« Switching in general ... Conclusion | Main | Switching in general ... »

Switching in general ... continued

So for the preventive measure, we should ask one thing... How do we prevent ourself from being infected by virus? Well we take vaccine and that may not cover all the upcoming newly fomed virus. That is why some people gets infected with new virus, even after taking the vaccines. Then the question boils down to chances of getting infected. So all the precausion and general good health is what matters sometime too. In this case, it make sense too. Precausion alone is not enough, a general good health is also required...

But the software platforms I mentioned earlier may not have good health. This is a relatively new area - to measure the good health of a platform. Also what do we mean by good health here? I certainly don't have a definite answer, but it bugs me too!

Todays antivirus technology is to start vaccinate others, when some infection is detected/analyzed. So there are some systems that would be compromised, then others ( being the luck ones) would probably have a vaccine. What about those with good health? This is a fundamental problem!!. What makes a platform in good health???

I can take up regular exercise, eat the right stuff, within six months I have a better goodness index, when it comes down to health... What is the equivalent of this in Platforms??? I don't know, but a good thing to think about, IMO.

Just to get a test for the things we are up against, think about the scenario I've with my Windows or Mac X machine. There are random times, when system is very unresponsive, what do I do? Run some sniffer to capture what is / are going on? By the time, I get around to this, by starting sniffer, perf tools, process lists etc., I will see normal behavior, and would conclude, Oh well it is some lockup of the system. But how could I rationalize that on the face of me, lots of files go deleted... I will delete them, never / ever, simply forget that doubt. 

Basically I don't know if I could trust this machine! Ah, that is really a trouble then. Can it take some important infos and exfiltrate? Lots of questions ...

Naturally, we know there is / are problems. But we are very sure of what they all are! Don't know what they could to you and I today or tomorrow or couple years down the road in case you happen to have the machine around for a while...

On the otherside of the fence, curious people abound. And now, there is the problem. Curious people will try to come up with newer and newer technique to fool the health of system, and there would be lot people involved in eradicating them or jail them from becoming wide-spread.

For example, forensic analysis of a compromised disk. It is by itself is a major topic of discussion. It is a whole new branch of science, IMO. Natural question would be how could something be planted inside the disk, and be not noticed? Unless the analysis tools knows every corner of how the disk system works, it would fail to detect planted virus... Hmm, this is really ...

 

Before ending this note, I would like to mention that last few years showed enough evidence that this is becoming increasingly more challenging. And for that reason, an wide spread emphasis to tackle these situations are being given everyday. Now there are lots of courses, books, and jobs being created in this area...

Huge challenge ahead!!!

 

 

Posted on Tuesday, August 7, 2012 at 07:51PM by Registered CommenterProkash Sinha | Comments Off