August 12, 2007
Things can change quickly if you believe everything you read on the topic of bad guys vs. antivirus developers:
The battle is being lost and the bad guys have the upper hand: Network World 31/01/07.
The battle is being won and the antivirus developers have the upper hand: SC Magazine 10/08/07.
I find the latter story a bit hard to fathom. It seems to go against everything else we’re reading, seeing and hearing about. Virus specific? Maybe? But the story doesn’t just focus on that.
Muhuhuhuhuhu, hahahahahahahahahhahah…. *stroke cat*
http://secunia.com/search/?search=anti-virus
http://osvdb.org/searchdb.php?action=search_title&vuln_title=anti-virus&Search=Search
I guess the ‘attack surface’ argument is nicely summed up here. http://www.matasano.com/log/646/matasano-security-recommendation-001-avoid-agents/
Polishing turds and all that. Should the AV guys have the upper hand, the APP guys or the OS guys?
This makes me laugh. Not a raucous belly laugh, more of a cynical ‘ha !’ – type laugh, if you know what I mean.
Both articles are based around the (alleged) quotes from Kaspersky et al.
For those who weren’t at AusCert 2006, Eugene Kaspersky proudly proclaimed to his audience that his company had the edge because he had “contacts in the underground”.
Well, apparently underground ‘contacts’ aren’t what they used to be, if one is to believe the Kaspersky’s latest announcements (under the guise of news).
What are we to make of all these contradictory statements ? Are A/V developers ahead or behind the bad guys in the battle ?
One doesn’t need to be a rocket scientist or have a PhD in Software Engineering to know the answer.
A/V developers will *never*, I repeat, *never* be ahead of the bad guys.
Why? Because in this particular battle, the bad guys always get to shoot first. So until someone invents a time machine, the good guys can never truly predict all the manifestations of malicious code that will appear in the future.
Simple.
D2,
So what are you saying in the first two links?
DD
The smiley is throwing me here, should I expound?
Go on….or I’ll be tempted to create another smiley.
There is a wide, wide world of software development out there. Pretty much all code either currently has, or will have vulnerabilities as intelligent attackers probe at the very fabric of Code.
On one side defenders, protectors of the realm of the operating system and data (and some apps). Mainly achieved via *bolt-on* code which is subject to the inherent underlying OS weaknesses (while also running as a privileged service itself).
On one side attackers, probing relentlessly, looking for maximum gain via minimum effort. The shortest path between two points if you will. (Let’s remember the physics are different too, so time/cost trade-offs don’t apply exactly as they do in the real world!)
My argument; castles and gunpowder.
If you hire specialist builders to build an extra defending wall or mortar net around your castle, only to find out that the new ’special’ wall/net not only has the same basic flaws as your normal wall, but has a special tunnel to the heart of the castle, one wonders whether or not the specialist builders are really ahead of the game? (Even though they can block the morphing, backwards flying mini-mortar!)
So basically if the ‘bricks and mortar’ code of the specialist defenders is vulnerable to parsing errors, overflows and relies upon weak generic compression and encoding libraries…. then the ‘faith’ in the higher level defense technologies is not only in question, but serious doubt is faced regarding their fundamental practices, ability and whole ‘crippled’ model.
I do concede they are stuck between a rock and a hard place.
I do concede I am somewhat arguing by analogy.
Back to basics, I’d prefer to do online banking with a brick
D2
Big Galoot has some big opinions on this topic.
[...] is on the back of Kaspersky reporting upper hand on the fight. Leave a [...]