Palladium no threat to antivirus industry: Dozortsev
- 25 June, 2003 10:15
Microsoft's controversial Palladium security initiative's ability to kill off the antivirus industry by eliminating vulnerabilities lies within the same realm of probability as a collision between the earth and the moon.
That's the take from Computer Associates' antivirus guru and eTrust assistant vice president, Dr Eugene Dozortsev.
Dozortsev, a former rocket scientist with the Russian Aerospace and Research Institute, is only half kidding too. While conceding that the example of planetary collision may be a little hyperbolic, he is sticking by the maths involved.
"Look, no way – I come from statistics. Every event has a probability. With a bulletproof platform there is a probability. Will the moon drop on the earth? There is a probability [and it] is above zero, but well below one. [With security] the more functionality you put in… there is an exponential risk as it increases," Dozortsev said.
The message this year from Computer Associates' Melbourne antivirus laboratory's media open day is that the growth of malware will continue to increase in line with levels of computer literacy and millions of new users that were not around years ago, compounded by new levels of highly professional malware.
The latter is the bigger concern Dozortsev says, cautioning that "with politics you have to watch your mouth".
"You go through it [malware] layer by layer and you know it must have been built by more than one person or a team. There is expertise at just too many levels. I am not scared that I will lose revenue.
"I am scared that I will not have enough [talent and resources] to deal with it. Security issues will be with us for a long time to come" Dozortsev says with an understated resignation that beguiles the weight of contracts his team rakes in. Contracts from so-called "spooks, government…these sorts of people". Dozortsev hastens to add that "ASIO and AFP… they are very decent people."
Meanwhile, CA's manager of virus research, Jakub Kaminsky, is charged with the with task of dissecting incoming viral matter, documenting and describing it down to the last technical detail and cataloguing it into an "encyclopaedia". This library then forms the backbone of a viral research automatic filtration engine called "Virtue", which has sorted, managed and automated 9083 "issues" between May and June.
"People don't realise the amount of effort in [a technical description of a virus]. I can make a fix in 15 minutes, but I need all day - even days sometimes - to describe it properly. It's getting harder and harder to keep track," Kaminsky says, adding that he has even come across the names and addresses of "idiot" malware authors in what he assumes is their code – which often doesn't even reproduce.
"If you go to schools now nobody teaches assembler any more," Kaminsky complains. As for whether cyberspace will ever hit a critical mass of miscreant code volume, Kaminsky is philosophical about the dangers of prediction. "We thought it would some time ago. You can't plan too far ahead in this job…"
A Canadian University's proposal to teach virus writing as part of a course also has Dozortsev unimpressed. "This is complete crap. I wrote them an official letter that they make themselves liable [if their students] release a virus in the wild."
Just who would insure such a course remains to be seen.