A sense of security
There's been a lot of press lately about the rise of Macintosh-based viruses. None of these has been particularly insidious, but the time will come that someone finds a truly ghastly exploit and works it for all its worth. Certainly, I'm under no illusions that the OS X operating system is without its fair share of oversights and loopholes that allow for that sort of attack. Up until recently, I ran without anti-virus support. I had reasonable protection, I rationalized. I was behind NAT, the firewall was locking down virtually every port, etc.
I knew the bad guys were out there. Apache server logs showed that I was getting scanned for well-known port 80 vulnerabilities at least every other day. I'm sure the firewall was indiscriminately rejecting scads of other promiscuous assaults. But my software was fully patched, and I had shut off mod_perl. With these small provisions, until recently I felt safe.
Last week, I installed ClamXav, an OS X wrapper for the open source ClamAV anti-virus scanner. It's about as easy to set up as any open source software. That is to say, it takes some research before you'll get anything out of it. It's definitely different from the more familiar Windows anti-virus products.
The thing is, even after reading an introductory article, and spending a couple hours scanning and configuring, I still don't feel like I've "locked up" all the attack vectors. The commercial anti-virus vendors have done a fine job of feeling comprehensive. They're poking at your web browser, your email client; they scan memory, read all your opening files; and benignly get in the way of everything you want to do.
There's a sense of relief in that. The smart people at Symantec, Microsoft and Macaffee have put their heads together to come up with every possible way a malicious hacker might bust into your box. ClamXav lacks that friendly layer of reassurance. It might be just as secure as the protection offered by the commercial vendors, but have I configured it well enough to provide the defenses that I need? I really couldn't say.
This makes me think that maybe the real value in anti-virus software isn't in actually preventing attacks, but in making you feel like it is.
I knew the bad guys were out there. Apache server logs showed that I was getting scanned for well-known port 80 vulnerabilities at least every other day. I'm sure the firewall was indiscriminately rejecting scads of other promiscuous assaults. But my software was fully patched, and I had shut off mod_perl. With these small provisions, until recently I felt safe.
Last week, I installed ClamXav, an OS X wrapper for the open source ClamAV anti-virus scanner. It's about as easy to set up as any open source software. That is to say, it takes some research before you'll get anything out of it. It's definitely different from the more familiar Windows anti-virus products.
The thing is, even after reading an introductory article, and spending a couple hours scanning and configuring, I still don't feel like I've "locked up" all the attack vectors. The commercial anti-virus vendors have done a fine job of feeling comprehensive. They're poking at your web browser, your email client; they scan memory, read all your opening files; and benignly get in the way of everything you want to do.
There's a sense of relief in that. The smart people at Symantec, Microsoft and Macaffee have put their heads together to come up with every possible way a malicious hacker might bust into your box. ClamXav lacks that friendly layer of reassurance. It might be just as secure as the protection offered by the commercial vendors, but have I configured it well enough to provide the defenses that I need? I really couldn't say.
This makes me think that maybe the real value in anti-virus software isn't in actually preventing attacks, but in making you feel like it is.
posted by baren at
2/25/2006 11:57:00 PM
1 Comments:
This comment has been removed by a blog administrator.
By
Anonymous, at 11:43 PM
Post a Comment
<< Home