Auto-Detecting Malware? It's Possible

← Back to Stories (view on slashdot.org)

Auto-Detecting Malware? It's Possible

Posted by timothy on Wednesday September 30, 2009 @07:18AM from the would-love-to-see-the-install-prompt-for-this dept.

itwbennett writes "If antivirus protectors could collect data from machines and users, including geographic location, social networking information, type of operating system, installed programs and configurations, 'it would enable them to quickly identify new malware strains without even looking at the code,' says Dr. Markus Jakobsson. In a recent article, he outlines some examples of how this could work. The bottom line is this: 'Let's ignore what the malware does on a machine, and instead look at how it moves between machines. That is much easier to assess. And the moment malware gives up what allows us to detect it, it also stops being a threat.'"

6 of 178 comments (clear)

Min score:

Reason:

Sort:

Privacy by sopssa · 2009-09-30 07:19 · Score: 5, Insightful

If antivirus protectors could collect data from machines and users
This idea stopped being a good one here.
1. Re:Privacy by gnick · 2009-09-30 07:26 · Score: 4, Insightful
  
  I see no reason why individuals volunteering information about their machines or habits should be any kind of privacy breech. Just leave it off by default and, should you choose, don't click the box.
  
  --
  He's getting rather old, but he's a good mouse.
2. Re:Privacy by Mr.+Freeman · 2009-09-30 09:06 · Score: 4, Insightful
  
  THe people likely to be volunteering their data are probably people informed about what's going on. Which are the people not likely to be infected, because they don't click on every "FREE PORN" ad they see.
  
  --
  -1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
trojans by Hatta · 2009-09-30 07:19 · Score: 4, Insightful

Malware generally moves the same way any other software moves. The user downloads and installs it.

--
Give me Classic Slashdot or give me death!
an amazingly bad idea by leehwtsohg · 2009-09-30 07:23 · Score: 4, Insightful

"If antivirus protectors could collect data from machines and users, including geographic location, social networking information, type of operating system, installed programs and configurations"
Malware writers and credit card phishers would have an immensely easier time.
It is quite mindboggling how bad this idea is. Cookies are not bad enough for you, eh?
And like all active-response systems ... by Ungrounded+Lightning · 2009-09-30 08:35 · Score: 4, Insightful

... it depends detection of a significant number of machines being compromised to produce the detection event and response. Meanwhile a significant number of machines have been compromised. The horses are out of those barns by the time the doors are closed.
Rinse and repeat, with a fresh variant of the malware, until "all your horse are belong to us".
Meanwhile, all they're doing is detecting a pattern of distribution of a pattern of data, without any way to differentiate whether the data itself is malware. Surprise: This same pattern occurs with news and with ideas. Do we really want a surveillance system to treat the spread of, say, stories of government corruption, as a malware infection?

--
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way