Blame Your Antivirus Software

Whenever there is a virus outbreak everyone is quick to blame the usual suspects. “Its Microsoft’s fault. They shouldn’t have bugs in their code,” trumpet the Microsoft haters as they run for a microphone or schedule a press conference. “Its the dang users, they don’t listen and they click on everything they see,” laments the administrator. “Its societies fault for raising the kind of children who code viruses.” “No wait its the University of Calgary’s fault.”
It seems its the fault of everything but the antivirus software itself. We need more antivirus they cry!! So updates go from monthly to weekly to daily to hourly. Hell, just stick in an IV and keep feeding me virus definitions non-stop.
Degrade our ability to use mail! That must be the solution to virus woes. Block all attachments. No, that’s not enough, BLOCK HTML. Stop all messages containing the words “the, and a or of.”
The viruses still aren’t being stopped? We better stack one virus engine upon another. I’ve got it, we’ll call it “Defense in Depth.” We can start making analogies about “castle protection.” And if anyone says that our plan is 15th century protection, we’ll get medieval on their…oh sorry, I was just getting a bit carried away there.
Perhaps its time to look in a new direction. Antivirus software that stops viruses. Not stops virus if it has the current daily security patch necessary to stop the latest badness. Antivirus that stops the virus. You say it cant be done. That it is prone to false positive. It is done. And it is being done today at the email layer. Two companies have the temerity to WARRANTY their work. They are Message Labs and Avecho. Sure that requires outsourcing your mail. But Message Labs is worldwide with some major customers and some major redundancy built in. It is worth it to know that viruses aren’t getting through the SMTP layer.
If only someone would build something similar for the desktop. I had high hopes for NOD32. But I’ve read it has some false positive problems . Perhaps one day vendors will hear the demand and bring about some innovation in the antivirus industry.
Note, some of these ideas were shaped by years of reading Rob Rosenberger over at vmyths and at kumite before that. And yes his post today at his site did inspire this entry.