Throwback Thursday: The Updating Game

Posted by   Virus Bulletin on   Jul 2, 2015

This Throwback Thursday, we turn the clock back to 1997, when automatic updates of AV software were not the norm.

We all know that the malware scene has changed almost beyond recognition in the last 25 years — one clear indication of that is the fact that, in 1991, we were being advised by the experts to update our anti-virus software on no less than a quarterly basis: four times per year.

In today's age of automatic updates, the idea of updating anti-virus software just four times a year seems laughable — and the idea of there being no other choice than to update manually (whether four times per year, once a month or once a week) not only seems strange, but also seems to put a lot of onus on the weakest link in the security chain: human end-users.

In 1997, VB's then Technical Editor Jakub Kaminski wrote: 'Soon, those programs which are able to find the relevant developer's site, download their own upgrades, and distribute and install themselves through users' networks will be the clear winners.' He wasn't wrong and by 2004, Sophos's Graham Cluley was telling us that 'Effective anti-virus protection includes the ability to poll automatically for security updates on an hourly basis.'

Jakub's forward-thinking editorial piece, in which he comments 'giving users access to daily updates is becoming a necessity for those who want to stay in business' can be read here in HTML-format, or downloaded here as a PDF.

A later piece, by Rob Rosenberger, compares reliance on anti-virus updates to an addiction to prescription painkillers, bringing us the bad news that 'Even persistent updating won't be enough ... Because anti-virus firms spend hours preparing each injection before you can download it. You'll still be lagging behind the latest virus threats when you finally switch to an intravenous update.' Rob's cheery piece can be read here in HTML-format, or downloaded here as a PDF (no registration or subscription required).

Posted on 02 July 2015 by Helen Martin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.