When people ask what I’ve been doing I tell them it’s trench warfare computing. Why do I use an analogy referring to the grueling and horrible warfare from WWI?
Follow the link. The Malware writers have made their products immune to many of the “small arms fire” available today. It is a virtual standoff where Malware writers and Antivirus writers have no respite from each other. Malware writers are releasing endless variations of their programs, and the security software writers are releasing endless updates to the virus definitions.
A constant give and take battling for control of territory owned by people who, in general, are totally clueless that there even is a war over their computer, and that it is of this magnitude.
People buy computers like they buy toasters. Everyone knows how to use a toaster, and now, many people know how to USE a computer.
But what do you do when you only know how to USE a computer, and something bad happens?
What happens when a toaster breaks and no longer makes toast? If someone tries to repair a toaster, they might get electrocuted or burn down the house. And, at $10 for a new one, you toss it in the trash and move on.
Computers are more expensive, and people rely on them more now than ever. People don’t do their taxes and online banking and e-commerce on their toasters, but they have all that information on their computers. There is a huge potential of black market profit available for hackers to steal this information.
People know they need to take care of their computers, but don’t have the knowledge or experience, and are afraid of breaking it. They know they are ignorant, and many times are embarrassed and afraid to ask questions.
Many times, those who have the knowledge are too condescending and impatient to explain things properly or at all.
What happens when a “toaster” computer user gets a popup telling them they have 1092 Trojans and 58 Viruses and that their system is unstable and corrupted?
Most users do not know what these words really mean, and they only know that it really sounds bad. So they click on the link, because SURELY this is something that needs to be taken care of, RIGHT NOW.
And, 100% of the time, they just infected their system.
They have been to walmart and have seen the Norton 360 product, so when Antivirus 360 pops up on their machine, they have a warm and fuzzy moment because it reminds them of Norton. And so on and so forth. The only thing legit about these fake antivirus suites is that they WILL take your money, and they WILL totally infect your system with REAL trojans and malwares and viruses and spywares and all the bad wares you can name.
So what is the only real remedy?
It’s real easy to stand on a soap box and say “We need to educate people!”
It’s real easy to say “I use linux, I don’t get viruses!” then lol under your breath as your next door neighbor gets their identity stolen.
No, it isn’t a simple and easy problem to fix.
Grandma might be able to use linux as a web appliance, but I’m serious when I say there are people who simply cannot comprehend anything more complex than a touch tone phone.
Firefox is great, but not 100% of the websites today will work with it. No option for IE on a computer is a problem that cannot be ignored.
Linux is a good idea, but for every 10 linux web appliances you install you will need to actively support 8 of them. (note that 83% of all statistics are made up on the spot)
Education is fine, but I don’t think there is enough concrete in the world to build all the community colleges needed to have all the night classes required to sufficiently educate every single user who is a prime target for a malware author.
Laws! We need to write laws. No, that won’t work, because look how well outlawing spam has helped stem the tide against spam. Remember, the people who write the malware are criminals in foreign countries. There is no centralized entity to arrest, shut down or cut off.
Trench warfare was defeated in part by the tank.
WWII was ended by the atomic bomb.
Tanks are, basically, indestructable, but not that nimble and can’t shoot something that is invisible or standing right next to it.
The atomic bomb is effective, but wide reaching and has lasting consequences.
There are “tank like” software tools that remove many forms of malware, but sometimes the cure is just as bad as the illness, because removing the malware can leave gaping holes in windows that renders it useless or unsecurable.
The malware that is designed specifically to evade well known antivirus packages (cough cough Norton cough) renders them useless, and the clever malware will block all access to a/v sites and will kill all a/v processes before or just after they start.
Reformat/reinstall is the atomic bomb solution but is a hassle, and often can result in data loss.
I propose a different solution – Virtualization
What if there was a way to provide a computer based on a linux distro that had a clever implementation of virtualization and virtual machines?
Virtual Machines are literally that – an entire computer that exists virtually inside another computer. The computer doesn’t “know” it is virtual, instead of a physical case and hardware it exists inside a software program. It is started, ran, rebooted, and shut down inside of a software program.
A system would boot up to linux and immediately spawn a VM that has a desirable and friendly flavor of windows on it. The interface is seamless and the toaster user will not really know it’s virtual.
The implementation is customized in the following way:
The vm windows profiles are stored off the VM, seamlessly
The VM makes use of snapshots and will return the machine to a pristine known good state, every day, as a method of extreme house keeping.
When a user wants to install a piece of software the VM will automatically revert to a known good state and THEN install the software, and then make a intermediary state. Once the intermediary state is “known good” then it will change to the current “known good” state.
This is above and beyond the windows restore points, because it is making records of changes and protecting the users data and software configs in a way that is outside the machine itself. Ultimately there would be a working standalone copy of the original VM and their data that is completely inaccessible by the VM. If the VM gets nuked by malware, either go back to a previous snapshot or begin using the original copy.
This is already being done by power users now, to a certain extent, and is widely implemented in the IT world.
What I am proposing is a vastly automated, streamlined and simplified virtual machine solution to take the advantage away from the malware writer.
This idea has all the advantages of the atomic bomb solution, but removes the lasting consequences. User data is immune, and the battlefield is immediately replaceable.
Anti-malware software would have to be implemented that will automate the decision to revert to a stored state.
If the user panicks and hits the red-alert button, or if a detection algorithm determines malware is present, the scorched earth policy is implemented and a saved state is restored.
Reading the article linked at the top of this post mentions that after the implementation of the Tank, mobile warfare was the norm. In a way this is similar but more powerful.
Not only would the malware authors have a moving target, they have a fluid, disappearing and entirely virtual target. They would infect the computer, but the infected media will instantly disappear. It would be as if enemy soldiers stepped onto a battlefield that instantly vaporizes and takes them with it, only to be replaced with a new battlefield.
Leave a comment
No comments yet.