McAfee Artemis Claims Protection Online, On-the-Fly 107
Seems like McAfee has created a new Internet-based service to provide active protection on the fly when a PC gets hit by malicious computer code. "[Artemis] is a lot faster than traditional methodologies and it closes the gap between when a piece of malware is written, discovered, analyzed and protected against ... Artemis is available at no charge as part of McAfee VirusScan Enterprise or McAfee Total Protection Service for small and medium-sized businesses. Artemis is also available for McAfee's consumer products, where the functionality is called Active Protection."
ugh. (Score:5, Insightful)
This is why you read the preview. (Score:3, Insightful)
TFA basically states that anything behaving "suspiciously" on your PC will be automatically *sent* back to McAfee for analysis.
Re:This is why you read the fine print... (Score:2, Insightful)
Sounds like a service for McAfee. This should speed up identification and protection for the customer, but ultimately, what if the customer doesn't want to participate in your R/D?
They *don't* do online analysis (Score:3, Insightful)
If enough is known about how the malware is behaving to know that it is suspicious, [we will] fingerprint the file and send it in the cloud to AvertLabs so we can look at it, provide people a piece of protection and send it immediately back to them.
They only match the fingerprint (probably a set of some hashes) against an online database and, if there is a match, the "fix" for that malware is downloaded and executed.
Nothing "magic" here, it's just an online signature database.
See http://www.mcafee.com/us/enterprise/products/artemis_technology/index.html [mcafee.com]
If they actually *did* online analysis, as the article suggests, just sending the alleged malware would potentially violate copyrights/NDAs/etc.
Not to mention that automated online analysis of unknown malware is a very difficult problem [wikipedia.org].
Big Brother gets to examine all your files (Score:5, Insightful)
Here's McAfee's explanation of how it works [mcafee.com]:
In other words, every time you download a binary file, McAfee HQ knows about it and logs it. Was this dreamed up by the RIAA, the NSA, or the anti-child-porno people?
Flawed methodology (Score:5, Insightful)
Using anti-virus to "protect" your computer is like trying to avoid collisions by studying your rear-view mirror. By definition, it only "catches" compromises AFTER THEY ARE SUCCESSFUL.
Then, we have to trust that:
1) The compromise is one of the known viruses, or falls into the realm of "suspsicious activity".
2) The compromise was successfully noticed.
3) All aspects of the virus are known and can be removed.
4) You (the end user) have sufficient system permissions to remove the virus.
5) You (the end user) have all updates applied.
The whole system is woefully fragile and ineffective. Most estimates today seldom put A/V effectiveness above 50% effective, despite the considerable resources consumed by the software. It may be better than poking yourself with a sharp stick, but not by much!
And here's a good example of this: My kids' computer. It's an Athlon XP 3400 with a GB of RAM and an 80 GB HDD. I got sick of reloading the !@#@$ computer every 3 months when it got all horked with god-knows-what so I did the nasty, this time.
I installed ALL O/S patches while hooked up to a private network. I installed AVG antivirus. I let the kids only use the computer as the most limited user available: guest. I installed FF and made it the default browser, along with Open Office and a few legal games. (not warez!) I set WinXP to self-update every single day, and not ask about it. The Windows firewall was on, and the computer is on a NAT network, connected to another highly firewalled DMZ.
Despite all this hassle and inconvenience, the system is STILL behaving rather poorly, 6 months later. Bought me 3 months, but only three more.
Compare/contrast with the Mac. Same kids. Same amount of usage. Same type of usage for the same purposes. Blogging, MySpace, games, homework. All else the same, but I never bothered with antivirus. Yet it works fine! No bogging down. No strange behavior. Same thing with my Linux laptop, which after some 10 years is still using the same /home partition.
Good security isn't something you "band aid", it's something you design from the beginning.
Re:Flawed methodology (Score:1, Insightful)
Bullshit. You must be a retard if you trust anything your kids say. They may be surfing the same sites, but they're downloading and executing ZOMG U MUST SEE THIS!!1 shit on the PC which isn't compatible with any other OS.
I haven't seen a virus on my PCs since my 286, which came preloaded with them, and my own deliberate HPAVC collection from the BBS days.
Re:First Cunt more like it! (Score:2, Insightful)
It's a dirty job, but someone has to do it.
Re:This is why you read the fine print... (Score:5, Insightful)
But a fingerprint used as a unique identifier isn't safe. What's the guarantee that MacAffee won't keep rainbow tables of everything that has turned out to not be viruses, but someone else might find interesting?
What stops e.g. the government or MPAA (but I repeat myself) from demanding to be told of everyone who have files matching a certain fingerprint? The first justification for this might be child porn. How about fingerprinting all known child porn images, and have the AV software notify the servers whenever there is a match? Undoubtedly that will be very effective! No pesky 4th amendment considerations either!
Then, once it's used for that purpose, how about fingerprinting word documents describing how to make pipe bombs? Undoubtedly useful. And how about the communist manifesto? And, since it works against browser caches too, why not check who has browsed a certain page?
I'm sorry, but I see a lot of problems with this.
Re:This is why you read the fine print... (Score:3, Insightful)
Nor do they mention the extra bandwidth that will be used with their 100 ms updates.
Not only so, but the Wall Street Journal version of that story mentions that other malware services companies will be implementing similar models as well.
It just reminds me that the real problem is the current Microsoft hegemony on the desktop and uninformed internet users.
Re:Flawed methodology (Score:4, Insightful)
Right... we'll talk about this again when Myspace is full of RPMs and DEBs.
Users will enter passwords on command like good little trained monkeys, so nothing has changed.
Password protection only saves you from, eg. browser exploits installing backdoors without your knowledge. Most Windows malware/crapware is installed deliberately at the request of the user, no raindance or blood sacrifice ritual can stop that without turning "their" computer into a black box appliance.
The OP already said they were running as Guest, so that's precisely what happened.
You can install standard RedHat RPMs into your own home directory? And find/install updates automatically, resolve dependencies in your private space, etc? Awesome!
Regardless, it seems we've now established that running/installing software as a normal user, in areas writeable by normal users is acceptable, right? What kind of brain damage is preventing you from seeing how this is not more than enough access for malware/crapware mischief?
Run me through your thought pattern, because I can't understand where you're coming from and how you can possibly you arrive at a non-exploitable conclusion. As far as I can tell, it goes like this: user downloads omgponies.rpm from Myspace and either installs it to ~/omgponies or enters the system password for a root install. The first thing it does is run a post install script which then inserts spyware, crapware toolbars, or whatever into every dotfile orifice in the user's directory, or for a root install every damn where. User doesn't even have to run the program that was in it.
Right? Congratulations, welcome to having an operating system that someone other than nerds gives a shit about. How is this different from what is happening on Windows?
Privilege separation is a red herring on the desktop - administrative access is simply not necessary for most crapware to function. The main reason to run as Admin is purely defensive, to disable anti-virus and/or install hidden drivers, etc. so that the user can't get rid of it, rarely is Admin actually needed to perform its primary purpose. And should it ask for the Admin password, the user will supply the password because you, oh Lord of the System, have been training them to do it.
Complete bullshit.
Have you even used Windows in the last 10 years at all? Especially in a corporate environment, Windows' security features are substantially better than other desktop OSs, the only issue is actually implementing them. Few will, because users scream bloody murder when they're told "you're not allowed to do that any more." But replace Windows with Linux and tell them instead that "it's not compatible," they'll accept it.