Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft To Automate Malware Classification

Posted by ryuzaki0 on from the virus-a947qalpha dept.

Kuzulu Kuhuru writes "Researchers in Microsoft's anti-malware engineering team are using distance measure and machine learning technologies to automate the process of classifying new strains of computer viruses, Trojans and other malicious software programs." From the article: "Microsoft's proposal will take a 'holistic approach' to tackle the classification problem, Lee said, pointing out that the machine learning aspects will deal with everything, from knowledge consumption, representation and storage, to classifier model generation and selection. It aims to consume knowledge about the malware sample efficiently and automatically and represent that knowledge in a form that results in minimal information loss. "

17 of 124 comments (clear)

  1. Easy by aadvancedGIR · · Score: 2, Insightful

    Spyware provided by a big (or friend) corporation = GOOD
    FOSS = malware

  2. Priorities? by mrjb · · Score: 2, Insightful

    Is it just me, or are there more people that think that instead of getting busy automating the process of classifying new strains of computer viruses, Trojans and other malicious software programs, maybe they should address the cause of the problem first?

    --
    Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
    1. Re:Priorities? by Savage-Rabbit · · Score: 3, Funny

      Is it just me, or are there more people that think that instead of getting busy automating the process of classifying new strains of computer viruses, Trojans and other malicious software programs, maybe they should address the cause of the problem first?

      I'm not sure that training enough high class .NET certified MSCA ratified ninja commando teams to assasinate all those thousands of malware authors and spam kings would be a financially viable proposition for Microsoft. Using a fully automated self classifying system to build a proper threat library which can later be fed to mass manufactured hunter killer bots and android terminators sounds like a much more cost effective approach.

      --
      Only to idiots, are orders laws.
      -- Henning von Tresckow
  3. Throwing in the towel by noidentity · · Score: 5, Funny

    Too bad the research isn't being done on ways to prevent malware. Apple could make good use of this: "Windows has so many viruses they need a computer to help sort through them all!"

  4. This has very good potential by SlappyBastard · · Score: 2, Interesting
    IF ... and that's a big if ... Microsoft has the balls to leave it fully automated and let the system do its thing.

    Now, if they start taking payola for delisting malware, then this will be no better than all the shit the current batch of jokers/anti-spyware companies pull every day.

    --
    I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
  5. Wouldn't they be better off... by PinkPanther · · Score: 2, Insightful
    If they can classify the stuff, shouldn't they be able to stop it?

    Or is classification going to allow them to have a flashier anti-malware tool to sell?

    Can't you see it now...animation of the viruses being caught, sent down a chute that sorts them into different buckets. Different cute cuddlies for each type of virus, each with unique characteristics. They could then create an entire industry around stuffed animals and stickers the kids could trade! People would go around giving each other viruses on USB keys and via email just to watch the tool sort the cute things time and again!

    This is marketing genius at work!!

    --
    It's a simple matter of complex programming.
    1. Re:Wouldn't they be better off... by gmuslera · · Score: 2, Insightful
      Was about to comment on the same lines... too much effort to put a bright, shiny and new label to a problem instead of worrying on solving/curing/fixing it,

      Of course, you can say, oh, but a trojan is a different beast than a worm, so must be treated different by future development. Or better yet, this is a future-cool-name-that-implies-user-interaction that is really different from a future-cooler-name-that-implies-exploiting-net-ser vices-vulnerabilities. But i bet that will make things more confusing than the actual practice of putting a known label and a description of what it does or how it spread, there are a lot of virus/worms/etc that use several ways for spreading already, so thinking that this special name will solve something looks wrong.

  6. This should be amusing by PhotoBoy · · Score: 3, Funny

    How long till we get headlines like "Microsoft's Malware Software Deletes Windows after identifying it as a security risk"?

    1. Re:This should be amusing by Mostly+a+lurker · · Score: 2, Funny
      How long till we get headlines like "Microsoft's Malware Software Deletes Windows after identifying it as a security risk"?
      Indefinitely. Why should we expect such accurate results from a Microsoft written tool?
  7. Next Topic: Microsoft's plans to eliminate piracy by PrescriptionWarning · · Score: 2, Funny

    To combat pirates Microsoft plans to employ a full clan of Ninjas. According to latest polls Ninjas always have at least a 2 to 1 following compared to those who prefer pirates. These Microsoft Ninjas will be trained in all the dark arts, including, but not limited to, poisoning Pirate rum, placing explosive powders in their parrots, and using biological weapons such as scurvy induced rats. Psychological war will also be waged as the Ninjas use cardboard cutouts of themselves hidden throughout the pirate ships.

  8. Here's a thought! by danpsmith · · Score: 2, Interesting

    Why not just not have the user run as root all the time?

    The main difference I've noticed between Linux and Windows is that Linux makes it abundantly easy to run under limited access using password prompting, while Windows tries to prevent you from securing it.

    People say that "well you shouldn't run things you don't know." Well, that argument works for computer professionals and people that know what's going on. But to the average user, you should be able to tell what is and isn't going to hurt the system.

    If an application needs to access any critical areas of the OS, the running threads, the registry, or anything else deemed critical or potentially harmful, it should prompt for password. This would give IT people a clear message to send to users "If it asks you for your password, make sure you trust the program." While it might be easy to click "yes" or "ok" to everything, because windows is user prompt hell to begin with, typing in and remembering a password takes considerably more work.

    Why you would continue to try to patch the holes in the Titantic this way is beyond me. Unless now MS just wants to sell insecure products and then sell you repair kits to fix them.

    --
    Judges and senates have been bought for gold; Esteem and love were never to be sold.
  9. Just once... by GigG · · Score: 4, Insightful

    Just once I'd like to see a story run on /. that involves MS that starts a discussion of the issue in the story and not just collection of attacks on MS. I'm not a big MS fan but it does get old.

    --
    Is buying a Harley Davidson as your first motorcycle since you were 16 at age 49 a midlife crisis issue?
    1. Re:Just once... by Billosaur · · Score: 2, Insightful
      Just once I'd like to see a story run on /. that involves MS that starts a discussion of the issue in the story and not just collection of attacks on MS. I'm not a big MS fan but it does get old.

      I suggest a trip to an alternate universe... look MS haters are a dime-a-dozen, but you have to admit it's pretty cheeky of MS to take these steps instead of just cutting down on the problem to begin with. It's like the people who say global warming needs more study, when the global average temperature is going up and the polar caps are shrinking. Do we wait until we're all under water before we do something?

      --
      GetOuttaMySpace - The Anti-Social Network
  10. wtf! by Observador · · Score: 3, Funny

    I was reading the slashdot feed on my cell and the title only showed:

    microsoft to automate malware

    and I went like: wtf! haven't they done enough already?

    mind you, not an hour ago I was removing over a hundred pieces of malware that a client had. all of them on just two machines...

    --
    I wish I could filter out the annoying Pickens articles...
  11. And we all know why by tbone1 · · Score: 2, Funny
    It's easier to say something isn't a threat than to actually, you know, do something about it.

    "That isn't cancer, Mrs. Jones, we've redefined it as a sniffle."

    --

    The Independent: Reverend Spooner Arrested in Friar Tuck Incident - ISIHAC, Historical Headlines
  12. Super, a holistic approach by LordSnooty · · Score: 2, Funny

    Now Microsoft engineers sound like my PHB.

  13. Now THIS is funny! by ratboy666 · · Score: 2, Insightful

    Imagine -- so much malware that there is a REAL TEAM working on the problem of automatically classifying it!

    Wow...

    Now that I am finished laughing (and it was a good one)...

    Ratboy

    --
    Just another "Cubible(sic) Joe" 2 17 3061