Arun Marballi

TECHNO CORNER

ANTI-VIRUS SOFTWARE ARE VULNERABLE TOO!

By ARUN MARBALLI

Anti-virus software has always been considered a necessary part of a computer�s defense against viruses and other malware found in the cyber wilderness. But of late, numerous incidents have suggested that this shield may have developed chinks that have not only eroded its effectiveness but have almost made it vulnerability instead. Consider the fact that the anti-virus genre of software was created during the days when the only mode of data transfer was via diskettes. There was no e-mail, there was no Internet and the Operating System controlling the computer was a fairly simple program compared to today�s highly complex Operating Systems that attempt to cater to our every desire for a user friendly computing environment. As the complexity of the environment has increased, the number of vectors that have decreased the efficacy of the anti-virus software has seen a steady increase as well. And now, compromised pages on Web 2.0 sites such as Facebook and Blogs are downloading Trojans that kick off fake anti-virus programs that appear to be scanning the system and discovering numerous unheard of viruses and malware and then holding the user�s computer hostage by locking up the system and forcing the user to purchase a rogue anti-virus product. Unfortunately, if you are a victim of such an attack, there is not much you can do, once you have got the Trojan on your computer � other than to reformat the hard drive and restore the Operating System and your personal data from back-ups. There are a couple of names by which these fake anti-virus software go by � Adware/TotalSecurity 2009 and AntiVirus Pro 2010, and there may be more entering the cyber space in days to come.

What makes the above fake anti-virus attacks more ominous is that these attacks have come through in spite of having fully updated anti-virus software on the computer. Which leads one to the question � has the day come to consider an alternative for the ubiquitous anti-virus software? Perhaps. Up until 2008, the number of unique malicious programs and variants that existed was less than the total number of legitimate software published in the world. However, 2008 was the tipping point and now all the known Malware far outstrips the good software. This has placed a tremendous strain on the anti-virus software publishers and it is becoming apparent that the task of �keeping up� is taking its toll. Since malware only comes from an external source and our computer systems are designed to automatically execute any software loaded into the system�s memory, it makes sense to consider somehow altering the computer�s configuration to run only software that we deem safe to run and to reject all other software.  Software that enables this mode of operation has existed for sometime and has now reached a level of maturity that makes it a worthwhile alternative to anti-virus software. This form of software control is called �Whitelisting� or �Application Control� and there are at least five products available on the market that would fit the bill � and, in fact, the new Microsoft Windows 7 also includes this feature in the form of the component Microsoft AppLocker.

Another alternative exists to the traditional anti-virus software, which involves maintaining a current list of known malware threats and attempting to prevent these objects from executing on our computer.  This alternative leverages on our �always on� broadband connectivity and the viral networking model.  A startup company, Immunet, has developed a community based anti-malware package that collects data about infections in all machines that are connected to it. If one of those machines becomes infected with a new malware object, then Immunet develops a fix and automatically inoculates all devices running on its network.

Finally, the word on the grapevine is that Microsoft�s new offering, Windows 7, is a significantly improved product with many nifty security features that aim to overcome the numerous security problems that have plagued the Windows ecosystem. It has been billed as the company�s most secure release ever based on a nine-year �Trustworthy Computing� initiative driven by Microsoft�s Chief Research and Strategy Officer Craig Mundie. Windows 7 includes in its portfolio features such as BitLocker (for encryption), AppLocker (for Application Control or Whitelisting), a more robust and pragmatic User Account Control that can be customized to the level that a user is comfortable with, DirectAccess a feature that enhances secure connections to corporate networks where necessary and Biometrics drivers that are now available to third party developers. Above all, it has been reported that the National Security Agency (NSA) has worked with Microsoft (Apple, Sun Microsystems and Red Hat too) to �harden� the Windows Operating System. One wonders if the NSA involvement was purely altruistic or if it has left any back-door portals in the Operating System for �Big Brother.�

Arun Marballi has worked in the Information Technology arena for more than 20 years with extensive experience in software development, process design and network/workstation management. For comments, questions, tips or suggestions, e-mail [email protected].

Home