Slashdot Mirror

← Back to Stories (view on slashdot.org)

Auto-Detecting Malware? It's Possible

Posted by timothy on from the would-love-to-see-the-install-prompt-for-this dept.

itwbennett writes "If antivirus protectors could collect data from machines and users, including geographic location, social networking information, type of operating system, installed programs and configurations, 'it would enable them to quickly identify new malware strains without even looking at the code,' says Dr. Markus Jakobsson. In a recent article, he outlines some examples of how this could work. The bottom line is this: 'Let's ignore what the malware does on a machine, and instead look at how it moves between machines. That is much easier to assess. And the moment malware gives up what allows us to detect it, it also stops being a threat.'"

9 of 178 comments (clear)

  1. Re:trojans by Anonymous Coward · · Score: 3, Informative

    They thought of that:

    Time. Automated patching occurs around the clock, and worms infect no matter what time of day. But a Trojan, for example, depends on its victim being awake â" the user has to approve its installation. Roughly speaking, if the malware takes advantage of a machine vulnerability, it often will spread independently of the local time of the day (to the extent that people leave their machines on, of course), whereas malware that relies on human vulnerabilities will depend on the time of the day (as does most legitimate software).

  2. Re:Privacy by Z34107 · · Score: 4, Informative

    Well, yes and no; it depends on what kind of data.

    Windows Defender, which is on pretty much every XP and Vista box, already does this. Out of the box, it will submit information on startup programs, malware detected and removed, and which services and startup programs you have disabled, to the aptly named Microsoft SpyNet.

    It's not quite as scary as it sounds; if you're using Windows Defender to decide whether or not to kill that fishy-looking SynTpEnh.exe process from starting, you can see that 99% of SpyNet members leave it enabled because it makes your laptop's touchpad work. </contrivedexample>

    So, maybe be a bad idea, but not a new one - it's already being done.

    --
    DATABASE WOW WOW
  3. Re:Privacy by Orbijx · · Score: 3, Informative

    Usually, the Norton Removal Tool does the job in blowing Norton's software off the system.

    I've had to be able to get enough people there in my line of work that I know the way there. Grab it, and let it wipe that damn thing out.

    --
    One of these days, I am going to flip out. When I flip out, I'll be back in five minutes.
  4. Re:I have a better idea by thewils · · Score: 2, Informative

    I'll just point out here that Linux users generally do not run as Admin-God on their machines, so while they could still bork their own user account it becomes that much more difficult to compromise the entire machine.

    --
    Once I was a four stone apology. Now I am two separate gorillas.
  5. If OSX, Linux, & BSD can do it, Microsoft can by Futurepower(R) · · Score: 2, Informative

    IF the programmers of Apple OSX, Linux, and BSD can make mostly malware-free software, Microsoft can also.

    Those operating systems have fewer vulnerabilities because they were designed to be secure.

  6. Leaks and emails reveal Microsoft release policies by Futurepower(R) · · Score: 3, Informative

    The vulnerabilities are apparently the result of Microsoft release policies:

    It was widely reported that Windows 2000 was released with 63,000 known defects.

    It was widely reported that Windows XP was released with more than 100,000 known defects. (I don't have time to find a better link.) Microsoft reported that Windows XP Service Pack 2 fixed several hundred bugs, several of them very serious.

    Windows Vista was released against the wishes of some Microsoft managers, who said it was not ready for release. There was a court case that revealed emails saying that. (Again, I don't have time to find a better link.)

  7. Re:Where the Windows White List? by the_one(2) · · Score: 2, Informative

    as does windows

  8. what a bunch of crooks... by C0vardeAn0nim0 · · Score: 2, Informative

    try this on a solaris box:

    # find / -type f -perm -ugo-x -exec digest -va md5 {} \; > /executables_digest

    then every week, do:

    # find / -type f -perm -ugo-x -exec digest -va md5 {} \; > /tmp/weekly_digest
    # diff /executables_digest /tmp/weekly_digest

    pretty much what software like tripwire works.

    what those crooks on TFA want is collect a bunch of information about everybody's computers, then sell to the highest bidder.

    fuck them. not on my solaris boxes. not on my linux boxes.

    --
    What ? Me, worry ?
  9. It is necessary to explain Windows' sloppiness. by Futurepower(R) · · Score: 2, Informative

    Windows Vista was released before it was ready. Even Microsoft middle managers complained about that. Customers rejected Vista; here is one of the hundreds of articles about that: Corporate America's rejection of Vista: Many companies delay or denounce Microsoft's flagship product.

    One magazine collected 210,000 signatures against adoption of Windows Vista and for keeping Windows XP: The campaign to save Windows XP.

    The fact is that we are not seeing the kind of weaknesses in Linux, OS X, or BSD that are commonly found in Windows. Windows XP was an expensive hassle for us until SP2.

    Here is an interesting fact: The latest version of Firefox, and all the versions before it, have a bug which causes Firefox to crash when there are too many windows and tabs. That bug corrupts Windows; sometimes Windows crashes, also. It is always necessary to re-start the computer.

    Linux remains stable when Firefox crashes, however.