All of the major anti-virus vendors have had recent security vulnerabilities
(link dead, sorry)
Symantec, McAfee Problems May Lead To Sea Change In Antivirus Industry .
Heap overflows and file overwrites? For crying out loud, shouldn't AV vendors do better than this? At least Microsoft can use the excuse (valid or not) that it has to work with a lot of crappy old legacy code; these AV guys have a blank slate any time they want. How can they possibly be excused for these kind of sloppy programming mistakes?
There is no excuse.
The Information Week article suggests that these problems will help Microsoft's entry into the AV market. Oh, but wait: silly me, the Least User Privilege in Microsoft's next OS is going to fix all this, isn't it? Microsoft Vista will be secure, so who needs all this AV stuff anyway? Yeah, right.
Sometimes I think the future of computing looks very bleak. That same article says:
The long-term solution to the antivirus epidemic is more likely to come in the form of trusted computing initiatives where digital keys, certificates, and passwords are stored on microprocessors in PCs, servers, and other hardware.
Envision a world where buying a computer requires that the hardware be registered to you. The network card is specifically responsible for stamping all outgoing packets with a certificate identifying their source, and no other machine or router will accept packets whose provenance can't be vetted all the way back to a known entity. Is that what is being suggested there? While it might solve some security problems, it also lets governments control free speech: if every packet can be tracked to its creator, repressive governments can tightly control all communication.
I don't know that there are good answers for any of this. Compromises and concessions, sure. But final solutions seem unreachable.
Got something to add? Send me email.
More Articles by Anthony Lawrence © 2012-07-13 Anthony Lawrence