The Future of Internet Security – Part III
Tuesday, June 2nd, 2009 by Shlomo TouboulIn Part II, I talked about the huge challenge of Anti Virus companies facing the massive increase in the size of the Virus signature database. The problem is not only allocation of 60MB of Virus signature file into the computer’s RAM (That’s today, tomorrow is can be 1GB). It’s also the performance hit that PC would suffer.
I am frequently asked by Yoggie customers and prospects about this performance hit. Everyone knows that Anti Virus software slows down the PC, but providing a simple answer, is a challenge. The public records for this number varies from 15% to 55% depending on the test equipotent, lab setup and the “age” of the Anti Virus software. The latter is probably the most critical one and is controlled by the Anti Virus vendor and the end user. This means that an Anti Virus released in 2007 and running on a PC for 2 years (I.e. 2 years old) will have a very different performance hit on the PC, comparing to Anti Virus that is “only” 6 month old.
The reason is related to the fact that the Anti Virus “update” doesn’t include just new Virus signatures. Many of these daily updates include new DLL (Dynamic Load Library = computer execution code) files designed to fight specific Virus families or instance that cannot be covered using the current Anti Virus algorithms and require a specific code to effectively detect and remove such new Viruses. As a result, older Anti Virus programs, include hundreds of DLL files (Anti Virus may have 5 – 10 daily updates) acting as a collection of patches. These patches lack overall system optimization and may be seen as spaghetti code that dramatically slows down the Anti Virus execution performance.
Everyone knows that when first using a PC with fresh Windows OS, it runs well with satisfying performance. However, 9 – 12 months after, the PC starts to slow down and 1-2 years after, the PC is very slow. Windows OS contributes to this effect, however, the Anti Virus spaghetti effect is a major contributor to this effect, presenting a growing problem that current technology presents no remedy to.
As a side tip, one can understand that he better completely uninstall his Anti Virus of previous year and install a brand new version from the current year. By doing just that, one should expect better performance during the next months to come.
It is very clear that a new direction is needed. Some security companies are trying to “milk” their current technology that is generating significant revenues during last decade. While other security companies keep their R&D teams very busy in leading the industry with breaking new technologies. These companies are usually smaller ones, maybe startup companies that try to come up with a fresh vision and different a way to solve the problem.
As a founder of two security companies that recognize the paradigm shift in the security market, I appreciate creative thinking, but when it comes to security I also know that a solution always gets back to the 3 basic laws of security.
Any breakthrough technology that tries to present a security “leap frog” step must obey these 3 laws or it will end up in the security marketplace waste basket and forgotten dead startups.
So, I started with description of the 3 basic laws of security in Part I and I’m returning to the same basic rules now. Every brand new technology that is presented needs to be verified so it architecturally supports multiple lines of defense, that it applies different algorithms/technologies in every security line and that it is seeking maximum “security depth” between each security line.
Lets check Yoggie’s Gatekeeper product line against the 3 basic laws of security:
1. Use of multiple line of defense: Gatekeeper comes with 13 built-in security applications. Few, such as IDS/IPS work on the packet level and others such as Anti Spyware work on layer 7 extracting file content and running file-level scanning. Each presents a different line of defense. The IDS checks the packet stream, looking for matches with the DB of streams. The Anti Spyware obtains a complete file from the Layer 7 proxy, performs content analysis to detect the true file type and applies a specific scanner to find a known Spyware file signature within the file structure/content. Moreover, the Gatekeeper as a whole acts as an integrated security line within the system, where the other security lines are installed inside the actual PC OS you are trying to protect.
2. Yoggie’s Gatekeeper uses different technology within its built-in security lines. The IDS technology is very different than the Anti Spyware technology specified above. Also the Gatekeeper technology (content scanning) is different than the Host PC security application (i.e. Windows/Mac based Anti Virus) which is scanning run-time code.
3. Yoggie’s Gatekeeper detects and stops the attack and threat before it lands inside the protected PC OS. This means that the PC security application will not see screened attacks stopped by the Gatekeeper. That constitutes a “security depth” between the Gatekeeper and the PC. Moreover, the Gatekeeper hides the PC using NAT technology making it invisible to the other PCs that are connected to the same public network.
Needless to say that the 3 basic laws of security are not everything needed in security systems. Corporate IT requires policy enforcement mechanism, management, reporting tools ,etc. But the 3 laws provide an efficient and successful tool to check any security system and to allow maximum security with minimal redundancy.
That’s for today; stay tuned for additional topics, soon.
Cheers,
Shlomo.
Tags: Gatekeeper, Malware, Phishing, Security, Spyware, Virus, Yoggie