| About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store |
 |
||||
|
||||
 |
||||
 |
|
|||
 |
||||
|
|
|
||
|
|||||||||||||||||||||||||||||||||||||||||
 COLUMN
Do you think that updating your anti-virus software is good enough? Think again. WE HATE TO SAY we told you so, especially when we said it more than two years ago. Yes, dear readers, in this very space you were made privy to what Dartmouth's Institute for Security Technology Studies (ISTS) termed "Virus scanner inadequacies with NTFS [Windows NT File System]" in a Sept. 1, 2000, Flash Alert from the SANS Institute (www.sans.org). Talk about prescience.
So why all the whoop and holler after all this time? Well, it seems that someone finally picked up on our tip that anti-virus software doesn't scan NTFS streams, leaving a whole mess of real estate in which to park viruses, Trojan horses, and other miscreants. If we may quote ourselves: "Anti-virus software vendors should heed unique NT capabilities such as streams when designing security software." But enough about us. (And to be fair, discussion of the implications of streams predated our own.) The real question here is this: Are anti-virus vendors really prepared for life on Internet time? Can they effectively deal with the vast diversity of platforms that are likely to be targeted by infection in a truly connected world? Two words: "PDA virus" Do you feel that cold sweat yet? Many of you no doubt heard the recent uproar over the Liberty crack Trojan horse, which deleted data from Palms. (The Trojan actually posed as a "crack," or software license circumvention mechanism, for the popular Liberty 1.1 Game Boy emulator program.) Although no one outside of the lab seems to have actually lost data because of Liberty crack, it was widely hailed as the tip of the iceberg for handheld devices. Currently, only one of the major anti-virus vendors makes a product that scans handhelds. This summer also saw wireless communications brush closely with the virus phenomenon. The Timofonica worm made its rounds on personal computers (not cell phones) using an Outlook address book attack similar to the "I Love You" virus, spreading a rather harsh depiction of Spanish telco provider Telefonica Moviles. Another recently publicized discovery by the WAP (Wireless Application Protocol) company Web2Wap, in Norway, noted that certain Nokia cell phones programmed to accept short text messages via SMS (Short Message Service) could be vulnerable to a DoS (denial of service) attack. This assault effectively disables the dial buttons on the phone. (Reports have conflicted whether the phone reset itself after 30 to 60 seconds or had to have the battery manually removed to reset it.) Hype or help? Before anyone starts thinking smoke signals look mighty appealing by comparison, let's bring some sanity to this discussion. All of the items we've discussed so far, whether they affect the NT file system, or PDAs (personal digital assistants), or WAP smart phones, rely on that one vast unknown in the battle to keep the world secure: end-user behavior. Executing a streamed file applies only a small degree of stealth to the age-old tactic of tricking people into launching executables. The Liberty crack virus plays on a related theme: It's easier to trick people when they think they'll get something cool for free. As for Timofonica, well, we've seen plenty of Outlook address-book worms, and as soon as people figure out how to enable the automated mass-calling feature on a cell phone, they will deserve whatever they get. But we're not going to let the anti-virus vendors off the hook so easily. The signature-based model on which they've staked their business is designed to provide broad-spectrum antisepsis for these kinds of problems, but clearly, computing platform diversity is stretching the meaning of "broad." It's easy to sit back and make up fancy names for the 30 variants of the latest Windows virus that everybody hears about, but does that really further safe computing? We certainly would like to see more transparency in the viral signature formulation process. We just spent hours on the phone with a major anti-virus vendor's tech support line trying to track down a false positive. We were ultimately greeted with indifference when we tried to contact the vendor's virus research lab and learn exactly what was triggering the glitch. Anti-virus has remained a strangely aloof and mundane cog in the wheel of IT security maintenance. Let's hope our message in this column takes fewer than two years to sink in. Send your predictions to security_watch@infoworld.com. Stuart McClure is president and CTO and Joel Scambray is managing principal at security consultancy Foundstone ( www.foundstone.com ).  RELATED SUBJECTS  SecurityMORE > SPONSORED WHITE PAPERS 
SPONSORED LINKS
|
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||
|
||||||||||
