Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Current State of the Malware/AntiVirus Arms Race

Posted by Zonk on from the watch-out-for-weblife dept.

An anonymous reader writes "An article at Net Security explores how malware has developed self-defense techniques. This evolution is the result of the double-edged sword of the malware arms race. Anti-virus technology is ever more advanced, but as a result surviving viruses are increasingly sophisticated. What Net Security offers is a lengthy look at the current state of that arms race. 'There are many different kinds of malware self-defense techniques and these can be classified in a variety of ways. Some of these technologies are meant to bypass antivirus signature databases, while others are meant to hinder analysis of the malicious code. One malicious program may attempt to conceal itself in the system, while another will not waste valuable processor resources on this, choosing instead to search for and counter specific types of antivirus protection. These different tactics can be classified in different ways and put into various categories.'"

3 of 139 comments (clear)

  1. Re:Viruses will never go away by doti · · Score: 3, Insightful

    And how will they compete with Free software anti-virus?

    --
    factor 966971: 966971
  2. Oh please... by Opportunist · · Score: 4, Insightful

    This conspiracy is about as old as the AV industry. At least you spared us this time the drivel about AV vendors first of all creating malware so they can sell their stuff.

    Basically it's impossible to write the perfect AV software. It simply does not work. The perfect AV software could, of course, exist: Simply disallowing ANY kind of user interaction and installation of additional products. Perfect computer. Useless, but perfectly safe.

    The problem is that malware does not use anything "special" that makes it easy to say "something that uses function X or accesses Y is malware". Doesn't work that way. What malware does it usually not much different from normal program activity. They access the windows registry, create keys there, they create and alter files (not necessarily system files, which would be "suspicious" behaviour to say the least), they plug into Internet Explorer, they open ports for incoming connections, they transfer data to and from the computer.

    It's not anything that is by defintion "bad". How'd you want to create the "perfect" AV product?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Re:From TFA by kebes · · Score: 3, Insightful

    Market share is certainly a factor, but I think it's a stretch to say that it's the only factor.

    Let's say some nefarious guys are trying to get their malware installed on everyone's computers. So they buy some exploit code that targets IE. They say "Great, this will infect 3/4 of the computers out there!"

    Now if these malware distributors are approached by some other guy who says "I can sell you exploit code that targets Firefox"... do you think the malware distributors will say "no thanks" or will they say "Great, that covers the other 1/4 of computers out there!" (Maybe they will pay less for that exploit, but they will surely use it if it's available.)

    Since Firefox's market share is not insignificant (10% to 25%?), there should be a market for such exploits. Similarly, there should be a market (perhaps smaller, but still a market) for the 4% Mac users. It appears that despite this, the targeting of Mac and Firefox is very much less than Windows/IE (more than can be accounted for by market share alone).

    I'm sure that part of it has to do with market share. However inherent security is also part of the equation. (And frankly I don't know why such a statement is so controversial on Slashdot... why should security be based on only one factor in the first place?)