The hidden dangers of our protection technology PART 1: Understanding Threat Mechanics

understanding threat mechanics

In light of the recent announcement about the “Double agent” vulnerability method people are getting really confused. Clients have been asking me:

Should I use antivirus software?

What if I do not use antiviruses?

Can I afford having an alternative solution?

Can I support having an alternative solution?

What if I am not technically oriented enough to do this?

What if I do not have the time to do this full-time?

Well, these are all questions that were considered only by larger organizations in the past as well as in the government sectors or for safety critical infrastructures. Now we are at a stage where the aforementioned problems becoming the problems of small and medium size businesses while the dangers for large corporations and governments are getting even worse.

Hopefully large corporations, governments and safety critical infrastructures do not use only antivirus software for their protection but for anyone who is using them as their main protection layer the following need to be considered.

Understanding Threat Mechanics

  • Antivirus software is still software which means that it is comprised of code. These lines of code are not bug free because they are not formally verified. Anything a human write cannot be error free thus, there is a possibility that the lines of code in any software even an antivirus are vulnerable.
  • Furthermore, in order to be able to discover the new threats faster and prepare ways to protect their clients’ devices – to give credit where credit is due they are very good and fast at doing that – they need to collect information from all the devices in their network of protection. This vast amount of information is transferred through the internet which means that someone might be able to intercept it and examine and manipulate that information in a way that can be harmful for the antivirus network devices.
  • Perpetrators could also design a social engineering attack where they could target antivirus network devices with faulty updates and phishing emails. These are real scenarios.

A big part of my profession is to build scenarios of attacks in order to be able to design a protection solution which will eliminate them. There are both normal scenarios and corner case scenarios.

The evaluation of scenarios is not an easy straightforward procedure and it requires the use of mathematical models in tandem with the consideration of several variables in order to come up with the ones that are more probable. There are many factors to consider when creating threat scenarios but now it is not the time to analyse how to craft scenarios.

The reason I mentioned scenarios is because in order to decide on which solution is best we need to evaluate the likelihood of them happening and I am going to do so in the next article.

If you want to know more about how cyber-criminals study you and they use your information against you by creating threat scenarios read my article “Why are you so predictable?” here