Microsoft To Automate Malware Classification

Kuzulu Kuhuru writes "Researchers in Microsoft's anti-malware engineering team are using distance measure and machine learning technologies to automate the process of classifying new strains of computer viruses, Trojans and other malicious software programs." From the article: "Microsoft's proposal will take a 'holistic approach' to tackle the classification problem, Lee said, pointing out that the machine learning aspects will deal with everything, from knowledge consumption, representation and storage, to classifier model generation and selection. It aims to consume knowledge about the malware sample efficiently and automatically and represent that knowledge in a form that results in minimal information loss. "

This has very good potential

[SlappyBastard]

IF ... and that's a big if ... Microsoft has the balls to leave it fully automated and let the system do its thing.

Now, if they start taking payola for delisting malware, then this will be no better than all the shit the current batch of jokers/anti-spyware companies pull every day.

Here's a thought!

[danpsmith]

Why not just not have the user run as root all the time?

The main difference I've noticed between Linux and Windows is that Linux makes it abundantly easy to run under limited access using password prompting, while Windows tries to prevent you from securing it.

People say that "well you shouldn't run things you don't know." Well, that argument works for computer professionals and people that know what's going on. But to the average user, you should be able to tell what is and isn't going to hurt the system.

If an application needs to access any critical areas of the OS, the running threads, the registry, or anything else deemed critical or potentially harmful, it should prompt for password. This would give IT people a clear message to send to users "If it asks you for your password, make sure you trust the program." While it might be easy to click "yes" or "ok" to everything, because windows is user prompt hell to begin with, typing in and remembering a password takes considerably more work.

Why you would continue to try to patch the holes in the Titantic this way is beyond me. Unless now MS just wants to sell insecure products and then sell you repair kits to fix them.

Why not just chuck Windows and start over?

Seriously. They're wasting billions on patching up what they've got and bolting on features to deal with its inherent problems. It's pretty clear to everyone at this point that pretty soon the whole house of cards is going to come crashing down.

Instead of trying to make the existing system smart enough to classify what's attacking it, why don't they just step back and make a whole new system secure enough that it doesn't needs an attacker classification system in the first place?

Vista is years overdue and has been gutted of all of its compelling features. When it's ships it's going to be XP+eyecandy, and as a result is going to be a flop-- so why not get a skunk works operation going now to develop a 100% new Windows OS, backward compatibilty be damned. Once they get that working, then add a 'classic' Windows compatibility environment to aid in the transition from old OS to new.

They have no qualms about copying anything else Apple does, so why not do that? It's arguably one of the things that saved Apple from oblivion and brought about their renaissance. Now it could do the same for Microsoft.