Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Staying on top of Security

SANS' Internet Storm Centre have been running interesting daily stories on their diary to highlight various Information Security issues and problems for Cyber Security Awareness Month (this October), starting with an excellent lesson on how self confidence can be the first step towards critical failure (also a theme in this story).

One thing that can trap the expert user is thinking that they are expert enough to do without the protection (limited or otherwise) offered by antimalware / antivirus software. While it is true that these applications can bring their own share of problems, in some cases weakening the overall security stance of a system, they can be used something like a 'stopgap' measure, helping protect against those instances where temporary lack of attention could otherwise allow malware in.

As malware keeps evolving and authors are introducing new methods for attacking end users, it is seen that antimalware providers are sometimes struggling to keep up with the different methods that malware can be introduced to a system.

With this understanding in place, it comes as somewhat of a surprise to see that noted Microsoft Security Evangelist Steve Riley does not run antivirus software on his systems. For him it is a calculated risk that he will be able to avoid infection through secure computing practices and reliance upon the Windows Firewall, UAC, and user (family) education.

So far he claims to have successfully avoided infection (which sounds like many other grandiose claims in the past), but the risks of failure are a little greater as he is relying upon software that are integral parts of the target system to detect and warn of impending attack (or even a successful attack).

It is like trying to assess how much damage something has taken when the damage assessment machine is damaged (Red Dwarf reference for the curious).

Alternatively, as Richard Bejtlich points out, attackers are unpredictable - outperforming the efforts of protection tool developers, and they will continue to do things that surprise you.

Although Steve Riley acknowledges that his position would be dangerous for most users, it really is only a position that the truly expert should consider taking - and even then they should be aware of the risks and issues that they could face when the next major automated worm arises. The risk of being (mis)informed is higher than many might expect.

8 October 2007

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.