In its 2006 survey of 616 US IT security professionals, The Computer Security Institute found that 65% of companies represented had experienced a virus attack. Given the consistently expanding number of recorded viruses and malicious threats, many vendors have stepped into the security space, offering anti-virus, anti-phishing, anti-spyware personal firewall and other security technologies seeking to deliver protection against these threats. The amount of security solutions and uiuc self service is in the thousands; every year vendors release additional solutions designed to provide faster and better protection against evolving threats, increase product usability, and support additional platforms.
The increasing quantity of security vendors and applications introduce new challenges to security vendors and system integrators tasked to classify, identify, manage and check currency of anti-malware applications — whether the task is associated with an integration project to solve needs for specific customers, or building a new security solution that needs to interoperate with one or many anti-malware applications. The Classification Challenge includes a verification of anti-malware application binaries, especially when they could be compromised by malicious code. Malwares can do that by creating binaries and executables with identical names, by adding similar registry keys or by reporting to the operating system.
The Identity Challenge includes a verification of anti-malware application binaries, especially when they could be compromised by malicious code. Malwares can do that by creating binaries and executables with identical names, by adding similar registry keys or by reporting to the operating system. This challenge extends with the existence of rogue applications – a rogue application is marketed as an anti-malware application. It reports to the operating system as an anti-malware application although it does not provide proven, reliable anti-malware protection. It may use unfair, deceptive, high pressure sales tactics to induce gullible, confused users to purchase.
The Manageability Challenge is a common programmatic way to control common features of anti-malware applications. Although each anti-malware vendor may offer similar functionalities such as scan or update, managing these functionalities programmatically differs from one solution to the other. Different anti-malware applications have different interfaces. Some anti-malware applications have an API programs, others may have a well documented CLI, but the interfaces are not consistent across vendors. For example – one vendor could expose definition update functionality, but others may not. Any integration attempt also faces interface quality aspects across the vendor spectrum as interfaces may break.
The Currency Checking Challenge – Many anti-malware applications are signature-based. This means that in order to keep the anti-malware application effective, it has to be current with the latest definition update. Many anti-malware vendors provide an update mechanism for their anti-malware engines. Vendor update mechanisms follow different security schedules such as hourly, daily, weekly or even monthly updates. This increases the complexity of currency checking because of the challenge of figuring out every update mechanism schedule and comparing it to the signature files on the local machines.
Object Oriented Programming (OOP) is a great way to solve the anti-malware integration challenge. OOP is more than just a programming concept. It is a way of thinking about applications. It is learning to think of applications not as procedures, but as objects. Objects that do things (methods), and have attributes (properties), and are therefore logically grouped by the way they appear and behave.
If we’ll perform an Object Oriented design and analysis for the anti-virus application, the anti-virus application could be considered as the object, that object’s methods could include: scanning file, scanning memory, triggering an update etc. The properties could include name, version, language and type. Abstraction is a powerful feature provided by object-oriented languages. The concept of abstraction relates to the idea of hiding data that is not needed for presentation, present only the information. The main idea behind data abstraction is to give a clear separation between properties of data type and the associated implementation details.
This could be ideal to manage specific security application features as by hiding data or abstracting details that are not needed for presentation. For example: low level operation of an antivirus could be hidden — such as open or close a file while relevant logically methods could be exposed such as antivirus.scan(); or antivirus.update(). Other benefits of this abstraction is enhanced security – abstraction gives access to data or details that are needed by users and hides the implementation details, providing enhanced security for application. For example the method antivirus.clean(file) could be exposed while method like antivirus.cleanPrepare() or antivirus.cleanVerify() could be hidden.
Another feature of object-oriented programming is inheritance. Inheritance allows an object to have the same behavior as another object and extend or tailor that behavior to provide a special actions or special actions for specific needs. Let’s use the anti-malware application as an example. Both anti-malware applications “John” and “anti-malware Doe” objects have similar methods such as scanning a file and similar properties such as vendors and version names.
Rather than put these methods and properties in both of these objects, the method could be placed in a new object called object Antivirus. Both anti-malware John and anti-malware Doe become child objects of the object Antivirus, and both inherit the object Antivirus’ behavior.