Anti-Virus, now with added Michelangelo

Apparently it’s all our fault. Again. Not only is anti-virus useless, but we’re responsible for the evolution and dramatic increased volume of malware. According to something I read today “If it wasn’t for the security industry the malware that was written back in the 90’s might still be working today.”

I guess that’s not as dumb as it sounds: we have forced the malware industry to evolve (and vice versa). But you could just as easily say:

“The medical profession is responsible for the evolution and propagation of disease. If it wasn’t for the pharmaceutical industry illnesses that killed people X years ago might still be killing people today.”

And to an extent, it would be true. Some conditions have all but disappeared, at any rate in regions where advanced medical technology is commonplace, but other harder-to-treat conditions have appeared, or at least have achieved recognition.

I can think of plenty of reasons for being less than enthusiastic about the static-signature/malcode-blacklisting approach to malware deterrence, though I get tired of pointing out that commercial AV has moved a long way on from that in the last couple of decades. Even so, if pharmaceutical companies had to generate vaccines at the rate that AV labs have to generate detections (even highly generic detections) we’d all have arms like pincushions.

However, there are clear differences between ‘people’ healthcare and PC therapeutics. Most of us can’t trust ourselves as computer users (or the companies that sell and maintain operating systems and applications) to maintain a sufficiently hygienic environment to eliminate the need to ‘vaccinate’. It’s not that we’re all equally vulnerable to every one of the tens or hundreds of thousands of malicious samples that are seen by AV labs every day. Rather, it’s the fact that a tailored assessment of which malware is a likely problem for each individual system, regardless of provenance, region, and the age of the malware, is just too difficult. It’s kind of like living at the North Pole and taking prophylactic measures in case of Dengue fever, trypanosomiasis and malaria.

Fortunately, new or variant diseases tend not to proliferate at the same rate that malware variants do, and vaccines are not the only way of improving health. In fact, lots of conditions are mitigated by better hygiene, a better standard of living, health-conscious lifestyles and all sorts of more-or-less generic factors. There’s probably a moral there: commonsense computing practices and vitamin supplements – I mean, patches and updates – do reduce exposure to malicious code. It’s worth remembering, though, that even if AV had never caught on, evolving OS and application technologies would probably have reduced our susceptibility to antique boot sector viruses, macro viruses, and DOS .EXE infectors. Is it really likely that they wouldn’t have been replaced by a whole load of alternative malicious technologies?

David Harley CITP FBCS CISSP
ESET Senior Research Fellow

Share