As new variants of virus/worm programs come out, then new updates have to be
sent out for the AV software, and the user's have to install them. Either
the B or C variant of Blaster also downloaded a new variant of another virus
(at the time, it appeared to be Nimda or Spybot). None of the AV scanners
were catching it, as people could clean their systems of Blaster, but would
find that they couldn't use Task Manager, Regedit and/or MSConfig. We're
still seeing reports of people who say their AV software is up to date, but
they're still having problems with these 3 applications. Locating the
virus, killing its running process allows these apps to work again.
The original removal tool worked well for Blaster, but within hours the B
and C variants turned up. There's now a D variant out there as well. If
the folks who wrote the tools, work to keep up with the variants, then it
should be a "one fix for all" situation. But it probably isn't.
If you ever read the description of a viral infection on Symantec's site,
then McAfee's, then Trend's, you'll find that they all have minor
differences in the Registry settings affected, even file names sometimes.
And they may all look for different "signature" characteristics, to
determine what is and isn't a virus. So a new variant may still be caught
by Symantec, or Trend, and missed by McAfee, because the crucial bits of the
file that McAfee looks for were changed. This is just an example, not a
slight against any particular product.
Documenting all the differences between the various reports from the AV
vendors would be time consuming, and hey, we're all volunteers. You might
find something out on the web, but it would be a lengthy and costly process
for anyone to maintain commercially.
AV software is all well and good, and has its place. But, in this day and
age, users need to be more aware of what's going on with their computers,
and what is "normal". A worm, like Blaster, exploited a security weakness,
and the user didn't have to do anything to be infected. In fact, it was the
things NOT done that allowed it take advantage of the security hole, like
installing and using a firewall program. And yes, I do know that the level
of expertise varies from those who barely know how to turn the computer on,
to those who can hack the OS itself to make it work they way they want it
to.
People don't trust Windows Updates, and in some cases with valid reason.
However, when MS issues a critical update, its usually security related.
And there are almost always "work arounds" included in the appropriate KB
article, until the patch can be applied. Those who don't check for updates,
or don't install them or the work around, are partially responsible. The
information is there, they just don't care to bother with it.
No defense mechanism, software or hardware, will ever be perfect. And
since human beings are never perfect, the "wetware" (the stuff between your
ears) isn't going to catch everything either. After all, the LoveLetter bug
spread by people opening e-mail messages, and their attachments, from their
plumber, lawyer, landlord...... saying, "I Love You!" Personally, if my
plumber sent me one with that subject, I'd have to wonder how badly he'd
been screwing me over the years! <G> And just take note of the most recent
e-mail worm. It spreads because people open attachments, without scanning
them, or wondering why someone they don't know would be sending it.
Until very harsh penalties are put in place and enforced (hanging,
electrocution, public flogging and stoning, castration, lethal injection to
name a few) for those who write these worm/virus programs, they won't stop.
And even then they won't, because there's always some jerk who thinks he/she
(EOR - Equal Opportunity Rant, here) won't be caught.
Just my quarter's worth. Two cents don't get a piece of bubble gum today!
