Archives
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- January 2006
- December 2005
- November 2005
- September 2005
- August 2005
- July 2005
- June 2005
- May 2005
- April 2005
- March 2005
- January 2005
- December 2004
- October 2004
- September 2004
- January 2004
- December 2003
- October 2003
- June 2003
- January 2003
- December 2002
- June 2002
- January 2002
- January 2001
- May 2000
- April 2000
Categories
Meta
Monthly Archives: March 2008
Why Is It That Many AV Vendors Simply Don't Get It?
It’s not hard. So why?
An associate pinged me with a link to The Future of AntiVirus, an article which mentions the AntiVirus Is Dead paper that I wrote for Bit9, and then quotes various people on the topic of the inevitable demise of AV.
It’s fair to say that my AVID campaign has been successful, not just in inserting the cat amongst the pigeons, but in getting people to think more intelligently about IT security. So why is it that many AV vendors simply don’t get it. Symantec and Kaspersky do, by the way, and they are evolving their products accordingly, but if the above article is to be believed, BitDefender is pretty much bottom of the class on this. (To understand what follows you may need to read some of the AVID articles, by the way, because I’m assuming you have).
Here’s a comment from BitDefender, drawn from the article.
Antivirus firms think their death is greatly exaggerated, thank you very much, even those that aren’t overly reliant on signatures, like BitDefender, which says that signature-based techniques account for only 20 percent of the malware it catches.
“Signatures aren’t dead you need them,” says Bogdan Dumitru, chief technology officer of the Romanian firm, which uses behavioral targeting techniques to stop the remainder of attacks.
I’m sorry Bogdan, but you’re blowing yourself to bits with your own words. If signatures only stop 20 percent of viruses, why use them at all? Are you suggesting that the 20 percent that signatures stop (and by the way that’s a horribly low figure) will not be stopped by behavioral techniques. If that’s so, your behavioral techniques are horribly flawed. And if it isn’t so, there’s no point in using signatures as a blocking technique. QED.
Fess up, Bogdan, you’ve got it completely upside-down and back-to-front. Behavioural techniques are a natural component of a whitelisting solution, the purpose of which is to recognize potential malware from its behavior, while it runs in a sandbox. A sandbox is and always has been a component of a whitelisting solution to deal with the software that is not “known to be good”. You’re doing it all backwards by adding behavioral techniques to AV signatures – which is a fundamentally wrong idea and doesn’t work, as we all now know.
In order to manage a sandbox properly, you’ll have to manage all the “permissions to execute” of all the software within the OS. But in order to do that, in a bullet-proof way, you’ll need to be able to recognise everything in the OS and know what it does. In other words, you’ll have to be managing a whitelist.
A further statement about BitDefender in the article fills me with fear (for BitDefender’s customers).
Its main research focus is to develop an “undo” feature that will let users hit by malware reverse its effects. BitDefender hopes to release this feature in 2008.
I’ll bet the hackers are rubbing their hands. This is not just a crock of an idea. It needs to be stopped. Please, nobody buy this. It’s worse than dangerous. Here’s why:
When you have been infected by malware, you cannot know or prove exactly what happened and what has been impacted (unless you are running whitelisting, in which case you’ll know if anything has been messed with when it runs). If I were a hacker I’d deliberately use BitDefender’s idiot cleansing product – assuming you were fool enough to use it – to get in under your radar. I’d write a virus and add a module that hid the piece of logic that I want to use somewhere (perhaps as a root kit in an invisible account) then having executed that code and inserted the code, I’d delete all traces of it from the virus. The cleansing product comes along, thinks it recognizes the virus and thus thinks its cleaned it up when it removes it. Now I’ve got you and you think you’re clean.
BitDefender has the idea that in some way it can know what a virus did. It can’t. The reverse engineering of software is hard enough anyway, but the reverse engineering of software that knows it’s going to get reverse engineered is fraught with peril and ultimately doomed to failure.
Apply whitelisting and the problem is solved, by the way.
Another quote worth commenting on in the article is from David Harley, administrator of Avien, the antivirus information exchange network (I wonder if he might have an axe to grind). He says:
“Whitelisting does seem to be advocated currently as the panacea du jour. I think this relentless search for The Answer, discarding one partially successful solution set for something else in the hope that it will eliminate the problem, is actually unprofessional.
I like the spin here. “Partially successful solution”? A chocolate teapot is a partially successful solution.
An Uneasy Relationship Between The Trees and the Rain
[SinglePic not found]
An Uneasy Relationship Between The Trees and the Rain (From the series: The Weirding of Austin)
Coming from the UK, I had little knowledge of what a flash flood was. It doesn’t take long to learn. In the Texas spring, local thunderstorms are common, bringing rain by the bucket-full in quantities previously unimaginable to a Brit. You can be ten miles away from a storm that puts 9 inches of rain on the ground and you might not even get wet.
Oh but it pays to know that there was a storm locally, because all of that rain doesn’t happily soak into the fields. It goes rushing down the ravines and waterways in a merciless fashion carrying cars into the midst of rivers which were just streams a few minutes ago. And so you can see an image like the one above, where the trees appear to defy reason, having somehow managed to take root in the middle of a river.
That’s no river. It’s barely a stream.
The Clouds As A Veil
[SinglePic not found]
The Clouds As A Veil (from the series: The Secret Life of Clouds)
This particular image was captured from an airplane over Los Angeles, a city that looks an awful lot nicer from the air than it does from the ground. The clouds had littered the sky for the whole journey out of Austin, except when we crossed Arizona and the clouds disappeared beneath the scorching sun. But they reappeared over the Sierras and then they drew back like a veil as we came to the coast.
You can see them here, about to reveal the nakedness of Santa Catalina Island in the distance, as our airplane heads west over Manhattan Beach before turning around to greet the runways of Los Angeles International Airport.
Posted in Images
Tagged Austin, cloud computing, Los Angeles International Airport;, Los Angeles;, Manhattan Beach;, Photo
Leave a comment
Nanotubes: Is it like Rocket Science? Er.. maybe.
Nanotechnology, they say, will be a $1 trillion market and they (whoever “they” are ) are probably right. For the best part of a decade we’ve watched the genesis of an infant market, which is pretty much “all nanohat and no nanocattle” as regards world changing innovation. Still there are a number of start-ups, and even one or two established products and companies. So what are they doing?
The Thin Film Industry
If you count thin film technology as nanotechnology and you should, because it is, then nanotechnology is already big business. The early applications of nanotechnology were a matter of ‘improving” substances and surfaces. So there are body parts for vehicles and airplanes that are stronger and lighter because of nanotechnology. There are self-cleaning windows that use nano-engineering to keep dirt from sticking to glass and even materials from which clothes can be made that will repel stains. And, of course, thin film technology is a big part of the chip business.
So in this stream of things, nanotechnology is really an extension of materials science – or boring old materials science – as it is known by its detractors like me, who are far more enthused about nanotubes than thin films, because nanotubes stand a chance of being really cool as well as revolutionary.
Nanoladders
Nanotubes are one of those things, like calculus, that were discovered simultaneously by two people in different parts of the globe; Iijima (of NEC in Japan) and Don Bethune (of IBM, Alamaden). Nanotubes are “hexagonal lattices of carbon, wrapped in a tight cylinder”. They conduct electricity, so it is entirely possible that we will be able to use them to construct computers at some point.
However they also have other properties. They are very very very strong and although just a few nanometres wide, they can be up to a millimetre long. That doesn’t sound very long, but when compared to the width of a nanotube, it really is very long. For that reason it’s possible to treat nanotubes like long stands of wool or cotton and make extremely long lengths of nano-string.
Could that be useful?
Brad Edwards of High Lift Systems, which counts NASA as one of its investors, believes so. He is hoping to build an elevator into space made from a paper thin nano-ribbon about 1 meter wide and 100,000 kilometers long – and, by the way, this is not a wacky idea. The elevator could be ready within 10 years.
High Lift Systems intends to send a spaceship up into space containing rolls and rolls of nano-ribbon, which will not actually weigh much even if, in total, it’s 100,000 kilometers long, because its very very very thin – worse than anorexic. When it reaches a geostationary orbit (where gravitational force is exactly equal to centripetal force) it will start to unwind the ribbon in both directions, going away from earth the centripetal force will keep it taught, and going down to earth, gravity will have the same effect. The huge ribbon will stretch from each to space and appear to stand up in its own.
All you then need is an elevator carriage that can then be attached and will be able to move up and down the ribbon. High Lift Systems believes it can move the carriage at about 200 kilometers and hour – the speed of a very fast train. It estimates the construction cost at $10 billion, but says that such an elevator would reduce the cost of spaceflight by a factor of 400
For more information on this visit AmericanAntigravity.com.