Have not been using Windows Live Writer for a while since trying out the beta version. On running it again today, after installing the release version, then discovered that I have the blog below drafted but not published yet. It is great that the Writer application didn't simply discard the old data associated to the beta version. So, here's the long overdue one to share.

Sep 12, 2007. Just come across this article, which commented on Joanna Rutkowska's comments about the ineffective of AV approaches today, and that digital signature is the way to go:

Has the entire AV industry been wrong since its start?

This is another classic "silver bullet" idea, or in Chinese saying, a "Xian Dan" (仙丹) that can get rid of and prevent all kinds of illness. Unfortunately, the nature of information security is that it exists as part of a larger system, and as the threat environment and technology, process, and people aspects of the system change, the security requirements change. A solution today may even become a vulnerability tomorrow. There's no silver bullet.

Take the digital signature approach as proposed for example. Digital signature relies on cryptography, and more commonly, public key cryptography. Public key cryptography depends on the security of a mathematical trapdoor that can only be unlocked by the private (or secret) key. If the trapdoor can be found without using the private key (as some public key cryptographic algorithms were cracked before, such as the Knapsack Cipher), the system breaks. As such, there's a dependency involved, and therefore associated risk to be considered. No perfect solution. The approach, I would think necessary, is always be prepared for potential failures. Understand how failures may occur, and determine the triggering events that we need to monitor so that we can respond at the earliest moment, in a most effective manner. Technology, or security techniques, should not be the starting point for evaluating security problems. Understanding the security problems should be the starting point.