RE: getting rid of outbreaks and spam

["Larry Seltzer" <larry () larryseltzer com>]

> > From Thor: 
> >
> > ...It is only when we start diverting those resources away from reactive solutions,
such as antivirus that have not hindered any major virus outbreak but even created the
far worse problem of AV notifications, and towards proactive appliances and proper risk
management that we can minimize our risk and shorten our window of exposure to threats.

I agree that MyDoom demonstrates all too clearly the inherent limitations of
conventional antivirus technology, but you're still unfair to it. First, the vast
majority of attacks don't spread as far and as fast as MyDoom, and by the time one is
likely to encounter it the AV companies have protection available, so conscientious
users can protect themselves. Surely this is beneficial when it works, which is very
often. Second, do you actually know that AV technology has never prevented a major
outbreak? That would likely be an outbreak we didn't hear about. Finally, AV companies
didn't cause the infrastructure problems, like unauthenticated SMTP, that facilitate our
worst attacks.

> > ISPs and peering points should seriously consider the development and implementation
of technologies that can unintrusively and anonymously detect threats and filter packets
that meet certain risk criterias, before governmental agencies wake up and start
addressing the issue by regulations and law that will inevitably limit their control of
private property.

Too bad that mass-market ISPs could never afford to do this given current pricing
expectations. This kind of protection would require making Internet access much more
expensive as a general rule. The political outcry would be far worse than any reaction
to an attack such as we have just experienced.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
larryseltzer () ziffdavis com