Slashdot Mirror

← Back to Stories (view on slashdot.org)

Throttling Computer Viruses

Posted by michael on Friday November 22, 2002 @02:32AM from the slow-down-cowboy dept.

An anonymous reader writes "An article in the Economist that looks at a new way to thwart computer viral epidemics, by focusing on making computers more resilient rather than resistant. The idea is to slow the spread of viral epidemics allowing effective human intervention rather than attempting to make a computer completely resistant to attack."

1 of 268 comments (clear)

Min score:

Reason:

Sort:

Re:Technique by OeLeWaPpErKe · 2002-11-22 03:54 · Score: 5, Interesting

heuristic scanning is very ineffective.

why ? new viruses are designed to subvert them. I've done it, installing 5 virusscanners to check if, and how they detect your virus. (btw my virus was a .com infector without a chdir instruction, not very dangerous, but it worked)

example :

wrong:
-> to_infect = "*.com"; // oops, heuristics detect this

right:
-> boem = "*.c";
-> othervariable = 5;
-> to_infect = strcat(boem,"om");

I have yet to see the first scanner that detects this one. The difference in codesize is about 3 extra bytes (assuming you were using strcat anyway) so in today's 500kb viruses it is negligeable.

Heuristics are nice, they do have some effect, but they are no solution.

Virusscanning is inherently responsive. The best they can hope to do is to repair the damage when it is done. They have no use whatsoever for online worms.