[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Cashing In on Virus Infections
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
http://www.wired.com/news/infostructure/0,1377,62558,00.html
Cashing In on Virus Infections
By Michelle Delio
02:00 AM Mar. 18, 2004 PT
After a recent epidemic of computer viruses that seemed much worse than
usual, security experts are questioning whether the antivirus software
industry is working hard enough -- or has enough incentive -- to develop
new
and better ways of stopping nasty software.
Over the past two months, dozens of variants of the MyDoom, NetSky and
Bagle
viruses have infected computers around the globe. While sales of
antivirus
software are at an all-time high, the malicious programs still spread
with
alarming speed.
In a recent study by the Department of Trade and Industry in the United
Kingdom, 93 percent of smaller companies and 99 percent of large
companies
said they use antivirus software, and close to 60 percent of firms
update
their antivirus software automatically to keep up with new virus
threats.
But computer viruses still managed to hit 50 percent of the smaller
firms
and infect 68 percent of the larger companies' networks in 2003.
Some experts charge that the $1.4 billion antivirus industry is content
with
perpetuating a business model that is profitable for the companies, but
onerous for the user. Most antivirus solutions require users to
subscribe
for an annual fee. In return, users get to regularly download "signature
file" updates that identify the latest malicious code.
Usually, it takes the antivirus software companies a couple of hours to
develop the files after a new virus is spotted and analyzed. It may take
another day or so for computer users to download the update and
inoculate
themselves against the latest virus. But meanwhile, a virus can make its
way
around the globe in just minutes, propelled by users' clicks on
virus-laden
e-mail attachments.
"The signature model is totally outdated and virtually useless," said
Mike
Sweeney, owner of the network-security consulting firm Packetattack, and
author of several books on systems security for technology
professionals.
"But bottom line: Signature files are profitable. You have to have a
subscription that they charge either a monthly fee for or an up-front,
once-a-year fee. That makes for a nice tidy revenue stream."
There are alternatives to the signature-file model of detecting and
stopping
viruses. For example, integrity checking builds a database that
describes
the uninfected programs and files on a PC and blocks all attempts to
alter
them. Heuristic scanners evaluate a program's code to anticipate
malicious
intentions. The downside -- from the software companies' point of view
-- is
that these types of programs would not require updates as frequently as
signature-file programs, so it would be harder to justify an annual
subscription fee.
"What you have now is antivirus technology that has been fossilizing for
years," said George Smith, a senior fellow with GlobalSecurity.org. "All
technologies outside of signature-based scanning were effectively driven
from the market in the last decade, as far as the average person or
company
is concerned. This was a conscious war prosecuted by the market leaders,
who
have enforced a stagnant technology base. Antivirus technology
development
is now a radioactive no-man's land."
Ken Pfeil, chief security officer at Capital IQ, a financial services
firm
in New York City, said he can't guess the antivirus vendors' motivation
for
not moving to a more effective product, "but one would venture to guess
that
enough noise has not been made from the customer perspective to justify
shifting their business model from reactive to preventive."
In defense, representatives of antivirus vendors say the signature-file
model is the simplest for users. The other models sometimes demand a
sophisticated understanding of PCs and software, and require fine-tuning
of
settings to reduce false alarms. Even with expert tinkering, heuristic
and
integrity-checking products tend to produce far too many alerts for
average
users. The companies say users would rather have the software work
automatically in the background without the need for user intervention.
"Signatures are user-friendly," said Joe Hartmann, director of antivirus
research for Trend Micro, the third-largest antivirus software vendor.
"They
don't require users to make decisions that require technical background
knowledge. An exact virus signature can allow the antivirus software to
perform automated virus removal without harming the system.
"And signatures are convenient," he added. "Most users want to know what
attacked their system, what actions were taken and how to remove the
malicious code from the system automatically. If we focus only on
heuristics
and generic technologies, we would increase the risk for potential false
alarms and increase the skill requirement to properly use the product or
technology."
Many antivirus programs now incorporate heuristic scanners to some
extent,
which provide proactive protection against virus and worm activity
without
the need for updates to protect against new viruses. But antivirus
developers said most users don't like full-fledged desktop heuristic
scanners.
"Antivirus companies do not offer subscription-based product-delivery
models
because they are the most profitable, but because they can provide a
high
level of protection against the ever-moving threat of viruses, with the
least amount of hassle for end users," said Chris Belthoff, senior
security
analyst at Sophos, another antivirus vendor.
Some independent security researchers agreed that traditional
signature-based antivirus solutions shouldn't be dumped completely,
noting
that the software does a good job of protecting against known viruses.
"I won't rush to ignore signature-based protection," said Richard Forno,
a
security consultant. "Yes, it is a reactive rather than proactive
solution,
but the system I have on my mail server blocks at least 95 percent of
all
worms and Trojans."
In addition, Forno said the blame doesn't rest on the antivirus
companies
alone. He pointed out that most e-mail programs, like Microsoft's
Outlook
and Outlook Express, have bells and whistles that allow malicious
software
to launch itself and easily alter the operating system, as well as
spread
quickly to other computers. If the e-mail programs were stripped down
and
had fewer hooks to the operating system and other files on the computer,
much of the virus problem would go away.
Jimmy Kuo, research fellow for McAfee Avert (Anti-Virus Emergency
Response
Team) at Network Associates, agrees that e-mail programs have gotten too
fancy.
"The simplest way (to prevent viruses) is a text-only e-mail system,"
Kuo
said. "It would be helpful if one was provided with every computer, so
people could devolve from the glitzy versions if they so chose."
In addition, e-mail attachments would have to be decoded outside the
mail
program, so users would have to take extra steps to open files,
eliminating
spur-of-the-moment clicking that leads to network havoc, he said.
But Kuo doesn't expect any widespread rush to text e-mail programs. In
general, he noted, given the choice between security and functionality,
functionality will always win.
"Most people will choose the easy-to-use system," he said. "Easy also
means
it's easy to make mistakes and that the system is easy to exploit."
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.