Slashdot Mirror

← Back to Stories (view on slashdot.org)

Auto-Detecting Malware? It's Possible

Posted by timothy on from the would-love-to-see-the-install-prompt-for-this dept.

itwbennett writes "If antivirus protectors could collect data from machines and users, including geographic location, social networking information, type of operating system, installed programs and configurations, 'it would enable them to quickly identify new malware strains without even looking at the code,' says Dr. Markus Jakobsson. In a recent article, he outlines some examples of how this could work. The bottom line is this: 'Let's ignore what the malware does on a machine, and instead look at how it moves between machines. That is much easier to assess. And the moment malware gives up what allows us to detect it, it also stops being a threat.'"

8 of 178 comments (clear)

  1. Privacy by sopssa · · Score: 5, Insightful

    If antivirus protectors could collect data from machines and users

    This idea stopped being a good one here.

    1. Re:Privacy by gnick · · Score: 4, Insightful

      I see no reason why individuals volunteering information about their machines or habits should be any kind of privacy breech. Just leave it off by default and, should you choose, don't click the box.

      --
      He's getting rather old, but he's a good mouse.
    2. Re:Privacy by Z34107 · · Score: 4, Informative

      Well, yes and no; it depends on what kind of data.

      Windows Defender, which is on pretty much every XP and Vista box, already does this. Out of the box, it will submit information on startup programs, malware detected and removed, and which services and startup programs you have disabled, to the aptly named Microsoft SpyNet.

      It's not quite as scary as it sounds; if you're using Windows Defender to decide whether or not to kill that fishy-looking SynTpEnh.exe process from starting, you can see that 99% of SpyNet members leave it enabled because it makes your laptop's touchpad work. </contrivedexample>

      So, maybe be a bad idea, but not a new one - it's already being done.

      --
      DATABASE WOW WOW
    3. Re:Privacy by Mr.+Freeman · · Score: 4, Insightful

      THe people likely to be volunteering their data are probably people informed about what's going on. Which are the people not likely to be infected, because they don't click on every "FREE PORN" ad they see.

      --
      -1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
  2. trojans by Hatta · · Score: 4, Insightful

    Malware generally moves the same way any other software moves. The user downloads and installs it.

    --
    Give me Classic Slashdot or give me death!
  3. an amazingly bad idea by leehwtsohg · · Score: 4, Insightful

    "If antivirus protectors could collect data from machines and users, including geographic location, social networking information, type of operating system, installed programs and configurations"
    Malware writers and credit card phishers would have an immensely easier time.

    It is quite mindboggling how bad this idea is. Cookies are not bad enough for you, eh?

  4. Malware vulnerability is profitable for Microsoft. by Futurepower(R) · · Score: 5, Interesting

    The best way to stop malware is to audit code so that it doesn't have vulnerabilities. The OpenBSD volunteers have been doing that for many years.

    In my opinion, and the opinion of many others, the vulnerability of Microsoft products to malware is a result of Microsoft managers not allowing Microsoft programmers to finish their jobs.

    When people have problems with their computer, they often buy a new computer. Then Microsoft sells another copy of Windows, which, of course, still has huge security risks. For examples, see the New York Times article Corrupted PC's Find New Home in the Dumpster. Vulnerability to malware is very profitable for Microsoft and its main customers, who are computer manufacturers.

    Solving the problems with malware will not be fully successful if Microsoft managers do not want it to be successful. Vulnerabilities are profitable when a company has a virtual monopoly.

  5. And like all active-response systems ... by Ungrounded+Lightning · · Score: 4, Insightful

    ... it depends detection of a significant number of machines being compromised to produce the detection event and response. Meanwhile a significant number of machines have been compromised. The horses are out of those barns by the time the doors are closed.

    Rinse and repeat, with a fresh variant of the malware, until "all your horse are belong to us".

    Meanwhile, all they're doing is detecting a pattern of distribution of a pattern of data, without any way to differentiate whether the data itself is malware. Surprise: This same pattern occurs with news and with ideas. Do we really want a surveillance system to treat the spread of, say, stories of government corruption, as a malware infection?

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way