I saw a post the other day (I’m not sure where, otherwise I’d cite it) that proclaimed that a properly designed system didn’t need any anti-virus or anti-spyware software.
Forgive me, but this comment is about as intellegent as “I can see a worldwide market for 10 computers” or “no properly written program should require more than 128K of RAM” or “no properly designed computer should require a fan”.
The reason for this is buried in the subject of this post, it’s what I (and others) like to call the “dancing bunnies” problem.
What’s the dancing bunnies problem?
It’s a description of what happens when a user receives an email message that says “click here to see the dancing bunnies”.
The user wants to see the dancing bunnies, so they click there. It doesn’t matter how much you try to disuade them, if they want to see the dancing bunnies, then by gum, they’re going to see the dancing bunnies. It doesn’t matter how many technical hurdles you put in their way, if they stop the user from seeing the dancing bunny, then they’re going to go and see the dancing bunny.
There are lots of techniques for mitigating the dancing bunny problem. There’s strict privilege separation – users don’t have access to any locations that can harm them. You can prevent users from downloading programs. You can make the user invoke magic commands to make code executable (chmod +e dancingbunnies). You can force the user to input a password when they want to access resources. You can block programs at the firewall. You can turn off scripting. You can do lots, and lots of things.
However, at the end of the day, the user still wants to see the dancing bunny, and they’ll do whatever’s necessary to bypass your carefully constructed barriers in order to see the bunny
We know that user’s will do whatever’s necessary. How do we know that? Well, because at least one virus (one of the Beagle derivatives) propogated via a password encrypted .zip file. In order to see the contents, the user had to open the zip file and type in the password that was contained in the email. Users were more than happy to do that, even after years of education, and dozens of technological hurdles.
All because they wanted to see the dancing bunny.
The reason for a platform needing anti-virus and anti-spyware software is that it forms a final line of defense against the dancing bunny problem – at their heart, anti-virus software is software that scans every executable before it’s loaded and prevents it from running if it looks like it contain a virus.
As long as the user can run code or scripts, then viruses will exist, and anti-virus software will need to exist to protect users from them.