|
Risky_Business_Security_Software_Testing
| Risky Business: Security Software Testing
January 11, 2005 Testing Security Software By Tim Klemmer CEO,
OnceRed LLC
This is the fourth in a series of articles highlighting reasons
why we need a new model for anti-virus and security solutions.
Reason #3: Security Software Testing Ever ask yourself the
following question as you’re standing in the aisle at CompUSA or
Best Buy: how well will this piece of software work with my
other programs? Probably not. There is a high expectation that
whatever piece of software you buy will work acceptably on your
computer and won’t infringe on other programs.
Games, word processors, spreadsheets, music players are just
those types of self-contained software programs that you
wouldn’t expect any trouble from. And for the most part, you
don’t experience problems.
Security software, on the other hand, by its very nature is more
invasive and more likely to intrude on your way of computing.
First and foremost, all good anti-virus software packages
install on-access/on-demand scanning. This means that every time
you start up a program, every time you access a document or
spreadsheet, every time you access a directory in Explorer, the
anti-virus program will scan it for viruses. Unfortunately, the
consequence of this is that it slows down your computer.
Unfortunately still, all vendors set on-access/on-demand
scanning up as the default when you install the software. They
have to.
When you install security software it has to install itself in
such a way that it will always have the upper hand when new
programs are run on a PC. Why? For the simple reason that you
are installing this software to protect you from bad software.
Security software tries to analyze anything you do on your
computer and decide if it is a good thing or not.
But will the software make good decisions? Will this software
cooperate with other programs? Security vendors have spent years
perfecting their testing and testing against enormous suites of
commercial software. But they can’t test every combination of
software, every different version of software (there are still
PCs out there running DOS 3.0 programs). They have to
concentrate on mainstream. The problem is they may have no idea
that your video card in combination with those two older games
you installed will wreak havoc with their detection algorithms.
We see this all the time. Users send in emails or write notes in
newsgroups complaining that such-and-such a package is
preventing them from installing a new game or that such-and-such
version is saying that their new game is infected.
Or worse still, things just don’t work the same anymore since
the software was installed. Downloads become more tedious
because instead of just clicking download, now users are forced
to answer questions about each download or approve downloads.
Solution So what’s the answer? The answer as we have been
touting in these series of articles regarding security software
is to move to a more centralized approach. Instead of installing
scanning software on your computer, install behavior-based
software on an off-site testing server that receives test
requests from the email server. All emails are routed through
the testing server.
This then can be expanded to include web traffic that runs on a
10-second delay much like talk radio. You connect through the
internet, all subsequent downloads, ActiveX controls, etc. are
routed via a testing server and then arrive on your PC or are
halted and removed and you receive the appropriate message.
In the time that it takes to receive a file, it can be tested,
and trouble software can be detected. This approach works for
detecting everything from viruses to worms to spyware. You as a
user notice no long waiting, no downtime, no drag, and no
incompatibilities.
About the author:
Tim Klemmer CEO, OnceRed LLC http://www.checkinmyemail.com Tim
Klemmer has spent the better part of 12 years designing and
perfecting the first patented behavior-based solution to
malicious software.
|
|
| |
| |
