The virus arms race? is locking down systems the key?



The securityfix has a post on the “dirty little secret” about antivirus. Eugene Kaspersky of Kaspersky antivirus has posted an introspective article on the antivirus industry and it’s current problems. The biggest problem with antivirus is that it’s always one step behind the virus writers. Antivirus software only can prevent you being infected by those viruses that the antivirus software knows about. In other words a quick, fast spreading infection can hit you anywhere between hours-days before your AV vendor has an update.


(Speed of updates should be one point to look at in choosing antivirus software.) But the point is valid, antivirus is on the wrong side of the arms race. It’s like the old sports question about whether offence or defence wins the game. Usually if you have a team that does NOTHING (no offensive capabilities, pure defence) but defend, they lose because no defence is perfect. Current antivirus is a reactionary solution to the problem of malware.

At this same time, I found this post at the sunbeltblog referring to an eweek article on locking down systems to prevent/limit the impact of malware. What eweek found is that forcing people into unpriviliged user accounts DID impact overall system security (hello – this is what linux/unix advocates have claimed for YEARS.)

I’ve known people that used limited permission profiles to deal with spyware. When one profile became infected they migrated to another login leaving behind their malware. I know one individual that’s looking at using virtual pc to sandbox his OS in so that he can jettison an infested instance if necessary more easily.

Unfortunately, under windows the “Power User” right’s group in the eweek article suffered a good deal of malware infections. All told, there are pros and cons to the “severe” lockdown of user accounts. Some software, unfortunately, still requires local administrator access due to the legacy of Windows more open permissions of the past. It’s an interesting analysis of the benefits and costs of this approach. Personally, I like the linux/unix permissions model with average users being unable to install system software without the administrator password, etc. My only concern with that is being too non-chalant about installing software. (It does shift the responsibility somewhat for WHO allowed the software to be installed (security bug/user input)).

It does all come to educating users though. I mean, say you’re locked down, software starts to install and asks for an administrator password. Do you just give the password without a thought and grumble over the extra hurdle to see a web page? Or do you think ” woah… what’s trying to install? why do I need that?” This is one area where the “dumbing down” of the “new computer user information guide”‘s is really letting the public down.

Realistically you have a better chance of getting malware infested on your pc by browsing the seemier side of the net, other smaller/little known sites, etc. So, locking down browser defaults could go a long way. (Locking down the habits of the browser him or herself?) There was an old joke that goes something like this — what is the most dangerous part of a car? The nut behind the wheel… a good deal of that truth could be applied to computers.

Don’t open attachments, even if the message claims to be from someone you know, unless it was an attachment that you were expecting. I used to say, unless it was about something that you have discussed with that person, but realistically the varied subjects and techniques of virus writers make that too risky. I once saw a virus that looked like a reply to a 6 month old conversation. Don’t assume that if you’ve received it, it’s clean. In other words don’t be overconfident in your antivirus. Ultimately, be cautious…. it’s “computer smarts” that blunts the spread of malware.

   Send article as PDF   

Similar Posts