Skip to main content

Anti-virus, Patching, Drugs and the Immune System

Anti-virus is a hotly debated control.  For some it is a very profitable business model, and for others it is a primary portion of their security environment.  In other circles pointing out faults and weaknesses in anti-virus controls has become a banner for a crusade.  All of this results in confusion of users who are using it to protect themselves against online threats, which makes all of us a little less secure.  I'd like to make the point that if we focused on the causes of our online illnesses, secure software development and patching, that this would go a long way to improving our trust in the online community.

Anti-virus, like drugs produced by pharmaceutical companies are good at one thing, treating known conditions effecting us.  In anti-virus' case this is known malware and viruses.   These treatments are still essential at treating these conditions, and investment in new treatments is also very important.

On the other hand secure coding, development practices and rapid patching of systems is like our immune system, its there to help us prevent the infections from occurring in the first place.  And just as doctors provide advice on avoiding situations and preventing conditions which would result in infection, security professional provide advice on improving processes around the management of our environments, and the behaviours of our users.

Unfortunately, like drugs, anti-virus products are promoted as being a cure-all by some vendors biased by the profits to be had in the sale of these products.  Doctors live by a code of ethics which prevents them from solely relying upon drug treatments  to treat, cure and prevent the conditions of their patients. Like doctors, we security professionals need to provide the best advice to our customers, and ensure that we recognize the clear differences between these controls, and recommend and apply the right amounts of prevention and treatment.

Comments

Popular posts from this blog

Consumer Benefits of Credit Card Security

Recently, new types of credit card security features have be debuted, such as this one from Visa. And as some of the comments on Bruce Schneier's blog point out, its questionable how effective this is. I want to figure out what the motivation is behind these ideas, as it appears banks and the major credit card brands are not completely transparent about the benefits to the consumer. My example is this, one source has that in 2005 $2.8 million was lost due to credit card fraud from Visa and MasterCard in Canada alone. These costs are absorbed by the credit card companies as they protect their cardholders from liability, but as can be expected these costs are directly applied to the card brand customers, people and merchants, in the form of fees and interest rates. Now lets say that card brands can deploy a technology to eliminate 90% of this fraud and associated insurance and liability costs. Likely a large savings both in Canada and globally. Would we, the public and mercha

OpenSolaris, ZFS, iSCSI and OSX - Creative Storage - Part II

In part I of this post, I looked at the simple steps required to setup a relatively simple storage solution using OpenSolaris, ZFS, iSCSI and OSX. This was about a month ago, and I've made some significant changes on how this is used for me. At the end of the last post I left off on the part dealing with configuration of the iSCSI initiator side of the solution. I stopped here because there were some issues related to the installation and use of the software. The iSCSI initiator that I was using was Studio Network Solutions GlobalSAN initiator (version 3.3.0.43) which is used to allow for connections to their products. This software will also allow for connections to ANY iSCSI target! After the configuration of the iSCSI target on the ZFS pool, and installation of the client it was trivial to get the connection established with the storage pool, and it showed up in OSX as a raw disk which had not been formatted. I proceeded to format the disk as HFS+ and it then mounted as a lo

May Security Catch-up

Its been much too long since my last post - Sony's PSN network has been breached a few times , a record number of vulnerabilities have been published , and the US government has released a new set of cyber space strategies . On the cool tools and technologies there have been lots of notable releases: Some research from Albert Cotesi New Zealand on the traffic flowing from IOS to 3rd parties, now sniffable thanks to MITMProxy , and instructions on getting it working with IOS As always SQLmap is making life easier for the vulnerability assessor and pen-tester. Microsoft has released an updated to the Enhanced Mitigation Experience Toolkit - I'll be looking into this over the next few weeks, and how it can be applied practically. New major version of Backtrack also released, for those of you that are still relying upon live-cd's as a source for tools.