The Risks of Desktop Security Software - Part 1

Written by Tim Klemmer

This isrepparttar second in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions.

Reason #2:repparttar 133404 Desktop Security Software Risks

The risks of placing software onrepparttar 133405 desktop are such that I will be breaking this article into two parts.

Fundamentally we think of having software on our desktops as a good thing. I love downloading or installing new packages and seeing what new creative things people do torepparttar 133406 user interface or what they do to make certain aspects of my life easier or more fun.

But there are problems inherent with software that resides onrepparttar 133407 desktop, especially security software. All developers will know what I mean. First and foremost, desktop software can be reverse engineered. What’s that mean? Have you ever inadvertently double-clicked on a file and had garbage show up or seen something that looks similar to this?

The old hex dump. Programmers will know it well. We actually spend a good deal of time trying to read this stuff. Basically, if there are programs that can (and do) turn instructions likerepparttar 133408 following

If UserBirthDate < “01/01/1960” then IsReallyOld = “Yes Else IsReallyOld = “No” End If

into something likerepparttar 133409 picture above, thenrepparttar 133410 reverse is true: people have developed software that can take that gobbeldy-gook inrepparttar 133411 picture above and turn it somewhat intorepparttar 133412 if-statement I wrote out. The reversing software won’t know that I had an item called UserBirthDate, but it will know I was testing for a value of January 1, 1960 and it will be able to say that based on that value I set another item to Yes or No.

So now we install our fool-proof anti-virus software on our desktop (or our firewall for that matter). Well, so too can a virus author. And that virus author or hacker will also have gotten a copy ofrepparttar 133413 latest reverse-engineering software from his local hacking site. He now goes upon his task of reverse-engineeringrepparttar 133414 software and then trying to decipherrepparttar 133415 results. It’s not easy but it can be done. Unfortunately, vendors know this and understand this as an acceptable risk.

The problem here is that your security software is at risk. If your vendor codes an error,repparttar 133416 virus author can and will detect it. For example, if your vendor should exclude a file from scanning, it’s possiblerepparttar 133417 virus author will figure out which file (or type of file) that is and bury his code there. Ifrepparttar 133418 vendor excludes files from scanning or heuristics, it’s possible that virus author will figure out a way to corrupt that file.

That being said, there are other risks. As we have said, once software is onrepparttar 133419 desktop it affords virus authors an opportunity to reverse-engineer security software. The knowledge that reverse-engineering provides is invaluable to a virus author when building his next software attack. Third, virus authors can learn whererepparttar 133420 anti-virus vendors put there software and putrepparttar 133421 links to their software (directory folders, registry entries, etc.). This too is invaluable information. In fact, in some ways it teaches people intent on writing malicious software clues as to how to infiltraterepparttar 133422 computers’ operating system, where registry entries need to be made to force software to be loaded every time a computer is started, etc.

Desktop Security Software Risks - Part 2

Written by Tim Klemmer

This isrepparttar third in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions.

Reason #2:repparttar 133403 Desktop Security Software Risks

The risks of placing software onrepparttar 133404 desktop are such that I will be breaking this article into two parts.

There are many advantages to putting security and anti-virus software onrepparttar 133405 desktop. They range from efficiency to money. Under previous ways of thinking if I can capture security and virus problems atrepparttar 133406 desktop I can prevent them from going any farther. That works well in a non-connected environment. Inrepparttar 133407 connected environment it makes more sense to centralizerepparttar 133408 software and monitor connections in and out. Basically “firewall” allrepparttar 133409 appliances from each other.

In a previous article we discussedrepparttar 133410 security risks inherent with desktop software designed to berepparttar 133411 protection layer between you and all those bad people out there onrepparttar 133412 Internet. Here now we will discuss some more mundane issues regardingrepparttar 133413 risks of putting security software onrepparttar 133414 desktop: Drag Drag steals clock-cycles from your processes so that it can run in a higher priority mode. Anti-virus software especially places a drag on your computer. Depending on your settings (andrepparttar 133415 default settings are usually very aggressive), every time you run a program or open a file, real-time file scanning takes place and your files are scanned for viruses. This slows down your processing. Accessing larger files takes longer. You can see a discernible lag time between when you start a program/open a file and when you can actually access it. Compatibility Afterrepparttar 133416 obvious issue of “drag” is compatibility. Often security and anti-virus rules get inrepparttar 133417 way of your doing business on your computer. While you may get away with using older versions of such packages as Word, Sims, Photoshop, etc. on your computer withrepparttar 133418 new XP operating system, it’s unlikely your security software will be completely compatible. Why? Many packages rely on very low-level functionality to be able to dorepparttar 133419 tasks they set out to do. Anti-virus packages have to be able to operate at a level closer torepparttar 133420 hardware than most packages. They need to do this to prevent virus software from taking precedence from them. While many packages offer backward-compatibilityrepparttar 133421 opposite is not true: forward-compatibility. There are several reasons for this: a package written for Windows 98 will not anticipate allrepparttar 133422 changes torepparttar 133423 operating system that are implemented for Windows XP. While your Win98 anti-virus program may work under XP, it won’t work at its peak performance. It can’t. It’s just another reason for centralizing your security. By siphoning all your traffic through a security screen at your ISP, for instance, you offloadrepparttar 133424 need for updates and staying up-to-date on your security software. This then becomesrepparttar 133425 job ofrepparttar 133426 service provider.

Cont'd on page 2 ==> © 2005
Terms of Use