platforms other than MS ones will they use existing tools like SElinux & co. or are they developing their own tools?

0
0
Anonymous Coward

software authentication is the death of free software and independents

You seem to miss a point : replacing AV by certificates/software authentication means the death of hobbyists/small independent software programmers, and it adds unwelcome restrictions to free/libre software.

ID software famously make it to a basement operation to a big time software player by releasing its first games as shareware. It could never have afforded to go trough a certification/signing path, and would therefore not have suceeded in the kind of world view you describe.

Same for free/opensource software. For example Openoffice, or smaller projects such as freemind, could either not be able to afford certification, or decide not to do it for ideological reason.

However, should this certification/authorisation thing become standard, it'll eventually be included in proprietary operating systems who will refuse any nonsigned/authorized software => no more OoO or freemind...

Exactly the kind of problems raised in time by palladium (then renamed TCPA).

0
0

Just one question

What happens if/when this becomes something like the myriad of security questions windoze users (esp those poor fools with vista), where clicking "ok" or "allow" or whatever other "do the most damage" default becomes what they normally click? Don't bother to read the dialog that has just appeared on screen, just click the OK.

Of course, having some remote server wanting to tell me what I can run and when is something that is going to go down very well.. Not.

Want secure? Don't run windoze for a start.

0
0
Gez

...An alternative could be....

You've left off Sana Security. Definately one of the HIPSters...in fact the first to be compatible with Vista 64.

0
0

For home use?

Sounds like a splendid idea for businesses with moderately competent SysAdmins. But what about small businesses and home users, where Administrator access does not mean Administrator knowledge? Do these whitelisting systems protect my grandmother from clicking "Accept" when a hacked website offers to install a trojan?

0
0

But what about malformed documents?

If you authenticated application run scripts or loads malformed documents (that exploit shortcomings of that application), then it is still unsafe.

Somehow you would have to white-list or scan your documents, until your applications prove bug and exploit free.

For example:

With GIF files, basically a GIF file specifies background colour and overall size, followed by a list of images. Say the background size was 100 by 100 pixels and one of the images starts at pixel 99,99, but is 10 by 10 pixels in size (with 9 by 9 pixels outside the background). In a poorly written certified application, an area of memory would be allocated for 100 by 100 pixels, the overhanging 10 by 10 image would write over unallocated memory, so providing an crack for exploits.

I suppose one way to look at it is. A document opened in an application, is like an application opened in the operating system. That is, it is all layers - the application just translates the document for the operating system - the operating system translates for the hardware.

0
0

Sooner quit IT than run a closed platform...

It seems to be a sad trend everywhere you look. People always seem to want to sacrifice freedom for security. If Windows wouldn't have been so flagrantly insecure in the first place (ActiveX? what the hell is that? "Lets make a tech that allows people to run executable code straight from a web page!"), then users wouldn't have been so inundated.

Rather than fix the security problems (pull the browser from the OS, remove Active X, no svchost.exe, etc), "security" has become a term meaning "protect users from themselves". It is agravatingly evident with Vista UAC.

Part of the problem is that closed systems are inevitably the way of big business. To be honest the PC and the Internet have been freaking out corps since their inception. They look enviously towards the cell phone companies, who can control nearly every aspect of their closed systems.

But everyone seems to forget that the free wheeling nature of the Internet is exactly what made it win out over closed systems like AOL and Compuserve. It is just another case of ignoring a long term buck for a short term penny.

Windows Vista 64 is the start with its "secure content path" for HD-DVD. The fact that is is so easily cracked anyway will prompt the MPAA to loby congress to force MS to fully embrace Palladium in their next OS. No one will be able to red the contents of memory or crack the Super-HD-DVD (or whatever comes next).

At that point inovation will truely be dead, and no one will be able to publish software without a billion dollars in start up and licensing cost. I fear at that point Linux will be the only choice for independant developers. But at that point the market will probably be so locked down that only hobyists will be bothered to run it.

Sad days ahead :-(

0
0

Ben Franklin

Those who sacrifice freedom for temporary security deserve neither.

Whether it applies to terrorism or software.

0
0

While the objectives are laudable, whitelisting is nothing more than a facist backlash

Please do not be fooled readers, the objective is mighty; to halt all malware, but the method of whitelisting will destroy the free software and shareware industries and place the control of software publishing firmly in the domain of Microsoft and its few giant corporate peers.

We could halt all spam and all phishing on the web by whitelisting every web site and mail server on the internet. We could also halt all crime in the world by authenticating every single human being and restricting their movements and actions.

The cost of such brutal enforcement is to stamp out creativity, and entrepreneurialism, which in this case as in all others significantly outweighs the social costs of the vanishingly rare malware infection; or the ten or so spam mails in your junk folder each day.

Thousands of companies that exist now and make huge contributions to quality software would have been stifled by the cost of authentication and whitelisting. And as we have seen with other types of authentication (SSL for example) the certification providers can push the goal-posts even higher by raising costs or forcing developers through unreasonable or impossible hurdles to gain certification. Not to mention the legal costs a small developer would face if their certificate is revoked due to fallacious complaint.

Would you want to wake up one day in a world where the only creativity and innovation in this vital industry was powered by the very giants that find themselves incapable of it?

0
0
Anonymous Coward

Re: While the objectives are laudable, whitelisting is nothing more than a facist backlash

Malware is just the excuse. The reason is the currently increasing appetite for absolute control over every aspect of every person on earth. This proposal is but one of a snowstorm, launched on the "win a few, lose a few" principle.

0
0

Time for a Twelve Steps program to break anti-virus addiction

And step one would be to stop using Admin accounts for daily work.

I was doing this for large clients since 2003, and they've stayed virus free since. Bloor is at least four years behind the curve on this one.

"replacing AV by certificates/software authentication means the death of hobbyists/small independent software programmers, and it adds unwelcome restrictions to free/libre software."

If a bunch of Free/Open Source hobbyists can't establish a certificate authority of their own by this time, they have far worse problems to fix. I mean, *I* can establish a cert authority on a desktop PC with, well, free / open source software. You're all supposed to be so clever at solving design problems, well... solve THIS.

0
0

Is this an article ?

because it reads like an advertisment for the authors product/organisation.

0
0
This topic is closed for new posts.

Forums