Slashdot Mirror
The Insecurity of Security Software
H316 writes "BusinessWeek is reporting that, despite a number of software products meant to safeguard Windows PCs from harm, a rising number of them endanger their hosts because of poor design and flaws. From the article: 'A new Yankee Group report, to be released June 20, shows the number of vulnerabilities found in security products increasing sharply for the third straight year -- and for the first time surpassing those found in all Microsoft products.'"
Yeah, don't know if this has changed, but on one of my machines my "virus" protection software absolutely needed Internet Explorer, and would override my default browser setting to use IE for any of it's "transactions"... Considering the history and track record of IE and my long ago decision to eschew any use of IE this was upsetting to say the least. I cancelled my subscription, sent a letter, and re-upped with a different vendor. To this day, I've never gone back to check to see if this vendor has "fixed" their approach, though I never got any response to my letter. (I choose not to name names, it isn't necessarily about "them"... I find this to be a somewhat absurd universe that an entire industry has grown up around an OS stillborn in the context of capable security (not perfect, just capable!) Heavy sigh...
Not to worry, though, maybe an industry will spring up around the security software industry... providing us with meta-security software...! (even heavier sigh.)
Aside: (but related), I wonder, has anyone ever investigated, researched, done any benchmarks about how many/what percentage of CPU cylces are allocated just for virus checking (and other security checks)?
"If you put chocolate sprinkles on shit, all you have is shit with sprinkles on top."
The point being, the software that runs on top of any OS can only be as secure as the OS itself.
"Teleporting Rodents with D-Cell Battery Displacement" theory -- IgnoramusMaximus (692000)
Anyone here actually trust Yankee Group anymore? Remember this? http://linux.slashdot.org/article.pl?sid=05/04/05/ 007214&tid=163&tid=187&tid=109&tid=98&tid=106
Well, it turned out that the study was funded by a windows house: http://filtered.typepad.com/markjones/2004/04/abou t_face_on_y.html "The survey was funded and carried out by Sunbelt Software, a vendor of Windows utilities, which publicised the survey through a mailing list called W2Knews, which bills itself as "The world's first and largest e-zine designed for NT/2000 System Admins and Power Users"."
So who funded this report?
It's painfully obvious that for any applications requiring real security, you just plain shouldn't use a PC. I got ragged on a lot by my coworkers, but I always recommended an OpenVMS (on Alpha or real VAX) solution. Funnily enough, that stopped after their PC based solutions running Windows 2003 Server were cracked on a weekly basis. And that was on one of our smaller, less known websites. Our major web sites, which we run off of our OpenVMS cluster, remain completely secure.
Indeed, VMS offers the best combination of security through security and security through obscurity. The system itself is inherently rock-solid, stable and secure. Combined with the fact that most script kiddie crackers, and even some of the more seasoned pros, lack basic VMS knowledge, you're looking at very reliable systems from a security standpoint. The chance of becoming the victim of crackery is very minor.
Cyric Zndovzny at your service.
I've avoided anti-virus programs far as I can recall. I use them, but I don't like to run them in real time or pay too much for them.
Basic problem with them is that they're just more complex code above already complex code, that tries to fix the problems that is mainly caused by that complexity in the first place.
Result is much slower computer that the anti-virus software inadvertly affects like a viruses would.
Stopping programms, and causing something not work correctly.
All virus programs are basically parasites, anti-virus programs are just bigger parasites far as I'm concerned.
They have their place, but they should be simple, free and not be the answer for security. When they are not, they're themselves a risk.
Nobody knows the trouble I've seen, nobody knows has the trouble seen me, even I sometimes wonder why I write these line
I'm sure it's just a coincidence that the Yankee Group, who are not exactly known for the impartiality, have released a report saying that 3rd party security apps (read that, AV, firewall, and spyware blockers) are insecure just as Microsoft gets ready to take their spyware software out of beta and unveil their antivirus software. Riiiight.
Yes, my only tool is a hammer. And you're starting to look like a nail.
I loaded a thirty-day trial version of TDS-3 on her machine and found there were only a couple trojans left.
One of them was that goddamn crap that names a file "t?skmgr.exe" - so that you can't delete it from the XP Recovery Console because stupid Microsoft won't let the RC delete command run wildcards (for "security" reasons, right?), and you can't SEE it in Explorer because it looks just like taskmgr.exe, so you can only tell which one it is by looking at where they appear in the file listing. Then they make it a hidden, system and read-only file and of course it's in use by a process, so Windows won't let you touch it.
Bart's PE and Knoppix couldn't help me with this one.
Acting on a tip from the Net, I loaded Winfile, the old Windows NT file manager, and managed to rename it, move it to another directory, so it couldn't be run, and after rebooting into safe mode, I could delete it.
The other trojan was the one that originally was driving me nuts. I forget how I finally got rid of that one.
There was still at least one spyware somewhere, so I loaded HijackThis on and got rid of some more crap.
And finally I found a "Security Agent" from "CastleCops" which was actually a trojan. The service was running but the rest of it had already been cleaned, so I disabled the service.
Plus I went into the Registry and clobbered everything I could find that wasn't a known user, Microsoft or Dell installed program. I think I cleaned out a lot iof spyware keys that even all the other antispyware programs didn't find.
Then I checked the client's account status and found she was running as Administrator, so I switched her to limited. That caused TDS-3 to stop working under her account (apparently it needs not only Admin status to install, but to run, no surprise given what it does). I got confused by XP's stupid "tri-mod flag" technigue of labeling all file folders faux "read-only" into thinking somehow the disk was screwed, but I finally determined that was not the case. So she's back to running as Administrator until I can tell her to create a new account (because I don't know what's been installed by her as Administrator so I don't think it's safe to just change her back to limited - something other than TDS-3 might break) and move her desktop icons over to the new profile.
She seems to be clean now - no system error messages, no popups, and the system seems stable.
It only took me another eight hours - mostly because I don't have a Bart's PE and Knoppix that's REALLY loaded with anti-trojan, AV, spyware and other tools. That's my next project - buff up my bootable tools so I can access ANY file ANYWHERE and kill it.
I get my hands on the asshole wrote that "PurityScan" adware trojan, I'm gonna nail his knees to the floor with railroad spikes - so he stays put while I really do some damage to him.
Somebody needs to start scanning Web sites where this crap comes from, report the assholes to the law, and get the lot thrown in jail. NONE of this stuff came in through email because my client uses Web mail exclusively. That means it came from Web sites. So why not set up a Web scanner that visits suspicious Web sites, downloads this crap into a sandbox, logs everything as evidence, then publishes it as a blacklist - a "reverse honeypot"?
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!