Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Guarantee Malware Detection

Posted by CmdrTaco on from the pardon-my-skepticism dept.

itwbennett writes "Dr. Markus Jakobsson, Principal Scientist at PARC, explains how it is possible to guarantee the detection of malware, including zero-day attacks and rootkits and even malware that infected a device before the detection program was installed. The solution comes down to this, says Jakobsson: 'Any program — good or bad — that wants to be active in RAM has no choice but to take up some space in RAM. At least one byte.'"

5 of 410 comments (clear)

  1. Re:At least one byte by dmgxmichael · · Score: 5, Funny

    Not a fair comparison. Malware usually does what it's supposed to.

  2. Re:So it has to be in RAM by dissy · · Score: 2, Funny

    The hard part is actually finding it.

    That reminds me of a signature I've seen around here (Sorry, I don't remember who was using it)

    cat /dev/ram | strings | grep llama
    OMG, my RAM is full of llamas!

  3. Re:"Guarantee" by dmgxmichael · · Score: 4, Funny

    Reminds me of Murphy's 7th law - "Should you ever idiot proof anything God will make a better idiot."

  4. Re:At least one byte by Chris+Burke · · Score: 5, Funny

    While it might be true that any application will take up at least a byte of memory, there is no reason malware couldn't masquerade as another binary down to the exact number of bytes.

    Oh see he didn't finish explaining.

    Any program that wants to be resident has to occupy at least one byte of RAM. And that byte should include the Evil Bit, which all malware should set. Then your anti-virus program just checks the Evil Bit and problem solved!

    --

    The enemies of Democracy are
  5. Re:Refuting the imaginary article in your head by edmicman · · Score: 4, Funny

    Wrong! Abstinence is the one and only preventative answer!