Microsoft To Automate Malware Classification

Kuzulu Kuhuru writes "Researchers in Microsoft's anti-malware engineering team are using distance measure and machine learning technologies to automate the process of classifying new strains of computer viruses, Trojans and other malicious software programs." From the article: "Microsoft's proposal will take a 'holistic approach' to tackle the classification problem, Lee said, pointing out that the machine learning aspects will deal with everything, from knowledge consumption, representation and storage, to classifier model generation and selection. It aims to consume knowledge about the malware sample efficiently and automatically and represent that knowledge in a form that results in minimal information loss. "

Easy

[aadvancedGIR]

Spyware provided by a big (or friend) corporation = GOOD
FOSS = malware

Priorities?

[mrjb]

Is it just me, or are there more people that think that instead of getting busy automating the process of classifying new strains of computer viruses, Trojans and other malicious software programs, maybe they should address the cause of the problem first?

Simple Alog

[Slipgrid]

---snip trusted.txt---
ms
dell
hp
doj
dod
usgov
--- snip---

if (is_on_trusted_computing_list(this.product.vendor) ){
this.product.malflag = false;
} else {
this.product.malflag = true;
die();
}

Wouldn't they be better off...

[PinkPanther]

If they can classify the stuff, shouldn't they be able to stop it?

Or is classification going to allow them to have a flashier anti-malware tool to sell?

Can't you see it now...animation of the viruses being caught, sent down a chute that sorts them into different buckets. Different cute cuddlies for each type of virus, each with unique characteristics. They could then create an entire industry around stuffed animals and stickers the kids could trade! People would go around giving each other viruses on USB keys and via email just to watch the tool sort the cute things time and again!

This is marketing genius at work!!

Re:Wouldn't they be better off...

[gmuslera]

Was about to comment on the same lines... too much effort to put a bright, shiny and new label to a problem instead of worrying on solving/curing/fixing it,

Of course, you can say, oh, but a trojan is a different beast than a worm, so must be treated different by future development. Or better yet, this is a future-cool-name-that-implies-user-interaction that is really different from a future-cooler-name-that-implies-exploiting-net-ser vices-vulnerabilities. But i bet that will make things more confusing than the actual practice of putting a known label and a description of what it does or how it spread, there are a lot of virus/worms/etc that use several ways for spreading already, so thinking that this special name will solve something looks wrong.

Just once...

[GigG]

Just once I'd like to see a story run on /. that involves MS that starts a discussion of the issue in the story and not just collection of attacks on MS. I'm not a big MS fan but it does get old.

Re:Just once...

[Billosaur]

Just once I'd like to see a story run on /. that involves MS that starts a discussion of the issue in the story and not just collection of attacks on MS. I'm not a big MS fan but it does get old.

I suggest a trip to an alternate universe... look MS haters are a dime-a-dozen, but you have to admit it's pretty cheeky of MS to take these steps instead of just cutting down on the problem to begin with. It's like the people who say global warming needs more study, when the global average temperature is going up and the polar caps are shrinking. Do we wait until we're all under water before we do something?

Now THIS is funny!

[ratboy666]

Imagine -- so much malware that there is a REAL TEAM working on the problem of automatically classifying it!

Wow...

Now that I am finished laughing (and it was a good one)...

Ratboy