Paradigm shift in anti-virus and spyware protection?
The present way that is used to protect computers against malware such as viruses, worms, Trojans, and spyware is basically reactive. It depends on a local database of information about known malware in order to recognize and disarm the invaders. Some attempt is made at using so-called “heuristic” techniques to recognize new malware that is not in the database but maintaining the protection still requires constant updating of the local database. Also, since the different types of malware have different behavior patterns and signatures, more than one type of protection is needed. Although software suites may combine the different kinds of protection in one package, many people end up with a hodgepodge of different applications. For example, I have an anti-virus program, a software firewall (not counting the Windows XP version), three anti-spyware programs and two Trojan removers. I also have a hardware firewall.
Having to run all these programs and having to constantly update them is not only cumbersome but also makes a hit on system performance. For example, Symantec SystemWorks was such a drag on my system that I never ran it in the background but only used it manually before I finally chucked it in favor of AVG. Even with constant updating, systems are still vulnerable to so-called “zero-day” and undocumented exploits. The constant parade of new security problems makes it clear that something better than the current approach to safeguarding computers is needed.
There are already several possible alternative ways to go. One is the procedure used on many systems that are open to the public in places like libraries and schools. A standard system configuration is established and any changes, including malware, that occur on the system during an individual login session are erased when the user is finished. The system is simply returned to its standard configuration. This approach has been very satisfactory in our classes at SeniorNet where we use the program Deep Freeze. Students can do anything they want to the system or get it infected by malware but when it is rebooted it returns to its original state. This is very satisfactory for a setup which remains static but is tedious where a user installs a lot of new software or creates new files. Changes to the system can be incorporated into the standard configuration if desired but this is a multi-step process and not really suitable for dynamic systems where content changes frequently. However, this approach can be modified to add flexibility by having a separate unfrozen partition where data files and frequently changed programs are kept. Installations that require Registry entries will still need to be done in a multi-step process but the average home user who is an infrequent installer of new programs could certainly use this approach.
A related approach that is attracting more and more attention is the use of “virtual” machines. The equivalent of several independent operating systems can be created on one computer. This is especially attractive for those who try out or test a lot of software. David Berlind at ZDNet has an article on the virtues of VMWare. You can have one virtual machine that is the standard setup and another that gets exposed to the Internet.
A completely different approach is mentioned in an article at PC Magazine. Here is an excerpt
Sana Security’s Primary Response SafeConnect, currently in beta, takes a unique approach to protecting your PC from spyware and other unwanted programs. Rather than using a database of signatures to spot malware during a scan, SafeConnect closely monitors all running processes and zeroes in on suspicious behavior patterns. When it spots a malicious process, it uses data gained from its monitoring to identify and quarantine files and Registry keys related to the process. Because it specifically responds to what a program does rather than to what it is, it is most likely to detect malware immediately upon installation or just after a system restart.
However things develop it is clear to me that the present methods of safeguarding computers are inadequate. Maybe the new Windows Vista will have some solutions. (Mac and Linux users, please do not write saying that all that is needed is to switch operating systems. You have a point but the Microsoft PC monopoly is not going away.)
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.