Slashdot Mirror

← Back to Stories (view on slashdot.org)

Auto-Detecting Malware? It's Possible

Posted by timothy on from the would-love-to-see-the-install-prompt-for-this dept.

itwbennett writes "If antivirus protectors could collect data from machines and users, including geographic location, social networking information, type of operating system, installed programs and configurations, 'it would enable them to quickly identify new malware strains without even looking at the code,' says Dr. Markus Jakobsson. In a recent article, he outlines some examples of how this could work. The bottom line is this: 'Let's ignore what the malware does on a machine, and instead look at how it moves between machines. That is much easier to assess. And the moment malware gives up what allows us to detect it, it also stops being a threat.'"

4 of 178 comments (clear)

  1. Re:trojans by Anonymous Coward · · Score: 3, Informative

    They thought of that:

    Time. Automated patching occurs around the clock, and worms infect no matter what time of day. But a Trojan, for example, depends on its victim being awake â" the user has to approve its installation. Roughly speaking, if the malware takes advantage of a machine vulnerability, it often will spread independently of the local time of the day (to the extent that people leave their machines on, of course), whereas malware that relies on human vulnerabilities will depend on the time of the day (as does most legitimate software).

  2. Re:Privacy by Z34107 · · Score: 4, Informative

    Well, yes and no; it depends on what kind of data.

    Windows Defender, which is on pretty much every XP and Vista box, already does this. Out of the box, it will submit information on startup programs, malware detected and removed, and which services and startup programs you have disabled, to the aptly named Microsoft SpyNet.

    It's not quite as scary as it sounds; if you're using Windows Defender to decide whether or not to kill that fishy-looking SynTpEnh.exe process from starting, you can see that 99% of SpyNet members leave it enabled because it makes your laptop's touchpad work. </contrivedexample>

    So, maybe be a bad idea, but not a new one - it's already being done.

    --
    DATABASE WOW WOW
  3. Re:Privacy by Orbijx · · Score: 3, Informative

    Usually, the Norton Removal Tool does the job in blowing Norton's software off the system.

    I've had to be able to get enough people there in my line of work that I know the way there. Grab it, and let it wipe that damn thing out.

    --
    One of these days, I am going to flip out. When I flip out, I'll be back in five minutes.
  4. Leaks and emails reveal Microsoft release policies by Futurepower(R) · · Score: 3, Informative

    The vulnerabilities are apparently the result of Microsoft release policies:

    It was widely reported that Windows 2000 was released with 63,000 known defects.

    It was widely reported that Windows XP was released with more than 100,000 known defects. (I don't have time to find a better link.) Microsoft reported that Windows XP Service Pack 2 fixed several hundred bugs, several of them very serious.

    Windows Vista was released against the wishes of some Microsoft managers, who said it was not ready for release. There was a court case that revealed emails saying that. (Again, I don't have time to find a better link.)