Barely Legally

Confessions of a Moot Court Bailiff

The Other Kind of Flame War

The Chief Research Officer for F-Secure, an antivirus firm, has written about the newest confirmed tool in America’s cyberwarfare arsenal, Flame. He says:

Antivirus systems need to strike a balance between detecting all possible attacks without causing any false alarms. And while we try to improve on this all the time, there will never be a solution that is 100 percent perfect. The best available protection against serious targeted attacks requires a layered defense, with network intrusion detection systems, whitelisting against known malware and active monitoring of inbound and outbound traffic of an organization’s network.

This story does not end with Flame. It’s highly likely there are other similar attacks already underway that we haven’t detected yet. Put simply, attacks like these work. Flame was a failure for the antivirus industry. We really should have been able to do better. But we didn’t. We were out of our league, in our own game.

Read the rest at Ars. It’s not a boilerplate mea culpa, at least. The authors of Flame used very sophisticated methods with zero-day exploits, including spoofing Microsoft’s signature on security certificates. There’s nothing on the planet that can reliably keep your system safe from that sort of thing, and he admits it. I can’t quite decide if that’s refreshing, scary, or both.

If you’re not up to date on what Flame is, there’s a nice post in Wired all about it.