[ insider_reports_insider ]
Rutkowska, McAfee Sparring Again
David Utter
Staff Writer
2007-09-05
 Insider Reports RSS Feed
Joanna Rutkowska, creator of the proof-of-concept Blue Pill malicious hypervisor, and security firm McAfee, have posted points and counter-points about the direction of the security industry.
 | | Rutkowska, McAfee Sparring Again |  |
I spent enough time doing admin work over the years to hear the virus conspiracy theories. "The company writes viruses over here, and sells you the antivirus protection over there, it's a racket, man."
It's always seemed to me that if this were the case, someone would have confessed or been caught out long ago, especially now that there are no secrets on the Internet. Someone always knows something.
Rutkowska thinks the security industry didn't know enough to keep from navigating down the wrong path for years when it came to protecting people from threats.
She contended that all the work the industry spent developing heuristics and other technology "was a waste of time," as these complex programs often miss the zero-day attacks that plague computer users today.
"This is an example of how people decided to employ tricks, instead looking for generic, simple and robust solutions," she said.
McAfee bitterly complained about her suggestion that solving problems with a solution based on digital signatures would mean "no money for the A/V vendors." Their response reads a lot into Rutkowska's post:
What exactly are you saying here Joanna? It sounds a bit like you're saying Anti-Virus vendors have concocted an elaborate conspiracy over the past couple of decades to extort innocent users! I don't think you have to be a security industry insider to recognize the insanity of this accusation.
Whether or not a conspiracy ever existed is irrelevant, and pointless to pursue. The discussion should be about digital signatures of executables, which Rutkowska calls a panacea and McAfee denounces as a "highly unlikely utopian reality."
The main issue seems to be a malicious, executable file distributor could obtain and distribute digitally signed malware. Just because it's signed doesn't mean you should trust the signer, but McAfee's argument suggested people would blindly do so, and be doomed without AV scanning in place.
A solution seems simple enough. Scan and check a digital signature. Modern AV scanners don't always catch the zero-day problems, as Rutkowska pointed out in her post. Where heuristics fail, checking a digital signature to see if it comes from an established, trusted vendor, or a brand new site, could be helpful.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
