Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • by schwern (1528) on 2003.11.12 1:55 (#25686) Homepage Journal
    The problem with this approach seems to be one of having a central, trusted authority looking at your computer use trends. For credit cards this is your credit card company examining your credit transactions for strange usage trends. This is ok since, in the end, all your transactions have to go through the credit card company anyway. They're the obvious authority to be keeping an eye on your money. They're the one's lending you the money. They already have your transaction data. They have clear incentive to stop credit card fraud: its costs them lots of money. Its cheaper to monitor your transactions for discrepancies than to pay for fraudulent charges.

    But desktop applications don't have to dial home to work. No record of their use is necessary to operate. Any authority watching your usage trends has no other reason to be collecting this data.
    So now you have usage data for your computer going off to a 3rd party. Abuse of power? You bet! And this information is sent over the Internet. Security holes? You bet!

    Furthermore, from an economic standpoint, they have no direct incentive to stop fraud. Especially if its a 3rd party (ie. not your OS vendor who might have some insentive in stopping large viruses). An artificial one must be created. Subscription fees is one. But just how tempted would a company be to start making a little money on the side. Here's aaaaalll this usage data pouring in. Information about what applications they use, what web sites they visit, what machines they make network connections to, how much data they transmit. A marketing gold mine.

    The idea that the solution to the virus problem is to monitor usage and limit connections goes directly against the grain of computing. We don't want more monitoring, and we certainly don't want performance limits.

    Finally, and here's the defeat of any anti-virus scheme that requires user action, unless this service ships with the OS and is on by default its not going to make a difference. The machines that are spreading the viruses are the ones that aren't well maintained. Patches aren't applied, software isn't upgraded, dangerous services not turned off. The owners of these machines aren't suddenly going to install an anti-virus monitoring service. They probably don't even realize they're infected.
    • I don't think the data comprising a valid behavior baseline needs to be rolled up to a central internet presence to be useful. I happily use MyNetWatchman on my gateway, an perl IDS which
      does just that, but I don't have real privacy problems sending Windows virus attack data to someone who might help do something about it. My desktop behavior is different.

      Lets look at the home user's desktop system. Emily checks email, sends a few a day, sometimes with photos, and surfs a bit. Emily does not run a