Matt Curtin <[EMAIL PROTECTED]> writes:
> After seeing the flood of mail about the latest bit of malware and how
> to filter and to disable it, I decided that it's time to spell out the
> problem in some detail and to make a call for sanity.
>
> Abstract:
>
> With the attention received by the ``ILOVEYOU'' worm that floated
> around the Internet in the early part of May 2000, many people are
> wondering why their anti-virus software didn't prevent them from
> becoming infected and how they can protect themselves in the
> future. Here we argue that this approach to the problem, though
> popular, is fatally flawed and simply cannot work.
>
> http://www.interhack.net/pubs/email-trojan/
I remarked earlier about how this article is hypocritical in it's
approach to security, but it is also based on a flawed premise.
(Although I'll again mention that I completly agree that policy,
education, and correctness in software are critically important in
security.)
The premise that policy and education are the only solution to
security is based on this characterization of firewalls and anti-virus
software:
Either way, it's an arms race: a significant change by the malware
itself, particularly in the case of malware that has the ability
to mutate, and the detector--client or server-based--is rendered
useless.
This might be true on a local basis but is false on a global basis.
The parallel to biological viruses is good: some organisms have to get
sick before a cure can be found; once a cure is found it can be made
available to everyone.
So while a firewall or anti-virus software may not protect you against
new or mutated malware if you're among the first to get it, the
analysis, identification, and solution can be made available to
everyone else. Firewalls and anti-virus software are among the best
places to implement those solutions.
Matt Curtin follows up to my previous message:
> I'd like very much to see how exactly this is the case. A call to
> stop thinking about anti-virus software, firewalls, etc. for a
> moment and to think about education and policy is certain to
> _broaden_ the viewpoint of the reader, not to narrow it.
This article does not call for stopping thinking about anti-virus
software and firewalls "for a moment", it makes strong claims they
"simply cannot work" and are "useless".
This would be a great article to act as a wake-up call to people who
place their entire faith in firewalls and anti-virus software, but
as-is it can't be presented as part of a balanced security solution.
I mean, I can't link to this article and say "this is a great article
about policy, education, and correctness in software concerning
securty, but it's wrong (and wrong headed) about firewalls and
anti-virus software", can I?
[Actually, I did, but that's beside the point.]
-- Ken
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
