Archive for December 4, 2012

| December 4, 2012
One comment

Is Cloud-Based Anti-Virus Ready?

Is Cloud-Based Anti-Virus Ready?Cloud computing technology is one of the most disruptive technologies in recent history. Xath Cruz at CloudTimes argues in a recent article that cloud computing is also disrupting security software such as anti-virus and he asks how effective are cloud-based anti-viruses?

malwareThe article, How Effective are Cloud-Based Anti-Viruses? claims the demand for cloud-based anti-virus software has gone up steadily as more cloud-dependent computing devices have invaded the market. Cloud-dependent computing devices like iPads, Nooks, iPhones, and Galaxy’s are as susceptible to malware as their big desktop brethren.

In order to fight the malware threats to cloud-dependent computing devices, cloud-based anti-virus has evolved.  Cloud based anti-virus works differently than popular cloud-based document editors like Google Docs, where you only need a web browser and internet access. The blog post explains that cloud-based anti-virus software can’t function if it’s only in the cloud, since your PC won’t easily give the right kind of administrative access needed by antivirus software to programs hosted remotely, as that would leave your PC at risk of being intruded upon by other programs.

small native app that runs on the deviceIn order to protect a PC, tablet, or smartphone, a cloud-based anti-virus software requires a small native app to run on the device. When downloaded, the app acts as the anti-virus, with its database and heuristics data being hosted on the cloud. There is also cloud-based anti-virus software that use web browser extensions or Active X and Java to gain proper access to your PC.

Like any technology, cloud-based antivirus software has specific pros and cons when compared to native anti-virus suites, Mr. Cruz lays out some of the pros and cons of cloud-based anti-virus:

Cloud advantages

cloud based anti-virus1. No Installation Required – The first advantage of cloud-based anti-virus is that there’s no need to install them on your PC. Cloud-based anti-virus does not eat up hard disk space, with its storage and memory footprint being a fraction of what local anti-virus need. Additionally, you can get them up and running immediately, and there’s no likelihood of messing up the installation (which usually results in a non-working antivirus or corrupted file volume).

2. No Updating Necessary –  With cloud-based anti-virus, there is no need to update data files, since it’s hosted on the cloud, and will automatically be patched or updated by the provider. This will offer the latest in protection when it becomes available.

3. Double Security Layer – With cloud-based anti-virus software, it is possible to run a locally installed anti-malware app and run another different cloud-based antivirus without worrying about conflicts or PC slowdown. Different anti-virus software are better able to catch or inoculate different viruses.

collective intelligence4. An advantage of cloud-based anti-virus software the author missed is collective or community intelligence. SearchSecurity reports that when a system identifies malware, it’s able to give feedback to the cloud anti-malware provider, thus providing a wider surface area for rapidly detecting 0-day attacks.

Cloud disadvantages

1. Won’t Run in the Background – Cloud-based anti-viruses are not effective against viruses that run on startup. Cloud-based anti-viruses are not TSR (terminate and stay resident) programs and only run on an as-needed basis.

2. Limited Scan – Cloud-based anti-viruses risk missing dormant viruses in unopened or archived files. Windows’ security protocols will prevent some cloud anti-viruses from scanning the computer. They will only be able to scan core windows files and what’s currently loaded in the memory.

Network connection3. It Requires an Internet Connection – Cloud-based anti-virus is useless without access to the Internet. This is a problem for portable device users who can’t be connected 24×7. Without an Internet connection viruses will be free to do whatever they want.

rb-

The author concludes for the best protection your PC can get, you need to use the services of both a locally installed anti-virus software and a cloud-based one.

The main concern I have about cloud-based anti-virus apps is downtime. Cloud providers like Microsoft, Amazon, and Amazon have had issues lately providing their services. Downtime at the upstream ISP on the LAN can also play havoc with cloud-based anti-malware apps.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| December 1, 2012
Comments Off on I Think Therefore I Login

I Think Therefore I Login

I Think Therefore I LoginForgetting a password could become a thing of the past according to the ZDNet article Brainwaves as Passwords; Secure and Near-Reality. John Fontana at Identity Matters says the technology to do so could be here as early as June 2013. Interaxon, which develops thought-controlled computing, is releasing the Muse headband sensor device that is designed to use brainwaves to login.

Brainwave sensors

Muse headband sensor device that is designed to bring brainwaves into computingThe slim plastic Muse headband fits against a person’s forehead and slips over the ears. The band houses four brainwave sensors. There are not any authentication applications that work with Interaxon’s Muse headband yet. The article notes that the company has a software developer’s kit (SDK) for anyone who wants to do it. However, company CEO Ariel Garten says such an app is reasonable and possible.

“The user could create a specific brainwave signature or a password they would never have to say out loud or type into a computer,” said Ms. Garten, who spoke at the Blur Conference in Broomfield, CO. According to Mr. Fontana the CEO demonstrated thought-controlled applications and the Muse headband.

Brainwave login passwords

government can read their pin numberWhile brainwave passwords might conjuror up thoughts of being snatched off the street and having a brain drain, Ms. Garten said the technology isn’t mind reading. “People might think the government can read their pin number, but we can’t read your thoughts or images in your head.” Muse, which talks to devices via Bluetooth, is an electroencephalograph (EEG) that records brainwaves and reads the brain’s overall pattern of activity to detect certain states such as relaxed or alert explains the article.

The brainwaves are turned into binary data and the translated waves are used to control anything electric. Users can learn to manipulate brainwave patterns, like flexing muscles. “This builds your brain like doing bench press reps in the gym, Ms. Garten claims.

laptops can be controlled with the mindApplications that run on smartphones, tablets, or laptops can be controlled with the mind according to the article. Ms. Garten believes the technology is set to take off, she is quoted in the article, “In 25 years, interacting with technology using your mind will be as ubiquitous as a gesture is today.”

rb-

This seems like a cool idea, maybe Sony or Nintendo will take it over. This is not a panacea for passwords.

With the small real-world experience with biometrics in the enterprise (Thinkpad T61p laptop) it worked adequately for local machine access, but what about when you have to scale this to 10s of thousands of users? Just imagine the HR issues involved with obtaining employee’s fingerprints or as the article suggests brainwaves.

In my environment, where I think biometrics makes sense, there is all the political baggage that comes with biometrics and children and the anti-education, anti-efficiency, and religious groups. I wrote here about a Texas school distinct facing the wrath of these groups for RFID cards, not biometrics.

Then there are the technical issues with any password (character string or biometric) system. The hashed password or brainwave needs to be stored somewhere in binary form. If your AD is compromised you still have a problem.

swilson, one of the commenters at ZDNet wrote: “all biometrics are the same! It doesn’t matter what trait they come up with, the same core biometric challenges remain. The challenges he sees are:

  1. How to stop replay attacks?
  2. How to secure centrally stored templates that are needed to support ‘federated’ biometric access control from multiple points?
  3. What is the real-world sensitivity/specificity trade-off i.e. quantified False Positive and False Negative Error Rates? Knowing a bit about brain physiology, I am very skeptical that anyone can measure a highly distinctive brain wave with better than 90-95% accuracy.
  4. Most basic problem: revokeability. What’s to be done in the event of a compromise, when you cannot cancel and reissue a brain wave, or fingerprint, or iris, or genome?”
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
  Recent Entries »