Personal tools
You are here: Home You cannot rely on antivirus
Navigation
Who is Tracy Reed?

I am a Linux enthusiast, a multi-engine instrument-rated pilot, and a traveller. I am interested in all aspects of computing and technology in general, especially Linux and Free Software. As an avid pilot I can be found somewhere over the skies of the southwestern US most weekends.  As a traveller I have been to many interesting places. Check out my photo gallery. Want to get me something cool? Check out my Amazon.com wish list!

 Tracy

 

You cannot rely on antivirus

by Tracy R Reed — last modified Nov 19, 2010 03:33 PM
Filed Under:

Antivirus is inherently out of date while consuming ever-increasing resources while viruses are now far more dangerous.

As the number of viruses/malware to scan for and parts of the system to monitor for infection increases more resources will be required. I bet we already spend the equivalent of one whole CPU of ten years ago just scanning for malware on the typical modern computer. In the last couple of years there has been talk of the end of antivirus as we know it:

http://www.google.com/search?q=the+end+of+antivirus

This is because the increase in resources required to secure the computer cannot continue forever.

What's worse is that antivirus only detects known viruses. There are an increasing number of unknown viruses out there and antivirus vendors are falling further behind. There has always been a large lag between initial release and detection by antivirus software. The virus has to be released, discovered, reverse engineered, signature created, added to antivirus software signature database, then the user has to update. This all takes plenty of time.

There is an increasing number of unknown viruses out there that do not get caught until after they have already caused damage. Google had no clue they were infiltrated until the bad guys tipped their hands by getting caught logging into other people's webmail accounts which prompted investigation. At that point the malware they had been sent was undetected. There have been serious consequences, likely including prison time if not worse, for certain human rights activists in China whose gmail accounts were compromised.

Stuxnet was discovered in June 2010. The widely accepted theory is that it was designed to sabotage the Iranian centrifuges and has probably been successful. According to:

http://www.fas.org/blog/ssp/wp-content/uploads/NumberCentrifuges1.jpg

we see the number of centrifuges online decreasing between May and August of 2009.

On July 17, 2009 WikiLeaks posted a notice saying:

Two weeks ago, a source associated with Iran’s nuclear program
confidentially told WikiLeaks of a serious, recent, nuclear accident at
Natanz. Natanz is the primary location of Iran’s nuclear enrichment
program. WikiLeaks had reason to believe the source was credible however
contact with this source was lost. WikiLeaks would not normally mention
such an incident without additional confirmation, however according to
Iranian media and the BBC, today the head of Iran’s Atomic Energy
Organization, Gholam Reza Aghazadeh, has resigned under mysterious
circumstances. According to these reports, the resignation was tendered
around 20 days ago."

A centrifuge full of uranium hexaflouride turning at 15k RPM failing and spewing its contents widely throughout the facility due to someone messing with the speed controls via the computer which controls the PLCs is indeed a serious nuclear accident which could end the career of whoever is in charge.

All of this implies that it was more than 10 months that Stuxnet was out there completely undetected by antivirus.

What malware is on the computer you read this on that you won't know about for 10 months?

Document Actions