You guys just tell it as it is - A reader writes
|
|
|
Looking into the future of computer security
THE LONDON Infosecurity conference doesn't have the big name speakers and research news of a Black Hat or RSA Conference, as it's more of a big marketplace where security vendors hawk their wares to people frightened by the latest cybersecurity scare stories.
But this year was different with the addition of a university research and development area, where delegates got a chance to see and talk about something new, rather than the same products companies tend to push that are virtually the same things as they sold last year but with 2010 slapped on to the names.
So The INQUIRER sat down with Andrew Simpson, director of studies for the software engineering programme at the Oxford University computing laboratory. Not being attached to a vendor, he gave his own opinions about what he was seeing at the security conference.
"It's a bit scary. It feels as though a lot of people at this show set up a stall to hook in a CIO who doesn't really know about today's technology, and sell them something," he said.
"They'll go back to their technical people and say I bought this, and they'll go what, that's a waste of money. Ninety per cent of the stuff here, nobody needs."
Not the words that the computer security industry would use, obviously. But Simpson's words carry weight since he's part of the Oxford University computer science department, which is looking at ways to improve IT security before the problems start, rather than as a quick fix.
"The department's been around a long time, but usually had a reputation for doing theoretical research," he said. "The founder was keen that theory should be linked with practice, and sometimes we lost sight of that."
"So there's lots of work being done on programming, for example. Things like designing new programming languages so it is harder to make mistakes - automatic checking that can tell you when you've made the types of problems that might lead to SQL injection, buffer overflow, or whatever the latest source of bugs is."
"If you can design those things outside of the programming language in the first place, then you win. We've got a long standing interest in that sort of thing."
But Simpson said that there was a limit to how far they could go with that, because when you have two devices communicating on different sides of a network you can't tell whether the other is doing the right or wrong thing.
"Another big area that the lab has been interested in is analysing security protocols," he said. "The way that two devices that talk to each other, what assumptions they are making of what is at the other end of the wire, and can those be broken by someone who's in the middle and so on."
Simpson said that the security industry might fund a little bit of research, such as a student with a doctorate rather than a big strategic partnership.
This is the case with some recent research led by Ilir Gashi, research fellow at the centre for software reliability at City University, who presented Symantec-funded research that showed how different anti-virus engines could be used in combination to improve detection capability, in real world conditions.
Anti-virus software normally worked on the basis of detecting signatures, so are people leaving themselves at the mercy of only one anti-virus company's ability to detect signatures rather than using many different types?
The idea of combining multiple detectors is not new, with a cloud-AV architecture already examined which uses many anti-virus products to improve the rate of detection. The University of Michigan is also developing a system where traffic from a host is forwarded onto anti-virus engines developed on the cloud.
But the City University research used real-world data to find that each of the anti-virus engines they examined - mostly free - did not show 100 per cent detection rates with the malware they looked at, but if you combined just two free software products, you could get perfect detection.
Makes sense, doesn't it? Could we see a cloud-AV architecture in the future?
Gashi said, "In terms of installing more than one anti-virus engine for home use, there are technical and practical difficulties. Sometimes one anti-virus will try and detect another anti-virus as the virus, and try to uninstall it. Of course there are performance implications in trying to run more than one anti-virus on one host machine."
"But there are architectural solutions being developed commercially by a company called GFI which uses more than one anti-virus engine for detection of malware for emails. But they don't run the anti-virus engines on the same host."
But he said that it might make more sense to use this type of system in the corporate world, provided they could get server space that could potentially deploy the anti-virus on virtualised machines. µ
Share this:
Share
Actually, I do follow my own advice and even worse, use *OS/2* with *noscript* to SELECTIVELY allow javascript for ONE site, the rare times that I'm forced to (as for amusing myself with comments here, heh). What I find is that it's actually EASIER to download from even M$ (the few times I need to tinker for other people) because most sites have a default to simple buttons, and I also then have it safe on the OS/2 server after Windows trashes itself and I have to start from scratch. Yet to find anywhere that I'm required to have Flash but then I only dip a toe into the M$ cesspit. -- IF I ever do, I'll hit the KVM button and power up my Linux box.
So nearly all the time my amusement isn't distracted by the bombardments you endure. Enjoy.
@bigger_luddite talking about 'real world scenarios', good luck getting anywhere on the web with javascript and flash both removed, you would block half the sites and 90% of the service types like manufacturers and driver download sites, so you'd not be able to update anything, even more so since on your advise automatic updates would be disabled.
And yes I do in fact disable a lot of the auto-update stuff and specifically stuff that loads a few MB in the background 24/7 so it can check for updates once a month (idiotic software), but if you do that you need to manually check, and that means going to sites, who all use scripting, and to get to the page you on a regular basis need to use flash menus (I do wish they quit doing that).
So I conclude you do not follow your own advise but are just talking nonsense on the internet for your own amusement.
I'd say it's higher than that, but he's on the right track. "Capitalism" thrives on creating a perceived need for an endless stream of same old products re-packaged, software field is no exception.
Here's a quick partial list of what you *don't* need on a Windows system (since I know most are in thrall to the monopoly) removal of which will greatly increase its security: Flash, javascript, Auto-update, Auto-install, Auto-play, any except basic networking, and as always, last and *least* desirable is Internet Explorer.
Just run ubuntu and be done with AV.