|
Anti-virus technology fails to prevent computers from virus infections. And because it fails, it inadvertently assists many security woes that plague the computer population.
Because viruses spread, hackers find it easier to compromise business computers, identity theft is better enabled and computer fraud is easier to perpetrate. Virus-infected computers become an exploitable resource for hackers, who assemble and control networks of thousands of “zombie” computers, which are used to mount “denial of service” attacks, distribute huge volumes of spam and distribute more viruses.
Statistics that demonstrate the ineffectiveness of AV technology are regularly produced:
- A recent Yankee Group report stated that 99% of companies had AV technology installed, yet 62% of companies suffered successful virus attacks.
- According to AusCERT, Australia’s Computer Emergency Response Team, the two most popular and deployed AV products fail to prevent 80% of new viruses.
Virus writers test their new viruses against the more popular AV products before releasing them. And that is why AV technology is so ineffective. AV products have been trying for nearly 20 years to deal with the virus threat and have made very little progress. The AV technology vendors have simply taken the wrong approach. They have built “burglar alarms” that will only alert you if a known burglar tries to enter the house. The real solution is to have a “burglar alarm” that sounds when anyone you don’t know tries to enter the house.
Fortunately, whitelisting technology has emerged in recent years. Whitelisting technology takes a different approach to the malware problem, recording all valid programs and preventing others from executing. Because of this approach, it can be and is used to prevent other ills, such as spyware, adware, unlicensed software or any other kind of unauthorized software. Whitelisting can be applied to device control as well, which prevents the attaching of unauthorized devices to corporate PCs and laptops.
The Whitelist Strategy: Five Use Cases
The whitelist approach fixes the virus problem, and provides a variety of other security benefits. Its impact is illustrated with the following five “use cases,” each of which provides a different IT security threat and explains how whitelisting provides a defense.
Use Case 1: The Virus Writer/Distributor
The ultimate goal of a virus writer varies quite considerably. Early viruses were written for research purposes, but nowadays, such virus “innovators” may just post the source code of a new virus to a web site and let someone else compile and distribute it.
Viruses have been released as irresponsible pranks, as political messages that flash up on the screen when the virus runs, as outright vandalism, to attack specific products, to generally infect PCs with Trojans, as demonstrations of virus craftsmanship and as direct attempts to steal data. There have even been some examples of viruses that tried to fix known problems or add improvements to programs.
The modus operandi of the virus writer is as follows:
1. Design the virus, deciding on how it will spread and what it will do to the host machine that it infects.
2. Write the virus, patching in source code from the virus libraries that exist.
3. Test the virus on several PCs each of which is running a popular AV product. Tweak the virus until it evades detection by some or all of the AV products.
4. Release the virus into the wild, using an Internet cafe and anonymous accounts.
A virus prepared in this fashion will spread, guaranteeing a week or two of success, if not more.
How can this be prevented?
Infection will not occur on any computers running whitelist technology and it may be stopped by some of the AV products that the virus wasn’t tested against. Eventually, the AV products that it was designed to circumvent will block the virus and in time it will gradually become less infectious - although it may continue to exist and infect new computers for years. If all PCs ran whitelisting technology, the virus would not be able to execute and therefore would not spread.
Use Case 2: Your Global Neighborhood Hacker
Since 2002 many of the viruses released into the wild have included code that opened up “back door” access into an infected computer. This explains how, in 2005, Dutch cyber criminals managed to assemble a network of 1.5 million “robot” PCs. The ineffectiveness of AV technology in combination with viruses that planted Trojans on infected PCs made it possible.
|
