I worry that I may in this entry come across as a smug Mac user, but that’s not my intent, so if you’re initially worried that’s where I’m heading, stick with me.
Much has been said about viruses and other malware over the last few years. Apple has certainly been quick to point out the relatively malware-free ecosystem it provides through its TV and internet commercials. I’ll be frank – it’s an ecosystem I enjoy being part of on the desktop, and at the server level I equally enjoy being in a (mostly) Linux/Solaris virus-free ecosystem as well.
Without a doubt, the entire malware industry is evil. The individuals and nefarious organisations that thrive on producing malware and subsequently using either the data collected or the systems hijacked for their own purposes is a yet another sad and pathetic reflection on the state of collective human moral evolution.
An equally frustrating part of that entire ecosystem is the ‘solution’ – the anti-virus/anti-malware industry. You see, it seems to me that people who need to run vulnerable systems can either spend hundreds, or thousands of dollars on a system and then either do one of the two following things:
- ‘Allow’ it to be hijacked or otherwise misused by nefarious individuals or organisations for anything from identity and data theft through to coordinated denial of service attacks or hacking networks.
- ‘Allow’ it to have anti-malware software running which will considerably compromise the performance of the machine, introduce additional layers of software interaction that may prevent other software and equipment from running correctly, and may periodically destroy the system itself.
In a long series of anti-virus software failures, The Register has an article at the moment over yet another cock-up where the latest updates from an anti-virus software vendor results in serious damage being done to operating systems running the software. What’s disappointing is that this is not an uncommon scenario.
Yet, not running anti-malware software and latest patches on vulnerable systems seem hardly the solution either. Running my own web-server and gateway at home I’m amazed (and horrified) at the continual stream of hack attempts, particularly at the height of big worms – I can honestly believe that at these times unpatched Windows XP systems, for instance, can be infected within seconds of connecting to the internet.
Those of us who work in backup are acutely aware of many of the aspects of the dual evils of malware and malware protection software. The evils of malware are easy to quantify – we have to clean up the mess left by them by way of data and/or system recoveries.
The relative failings of malware protection software however acutely impact backup and recovery in that the interplay between OS, anti-malware software and backup agent can be a difficult beast to coordinate. If the anti-malware software allows it, various settings have to be adjusted to preven it from scanning what the backup software is reading and transferring. If the anti-malware software doesn’t allow those sorts of settings, performance is abysmal. One well-known vendor lagged years behind others and instead of allowing the exclusion of particular processes, recommended that its protection agent be turned off during the backup process. Tests, using the same hardware first running Linux, then running Windows XP were damning: 26MB/s throughput, averaged, for Linux; 24MB/s throughput, averaged, for Windows XP with the anti-malware agent turned off. 4.5MB/s throughput, averaged, for Windows XP with the anti-malware agent left on and constantly scanning the backup process. (Is it any wonder that some computer users feel endlessly compelled to upgrade their systems given the continual performance drain created by anti-malware software?)
That’s just for backup. When it comes to recovery, anti-malware software can become even more insidiously interruptive if not configured correctly. The complex interplay between permissions of the account running the anti-malware software and the account running the backup agent, not to mention the account logged into by the user running the recovery, can result in bizarre recovery issues that simply should not happen.
I’m not suggesting the solution is to turn off anti-malware software, or that even having the world jump en masse to less vulnerable operating systems will do the trick – it’s likely that will just shift the problem as well.
At the moment we’re stuck with the dual evils – malware, and malware protection. The more vulnerable the operating system or environment, the more likely the case that you can’t live with one and can’t live without the other.
As a long-term computer user, I periodically get the disbelieving/incredulous reaction talking to younger computer users that aren’t aware of industry history. It seems that saying things like “I remember how amazed I was to get a 19K expansion cartridge for my Vic-20” is akin to someone saying “I still remember watching the Wright brothers make their first flight”.
I’d like to think one day there’ll be disbelieving and incredulous reaction from younger computer users to someone saying “I remember the time when malware and anti-malware software used to steal 90% of the processing power of computers…”