Sunday, August 31, 2003

If Anti-virus is obsolete, whats next?

Before briefly reviewing the available products, I will define what I mean by behavioral blocking. When I use the term, I am referring to a technology that has the ability to run suspect programs in multiple virtual operating systems, determine precisely what the code does and then, based upon a set of rules, decide what to do with that program. This is different from what some people call behavioral blocking, which generally refers to the use of set of rules to decide what to do with a program based upon its attributes.

That is a real waste of compute cycles. Now we know what all the next generation processors are going to be doing. They are'nt going to be any faster than what we have now because most of thier cycles are gonna be doing these things.

And if you think using Linux saves you, think again. It seems to me that the only reason there are'nt more worms/viruses for Linux is that there are less people using the Operating system. Same for the *BSD and so on.

Another form of attribute blocking is integrity checking. This can take various forms, but essentially it consists of a mechanism to determine if the characteristics of a file or program are about to be (or have been) changed by another program. CRC and MD5 checks are one form of this technology. Programs like tripwire and tcpwrappers are another. Most of these, however, only report a file or program alteration and do nothing to prevent it.

Can you see a normal average computer user doing this? I cant. Its not possible. Whats the solution? Network devices, with user data residing on servers. We buy the service which gets us the network admin who is responsible for securing your data. No more personal computers. Sad. An average computer user cannot keep his computer patched at all times.

Mozilla and hypocrisy

Right, but what about the experiences that Mozilla chooses to default for users like switching to  Yahoo and making that the default upon ...