Continued from page 1
This information is generally available all over web and in manuals for operating systems, especially manuals on such subjects as Windows Registry. But having software teach you where things belong to be effective is powerful knowledge.
Lastly, and perhaps most significantly, is issue of forebearance. The anti-virus vendors usually know more about potential exploits inherent in programs than virus authors but they are bound by fact that should they try to prevent them before exploits occur, they could be branded as irresponsible for teaching virus authors about these very exploits.
For example, when Microsoft first released macro capabilities of Word, anti-virus vendors immediately realized potential for danger in macros, but they were handcuffed. If they released software that disabled macros before first macro virus was ever released, they would signal to virus authors inherent destructive powers of macros. They chose instead to wait, handcuffed by limitations of desktop software.
Until Internet there really has been no better medium for delivering virus solutions than desktop software. It was relatively inexpensive to deploy (either market software and sell it in stores or provide free downloads on bulletin boards and web sites). It is, however, expensive to keep updated in terms of time and effort, even with automated update systems.
The Internet caused several things to happen: by becoming a powerful medium for sharing files, whole families of viruses disappeared practically overnight (boot sector viruses, for example); by becoming option of choice for sharing files, it was easier to infect a single file and have thousands download it.
A better solution is to place security software in an offsite appliance of its own making. All Internet, intranet, networking connections flow through appliance.
Selling off shelf hardware appliances with built-in security software is better than a desktop software solution but it still suffers –to a lesser extent- from pratfalls that desktop software falls prey to.
Even better is to create a service that a 3rd party vendor manages in a secure environment. In such an instance both software and hardware are away from prying eyes of malicious software authors. This further reduces opportunity for malicious authors to discover tricks and techniques employed by security vendors to protect you.
Tim Klemmer CEO, OnceRed LLC http://www.checkinmyemail.com Tim Klemmer has spent the better part of 12 years designing and perfecting the first patented behavior-based solution to malicious software.