Search
Related Links

 

 

Informative Articles

Sci-Fi Communications at Home
Computers and web cams are taking communication to levels only imagined in sci-fi novels. One of the most incredible inventions I’ve ever come across is the web cam and its process of video conferencing. This is just so futuristic I can’t believe...

What is XBox360?
What is Xbox 360? Xbox 360 is the successor to Xbox video game console from Microsoft. It was referred to in the past as Xbox Next or Xbox 2 or simply Project Xenon. Microsoft has scheduled its launch just before Christmas of 2005, the...

What will Google do with $4 billion?
Google is planning on floating another $4 billion in shares. The question then becomes, with reserves of over $2 billion, what does the company want with the extra cash? This article provides my own speculation and insight and it might surprise...

Why Get a Microsoft MCSE Certification?
Why Get a Microsoft MCSE Certification? In the years of the dot com boom and bust, the Microsoft MCSE Certification has gotten its eye blackened over an over. Paper Microsoft MCSE's who were excellent at finding brain dumps and passing exams...

Wireless Alphabet Soup: What's the Difference Anyway?
Wireless Alphabet Soup: What's the Difference Anyway? Michael Knowles You may have read a few feature lists for wireless cards, and you're about to ask a very common question: what's the difference anyway? Well, answering that question requires a...

 
Risks of Desktop Software - part 1

November 21, 2004
The Risks of Desktop Security Software (Part 1)
By Tim Klemmer
CEO, OnceRed LLC

This is the second in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions.

Reason #2: the Desktop Security Software Risks

The risks of placing software on the desktop are such that I will be breaking this article into two parts.

Fundamentally we think of having software on our desktops as a good thing. I love downloading or installing new packages and seeing what new creative things people do to the user interface or what they do to make certain aspects of my life easier or more fun.

But there are problems inherent with software that resides on the desktop, especially security software. All developers will know what I mean. First and foremost, desktop software can be reverse engineered. What’s that mean? Have you ever inadvertently double-clicked on a file and had garbage show up or seen something that looks similar to this?

The old hex dump. Programmers will know it well. We actually spend a good deal of time trying to read this stuff. Basically, if there are programs that can (and do) turn instructions like the following

If UserBirthDate < “01/01/1960” then
IsReallyOld = “Yes
Else
IsReallyOld = “No”
End If

into something like the picture above, then the reverse is true: people have developed software that can take that gobbeldy-gook in the picture above and turn it somewhat into the if-statement I wrote out. The reversing software won’t know that I had an item called UserBirthDate, but it will know I was testing for a value of January 1, 1960 and it will be able to say that based on that value I set another item to Yes or No.

So now we install our fool-proof anti-virus software on our desktop (or our firewall for that matter). Well, so too can a virus author. And that virus author or hacker will also have gotten a copy of the latest reverse-engineering software from his local hacking site. He now goes upon his task of reverse-engineering the software and then trying to decipher the results. It’s not easy but it can be done. Unfortunately, vendors know this and understand this as an acceptable risk.

The problem here is that your security software is at risk. If your vendor codes an error, the virus author can and will detect it. For example, if your vendor should exclude a file from scanning, it’s possible the virus author will figure out which file (or type of file) that is and bury his code there. If the vendor excludes files from scanning or heuristics, it’s possible that virus author will figure out a way to corrupt that file.

That being said, there are other risks. As we have said, once software is on the desktop it affords virus authors an opportunity to reverse-engineer security software. The knowledge that reverse-engineering provides is invaluable to a virus author when building his next software attack. Third, virus authors can learn where the anti-virus vendors put there software and put the links to their software


(directory folders, registry entries, etc.). This too is invaluable information. In fact, in some ways it teaches people intent on writing malicious software clues as to how to infiltrate the computers’ operating system, where registry entries need to be made to force software to be loaded every time a computer is started, etc.

This information is generally available all over the web and in manuals for operating systems, especially manuals on such subjects as the Windows Registry. But having the software teach you where things belong to be effective is powerful knowledge.

Lastly, and perhaps most significantly, is the issue of forebearance. The anti-virus vendors usually know more about the potential exploits inherent in programs than virus authors but they are bound by the fact that should they try to prevent them before the exploits occur, they could be branded as irresponsible for teaching virus authors about these very exploits.

For example, when Microsoft first released the macro capabilities of Word, anti-virus vendors immediately realized the potential for danger in macros, but they were handcuffed. If they released software that disabled macros before the first macro virus was ever released, they would signal to virus authors the inherent destructive powers of macros. They chose instead to wait, handcuffed by the limitations of desktop software.

Until the Internet there really has been no better medium for delivering virus solutions than desktop software. It was relatively inexpensive to deploy (either market the software and sell it in stores or provide free downloads on bulletin boards and web sites). It is, however, expensive to keep updated in terms of time and effort, even with automated update systems.

The Internet caused several things to happen: by becoming a powerful medium for sharing files, whole families of viruses disappeared practically overnight (boot sector viruses, for example); by becoming the option of choice for sharing files, it was easier to infect a single file and have thousands download it.

A better solution is to place the security software in an offsite appliance of its own making. All Internet, intranet, networking connections flow through the appliance.

Selling off the shelf hardware appliances with built-in security software is better than a desktop software solution but it still suffers –to a lesser extent- from the pratfalls that desktop software falls prey to.

Even better is to create a service that a 3rd party vendor manages in a secure environment. In such an instance both the software and the hardware are away from the prying eyes of the malicious software authors. This further reduces the opportunity for malicious authors to discover the tricks and techniques employed by the security vendors to protect you.


Tim Klemmer
CEO, OnceRed LLC
http://www.checkinmyemail.com
Tim Klemmer has spent the better part of 12 years designing and perfecting the first patented behavior-based solution to malicious software.


 

Computer networking - Wikipedia, the free encyclopedia
Network cards such as this one can transmit data at high rates over Ethernet cables. ... Computer networking is sometimes considered a sub-discipline of ...
en.wikipedia.org
 
Social network - Wikipedia, the free encyclopedia
Social network analysis (related to network theory) has emerged as a key ... Social networking also refers to a category of Internet applications to help ...
en.wikipedia.org
 
Networking on the Network
Here, then, are some of the fundamentals of professional networking. ... Asking advice from the people in your network is part of the process. ...
polaris.gseis.ucla.edu
 
Computer Networking - Wireless Networks - Home and Wireless ...
Site offers coverage of computer network technology in basic networks, VPN, Web servers, Intranets and Extranets, tutorials, and troubleshooting.
compnetworking.about.com
 
ITtoolbox Networking Knowledge Base
A networking community for IT professionals. Focusing on connectivity, network management, network operating systems, security, and other aspects of ...
networking.ittoolbox.com
 
Howstuffworks "How Home Networking Works"
How home networking works and the different methods to create a home network.
www.howstuffworks.com
 
SmallNetBuilder
SmallNetBuilder provides networking and IT news, reviews, help and information for professional and "prosumer" SOHO and SMB users.
www.smallnetbuilder.com
 
Network Computing - Computer Networking, Network Security and ...
Network Computing - Computer Networking, Network Security & Management news. Enterprise product reviews, comparisons and analysis built by IT professionals ...
www.networkcomputing.com
 
CareerJournal | Career Networking - Professional Network ...
Professional Network - Career networking news and advice from The Wall Street ... Networking tips that will help you advance your job search or career.
www.careerjournal.com
 
Trail: Custom Networking (The Java™ Tutorials)
The first describes the networking capabilities of the Java platform that you ... The second provides a brief overview of networking to familiarize you with ...
java.sun.com
 
Windows Server 2003, Longhorn Server & Vista Networking Articles
Features a wealth of tutorials on various Windows networking related topics such as setting up Windows NT/XP/2000/2003 networks, troubleshooting, ...
www.windowsnetworking.com
 
IBM Networking | IBM Networking
The era of e-business on demand requires superlative networking capability. ... IBM Networking Services provides e-business solutions anywhere in the ...
www.networking.ibm.com
 
Computerworld - Networking - Voip - Bluetooth - Firewall - Wireless
Computerworld, the 'Voice of IT Management' is your information source for computer networking. Access up to date information on LAN/WAN, hardware/devices, ...
www.computerworld.com
 
HP Networking products and solutions
HP ProLiant networking products provide high-powered, simple solutions for enterprise, business, or home networking environments, including ProLiant and ...
www.hp.com
 
Monster: Networking
Networking Networking Timeline. Networking Timeline · Making New Contacts · How to Set Up and Run an Informational Interview · Nurturing and Keeping ...
content.monster.com
 
Access | CNET News.com
Phone company shrugs off competition concerns over Verizon's Fios network, saying existing copper is doing the bandwidth trick. ...
news.com.com
 
Network Management: Covering today's Network topics
Find the latest information on Network Management, Network Security, Network Design and more.
searchnetworking.techtarget.com
 
cisco networking academy program
cisco.netacad.net/ - 1k - Cached - Similar pages
 
Networking and Your Job Search: The Riley Guide
Networking starts long before a job search, and you probably don't even realize you are doing it. ... In Terms of a Job Search, Networking is the way to Go! ...
www.rileyguide.com
 
NetworkWorld.com
Networking news, reviews, opinions and forums from the Leader in Network Knowledge.
www.networkworld.com
 
 

 

Content Menu
  • 10 effective ways to reduce your business costs

  • 10 secret ways of getting your website listed on google

  • 10 simple ways to expand your subscriber list

  • 10 successful strategies to site promotion

  • 10 things to ponder before moving your office network

  • 13 point business development plan for it professionals

  • 15 ways to promote elearning programs

  • 2much hosts webmaster access blow out

  • 2much success delays livecamnetwork upgrade

  • 3 quick and easy steps to earn money online now

  • 3 simple steps to internet home business promotion

  • 3 summer computer tips

  • 3 tips to fix unreliable wireless connections

  • 4 computer money saving tips

  • 5 reasons why you need a wireless network

  • 5 simple ways to increase your computer speed

  • 5 stress reducing computer tips

  • 5 things you need to know before deciding on a certification training

  • 5 ways to make your resume shine on line

  • 6 essential steps to protect your computer on the internet for free

  • 7 key items to include in your email signature file

  • 9 steps to protect your ms windows system from viruses

  • 9 ways to get an mcse or cne without wasting 5000

  • about centralized computer systems

  • advanced wireless networking

  • advance online networking getting others to read your emails

  • adware is it safe

  • affiliates need to read their newspaper

  • affiliate profits 101 how to earn your first dollars as an affiliate

  • all about the new scmad certification exam

  • an introduction to text messaging

  • aoe adult online europe amsterdam is calling

  • apple mac mini it fits anywhere it is the most affordable mac ever

  • are affiliate programs the buried treasure of the internet

  • are you overlooking the gold in your email folders

  • article banks and google alerts harness your publishing power

  • a graphic designers top ten resolutions for 2005

  • a graphic designer s top ten resolutions for 2005

  • a toolbar for each

  • band promotion book your garage band some shows or gigs

  • basic diagnosis guidelines for your pc

  • basic problem in a pc

  • becoming a truly valuable ccna

  • beware of spyware

  • bigsquid rfid leading rfid solution in india

  • blogging for personal benefits

  • blogging your way to benefits

  • blogs i wanna have my blogs

  • bluetooth personal wireless networking

  • boost your websites search engine rankings in 5 simple steps

  • bring your visitors back clamoring for more

  • bring your visitors back clamoring for more maintain and improve your web site weekly

  • broadband and internet 101

  • building a wireless network in your home

  • business needs vs network performance critical challenges facing network managers

  • buying a laptop computer

  • buying a laptop that you can use as a personal assistant

  • bypass proxy firewall 100 java http tunnel for anonymous surfing

  • ccna 640 801 certification primer

  • ccna 640 801 preparation and exam review

  • ccna 640 801 preparation exam review

  • ccna icnd ccna intro or 640 801 how to choose

  • certwatch 2006

  • cisco ccna ccnp home labs developing troubleshooting skills

  • cisco ccna ccnp home lab how to configure reverse telnet

  • cisco ccna ccnp home lab setup how to configure reverse telnet

  • cisco ccna certification becoming a truly valuable ccna

  • cisco ccna certification broadcasts unicasts and multicasts

  • cisco ccna certification should you take the one exam or two exam approach

  • cisco certification becoming a real ccna

  • cisco certification becoming a truly valuable ccna

  • cisco certification cabling cisco devices

  • cisco certification ccna candidate faq

  • cisco certification in what order should you take your ccnp exams

  • cisco certification taking your first certification exam

  • cisco certification the cisco three layered hierarchical model

  • cisco certification the osi model isnt just for exams anymore

  • cleaning your computer

  • computers and web cams are taking communication to levels only imagined in sci fi novels

  • computer networking consultants

  • computer network designing

  • computer network installation

  • computer phone voip pathology is preventable

  • computer tips that help small businesses operate profitably

  • connecting linux to the internet

  • creating a wireless home network

  • cut the wires

  • data security are your assets secure

  • dealing with digital disease

  • design matters in our visual culture

  • desktop security software risks part 1

  • digital dispatch is the internet safe

  • disgusted with dialup compare dsl providers cable and satellite internet to see if one is right for you

  • does your event need to be live

  • domains your friendly address on the internet

  • domain registration for great search engine ranking

  • do you know that spyware nuker is a malware itself

  • email marketing lesson starbucks a sexy lady and my search for the ezine

  • erp implementation success factors

  • ez link trading

  • e merging books

  • fast ways to reduce business costs

  • finding a good pc remote control solution

  • finding what you need

  • find the online business made for you 7 steps to set you free

  • five proven methods for increased internet sales

  • five proven methods for internet marketing success

  • five proven ways to increase internet sales

  • five reasons to do wireless networking

  • fleet maintenance software reviews

  • fraud not taken seriously

  • freedom and responsibility on the internet

  • freight broker software

  • freight software

  • get the boot a birds eye look into mcse boot camps

  • good computer maintenance part two

  • google the next step in im

  • got spyware tips for detection removal and prevention

  • hetman will help you conquer your files quickly and effectively

  • how do wireless networks work

  • how to become an internet marketing guru

  • how to bridge the digital divide

  • how to choose the best laptop accessories

  • how to combat spyware

  • how to eliminate spyware adware and pop up ads for free

  • how to obtain free advertising for your online business

  • how to pass ccna 6 steps to success

  • how to protect yourself from viruses adware spyware and hackers

  • how to really install a modem

  • how to stop spyware from infecting your system

  • hpc systems inc announces first 8 way processor amd opterone server

  • ideal connection builder for small businesses

  • improve your profile make more friends

  • increasing the range of your wireless access points

  • index

  • information technology degrees

  • internet2 a future so bright

  • internetworking overview

  • internet a medium or a message

  • internet a whole new world wide web including video and audio

  • intranet

  • introduction to cisco networking the osi model part i

  • introduction to isdn part iii pap

  • iscsi vs fc for meeting mission critical requirements

  • is it still good to share

  • is spyware watching you

  • is your computer sick

  • is your computer slow and sluggish take these steps to speed it up

  • is your laptop or home computer wireless enabled

  • is your network security and user access in the right balance

  • it skills and certification

  • i dont need a website do i

  • join the internet shopping bandwagon

  • keeping it clean virus removal basics

  • keeping your pc healthy at little or no cost

  • keeping your website in top condition 5 easy tips for maintaining a streamline site

  • kill the messenger service

  • laptop computers and the pvp effect

  • laptop computer extras for the mobile traveler

  • lavasfot ad aware free spyware removal

  • life in cyberspace

  • link building for a new web site

  • linux web hosting

  • living life loud

  • maximizing email security roi stop spam and save

  • maybe you already have wireless and dont know it

  • mcse 70 290 certification primer

  • microsoft and history of windows

  • microsoft business solutions var partner selection overview for it director manager controller

  • microsoft great plains implementation tailoring local versus remote support

  • microsoft great plains partner selection overview

  • modern scams online

  • my space is your space myspace com

  • my top 5 stock pick sources for 2005

  • networking basics

  • networking structures explained access point or ad hoc

  • network marketing success starts with you

  • network to find experts and insider tips

  • network wiring standards

  • overcoming small business networks sales objections

  • passing ciscos ccna and ccnp exams ping and extended ping

  • personal wireless with bluetooth

  • photo plus 2005

  • preparing for a career in information technology

  • printing troubleshooting guide

  • product reviews windows xp

  • protection for your computer system painless and free

  • protection for your pc painless and free

  • protect your system from the internet evils

  • qarea announces its wireless casino ready for stress testing on pda and cell phones

  • quick guide to computer training

  • read up on dial up

  • real estate investments that increase your net worth

  • reasons to start a wireless network

  • recognizing a pc with malware

  • remove rogue desktop icons created by spyware

  • report on growth and economic impact of the it industry

  • rf engineering for 802 11 wlan

  • risks of desktop software 1

  • risks of desktop software part 1

  • road warrior at risk the dangers of ad hoc wireless networking

  • rotator

  • sci fi communications at home

  • screenshots vista windows

  • search engine marketing john alexander interviews seo author susan oneil about the early days

  • secrets to spyproofing your computer in four easy steps

  • secure your data windows data backup computer software

  • selecting a cell phone

  • selecting a laptop

  • selecting a personal digital assistant

  • setting up a home network

  • setting up a network wired or wireless

  • setup a home wireless network a short tutorial

  • seven ways to speed up your pc

  • shop surf or send wireless home networks deliver the internet

  • simple tricks to maximize the reach of your marketing message

  • small business server business tips

  • software consulting

  • spam free marketing

  • spybot com spybot search destroy version 1 4

  • spys in cyberworld

  • spyware is hiding in your computer

  • spyware versus adware the difference impacts your privacy

  • spyware what it is and how to combat it

  • strategic internet marketing

  • successful myspace strategies

  • surfing searching networking 101

  • ten great careers for computer geeks

  • that darned old internet gateway

  • the advantages of becoming a master networker

  • the apple mac mini it fits anywhere and it is the most affordable mac ever

  • the best help desks on the internet

  • the birth of incident response the story of the first internet worm

  • the complete guide to spotting computer spies recording devices

  • the dark side of p2p file sharing

  • the evolution of technology the history of computers

  • the future of the web

  • the future of wireless networking

  • the google feedback loop for quality traffic

  • the history of computer

  • the importance of forum participation in promoting an internet business

  • the importance of protecting your pc from viruses and spam

  • the ins and outs of banner networking

  • the medium and the message

  • the metaphors of the net

  • the metaphors of the net part ii

  • the missing link of the internet

  • the next internet marketing gold rush

  • the perils of wireless networking

  • the power of the blog

  • the security risks and ways to decrease vulnerabilities in a 802 11b wireless environment

  • the solow paradox

  • the story of the first internet worm

  • three pronged trojan attack threatens security on the internet

  • time to redefine telecom

  • top 10 ways for web designers to find new clients

  • top 15 affiliate programs that pays top money

  • top 5 reasons to go wireless

  • transportation management software

  • transportation software

  • two enter internet battle

  • understanding the operation of mobile phone networks

  • using fiber patch cables

  • using the internet in your job search

  • verilan successfully interconnects seven carrier labs worldwide into one secure private network for optical internetworking forum oif worldwide interop demo at supercomm 2004

  • visual sciences an analysis software

  • voip a global telecommunications revolution

  • voip phone home

  • vulnerability assessment and network security

  • wardriving ethics

  • webcams science fiction becomes reality

  • web cams sci fi communication at home

  • weight loss for webmasters

  • whats your iq on basic pc phone voip knowledge

  • what certification should you pursue after the ccna

  • what exactly is an intel centrino mobile notebook

  • what is contract programming an alternative to the conformity of everyday employment

  • what is wireless networking

  • what is xbox360

  • what sms users are telling telcos

  • what will google do with 4 billion

  • when trade and community freedom starts to cost click on

  • which notebook computer has your name on it

  • why blog

  • why get a microsoft mcse certification

  • why join the information system security association

  • why learning the osi model is important and not just for exams

  • why over 90 of voip computer phone services are vulnerable to attack

  • wifi range what are the limits

  • wilibox launches embedded linux platform supporting ieee 802 11 ap and sta modes simultaneously

  • wilibox launches embedded linux wireless platform with industrys first 802 11 stack supporting access point and client modes simultaneously

  • windows task manager an overview

  • wired network working into wireless access points

  • wireless alphabet soup whats the difference anyway

  • wireless home networking choosing the right one

  • wireless home networking what you should know

  • wireless installation checklist

  • wireless internet comes to lasvegas net

  • wireless internet terminology confusion or clarity

  • wireless jargon glossary

  • wireless network

  • wireless networking basics

  • wireless networking cards a closer look

  • wireless networking explained

  • wireless networks how do they work

  • wireless shopping with rfid

  • wireless the future of connecting to the internet

  • wireless the new trend in computer rentals and projector rentals

  • wireless wonders and waterfall watches

  • wi fi networking what to look for range speed and standards

  • wi fi wireless fidelity description

  • women entrepreneurs in internet marketing

  • yawna yet another wireless networking article

  • your affiliate business peripherals software computers