<<< Date Index >>>     <<< Thread Index >>>

RE: getting rid of outbreaks and spam



>>From Thor: 
>>
>>...It is only when we start diverting those resources away from reactive 
>>solutions,
such as antivirus that have not hindered any major virus outbreak but even 
created the
far worse problem of AV notifications, and towards proactive appliances and 
proper risk
management that we can minimize our risk and shorten our window of exposure to 
threats.

I agree that MyDoom demonstrates all too clearly the inherent limitations of
conventional antivirus technology, but you're still unfair to it. First, the 
vast
majority of attacks don't spread as far and as fast as MyDoom, and by the time 
one is
likely to encounter it the AV companies have protection available, so 
conscientious
users can protect themselves. Surely this is beneficial when it works, which is 
very
often. Second, do you actually know that AV technology has never prevented a 
major
outbreak? That would likely be an outbreak we didn't hear about. Finally, AV 
companies
didn't cause the infrastructure problems, like unauthenticated SMTP, that 
facilitate our
worst attacks.

>>ISPs and peering points should seriously consider the development and 
>>implementation
of technologies that can unintrusively and anonymously detect threats and 
filter packets
that meet certain risk criterias, before governmental agencies wake up and start
addressing the issue by regulations and law that will inevitably limit their 
control of
private property.

Too bad that mass-market ISPs could never afford to do this given current 
pricing
expectations. This kind of protection would require making Internet access much 
more
expensive as a general rule. The political outcry would be far worse than any 
reaction
to an attack such as we have just experienced.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
larryseltzer@xxxxxxxxxxxxx