Wednesday Sep 27, 2006

Are we going towards a world where antivirus software will become too slow?

In Symantec's 10th Internet Security Threats Report, it is noted that in 2006, over 6700 new Windows viruses were identified. The number here may seem innocent in itself, but think about this... we've had viruses since I've been hearing of personal computers (there were already viruses on Commodore Amigas and Apple IIs in the eighties - granted they didn't propagate by themselves and you had to share them by giving an infected floppy to a friend). But the progression rate is accelerating. Every year sees even more new viruses than the previous.

What will the impact of this be on your every day activity if you use an operating system that is a heavy target for viruses?

In the comming years, your computer will, for every sensitive file accessed (executables, dynamic libraries, shared object code in general) need to scan that file for multiple tens of thousands of different virus signatures. Even with strong optimisation of scanning code and disk access, this heavy activity won't be without effect on the reaction time of the computer. Even today, if you want to play it unsafe for a few minutes and turn off your antivirus, you will notice your machine is significantly faster in running various activities.

What can we do about it?

Maybe the first thing to do is, and should be, to consider deploying operating systems that are not as sensitive to viruses and other malicious code. Consider operating systems that have proper user permissions, that don't encourrage the actual user to log in as administrator for day to day activities. Make sure that your operating system of choice is designed so that user-triggered programms can't modify system parameters or files. Pick an operating system for which the only possibility for malicious code to run efficiently is to exploit an implementation bug, rather than a normally planned feature.

This is sometimes more feasible on the server side, than on the desktop side. But it will already help a lot if your server infrastructure can perform at full speed while being almost completely insensitive to the usual malicious code out there.

If you can't change your desktop, then you will be stuck with degraded performance as antivirus software around the world struggles to scan for more and more vulnerabilities. You can partially mitigate this by first protecting your machines from external aggressions (by deploying host based firewalls), which will limit the number of worm infections, but will not necessarily protect your machine from infected documents and client-side attacks. Then you need to educate your users seriously about the risks of infection of their machine from third party content. It's mostly a lost battle, as history has shown.

It seems that the price to pay for using insecure platforms will be of not being able to fully use the computing power of our machines, in addition to the risks of infection by malicious code.

Wednesday Dec 14, 2005

UltraSPARC T1 - Cool threads? Cool crypto!

Now that you've read all about how the new UltraSPARC T1 processor is great for saving energy, operating at lower temperatures, all while delivering impressive performance, there is something more for those of us who need to do cryptography as part of our daily jobs.

The UltraSPARC T1 processor includes a Modular Arithmetic Unit (also known as : MAU). Actually, there is one MAU per core, and the UltraSPARC T1 contains 8 cores (at 4 threads per core). The MAU handles some of the compute intensive operations that are used by some of the more popular cryptographic functions like RSA (this is a public key encryption algorithm used, most often, to encrypt things like session keys which will then be used for encrypting the actual traffic with a symetric algorithm like AES, IDEA, or GOST), DSA (this is an algorithm used for digital signatures), and DH (the Diffie-Hellman key exchange used when initating key exchanges in establishing encrypted links like SSL that enable secure access to web sites).

Of course, this is not really interesting if you have to change everything around it to benefit from this. Fortunately, Solaris has done things extremely well in this area (as it has, just about everywhere else). On top of UltraSPARC T1 processors comes, on Solaris, a library called NCP (for Niagara Cryptographic Provider - Niagara being the internal code name for the UltraSPARC T1 processor at the time it was created). This library is then seen and used transparently by the Solaris Cryptographic Framework.

And the magic, here, is that automatically, all applications that use the Solaris Cryptographic Framework immediately benefit from the NCP, which uses the MAU... which gives significant performance increases in cryptographic functions. Examples? Java. Use Java 1.5 on Solaris on a machine with an UltraSPARC T1 processor (such as our new T1000 and T2000 machines) and automatically your Java application does hardware accelerated cryptography. Use any application that involves the OpenSSL library of Solaris (or the PKCS#11 engine it provides) and same thing... your web server, your application server, your SSH server, your portal server... all go much faster, or with much less load on the CPU. Imagine doing around 600 RSA operations per second with just around 5% of CPU use. It's a reality with the UltraSPARC T1.

Say you are running a portal for a telco. You are getting thousands of hits per second. You want to put a security reverse proxy in front of the server farm. The reverse proxy needs to control the security of all the connections, and you want it to act as an SSL end point as well. This is an ideal situation for a T1000 or T200 server which will feel right at home.

Why does it matter? Because in today's world, we all want to run more secure applications, we want them to scale to thousands or hundreds of thousands or millions of users, and we want all that to be cost and energy efficient. And with an UltraSPARC T1 system from Sun, this is done almost entirely automatically for you.

Friday Oct 28, 2005

Surveillance is good? What happens when things go wrong?

These days, we are told, and there is certainly some validity to this, that more surveillance means more security.

This is all fine, when we live in a country where we trust the government, or when we work in a company where we trust the management. But my sister, Dr. Magali Gravier, Political Scientist, at the University of Salzburg is quick to point out that there have been many previously recorded cases where things have turned sour, where governments have stopped being the all benevolent entity that most of us can enjoy and trust in our modern world, or when corporate management suddenly decides to change the rules.

We are asked to provide more and more information that gets stored, correlated, centralized, and finally, accessible (albeit with strict controls) by the authorities, all of this, of course, to enable our governments to better catch criminals "you don't have to worry if you only do legitimate things". Take a look at what happened between 1939 and 1945. Before that time, the German people could (like most of us do) blindly trust their governments. Then, in a few weeks or months, before anybody new it, they were under a totalitarian regime. Imagine the destruction, had the German government of that time previously decided to store centrally information on citizen's ethnic origins, or religion. Imagine how much faster, and how much thorrowly they could have accomplished their crimes.

What protects us, today, from something bad happening? Ah, yes, we live in democracies. But is that really enough? Coups-d'Etat happen every year, in countries that might have seem to be peaceful just before. And then there are slow drifts that the people don't necessarily catch at first... and only realize when it's too late, when they have lost their liberties.

Considering the risks involved in relinquishing some liberties, is it worth it losing a bit of liberty in order to, maybe, gain some security? Are we certain that the incremental security gain is really there? Remember that the more you constrain liberties, the more you move away from democracy and liberty, and thus the more you give victory to terrorists. The balance is very delicate.

Does it make sense, for example, for me to write down in 2 separate documents, before flying to the USA, the complete coordinates of the hotel I will stay in... when I can, the moment I arrive at my first hotel, cancel my reservation there and book another hotel to which I pay cash.

Does it make sense, also, to prevent me from carrying a nail clip inside a plane, when I am allowed to walk in the same plane with a nice glass bottle of perfume that will fragment into very sharp and cutting shards the moment I strike something hard like an seat armrest with it?

Think about it. What are we really trying to accomplish? Who's game are we playing? Who wins, in the end?

Wednesday Oct 26, 2005

Security : Are we doing the right things for the wrong reasons?

So looking at some of the things we do, I can't help but wonder if we aren't completely missing the boat sometimes.

Take the example of preventing counterfeit money. Vendors of photo manipulation software have been coerced into embedding code in their applications that, if they see that they are manipulating a file that has certain patterns, then they prevent you from saving it, and bring up a pop-up saying that you are a naughty person trying to manipulate the image of a banknote. Wouldn't it be much better to design banknotes that are much harder to copy? What this behavior is encourraging is for people to use open source software like TheGIMP which has no such controls. Of course, soon, you will have printers, and scanners, and maybe computer BIOS that will all collaborate, so people will turn to OpenBIOS, and keep old printers and scanners to keep making funny-money for their kids playing monopoly.

What is more frustrating is that I never saw an official announce from the software vendors about this feature (I would have imagined this as part of the "What's new in version XX" documentation). This is being done covertly, pushed by entities that we have little control on. The latest example is the fact that more and more printers implement a hidden watermarking feature that enables law enforcement to trace printouts to the printer's serial number, so to the legitimate owner. Of course, not taking into account stolen machines, gray market machines... so encourraging that kind of behavior in criminals which are not going to stop at that.

Why don't we learn to fix problems at the root? Security features should be built into things at their design. Not slapped on afterwards. It doesn't help anything to have software prevent you from scanning banknotes. Design banknotes that are close to impossible to print easily. It doesn't help to add copy protection to media. Design business models that make copying of media irrelevant.

We live in a world where too often we try to fix things that were designed broken, or for which the security model has become irrelevant in our modern times, and instead of going back to the drawing board to build a new version, redesigned from scratch, adapted to the current context, we desperately try to slap patches on, ignoring that we are closing small holes in a wide open structure.



« August 2016