| Could open source anti-malware help Windows? |
Apr. 25, 2006
Two of my colleagues -- Jim Rapoza, eWEEK Labs director; and Larry Seltzer, eWEEK Security Center editor and all-around security guru -- have been writing recently about open-source's failure to produce kick-ass Windows anti-virus programs.
Jim laments that while ClamAV, easily the most well-known open-source anti-virus program, works just fine on email gateways, it's Windows client, ClamWin, just doesn't cut the mustard, since it doesn't scan in real-time.
To that complaint, I'd add that ClamWin is also in dire need of speed optimization. It's easily the slowest anti-virus program of all the ones I've used recently on my Windows systems.
Why doesn't open-source address the Windows desktop viral problems? Jim speculates that it's because since viruses are basically a Windows problem, it doesn't get the attention of open-source developers.
There's a lot of truth to that. As Larry points out in his column, "Jim's analysis falls right in line with Eric Raymond's theory of open-source itch-scratching: in the (open source) 'bazaar,' problems get solved because someone competent to solve the problem has it."
Exactly.
For all the FUD about Linux viruses, the plain facts are that there aren't any worth noticing. In the recent story about the so-called cross-platform Virus.Linux.Bi.a/ Virus.Win32.Bi, a virus that could get both Windows and Linux systems, no less a figure than Linus Torvalds sarcastically "fixed" Linux so that the virus could work. (Editor's note: read Joe Barr's NewsForge article about this -- it's hilarious!)
Larry also points out, correctly as far as I'm concerned, that simple virus pattern scanning on files and ports isn't enough to secure Windows. Windows also needs an active anti-malware system and an IPS (Intrusion Prevention System).
Doing this, Larry thinks, is something that requires "intimate knowledge of Windows internals and the behavior of popular third-party applications," which in turn makes it too hard for open-source programmers.
Too hard!?
This is where Larry and I differ. I think open-source programmers are more than capable of delivering as good a malware protection system as any that currently exists on Windows.
Notice, however, that I didn't say an open-source anti-malware program would be great software.
From where I sit, there aren't any great Windows anti-malware programs. I don't think there can be.
You can keep a car on the road with duct-tape, but you can't really fix it that way. So long as Microsoft keeps a fundamentally broken operating system on the road -- and Vista is just more of the same -- no one's going to be able to effectively secure it.
This isn't Windows-bashing. Just look at the record. Microsoft can't even keep XP SP2 running smoothly. In fact, Microsoft recently had to release a new version of its most recent patches because they were breaking its own programs such as Office and Outlook Express.
If Microsoft doesn't know Windows internals and the behavior of its own applications, who does?
I do think it would be a worthwhile effort for some Windows open-source programmers to turn their attention to a comprehensive security suite. What I don't think though is that anyone, not open-source or Microsoft's best, can really do more than keep taping up Windows to hold it together as it keeps wobbling down the road.
You want a real open-source security fix for the desktop? It's already here; it's the Linux desktop.
-- Steven J. Vaughan-Nichols
Do you have comments on this story?
Talkback here
NOTE: Please post your comments regarding our articles using the above link. Be sure to use this article's title as the "Subject" in your posts. Before you create a new thread, please check to see if a discussion thread is already running on the article you plan to comment on. Thanks!
(Click here for further information)
|
|
|
7 Advantages of D2D Backup
For decades, tape has been the backup medium of choice. But, now, disk-to-disk (D2D) backup is gaining in favor. Learn why you should make the move in this whitepaper.
4 Legal Reasons to Control Internet Access
The Internet is obviously a valuable resource for many organizations. However, many are exposed to legal liability concerns because they fail to control Internet access. Learn if you're safe in this white paper.
Rapidly Resolve J2EE Application Problems
Whether you are in the process of building J2EE applications or have J2EE applications already running in production, you must ensure that they deliver the expected ROI. Learn how in this white paper.
Load Testing 2.0 for Web 2.0
There are many unknowns in stress testing Web 2.0 applications. Find out how to test the performance of Web 2.0 in this white paper.
Build Better Games Online
For the game infrastructure providers, life is complex. Making money from games has become more complicated. Why? Find out in this white paper.
Building a Virtual Infrastructure from Servers to Storage
This white paper discusses the virtual storage solutions that reduce cost, increase storage utilization, and address the challenges of backing up and restoring Server environments.
Gaining Faster Wireless Connections with WiMAX
Welcome to what is quickly becoming the hyperconnected world where anything that would benefit from being connected to the network will be connected. Learn more in this white paper.
Is Your Desktop a Security Threat?
The new wave of sophisticated crimeware not only targets specific companies, but also targets desktops and laptops as backdoor entryways into those business’ operations and resources. Learn how to stay safe in this white paper.
Increasing SAN Reliability by 100 Percent
Storage area networks (SAN) are a strong part of storage plans. Learn how to increase your reliability and uptime by 100 percent in this case study.
|
|
|
|
|
news feed