Of Spam, Malware, and Kernels
Saturday, October 14, 2006
Keywords: Technology
Part I: Fun with Malware
According to my server logs, it would appear that one of the images from my gallery has become the background image of a number of different MySpace profiles (these are total strangers who probably found the image through an image search). So I thought that I might as well amuse myself by looking at these log entries. For example, while there is a significant number of people who visit my blog using alternative browsers (though they are still a minority), virtually all of the people who access the MySpace profiles that embed my file as a background are still using Internet Explorer.*
This glimpse into browsing habits of the "normal" world is not particularly interesting, except for a few entries that caught my eye. These entries had a user-agent string of Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; SpamBlockerUtility 4.8.0). How odd, I thought, that that someone would have a spam blocker add-on installed for a web browser. As I expected, Google search results indicate that this "SpamBlockerUtility" add-on that this particular person had is indeed malware. I then went to SBU's website for the heck of it and quickly discovered that this is the Mark Foley** of software in terms of hypocrisy. It describes spam as "harmful and irritating" (it is funny to see a malware company say that) and that by blocking spam, it can save bandwidth (right, because client-side spam software can now magically block spam on the server side; and what about the adware bandwidth?). But the fun doesn't stop there! They also bundle such useful and relevant things like a thousand different emoticons to make your e-mails "cool" (no doubt a bundling agreement with one of the malware companies that specializes in those emoticon toolbars). Their website even has a section on helping users with installation problems: it instructs people on how to log in as an administrator. Anyway, I had a great laugh looking through their website. Unfortunately, as evidenced by these log entries (and by the even larger number of IE systems that have "FunWebProducts" installed), there really are people who fall for these things.
Part II: Kernels, Anti-Virus, and the European Union
As reported by Slashdot, Microsoft, under pressure from European antitrust officials, is opening kernel-level access for third-party anti-virus packages, like McAfee and Norton. The Washington Post article frames this as an issue of anti-trust, which is incorrect (and the officials in Europe are equally confused about this matter). The heart of the matter is that Microsoft locked down kernel access in Vista, and now the makers of Norton and McAfee are complaining that this is an attempt to lock them out of providing anti-virus for Windows.
- There are other (better) third-party anti-virus makers who have made their products Vista-compatible without needing to get through the kernel lockdown. Most importantly, even Microsoft's own anti-virus package does not require or get kernel-level access. So how exactly is this an antitrust issue?
- The whole point of the kernel lockdown was to make the system more secure by limiting the amount of system access that any piece of software could have. This is the digital equivalent of allowing law enforcement officers to freely break the law.
- Norton AntiVirus does not exactly have a great track record and can sometimes cause more problems than it solves. Kernel access? Bad idea.
- Real computer security does not come from anti-virus. It never has, and it never will. Real computer security is accomplished through educating the user. Anti-virus is snake oil: at best, it is a band-aid; at worst, it is poison.
________________
* And people wonder why most geeks have so little respect for MySpace...
** Sorry, I couldn't resist; it's the fad these days, and I guess I am sometimes a slave to fashion.
