Anti-Ransomware Engineering in 2003

by J. Edward Durrett

Back in the early 2000's, I had an increasing problem with spam and viruses delivered through the email system
to the company's desktops. It was becoming increasingly obvious to me that in order to defended against it I
needed to invest more in anti-virus products, both on the server side and on the client side, and institute
stricter filtering of content. However, I thought, as I still do today, increasing time, energy and monetary
resources on a problem does not fix it but merely postpones it getting worse . That is, filters work only until
someone obfuscates a piece of malware sufficiently to get by the fancy filters.

The problem, when I got right down to the core, was that our corporate mail set up allowed anyone with an Internet
connection to send data (an email, an attachment, etc) directly to our internal desktops where the desktops then
processed the data. This is akin to a bank placing its vault in the parking lot and wondering why it keeps on
getting broken into. I had already been working with an network application server, one that delivered the
graphics portion of specific applications to a users desktop while the processing occurred server side, as a
solution to running the same applications across a mixed Windows and Mac environment. So, I thought, why not set
one up for mail. And that is what I did.

Now, that first setup was not perfect. There was some definite problems, like the client connection to the server
not being encrypted, but it made an immediate and significant reduction in the time I was spending on malware. The
companyy's infrastructure has evolved over the years and remote protocols are faster and significantly more
secure but the basic concepts have stayed the same. There is one central point, segregated from the internal
network, to monitor for malicious activity delivered through email. There is not a direct window to the outside
world on the internal desktops. And, best of all, I have not spent the last 14 years applying band aids on top of
band aids.

The problem of malware delivered to an organization's network through email and executed on the desktop is not
a malware problem. It is an engineering problem based on architectural assumptions that remain mainly unchallenged
in the discourse on malware. Namely, giving unauthenticated individuals access to the desktop through email is the
problem.

Of course, there is no such thing as a perfectly secured network. Getting email off the desktop does, however,
make a significant difference in an organization's security posture. It also frees time and resources to focus
on enhancing the mission of the organization. That makes security become a value added proposition, not something
senior management dreads paying for.







Copyright (c) 2019, Jason Edward Durrett - All content on this site, unless otherwise noted, is subject to this license.

Please contact me if any errors, such as erroneous / misleading content or missing / incomplete attribution, are found.