Langa Letter: Norton Antivirus And The Single-Layer Defense Fallacy - InformationWeek
Software // Enterprise Applications
12:19 AM
Fred Langa
Fred Langa
[Cybersecurity] New Methods for Managing the Skills Shortage
Jun 06, 2017
In this webinar, security experts discuss methods for doing better security with fewer people, inc ...Read More>>

Langa Letter: Norton Antivirus And The Single-Layer Defense Fallacy

A simple hack can disable Norton's script blocker. Fred Langa's solution not only works around that problem, but many others as well.

First: How Not To Fix The Problem
I think it's unrealistic to hold any vendor completely culpable for problems caused by user actions and inactions. Plus, when vendors attempt to remedy such problems, they often end up doing as much harm as good.

For example, Microsoft faced the same kind of problem with its Outlook Express, a lightweight E-mail client notorious as a vector for all kinds of attachment-borne malware infections. Microsoft's eventual response was simply to block Outlook Express from processing most types of attachments: If the attachments weren't there to be processed, then users couldn't click on them. While this inarguably does help prevent attachment-borne malware, worms, viruses, and the like from infecting users' PCs, it also prevents them from accessing many types of useful or harmless attachments. This approach to reducing some of Outlook Express's vulnerabilities also made it a much less capable and convenient E-mail client: A classic zero-sum, no-win scenario that simply traded one problem (insecurity) for another (inconvenience).

Along the same lines, I suppose that Symantec could produce a 100% bulletproof script blocker simply by disabling the PC's Scripting Host or otherwise preventing all scripts from running, period. But this draconian solution would cause as many problems as it cures; and really is no solution at all.

The Better Solution: Strength In Numbers
The simple solution to problems with security tools isn't to depend on any one tool or vendor to do the job. By analogy, think of your car: Under the right circumstances, any car can be stolen. All you can do is protect your car against casual thievery; and defended enough against serious attack that thieves will move on in search of an easier target. For example, you might start by making it a habit always to roll up the windows, lock the car, and take your keys with you. In high-crime areas, you might make sure to use whatever anti-theft system your car came with; or you might consider adding such a system to the car. In very risky areas, you also might invest in a steering wheel lock or pedal immobilizer. You might even spring for Lojack, OnStar, or a similar system to help track and recover the car if it's stolen; and so on. The idea is to add multiple layers of security to the car so that even if one fails on its own or is deliberately defeated, there still are other systems in place. Combined, the multiple systems add up to more security than each of the systems alone; and any rational thief will seek a less well-protected car to steal.

Same with your PC: Under the right circumstances, any PC can be hacked, broken into, or otherwise compromised. But multiple layers of security can make your PC proof against casual attacks; and an extremely hard target for even determined attacks.

For example, in addition to an active script-blocker like Norton AV's, you can adjust the basic security built into the newer versions of Internet Explorer (in Tools/Internet Options/Security and Tools/Internet Options/Advanced). You also can employ a firewall like ZoneAlarm, which contains a separate, independent E-mail script blocker (under "Email Protection"). You can use tools like Spyware Blaster, WinPatrol, Ad-Aware and Spybot S&D, which offer either residual protection or active background processes that guard against the actions of some scripts (such as modifying the Registry). If you're using a good E-mail client, you can explicitly instruct it to quarantine, delete, or ignore whatever file types you specify. And you could use any one of a number of other script-blockers, such as this.

I'm sure you get the idea: While it's hard to imagine any one system needing all of the above tools at once, the abundance of script-security options proves the point that there's absolutely no need to put all your trust in only one tool. By using at least two tools, you can help ensure that any problem that affects one will be caught by the other. In this way, multiple tools can buttress each other, and act as mutual safety nets or backstops. There's absolutely no need to put all your security eggs in one basket!

We touched on this subject some time ago in this space in "How Much Protection Is Enough?" That article shows how even just two or three layers of defense can hugely increase your PC's overall security (and not just with script protection).

I've added to my PC's layers of defense since that article was written, in part because the online world's gotten a lot nastier. To keep my PC safe, I run a full-time, always-on antivirus tool (such as Norton's) with script blocking enabled. I use an always-on firewall (such as ZoneAlarm) with its own script blocking; plus its ability to block unauthorized inbound and outbound connections. I use several other anti-malware tools that either actively guard against spyware, scripts, and malicious "active" content, or that prohibit Registry changes caused by malicious code. Another simple tool notifies me if or when any software tries to insert itself into or otherwise change my PC's startup sequence. My E-mail is configured not to use Internet Explorer to view HTML E-mail content, but to use its own built-in, simple (and thus harder to break) HTML viewer; and to ignore attachments whose file extensions appear on a long list of dangerous file types. The PC never connects directly to the Internet, but rather only connects through a server running a Network Address Translator. This hides my PC's real address from anyone outside our local network, and makes it all but impossible for someone to hack into my PC without first hacking into the server, which is protected by its own separate firewall and ancillary defenses.

I admit it: This is more protection than most PCs need. But it does well illustrate the concept of multiple layers of defense, which can help on any PC. Then, if there's a problem with any one layer or tool, others are in place to help take up the slack and ensure that your PC stays safe.

2 of 3
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of Data and Analytics
Today's companies are differentiating themselves using data analytics, but the journey requires adjustments to people, processes, technology, and culture. 
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll