{"id":6881,"date":"2017-03-07T07:50:21","date_gmt":"2017-03-07T15:50:21","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/03\/07\/news-672\/"},"modified":"2017-03-07T07:50:21","modified_gmt":"2017-03-07T15:50:21","slug":"news-672","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/03\/07\/news-672\/","title":{"rendered":"Anti-malware is imperfect but still necessary. Here\u2019s why"},"content":{"rendered":"

Credit to Author: Bill Brenner| Date: Tue, 07 Mar 2017 14:53:27 +0000<\/strong><\/p>\n

\"\"Doctors sometimes make\u00a0mistakes that harm\u00a0the patient. Police often fail to protect and serve. When that happens, people rightly demand the\u00a0failures be analyzed and fixed. But no one ever calls for the elimination of all doctors and police.<\/p>\n

Why then, do some call for the end of antivirus and anti-malware when failures happen? It’s a question that has vexed us for a long time.<\/p>\n

Researchers uncover vulnerabilities in security products on a regular basis. A recent example is Trend Micro, which faced scrutiny in January after researchers reported some 223 vulnerabilities <\/a>across 11 of the vendor\u2019s products. Tavis Ormandy, a prolific and gifted Google Project Zero researcher who most recently discovered Cloudbleed<\/a>, regularly targets security products, including those produced by Sophos and such vendors as Kaspersky and Symantec.<\/p>\n

Along the way, someone either declares it the end of antivirus, anti-malware and endpoint protection, or calls for its demise. Last year, during another disclosure of Trend Micro vulnerabilities, security experts even declared antivirus a threat to security<\/a>.<\/p>\n

Can we all do better? Absolutely. Like all technology created since the dawn of time, antivirus sometimes falls short of its mission. As an industry, we need to continue to find weaknesses and fix them as quickly as possible.<\/p>\n

Does doing better mean we set aside antivirus and anti-malware, just as some believe vaccines should be shelved? Hardly.<\/p>\n

To help frame the issue, I sat down with Sophos CTO Joe Levy.<\/p>\n

Iatrogenesis happens, followed by schadenfreude<\/strong>
\u201cIn responding to the occasional question about the claims of harm from endpoint security products, it occurred to me how strikingly similar such a belief system is to the anti-vaxxer movement. Both mean well, but unfortunately have the potential to do more harm than those they indict. Nonetheless, those who point out problems with antivirus make valid points,\u201d Levy said. \u201cAll software has flaws.\u201d<\/p>\n

Levy offers two other observations:<\/p>\n

    \n
  1. This is a case of yelling \u2018iatrogenesis<\/a>\u2019<\/u> (harm caused by the healer) in a crowded theater. It is particularly sensational because of the irony, and in many cases, a source of schadenfreude<\/a> (pleasure derived from the misfortune of others).<\/li>\n
  2. The attack surface of security software is often enlarged by the level of privilege needed to operate efficiently (i.e. in the kernel) and to do the kind of work that it needs to (file\/network interception, process termination, system cleanup, etc.)<\/li>\n<\/ol>\n

    Just as patients sometimes develop complications after surgery, security technology sometimes fails, creating unintended harm for the user, Levy said. When that happens, detractors love to swoop in and bludgeon the offender.<\/p>\n

    Levy noted that when medical care goes wrong, we don\u2019t see the masses calling for the end of doctors and hospitals. Sometimes police make mistakes and do harm in the line of duty. When that happens there\u2019s public outrage, but no one calls for the end of police.<\/p>\n

    Like modern medicine and law enforcement, the security industry has a very high obligation to protect their users from harm. That means not only demonstrating effectiveness against attacks targeting operating systems and applications, but also against attacks targeting themselves. Despite this awareness, prevalent security software, like all other software with a large enough install base, is still sometimes found to be far from ironclad.<\/p>\n

    But just as we still need hospitals and police officers, we still need those security tools, Levy said. While Microsoft continues to make great strides in the security of their operating systems and applications year over year, a look at the number of Microsoft vulnerabilities per year illustrates the continuing need for additional protections. Microsoft security holes between 2009 and 2016, as catalogued on the Common Vulnerabilities and Exposures (CVE) website<\/a>, are as follows:<\/p>\n