Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Virus Squad

Posted by michael on from the 3-parts-hype-2-parts-drudgery-1-part-usefulness dept.

dncsky1530 writes "Sydney Morning Herald - The Virus Squad - 'A new species has been discovered. So new, it's still unnamed, but researchers are racing to tag it - before it spreads around the world. For the next 10 to 30 minutes, the computer virus or worm is dissected, analysed and identified... "On the day we detected MyDoom, we did another 18 viruses," says Paul Ducklin, Sophos's head of technology for the Asia-Pacific. "There are about 800 new viruses a month. And the unglamorous bit of our work is often the other 798."'"

14 of 175 comments (clear)

  1. Ugh, these aren't viruses... by tgd · · Score: 5, Insightful

    Maybe a lot of /. readers are too young to remember real viruses, or to have played around/collected them, but its been a decade since a real infectuous virus has gone around.

    If it can't infect any arbitrary EXE file, its not a virus, its a trojan or a worm, depending on wether or not its a moronic user or a security hole that allows it to enter the system.

    1. Re:Ugh, these aren't viruses... by ATAMAH · · Score: 4, Insightful

      >> ... its been a decade since a real infectuous >>virus has gone around. No, it's actually hasn't been that long. http://securityresponse.symantec.com/avcenter/venc /data/cih.html

    2. Re:Ugh, these aren't viruses... by Jonathan · · Score: 4, Insightful

      If it can't infect any arbitrary EXE file, its not a virus, its a trojan or a worm, depending on wether or not its a moronic user or a security hole that allows it to enter the system.

      I agree trojans aren't viruses, but worms are exactly the same thing as EXE viruses except at a bigger scale -- instead of merely infecting EXEs on one system, it infects systems on a network.

    3. Re:Ugh, these aren't viruses... by interiot · · Score: 5, Insightful
      The main reason we needed to have a copy of the virus in every executable was because we were running on DOS, which doesn't usually support multiple programs running at once. And a lot of networks were little clumps of networked file systems.

      Now that the most common OS's support multiple processes at once, and the internet/web/email is the main thing that connects everybody (and writable network file systems are mainly only found in the workplace), viruses have naturally changed.

  2. Re:I wonder by prat393 · · Score: 5, Insightful

    Well, I have to wonder how well the whole antivirus industry is handling the problem; why release virus signatures instead of just changing the entire underlying security system in the operating system? It's things like viruses that make SELinux seem like a very good idea to me.

  3. Re:I wonder by BiggerIsBetter · · Score: 5, Insightful

    It's things like SELinux that make the status quo seem like a very good idea to the antivirus industry.

    --
    Forget thrust, drag, lift and weight. Airplanes fly because of money.
  4. Half-life of Viruses by Melvin+Daniels · · Score: 5, Insightful

    "There's still a big perception out there that only broadband users need one," Lee says. "Everyone needs a firewall, along with antivirus."

    This rings all too true. If forwarding ports for certain applications wasn't such a pain in the ass, I would say make ISPs require firewalls or find a way to have some sort of personal firewall for their connection that they can access from the internet and change the settings on. Just a thought.

    This would bring up other problems, but it'd at least stop a lot of problems with trojans and open relays.

    1. Re:Half-life of Viruses by BiggerIsBetter · · Score: 4, Insightful

      That would be fairly easy to set up. An ISP could provide a web interface to configure per user "pin holes". Default to blocking all traffic from the customer, and some traffic to the customer (smb traffic, for example), and let them enable things if they need to. Not hard to do at all, as long as arbitrary "thou shalt not use port X" policies aren't brought in along with it.

      --
      Forget thrust, drag, lift and weight. Airplanes fly because of money.
    2. Re:Half-life of Viruses by cerberusss · · Score: 4, Insightful
      >>Everyone needs a firewall, along with antivirus
      >This rings all too true

      That may be true for a Windows machine where controlling the number of open ports is difficult and where you have every piece of software calling home, but on my Linux laptop, I don't run a firewall. I just don't see the need. I've got ssh open and that's it. And X, from which I haven't heard anything since 4.0.

      --
      8 of 13 people found this answer helpful. Did you?
  5. Huh? by Anonymous Coward · · Score: 5, Insightful
    Virus writers seem to be paying more and more attention to what makes people click - and that makes observers like Lee suspicious. "I'm sure these people are recruiting psychologists."

    How does that go?

    "I AM PR3PAr3D T0 0ff3R TH3 2um 0F tHR33 BaGz 0f Ch33zY P00fS 4 a 3l33T P2Ych0!og!st!!!"

    "While you clearly have abandonment issues, the practice has been hard up for money lately. Very well, I accept. But first, tell me about your mother."

    Look, it doesn't take a psychologist to explain that when you sit the average person in front of a computer, they become a mouse-clicking fool. No amount of emergency IT sessions with the staff explaining precautionary tactics involving attachments is going to change that, and if any psychologist recruitment is necessary it's to explain why the average person keeps clicking attachments to messages in obviously broken English.

    That's why blaming software vendors like Microsoft is stupid. Will four ARE YOU SURE YOU WANT TO RUN THIS warnings before allowing the execution of an attachment do any more than three?

  6. Re:I wonder by prat393 · · Score: 5, Insightful

    But how often do you run across a computer you have to service with expired virus subscriptions? It seems to happen to me quite a bit. I suppose M$'s virus scanner mentioned earlier on /. might help, but that reeks even more of conspiracy than the current "protection money" setup does.

    Rather than bundling a questionably legal virus scanner into their next service pack, Microsoft should perhaps add a tool that helps to lock down permissions on NTFS volumes, creates unpriveleged accounts for users and various services, etc. Even with the multitude of security holes, Windows can be made a lot harder to mess with, if you put a little work into. The key here is privelege seperation.

  7. Glamorous? by Aphrika · · Score: 4, Insightful

    "There are about 800 new viruses a month. And the unglamorous bit of our work is often the other 798."

    Anti-virus vendors that consider a mass outbreak of a worm to be 'glamorous', compared to the 'unglamorous' stuff that doesn't get as much publicity? It might sound daft, but consider that they (should) put the same amount of work into each and every virus - i.e. preventing it - there shouldn't really be an issue with how glamorous something bad is.

    Analyse it, deal with it, out the door, next virus is how it should be. I'd hate to think how they'd deal with biological virus outbreaks...

  8. Re:AV companies? by benj_e · · Score: 5, Insightful

    programmers that prefer to spend their know-how writing code they will never get paid for, instead of selling their experience to someone who needs it and earn a lot of money

    Right, no one would ever write code for the joy of writing it. That's why this OSS fad will never take off...oh wait.
    --
    The Tao that can be spoken is not the one eternal Tao
  9. Virus story. Yawn. Scroll. by BiOFH · · Score: 4, Insightful

    Open Safari. Go to /.
    Virus story. Yawn.
    Wonder how people can still defend Windows with that "it does what I want" or "it gets the job done" excuse.
    Scroll.
    Get on with doing what I want and getting the job done.

    (posting no bonus. mod off topic if you must. just an aside.)

    --
    - I am made of meat.