November 21, 2004
The Risks of Desktop Security Software (Part 2)
By Tim Klemmer
CEO, OnceRed LLC
This is the third in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions.
Reason #2: the Desktop Security Software Risks
The risks of placing software on the desktop are such that I will be breaking this article into two parts.
There are many advantages to putting security and anti-virus software on the desktop. They range from efficiency to money. Under previous ways of thinking if I can capture security and virus problems at the desktop I can prevent them from going any farther. That works well in a non-connected environment. In the connected environment it makes more sense to centralize the software and monitor connections in and out. Basically ďfirewallĒ all the appliances from each other.
In a previous article we discussed the security risks inherent with desktop software designed to be the protection layer between you and all those bad people out there on the Internet. Here now we will discuss some more mundane issues regarding the risks of putting security software on the desktop:
Drag steals clock-cycles from your processes so that it can run in a higher priority mode. Anti-virus software especially places a drag on your computer. Depending on your settings (and the default settings are usually very aggressive), every time you run a program or open a file, real-time file scanning takes place and your files are scanned for viruses. This slows down your processing. Accessing larger files takes longer. You can see a discernible lag time between when you start a program/open a file and when you can actually access it.
After the obvious issue of ďdragĒ is compatibility. Often security and anti-virus rules get in the way of your doing business on your computer. While you may get away with using older versions of such packages as Word, Sims, Photoshop, etc. on your computer with the new XP operating system, itís unlikely your security software will be completely compatible. Why? Many packages rely on very low-level functionality to be able to do the tasks they set out to do. Anti-virus packages have to be able to operate at a level closer to the hardware than most packages. They need to do this to prevent virus software from taking precedence from them. While many packages offer backward-compatibility the opposite is not true: forward-compatibility. There are several reasons for this: a package written for Windows 98 will not anticipate all the changes to the operating system that are implemented for Windows XP. While your Win98 anti-virus program may work under XP, it wonít work at its peak performance. It canít. Itís just another reason for centralizing your security. By siphoning all your traffic through a security screen at your ISP, for instance, you offload the need for updates and staying up-to-date on your security software. This then becomes the job of the service provider.
Having the software on your desktop means you are responsible for maintaining that software. In the case of office productivity software or image editing software, if new versions come out with features youíre not interested in, you donít update. With new viruses appearing on the landscape every day, you canít afford not to continually update your software. If you donít update for a month or two, you run severe risks of infection. You also will incur potential long update cycles as your software has to be upgraded to handle all the new threats.
This makes the desktop these days a somewhat ineffective solution. Nearly two-thirds of all the PCs that have anti-virus protection installed do not update their definitions regularly. These PCs might as well uninstall the software for all the good itís doing them.
As mentioned in the above discussion, you can lose considerable time if you donít update regularly. Long intervals between updates can translate into long update cycles. If you have a slow connection to a vendor, your down time is much longer as you have to wait for the files to be downloaded and then you have to wait for your software to update itself.
The better solution is to move to a centralized solution in which all the software, all the updates are the responsibility of the service provider. You pay for the service of having your email cleaned before you receive it. When email arrives at your service providerís mailbox, it is checked for malicious tendencies and stripped if bad. You notice no long waiting, no downtime, no drag, no incompatibilities.
CEO, OnceRed LLC
Tim Klemmer has spent the better part of 12 years designing and perfecting the first patented behavior-based solution to malicious software.