Slashdot Mirror


How To Guarantee Malware Detection

itwbennett writes "Dr. Markus Jakobsson, Principal Scientist at PARC, explains how it is possible to guarantee the detection of malware, including zero-day attacks and rootkits and even malware that infected a device before the detection program was installed. The solution comes down to this, says Jakobsson: 'Any program — good or bad — that wants to be active in RAM has no choice but to take up some space in RAM. At least one byte.'"

4 of 410 comments (clear)

  1. There is something that can answer your questions! by spun · · Score: 0, Troll

    How COULD this work? There is an answer. You can find this answer in a foreign place, known by the mysterious and terrifying name of The Article. Here's what you do: you read it. When you read it, your questions will be answered.

    Basically, I can tell from the fact that you are asking irrelevant questions that you have not read the article. And you know what? I'm not going to explain it to you. To be clear, I am not saying, "This technique will work." I am saying "You are not criticizing this technique."

    --
    - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
  2. Re:Refuting the imaginary article in your head by spun · · Score: 0, Troll

    Yes, well, if the malware let's itself get swapped out, it can not hide its memory footprint. If we started from a known clean machine, we will know how much memory everything valid should be using. If there is more memory allocated, then there is malware.

    It's getting kind of boring explaining the article over and over again.

    --
    - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
  3. Re:Refuting the imaginary article in your head by tuxgeek · · Score: -1, Troll

    I don't see much progress being made in terms of the design decisions and best practices that prevent (Windows) machines from getting compromised in the first place.

    This part of the problem rests solely on the shoulders of Microsoft and those that choose to use their products. Only M$ can fix their software. The only course of action their customer base can take is not to buy their products. I won't hold my breath on this though. Too many users out there are hopelessly dependent on the windoz platform. Additionally, most new computers you buy are loaded with M$. For example, last year I bought a new laptop. It came preloaded with Vista. Another older laptop came with XP. Both have been repartitioned and dual boot to *nix. Windoz is there for the few apps I use that will only run on *doz. My desktops I build myself and load with *nix only. I do what I can to boycott them, do you?

    --
    "Suppose you were an idiot...and suppose you were a member of Congress...but I repeat myself." Mark Twain
  4. Re:Refuting the imaginary article in your head by spun · · Score: 0, Troll

    Malware has to take up space. That space is what we are looking for. There is no scanning for specific patterns involved. Try rereading the article. I'm getting bored explaining it over and over again. Suffice it to say, you haven't understood it yet.

    --
    - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton