RE: getting rid of outbreaks and spam
>>From Thor:
>>
>>...It is only when we start diverting those resources away from reactive
>>solutions,
such as antivirus that have not hindered any major virus outbreak but even
created the
far worse problem of AV notifications, and towards proactive appliances and
proper risk
management that we can minimize our risk and shorten our window of exposure to
threats.
I agree that MyDoom demonstrates all too clearly the inherent limitations of
conventional antivirus technology, but you're still unfair to it. First, the
vast
majority of attacks don't spread as far and as fast as MyDoom, and by the time
one is
likely to encounter it the AV companies have protection available, so
conscientious
users can protect themselves. Surely this is beneficial when it works, which is
very
often. Second, do you actually know that AV technology has never prevented a
major
outbreak? That would likely be an outbreak we didn't hear about. Finally, AV
companies
didn't cause the infrastructure problems, like unauthenticated SMTP, that
facilitate our
worst attacks.
>>ISPs and peering points should seriously consider the development and
>>implementation
of technologies that can unintrusively and anonymously detect threats and
filter packets
that meet certain risk criterias, before governmental agencies wake up and start
addressing the issue by regulations and law that will inevitably limit their
control of
private property.
Too bad that mass-market ISPs could never afford to do this given current
pricing
expectations. This kind of protection would require making Internet access much
more
expensive as a general rule. The political outcry would be far worse than any
reaction
to an attack such as we have just experienced.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
larryseltzer@xxxxxxxxxxxxx