Reason #2: Desktop Security Software Risks
The risks of placing software on desktop are such that I will be breaking this article into two parts.
Fundamentally we think of having software on our desktops as a good thing. I love downloading or installing new packages and seeing what new creative things people do to user interface or what they do to make certain aspects of my life easier or more fun.
But there are problems inherent with software that resides on desktop, especially security software. All developers will know what I mean. First and foremost, desktop software can be reverse engineered. What’s that mean? Have you ever inadvertently double-clicked on a file and had garbage show up or seen something that looks similar to this?
The old hex dump. Programmers will know it well. We actually spend a good deal of time trying to read this stuff. Basically, if there are programs that can (and do) turn instructions like followingIf UserBirthDate < “01/01/1960” then IsReallyOld = “Yes Else IsReallyOld = “No” End Ifinto something like picture above, then reverse is true: people have developed software that can take that gobbeldy-gook in picture above and turn it somewhat into if-statement I wrote out. The reversing software won’t know that I had an item called UserBirthDate, but it will know I was testing for a value of January 1, 1960 and it will be able to say that based on that value I set another item to Yes or No.So now we install our fool-proof anti-virus software on our desktop (or our firewall for that matter). Well, so too can a virus author. And that virus author or hacker will also have gotten a copy of latest reverse-engineering software from his local hacking site. He now goes upon his task of reverse-engineering software and then trying to decipher results. It’s not easy but it can be done. Unfortunately, vendors know this and understand this as an acceptable risk. The problem here is that your security software is at risk. If your vendor codes an error, virus author can and will detect it. For example, if your vendor should exclude a file from scanning, it’s possible virus author will figure out which file (or type of file) that is and bury his code there. If vendor excludes files from scanning or heuristics, it’s possible that virus author will figure out a way to corrupt that file.That being said, there are other risks. As we have said, once software is on desktop it affords virus authors an opportunity to reverse-engineer security software. The knowledge that reverse-engineering provides is invaluable to a virus author when building his next software attack. Third, virus authors can learn where anti-virus vendors put there software and put links to their software (directory folders, registry entries, etc.). This too is invaluable information. In fact, in some ways it teaches people intent on writing malicious software clues as to how to infiltrate computers’ operating system, where registry entries need to be made to force software to be loaded every time a computer is started, etc.
The old hex dump. Programmers will know it well. We actually spend a good deal of time trying to read this stuff. Basically, if there are programs that can (and do) turn instructions like following
If UserBirthDate < “01/01/1960” then IsReallyOld = “Yes Else IsReallyOld = “No” End If
into something like picture above, then reverse is true: people have developed software that can take that gobbeldy-gook in picture above and turn it somewhat into if-statement I wrote out. The reversing software won’t know that I had an item called UserBirthDate, but it will know I was testing for a value of January 1, 1960 and it will be able to say that based on that value I set another item to Yes or No.
So now we install our fool-proof anti-virus software on our desktop (or our firewall for that matter). Well, so too can a virus author. And that virus author or hacker will also have gotten a copy of latest reverse-engineering software from his local hacking site. He now goes upon his task of reverse-engineering software and then trying to decipher results. It’s not easy but it can be done. Unfortunately, vendors know this and understand this as an acceptable risk.
The problem here is that your security software is at risk. If your vendor codes an error, virus author can and will detect it. For example, if your vendor should exclude a file from scanning, it’s possible virus author will figure out which file (or type of file) that is and bury his code there. If vendor excludes files from scanning or heuristics, it’s possible that virus author will figure out a way to corrupt that file.
That being said, there are other risks. As we have said, once software is on desktop it affords virus authors an opportunity to reverse-engineer security software. The knowledge that reverse-engineering provides is invaluable to a virus author when building his next software attack. Third, virus authors can learn where anti-virus vendors put there software and put links to their software (directory folders, registry entries, etc.). This too is invaluable information. In fact, in some ways it teaches people intent on writing malicious software clues as to how to infiltrate computers’ operating system, where registry entries need to be made to force software to be loaded every time a computer is started, etc.
There are many advantages to putting security and anti-virus software on desktop. They range from efficiency to money. Under previous ways of thinking if I can capture security and virus problems at desktop I can prevent them from going any farther. That works well in a non-connected environment. In connected environment it makes more sense to centralize software and monitor connections in and out. Basically “firewall” all appliances from each other.
In a previous article we discussed security risks inherent with desktop software designed to be protection layer between you and all those bad people out there on Internet. Here now we will discuss some more mundane issues regarding risks of putting security software on desktop: Drag Drag steals clock-cycles from your processes so that it can run in a higher priority mode. Anti-virus software especially places a drag on your computer. Depending on your settings (and default settings are usually very aggressive), every time you run a program or open a file, real-time file scanning takes place and your files are scanned for viruses. This slows down your processing. Accessing larger files takes longer. You can see a discernible lag time between when you start a program/open a file and when you can actually access it. Compatibility After obvious issue of “drag” is compatibility. Often security and anti-virus rules get in way of your doing business on your computer. While you may get away with using older versions of such packages as Word, Sims, Photoshop, etc. on your computer with new XP operating system, it’s unlikely your security software will be completely compatible. Why? Many packages rely on very low-level functionality to be able to do tasks they set out to do. Anti-virus packages have to be able to operate at a level closer to hardware than most packages. They need to do this to prevent virus software from taking precedence from them. While many packages offer backward-compatibility opposite is not true: forward-compatibility. There are several reasons for this: a package written for Windows 98 will not anticipate all changes to operating system that are implemented for Windows XP. While your Win98 anti-virus program may work under XP, it won’t work at its peak performance. It can’t. It’s just another reason for centralizing your security. By siphoning all your traffic through a security screen at your ISP, for instance, you offload need for updates and staying up-to-date on your security software. This then becomes job of service provider.