Malware

AV industry sucks, says CEO of leading antivirus firm

The chief executive of leading antivirus firm Trend Micro, has thrown down the gauntlet by declaring that the antivirus industry "sucks."

Eva Chen, who co-founded Trend Micro 20 years ago was not one to shy away from criticizing her peers.

She was quoted saying:

For me for the last three years I’ve been feeling that the anti-virus industry sucks. If you have 5.5 million new viruses out there how can you claim this industry is doing the right job?

Unsurprisingly, Trend Micro has a new technology up its sleeve to address this exact problem. Dubbed the "Smart Protection Network," the technology uses pattern comparison at the Internet cloud-level, resulting in a client-side agent that is a staggering 70 percent smaller than existing executables

According to Chen, leveraging the cloud allows for a dramatically lower response time in the region of just 15-30 minutes -- a far cry when compared to de-facto situation of weekly, or daily, antivirus definition updates. The technology won't be out until at least later this year, though.

In this day of pervasive broadband connectivity, is Trend Micro's cloud-based antivirus protection the solution, or simply delaying the inevitable? The death of the traditional antivirus approach has already been foretold a thousand times over by now. Other than whitelisting, are you aware of any other solutions on the horizon?

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

63 comments
daredvl
daredvl

Honestly this is the same technology as what Prevx has been using for years. They have a huge list of files that are malicious and it actually works fairly well. Another technology that you may be interested in is Cimcor. It is by far one of the best solutions I've seen to the Anti-virus and IPS solutions. Best of luck

JCitizen
JCitizen

haven't looked into VM more; but of course we are talking about public released information so that kind of discussion would be rare, coming from the industry. That idea would involve the merger of several sciences and industy, to come out with something the home user could actually implement. Or perhaps I'm lending too much credence to the effectiveness of such an approach. Criticism is welcome.

Tony Hopkinson
Tony Hopkinson

I thought there was going to be an attack of ethics, but no, a new shiny wrapper on the same old turd. Anything else would have been a shock...

justin
justin

But you gotta use something. We might as well what works the best right now.

albert001
albert001

Trend Micro is the best out of the unfree AV programs. Avast works just fine for me though

Jaqui
Jaqui

Comodo, the SSL Certificate vendor is now in the free anti malware software game. I've one client who uses windows, and I have been testing their products on his systems. About the worst thing I can say is that the firewall demands to much user interaction.. updating the system, making any changes to it, the firewall wants the user to okay it every time. [ the only setting that disables that would reduce effectiveness noticeably ] http://www.comodo.com/products/free_products.html Other than the firewall problem, good, effecive free anti-malware tools, with reasonably light resource consumption, even when doing deep scans of the system.

dawgit
dawgit

That being useing the 'Cloud' Concept. At least worth a try. The problem though is Users. Maybe the ISP's should quit trying to throttle Band Width, and start a way to ensure that any time any computer is introduced into the net, it's virus free. Or at the least it has an enabled, up-dated, and actually functioning AV. Now that would be progress. -d

Tearat
Tearat

Not the solution There are 2 choices Stop the viruses getting on to the Internet Or redesign the Internet to 1.Identify the low life's who are sending out viruses 2.Prevent the transmission of viruses and while your at it Spam They need to stop trying to patch the problem

JCitizen
JCitizen

I haven't had much luck with Trend Micro since they stopped supporting IS 2006. The newer versions were worse than Vista about being a system hog, and refused to cooperate with any other good AS product. I switched to NOD32 for strickly AV protection and am very impressed with it. I do like certain Trend features though, and look forward to doing business with them again; but I'd bet that only their gateway products will be worth working with, even with this new "plan". Sorry, but I've become very jaded in the home use SOHO arena here! Enterprise administrators will be very happy I'm sure.

pmdirico
pmdirico

I've been using the free version for about a two months now on a secondary system that I have for surfing to places that might be as safe as I'd like them to be. So far Comodo has caught everything that needed to be caught. I'm using it in conjunction AVG Free which in conjunction with Spybot, Adaware, and Spyware Blaster have caught everything else. I do however agree with a post above that ISP's ought to be authorized to go after and shut down any nefarious individual that is introducing spyware, viruses and trojans to the net.

Neon Samurai
Neon Samurai

I actually volunteered for that kind of treatment from my WinXP boxes a-la spybots registry gaurding program. Same with my firewall. In both cases, it doesn't take too long for the system to get trained on what it will and won't trust. I'll have to have a look at this AV though, AVG may be due for a change.

MarkGyver
MarkGyver

Just the privacy issues alone make me strongly opposed to an ISP being given the power to scan my (Linux) computer. Also, unless they have their technician come in person and scan your system from an up-to-date LiveCD or something, it would probably be fairly easy to forge. Also, many people on broadband have multiple computers; even if one's "clean", what about the others? Personally, I think that the virus problem is more about user education as dawgit hints at above, but security is a process and there should be no specific program required on your computer just to connect to your ISP. To me, there are only a few potential solutions that ISP can implement for their users: they could educate the users in the first place and deny service to those who refuse to learn; they could track usage patterns and contact users whose usage is similar to computers on botnets, they could scan the Internet and filtering out sites/files that contain malware; or they could prominently endorse and provide security software that they trust to protect their users. Monitoring usage patterns and contacting the users on signs of suspicious activity and filtering known-bad sites/files would be fairly unobtrusive for the vast majority of responsible users. Providing/endorsing security software can also help. Yet, the only real fix is user education. If everyone knew how to spot and avoid a suspicious link/download/whatever, then there would be exponentially fewer in-the-wild viruses and we wouldn't even be having this discussion. Also, there practically is a panacea for computer security issues: don't run any untrustworthy programs or unpatched software. All one really has to do to prevent an evil program from messing up their system is to avoid running untrusted executable content (not just programs, but also JavaScript, etc). Trustworthiness in this case can be a matter of debate, but there's no reason for any program that doesn't fit you definition to run on the computer with your privileges. Edit: Is there a way to get the br tag to work in the full thread view?

JCitizen
JCitizen

having been in the military gives one the tremendous urge to seek out and destroy one's enemy. But I can imagine the legal ramifications of even disabling a "bot-net" computer would scare the pants off any legal department at an AV firm. We need to lobby congress to allow these companies at least to approach this tactic; and back them up with tort protections of some kind. Very sticky business indeed!

apotheon
apotheon

The Internet isn't the problem. The problem is a lack of attention to addressing the underlying vulnerabilities at their source. If you haven't seen it already, I recommend you check out my article from September of last year, [url=http://blogs.techrepublic.com.com/security/?p=286]The truth about viruses[/url].

Jaqui
Jaqui

of operations without any attention other than automatically updating itself did bring one minor issue to light. sorry Comodo but there should NOT be a white list of any sort. if a file is executable it needs to be treated as infected while scanning. other than that, it found every bit of malware the user got. [ one, imdldr.dll ;) in c:\Program_Files\Messenger ]

JCitizen
JCitizen

I need to use this in my lab, but I'm being lazy and want a new server machine to try it on first. Seems like it would be smarter to test VM on some Linux distro and play with the Windows apps that way; the safe way. But who am I? A newbie to both! (edited) for typo

Neon Samurai
Neon Samurai

Thank you both, I'm sure I'll have something to say about my findings after I have a chance to test the current versions against my dev box.

JCitizen
JCitizen

you don't mind it doesn't watch IM or email. Avast is better but people don't like the over simple GUI. Many of my clients have switched to Avira even though there are nags and false positives. They are very happy with it. Commodo will be a force to be reckoned with if they come up with an AV. I use the Commodo Firewall Pro and prefer it to paid versions. I would actually pay money for it though. I agree with Jaqui's comments about it; when you make changes to the system it at least tells the new users what execution file is modifing what other file. This is good for educating users that aren't familiar with the workings of an operating system. Most will disable this of course; however if you are using an in depth defense this will not be much of a problem. Critical exploitation of the system files is still red flagged by CFP and stopped in it's tracks. I use it in partnership with SS&D's Tea Timer and have done it with Avast in my lab tests and it works amazingly well in this combination. If one process guard fails the other one takes over, and hidden processes get flushed out and nabbed by Avast when they try to pull the hide and seek game! I haven't experienced the UAC yet, but would any of you agree that Commodo is at least less pesky? I know it isn't tied to the kernel; I'm not trying to compare it that way.

Jaqui
Jaqui

this client is the stereotypical "stupid user" and he's had it running for over a month without any problems. I never showed him how to teach the firewall how to learn anything, so I can come by and make it learn what is actually safe to use. ;) I'm going out there tomorrow, so I'll be able to check the system completely and verify that they are working then.

Neon Samurai
Neon Samurai

They care when it effects them directly though usually only until it's cleaned up. If they're not currently stopped from email and browsing but infection; it's not a concern. I don't much care about the details of what my car is doing provided it starts and get's me to my destination. Oil is up? Tank is full? Great, let's go. A gearhead would look at me like I'm nuts for not wanting to know the exact compression and intake sizes to maximize my horsepower. It's the same mindset for users who's lives don't revolve around technology. Turn on, read email from Aunt Ethel, send updated family photos, done. There is also Aunt Ethel sitting comfortably in a quant little town without the feeling of an enemy in the world. She's live there all her life and knows everyone; who would want too harm her, that's just crazy talk. The idea that connecting to her ISP attaches her to an international small town where everyone isn't so nice may never occure to her. Some users do care but it would be a hard sell to force education on the majority that don't and denying access just strengthens your compatition.

Neon Samurai
Neon Samurai

That's the real problem. You run code on someone else's machine without authorization then your breaching the system just like cracker that did it first. Even if the law was changed to recognize active defense being different from the infecting offensive code, there comes the issue of vigilantism. Does your response code kill the malware without harming the rest of the system? Are you sure the person who owns that machine is aware of and intentionally running the malware or are you eating an inocent third party's data? Are you sure that machine is even the source or has someone proxied through or spoofed the return IP? If a thief hids stolen property in my basement without my knowing, what justifies the original owner or police sneaking into my home to retrieve it without my knowing? I'd love active defense. Between brief military experience, Bushido influence personal ethics and having been breached before; oh how I'd love too be able to respond properly with a single killing cut. (A strike or hit means on target, a cut means on the target specifically where you meant to cut; if one subscribes to Musashi's definition.) I guess the real question is how do you employ an active defense as a cut rather than a strike? No calateral damage. No skudd'ing the schoolhouse next door. How does one insure that active defense is not being misdirected into an attack against someone else's target?

apotheon
apotheon

"[i]We need to lobby congress to allow these companies at least to approach this tactic; and back them up with tort protections of some kind.[/i]" Giving those kinds of protections to corporations would be handing them a heck of a lot of power. Being corporations, they'd abuse that power. As such, I'm opposed to the idea.

Tearat
Tearat

I did not want to turn this into an OS debate I had not given it a lot of thought But it just seemed to be a bad idea We have a PC, which is connected to the Internet, which gets its virus database+ from the Internet So it can protect itself from virus?s coming from the Internet And what are they suggesting Lets put more of the AV on the Internet Yep that makes sense to me

JCitizen
JCitizen

poorly designed hueristic engines most AV use now. I know - that is a standard cop out, and I applogize. To repeat myself from other posts, I feel NOD32 anti-virus has the best one going on that particular score. Updates are not long winded definitions of maleware code either. Mine is finished updating within seconds after boot up. Even my boot time speed has improved to a third of what it once was since switching to this combo. I use it with other freeware like Comodo and that combo is really smoking for me right now. I can even get away with this on old junker desktops and am only using about 320Mbs of RAM; - older machines get a new lease on life.

Jaqui
Jaqui

But I still don't think a whitelist of trusted processes / applications is appropriate. It is better for protecting the system if [i]every[/i] infectable file is untrusted. I let the av submit the files to Comodo that it didn't recognise, since the information is both harmelss to my client and helpful in improving the application. [ though it's model for testing is now suspect since it uses a whitelist ]

JCitizen
JCitizen

that appears; (even the Windows ones) - that are easily modified, or a new one from MS update, or not on the whitelist [u]as untrusted.[/u] This is what I seem to experience. Much of the time you can see trusted files modifiying trusted applications if you have alerts set at a high level. But once MS or some other update modifies it, the Commodo process guard treats it as suspect until the next Commodo update. Some people might find this irritating but I don't mind it at all. Newbies will want it disabled, but even if you do that it will flag major system changes with red popups.

Jaqui
Jaqui

since every application it flagged as no in the whitelist was default MS software included in Windows XP Home I didn't check very deep on how it handled the processes. The one flagged as malware it did stop from running.

JCitizen
JCitizen

Commodo Firewall Pro has stopped file modifications in its tracks without relying totally on whitelist. Are you saying the AV lets the offending process continue while scanning?

seanferd
seanferd

First, it has info relevant to all Unices(?), second, that which I've not seen in other man pages or help files helps me to see what is different about BSD. Above that, it is very clear and concise. Thanks again.

apotheon
apotheon

I hope they turn out to be helpful.

seanferd
seanferd

I appreciate the pointer to those resources.

apotheon
apotheon

If you decide to go with PC-BSD or FreeBSD, there are a couple of resources I have found invaluable that you should definitely look into: 1. [url=http://www.freebsd.org/doc/en/books/handbook/]The FreeBSD Handbook[/url] 2. [url=http://lists.freebsd.org/mailman/listinfo/freebsd-questions]The FreeBSD-Questions Mailing List[/url] In fact, you should keep the FreeBSD Handbook bookmarked even if you [b]don't[/b] use FreeBSD or PC-BSD. It's helpful for a bunch of other stuff too, sometimes, including getting certain recalcitrant issues ironed out on Linux-based systems.

seanferd
seanferd

Yes, I need to delve deeper into BSD. I've been running PC BSD in a VM, but it has some issues. I really need to install a BSD or find a good live CD to further investigate. At this time, I'm still unsure as to the significant differences between Free BSD and Open BSD, and what I had learned, I've mostly forgotten. What I do know: PC BSD is Free BSD-based, and BSD is generally a more secure OS than Linux. I still have a lot to learn. Thanks for the input.

apotheon
apotheon

"[i]Especially since I've not setled on a new permanent Linux distro (all suggestions welcome) to dual boot with XP.[/i]" [url=http://www.pcbsd.org/]PC-BSD[/url] . . . or maybe [url=http://www.freebsd.org/]FreeBSD[/url] if that's where your tastes run (like mine). edit: missed a letter

seanferd
seanferd

That is a lot of good info for me, anyway. Especially since I've not setled on a new permanent Linux distro (all suggestions welcome) to dual boot with XP. I like the FAT32 bridge partition concept, I haven't had to use it before with an installed OS or a VM, as my old dual boot was FAT32 for Windows anyway, and NTFS has been easily accessible to me with the more recent Linux distros. Very cool.

JCitizen
JCitizen

but I am humbly soaking it up like a sponge. I always new I'd probably have to go Apple after using it years ago in Production Technology school.

Neon Samurai
Neon Samurai

.. but I'm surely one of the ones mouthy enough to usually chime in. If it's something I know about, I'll probably have two cents to add. For some of us, IT is close to an illness. (It's free opinion day again!! Everybody is entitled at least one. :) ) I think VMware has an osX build or I would hope they did. I'm using Server 2 beta at home now but had nothing but good luck with VMware Server previous to that. Parallels is the obvious VM back end for osX depending on your budget. The feature to display programs from the VM outside the VM window is also a nice feature. Bootcamp is another option with osX if you just want to be able to boot Windows without needing it virtualized or running along side osX. As for VM disks. Think ISO. When you go through the four or so steps to create a VM, you'll be asked what size of "hard drive" should be created. This creates a file of the indicated size in your storage based on where you choose to save VM. In the case of VMware, you'll also be asked what maximum size for the file; I go with default and break them at 2 gig. My standard for "just looking" OS installs is usually four or five gig so two or three files. An OS I'm going to be mucking about with more than a superficial look will go with the default 8 gigs. Dos and my VM for booting LiveCD both get the minimum 100 megs; the first is tiny by today's standards and the second isn't going to touch the "hard drive" anyhow. The oddest bit for me was getting used to thinking in terms of if the CD in the physical drive was being read by host OS or by the VM. If you map your VM cdrom to an ISO it's a little more clear for you too start with. Keeping the VM windowed initially so you can see your own desktop separate from it helps also. There was a long pause for me that first time I got to the "create custom partitions" step of the install as I reaffirmed in my mind that it wasn't touching the physical drive platters. The VM runs within it's own environment seeing that giant file as it's physical hard drive. It shouldn't care what partition type the host OS and your chosen back end is storing the file on. You can also mount a partition directly depending on the VM application you choose if it makes more sense that way. This would be for a VM server where you want each "machine" to have it's own partition on the platter or entirely seporate phisical hard drive. Put a small drive in to support the minimal host OS and VM software then add a hard drive for each virtualized server you'll be running under it. Of course, enterprise setups are a whole other thing with load balancing, storage clustering and the likes. For my physical machine, I always build for a dual boot system. Out of habit and not having a separate NAS in the past this also means a fat32 partition to bridge the two. Trusting write too ntfs from a Linux distribution is a recent development and I still can't stop thinking of ntfs as read-only when mounted under Linux. I haven't even bothered to consider Windows writing or reading non ntfs/fat32 partitions. (I have heard it can with third party help.) This all means a minimum of three partitions in a simplified setup; ntfs, fat32 and ext3 or whatever the Linux distribution prefers. The shared bridging partition allows both bootable OS too share the same read/writable storage partition. I thought I'd clarify that encase the bit about fat32 was misleading. If you want to get really detailed; I'm actually using two ntfs (C programs, D storage, games), one fat32 (bridging storage) and four ext3 (root, home, var, tmp) with another ext3 taking up an entire separate drive devoted to VMs and locally mirroring my preferred distro's repositories. Separate drives keeps my host OS and VMs reading from separate platters for speed and local repositories take the load off my ISP feed when tossing a build together on a whim. Updates can get heavy on the ISP limits when maintaining four or five installs; download once distribute locally. (Good grief.. look at me ramble on.. I didn't know VMware existed until VMware Server was available for free download in late beta. This does fall within the scope of information I pickup like a sponge though. Spelling be damned; I'm a learn tu use the 'puters mom! :) )

JCitizen
JCitizen

I guess I might as well face the fact that I will be continually beholding to you Neon, and just quit worrying about it! =) Looks like Apple would be as good a Unix platform to start from eh!? I was going to buy a high end Vista x64 device, but the way MS keeps treating people lately I might ditch that and run some cheap Vista Basic on Apple just to help my customers with Vista problems. Do the VM-OS partitions need to be Fat32 like the host partition?(I assume so the host can see that particular partition you want in virtual machine)

Neon Samurai
Neon Samurai

You've got the formula figured out already; Linux host OS, whatever guests OS. When I first looked at VMware, I installed the Win32 and Linux builds on there respective boot partitions. I then created a VM stored on a fat32 shared partition. Under Mandriva host OS, you wouldn't realize you where on a virtualized system except for the lack of 3D GPU support. With the window in fullscreen, it's like booting windows against the hardware directly unless I'm gaming. Under WindowsXP host OS, it felt like I was working through Remotely Possible or another remote desktop program. There was always that slight lag between hand movement and mouse cursor. It's best exlpained as feeling like I was working under water. You may find different but you'll likely end up finding a Unix like host OS the better platform to run any VM on top off. It's not a surprise really, one OS is designed for efficient processing where the other has different design goals. VMs pretty much freed me from having a basement full of boxes or constantly swapping out the installed OS on my test rig depending on what I needed that week. No I can keep all of my OS collection under indavidual VM and simply boot the one I need. If I'm mucking with it, I'll set a restore point then break it all I like or test the buggiest programs I can find; click, back to the restore point again. ;) I did have to give up on collecting liveCD images to run under a 100meg hard drive LiveCD specific VM when every distro started putting them out. I keep that VM build handy to test LiveCD as needed though; I just don't keep the library of liveCD iso locally anymore.

Neon Samurai
Neon Samurai

.. now if they'd just sign the release waiver and drink the "placebo". ;)

JCitizen
JCitizen

from elsewhere in the discussion. Ending at [b]IS 2006[/b] I primarily like Trend for a truely multi-functional suite, but especially the personal data protection feature; only Outpost and Comodo have replicated this as of late. I also discovered it did all but maleware removal very well. I didn't mind jumping throught the little extra hoops I had to do, to get the nasties off my hard drive, because detection was 99% of the game to me. The hueristic approach was improving with IS 2006 also, it was a shame Trend dropped it! I am not surprised to see this article however as Trend's newer home desktop AV/Suite performance has gone out the window. In the paid for AV market only Kaspersky and NOD32 stand out. I must admit I haven't tested F-Secure"s full fledged product. NOD32 AV only cost me $25 dollars per installation disk. I'm quite impressed with it's performance, it has an amazing hueristics engine and updates are compact and quick. So far Avast and Avira win the freeware race for me. Avast used in conjunction with the other freeware flat smokes out the malware files. But many users don't like the plain GUI, so I direct them to Avira for that. Avast has an uncanny ability to catch hidden files when combined with a good online AV scanner. This opinion is the result of two years of hair pulling lab testing, so I hope I can save you and others some valuable time in your investigations.

Neon Samurai
Neon Samurai

It used to be easy; pick McAfee or Norton depending on what had the better recognition that month.. so long ago now. I've AVG on the Windows machines here for the amount of uptime they see but I'm due for a review of the latest AV versions. It may be a choice between Avast, Kaspersky and AVG but I have to review the good suggestions I've gotten in recent discussions first.

JCitizen
JCitizen

It isn't worth it! I don't want to be guilty of trying to drag anyone into that! Shoot who knows, maybe the anti-maleware companies will come up with a better solutions! I used to be a big Trend fan; I hope they improve the SOHO desktop model somewhere so I can go back to enjoying their software. Or maybe hardware if that is where it leads us! =)

Neon Samurai
Neon Samurai

I think it'd be a gross case of "sure, we'll let that pass but only if you include this completely unrelated piece of legislation so it slips through piggy-back style." Think of the mess when ISP where arguing for the right to muck with packet transfers. Someone added crap too the legislation because they wanted that passed and would agree too this bill in exchange. Someone else would then add there bit in hopes that it would make the bill outlandish and kill any good it was going to do. And on it goes with every other piece of paper they try to pass; it starts as a clean and simple bill until everyone piggy-backs some other crap through that wouldn't ever stand on it's own merits. Wow.. I'm starting to depress myself today. There must be a way to improve things but all I can think of is user education which brings us right back to the start of the giant brown circle again.

JCitizen
JCitizen

government intervention could help; at least level the playing field so the providers would worry about the customer jumping ship to another competitor. I'm not happy with government meddling, but it seems like a little would go a long way in this problem. I guess we got to ask our selves with is worse?

Neon Samurai
Neon Samurai

Sadly, I think the business decision would be to keep "competitive" subscription fees and enjoy the greater profit margin. What the market will bare is far more popular than fair markup. If an ISP forced a minimum level of user education, didn't give the user's grief about what they did with there connection (within legal limits) and provided a competitive subscription fee; I'd be there right with you filling out the new user forms.

MarkGyver
MarkGyver

Since botnets are expensive resource hogs, any ISP that successfully uses forced user education to reduce/eliminate infections should have more resources available for the actual users and should cost less because of reduced waste. If forced user education means cheaper and more reliable service, sign me up!

JCitizen
JCitizen

Thank you all! I obviously forgot the advantages to both the present seven layer stack design, and the human/political side of the quotient. I'm not sure I fully understand Trend's cloud concept; is this just a different iteration of AVG's Link Scanner approach, except at the client side instead of the server side/web page approach?

Neon Samurai
Neon Samurai

We've been ok for the moment but the bigger client site falls within the mining industry. The person on the browser end may be a mechanical genius but anything that simplifies the computer side of it is for the best. I trust my own cert more than I trust a third parties too though. We'll see if it becomes a problem in the future.

Jaqui
Jaqui

I don't know, I get warnings for a cert for all sites. but then I delete the list of CAs, since they are only saying what the cert holder PAID THEM TO SAY. pointing out that fact about the CAs before entering the ssl session might help.

Neon Samurai
Neon Samurai

self signed are great for my home needs but the business clients get nervous at the warning message since the third party signing authority certs don't dispay any warning.

Jaqui
Jaqui

was go-daddy's thing a while back, before they switched their servers to be 100% Microsoft. but if you have openssl on your linux boxes, you can generate your own certificates. [ cost = time to read the how-to ]

Neon Samurai
Neon Samurai

I remember hearing talk of rewriting mail protocols in the past. I could see leaving tcp/ip as is while addressing the protocols used above that. The more sites using https/ftps/pops and the likes, the better in my opinion. source is validated, deniability is mostly negated (someone will try and argue it in court but...) and payload is encrypted during transport. With machines today, processing power wouldn't take too much of a hit either during the squish and un-squish steps. I can see some protocols that will remain flimsy for the sake of speed rather than strength such as games (I don't actually how the multiplayer games are transferring data these days so I'm guessing). On the Internet, you have a large number of players so you keep the packets small and as quick to process as possible (does WoW encrypt?). On a local network with a more traditional head to head game you have the confined space so weak protocols are not as much of a concern there either; it's speed that's important again for the kids with 20k game rigs and the highest resolution mouse they can find. Hehe.. now that I think of it, how about game spam. We get all servers using https for websites (make certs reasonably priced). servers also move to secure pop/smtp and secure smtp between servers with the entire chain encrypted instead of just the end points. All new protocols developed use encrypted transfer also so your ICQ, MSN, voip, .. all that becomes useless unless your on one of the end points. So what's left; Games.. muwahahahaha.. I'm having an image of some WoW level 80 kid suddenly getting in game popups. WTF, where did the billboards come from? The issue to be very careful about is the anonymity though. This is the very dna of the Internet. The two end points need to know who each other are (browser too server or email too email). As soon as you brake anonymity in between the two end points, I think you'll see the death of the Internet. The only things that will be left is what respective governments deem "acceptable" (this week) and marketing. It'll become another home shopping and advertising distribution channel loosing that magic sauce the gave it a soul. The power of the Internet will go away and we'll have only the empty husk. The real problem is that this all addresses symptoms not causes. It all only makes a step forward in the arms race. As your ending points out; they will find a way. Every puzzle that software developers or anyone else has given the tech world has eventually been broken; often before the official release.

JCitizen
JCitizen

has to be changed or the government needs to help us help our selves, or at least free us up a little and let us use tools they approve and formulate. I see a lot of good arguments for and against a major change to TCP/IP. Something like that could cure the problem until the spammers/malware writers figure out a way around that too!

Neon Samurai
Neon Samurai

My casual subway reading started with a chapter on ethics and law as all books in the topic area seem to these days. The use of "active defense" meaning Admins who returned the Red Code kill command to botnets and such was still pretty fresh in my mind. The trouble currently is that running any unauthorized code through someone else's machine. I believe the law in the snowy north says I can scan a machine for open ports but trying to connect to the deamon behind those ports exceeds the law; well, unless it's changed again. If I get your meaning, I'd call it a passive defense with proactive follow-up. Collect the data as the attack is attempted then send it on to the applicable ISP, registrar or responsible organization. I've sent at least email to the abuse address or registrar where we've gotten gropped by an identifiable source repeatedly. I've also received at least one angry email from our own registrar and fixed that issue on the server right quick. I don't know if I'd trust government to provide an effective group for this sort of thing rather than another beaurocarcy.

JCitizen
JCitizen

So I'll do that now. If the code simply ID'd the culprit bot-net victim's MAC address and ISP/IP, that would go a long way toward gathering information on who's ISP needs to improve their service, and let the victim know they are the shmuck that is hosting the bot and that they should contact a free government/contractor service(like the FCC), to find out how to solve the problem. I have confidence in human nature that most people would do the right thing and try to take action. I don't consider something harmless like a shut down command as truely malicious enough to be considered outside the relm of fairness in the war against spam/malware/ect. Of course the maleware and bots would try to circumvent this, but that is what war is about. I would even be willing to pay higher taxes to buy monsterous gateway devices put in strategic routing areas to filter the maleware/spam out of traffic in real time. It would be hard for me to believe this kind of hardware isn't technologically feasible. Though not practical on VPN and otherwise encrypted traffic.

apotheon
apotheon

"[i]They won't give anyone free gratis in this area, for sure. That would be like shooting themselves in the foot.[/i]" What they'll end up doing is giving corporations lots of power to establish and maintain market dominance without in any way encouraging those corporations to do anything for the good of their customers. Q. What's the opposite of [b]pro[/b]gress? A. [b]Con[/b]gress.

JCitizen
JCitizen

Remember, congressmen are lawyers first, representatives last. They won't give anyone free gratis in this area, for sure. That would be like shooting themselves in the foot.

apotheon
apotheon

. . . but it doesn't seem to be a response to what I said.