On Fri, 30 Sep 2005, Denis Jedig wrote: > Although it is a Good Idea (tm) to uncover design deficiencies in > current AV products, we never should forget that "antivirus" is *by > definition* a reactive thing and thus cannot protect from unknown > threats. If we wanted to have a *really* proactive approach, we would > have to either ask for OS capabilities to efficiently compart > (malicious) code or for the software manufacturers to take damn care > when using low-level languages and introduce efficient patching > mechanisms at last. Once again, there is no silver bullet. I do agree with you on AV being reactive. In fact, the need for it just proves the pitiful state of security today. That said, I very much disagree on your proposed "solutions". OS capabilities? Like what? Preventing users from installing and running applications that aren't approved by the OS vendor, the processor manufacturer, and/or some government regulatory body? Preventing any application from writing to the disk, accessing the network, or interacting with the user? Who are you going to allow to make these decisions for you, on your own machine? Or do you have a real solution that addresses more then one specific subcategory of threat, but doesn't remove your ability to control your own machine and to write code to do the same? As for low-level languages, I don't think that's the problem. Low level languages, meaning assembly/machine languages and C-based languages, have problems with making it easy to prevent buffer overflows - that's for sure. And many high level languages don't have that problem. But there are hundreds of other vectors to use to spread viruses, worms, spyware, etc. -- Joel
