Devil's Advocate: Your PC will never be safe

How can you protect your PC when hackers target the very security software that's supposed to be doing the job? Martin Brampton discusses this great conundrum of the security industry.

Think your PC is safe because it has the latest security software? Maybe not. The latest trend is increasing levels of attack based on weaknesses in the code of popular security products. And with spyware growing by leaps and bounds, there is a whole new sector to attract new security software with new vulnerabilities.

It is hardly unique to computers. Resisting delinquent behaviour is a never-ending task where there are no real solutions. For decades, cars had risible security. At one time, keys could be bought by number and the correct number was sometimes even stamped on the ignition lock for convenience. All the car thief needed was good eyesight and a handy car accessory shop.

Yet as car makers have made the locks better, the result has not been a reduction in crime, merely a shift in style. With the car harder to steal without a key, the emphasis has moved to removing the contents, or simply taking the keys from the owner with the threat of violence.

After years of derision, Microsoft has actually started to make efforts to patch up the most blatant vulnerabilities in Windows. Evidently the effort has met with a degree of success. The result is that hackers have started moving to another target that is widely installed in personal computers. This time, it is the very security software that is supposed to keep out the hackers. It turns out that it often contains flaws that could actually enable an attack.

As with so many other security issues, using less popular software is likely to be helpful. From the hackers' point of view, the ideal target is installed on a large number of systems. The market leaders in a software sector are therefore the most tempting prizes. But as I have often noted before, the computer market is notorious for its herd instinct, which often leads to the dominance of one product in a sector.

Given time, no doubt the security vendors will find ways to harden their software. The trouble is that hacking is not something that stands still. The time it takes to fix a problem is exactly the kind of opportunity that is sought by the hackers. After the solution is found, hackers will move on to something else.

That something else might well be the category loosely known as anti-spyware software. Some of the exploits that might be called spyware are claimed to be legitimate advertising tactics. Their creators have threatened legal action against software companies that designate them as any kind of malware. So it seems that the best that can be achieved is to describe everything of this nature as an annoyance.

The category therefore includes everything from keyloggers that monitor your every stroke and diallers that take you to premium rate phone numbers to tricks that persuade you to view advertisements. Whatever the precise definition, it is a category that most people find an increasing nuisance.

Inevitably, the rising incidence of this kind of thing is creating a rapidly growing market for antidotes. And just as software to guard against spyware becomes widespread, so it is likely to become a focus for hackers seeking weaknesses. The complexity of defensive software makes it inevitable that there will be some flaws.

So it seems that we never solve problems without creating new ones. Perhaps that is just as well; maybe it is the salvation of the computer business.