Symantec Hopes To Remake (Tighten) Security
Most security tools will allow just about anything as long as it's not on a
black list. Symantec CEO John Thompson thinks it's time for a change. Because
exploits are getting worse and worse, Thompson believes we should turn security
on its head and only allow things that are
specifically
outlined in a white list.
While this appears overly restrictive, it might be better to have a locked-down
system that actually runs rather than a wide-open machine that's more frozen
than a king crab fisherman.
A better idea might be to build virtualization into the OS in very specific
ways -- such as isolating e-mail and the Internet from our documents. Of course,
this runs completely counter to Microsoft's attempts to integrate everything
with the Internet. But isn't that what got us into trouble in the first place?
Speaking of Symantec, my daughter Lauren just went off to college. Milliseconds
after connecting to the campus network, her HP laptop began running slower than
Kyle Petty with a flat tire. Now that's slow!
I paid for a Norton subscription, so she dutifully ran a Norton scan. After
eight hours, it was only a third of the way done. Next, she tried the Microsoft
Malicious Software Removal tool and it told her she had an unwelcome visitor
-- Backdoor:Win32/Rbot.gen!A! Even though this Trojan was first discovered over
three years ago, it managed to slip past Norton's defenses and set up shop.
We went back to Norton and it took three full days to complete the scan.
Just shows you how tough it is for even the top dogs to protect our systems.
Maybe Lauren will listen next time I offer to buy her an iBook!
Posted by Doug Barney on September 24, 2007