On 10 Oct 2006 at 4:34, Lou wrote: > I found this interesting but I am curious to what the more > experienced people on this list think about this subject. > > http://news.zdnet.com/2100-1009_22-6124040.html?tag=nl.e589
How can I avoid jumping at the bait? :o) First, the article is based on a wildly false premise: that Windows systems have been effective protected by these "third party" apps he refers to. One has only to look at the chaos in the windows world when a new virus or etrojan appears to realize that those apps are marginal-to-useless security at best. As with the nature of the third-party apps: when a new attack appears their ultimate uselessness becomes readily apparent, you get all of this "be sure to update your definitions" advice [always late compared to the attacks], and then in a little while, in the best of barn-door tradition, things calm down. The third-party-apps aren't bad at protecting you from last-week's attack. His description of all that cool nonsense about the heuristic stuff in the AV apps to detect un-signatured-attacks is, of course, bogus: if you're running with enough privileges to do nastiness to your system, you're running with enough privileges to wholly disable [or replace or whatever] all those little traps. [recall the eTrojan a while back that started by disabling your firewall, thereby allowing it to phone home without being hassled]. Also, there's the question of system-speed and system stability. Implanting that kind of stuff so deeply in the system so as to intercept even the lowest-level system calls *HAS* caused stability problems and for-sure slows your system down. And what's amusing, or depressing, YMMV, is that that stuff is compounded *on*top* of the security machinery already built-into XP [security machinery that folks would rather disable [even though it is still there, still doing all its ACL checks and object checks and policy checks, etc] and instead overlay with a *less*effective*, more complicated, more fragile, more bothersome [and more expensive] secondary security mechanism. And what he leaves out is *every*other* operating system. Why do other OS's have fewer problems than Windows does in massive-compromises from the simplest of vulnerabilities? -- a hint: it is NOT because they have all that AV stuff he likes so much "built in", but rather because they incorporate all the 'standard' computer security mechanisms that too many windows users have eschewed. There are several real security principles at work here, and the AV stuff is *NOT* part of the forumla [other than as a pretty weak, secondary or tertiary backup system]: the first principle is to use as few privileges as you need to do what you're currently doing. This should be obvious: you can cause less damage accidentally [or via maliciousness] if you've made your circle-of-exposure as small as possible. The second is that there should be mulitple *layers* of protection acting independently and from different "directions", if you will. This so that when you either make a mistake or an attacker manages to find an exploit in your first- line of defense instead of having free rein to hose your system what they'll find is that they just ran into the *next* round of bulwarks. The basic idea is very simple: when you do everything perfectly, never run (or blunder into) malware, never have a finger-slip or do something stupid, you really need essentially no "protection" at all -- folks can, and have, driven cars hundreds of thousands of miles without their seatbelts and avoided problems; you can work for years on construction sites without a hard hat and manage to avoid getting beaned with a brick. The point of the security machinery is to protect against slipups and the unexpected and the third-party apps just don't do that very well if you're running with excessive-privileges (and they're hardly necessary at all if you're running with minimal ones). /Bernie\ -- Bernie Cosell Fantasy Farm Fibers mailto:[EMAIL PROTECTED] Pearisburg, VA --> Too many people, too few sheep <-- -- ---------------------------------------- To Change your email Address for this list, send the following message: CHANGE WIN-HOME your_old_address your_new_address to: [EMAIL PROTECTED] Note carefully that both old and new addresses are required.
