Slashdot Mirror


How To Guarantee Malware Detection

itwbennett writes "Dr. Markus Jakobsson, Principal Scientist at PARC, explains how it is possible to guarantee the detection of malware, including zero-day attacks and rootkits and even malware that infected a device before the detection program was installed. The solution comes down to this, says Jakobsson: 'Any program — good or bad — that wants to be active in RAM has no choice but to take up some space in RAM. At least one byte.'"

4 of 410 comments (clear)

  1. Easy by camperdave · · Score: 1, Flamebait

    If $OS=="Windows" Then print "Malware Detected";

    --
    When our name is on the back of your car, we're behind you all the way!
  2. Re:At least one byte by Anonymous Coward · · Score: -1, Flamebait

    It doesn't need to do even that.

    They forgot that malware code can reside inside another process and it's memory space, in which case comparing and writing random bytes to free RAM is a moot point.

    Dear Microsoft:

    Is all of this REALLY easier than fuzz-testing and fixing your goddamned network stack, fixing IE, and teaching your users that random strangers on the Internet don't have their best interests at heart? Really, most of these exploits are freakin' buffer overflow attacks. How many billions of dollars does it take to do some bounds checking? Or to use a compiler with something like GCC's SSP?

    Why Microsoft? Because we're obviously talking about Windows here. That's the only OS with a severe malware problem (MS fanboys, take note - I don't care why it has that problem, so spare us the excuses). Funny how they want the name Windows, "Designed for Windows", and Microsoft Windows plastered everywhere, except when a report comes out about malware. Then it's just "malware" infecting "computers", not "malware exclusively for Microsoft Windows". Microsoft Windows, Microsoft Outlook, and Microsoft Internet Explorer are the three biggest names in malware. Want to be a bit safer, quit using that combination.

  3. Re:Refuting the imaginary article in your head by palegray.net · · Score: 0, Flamebait

    If the malware gets swapped out it won't be detected in the scan.

    Wrong again. Please go read the article.

  4. Re:Refuting the imaginary article in your head by spun · · Score: 0, Flamebait

    Okay, THAT I don't get. As far as I can tell, this technique is not guaranteed to find 0-day malware that has infected the machine before the scanner is in place, unless that malware tries to resist detection.

    --
    - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton