19 July 2007

Malware - Is That All You Ever Think About?

Technorati tags:

Folks could be forgiven for asking:

Why do you care
About malware?

Malware is the bulk of a larger problem which is vendor-pushed code.  Nothing can overwhelm support resources as widespread automatic insertion of bad code can do.

For in-house system administrators, it's a major headache, but for a tech servicing multiple single-PC sites, it can be a disaster.  If you offer an SLA (Service Level Agreement) that is insufficiently escaped by weasel-wording and disclaimers, then one big outbreak can put you out of business... how do you "resolve within 48 hours" when you have 100 sites per tech needing urgent attention within the same hour?

So yes; just as someone interested in completing university studies may switch to soldiery as driven by self-preservation demands, so I have an interest in malware.  And just as a soldier has an interested in keeping his weapons in working order, I have an interest in maintenance OSs such as Bart and WinPE 2.0, as well as the politics that keep these tools out of the hands of those who need them most.

Sharp readers will have noticed my definition of the "larger problem" encompasses automatic OS and antivirus updates, various ad-hoc "update" facilities built into arbitrary programs, Google's "update everything" tool, and codecs "needed" to play arbitrary content. 

All of these break best-practice rules on code changes:

  • Do not allow others to change your code
  • Log all code changes
  • Ensure all changes are reversible
  • Ensure changes do not "kick away the ladder"

In essence, the logic behind "code of the day" is broken:

  • When our code breaks, it can't be trusted
  • This happens too often to manage manually
  • So trust us to push more code whenever we see fit

Does not compute.  Yes, I see the need to patch OS and exposed surfaces as soon as possible, but I also see the need to reduce exposed surfaces made of code that is not trivial enough to be relied on as defect-free.

And no, I don't recommend Google's "update everything" tool.

No comments: