Slashdot Mirror
How Viruses Evolve Into All-Purpose Malware
KingofGnG writes "Computer threats are continuously evolving, and some malicious codes are a problem difficult to tackle because of their inherent complexity and an intelligent design capable of constantly putting under pressure security companies. A remarkable 'intelligent' threat is for instance Sality, the 'new generation' file virus that according to Symantec has practically turned into an 'all-in-one' malware incorporating botnet-like functionalities as well."
... at "according to Symantec."
Our immune system has an advantage over virii and bacteria due to our greater cell specialization and intelligent response. The problem with modern botnet malware is that the infecting agent can actually be more intelligent and reactive than the host it's infecting.
Call me defeatist but I believe there is no way the whitehats can out software manoeuvre the blackhats with software only solutions. The increasing complexity of modern systems ensures that the security holes will only grow not diminish. But maybe the next software "update" will solve all our problems this time?... The only permanent solution I can see is mass deployment of airgapped two factor tokens specifically for transaction authentication not generic OTP which the trojans are bypassing. This is the only security that I can guarantee what I am authenticating by looking at a airgapped device. I find it increasingly difficult to justify the performance loss for running anti malware software for the ever diminishing protection offered.
I'm still confused about this whole concept of computer security. No other aspect of my life is particularly secure - why should I expect my computer to be secure? More to the point - why should I expect someone else to provide that security? In every other part of my life, my security is up to me to arrange and maintain. In my job, in my relationships, in my retirement, in my health - it's all up to me. Why do we think our computers will be different?
Our immune system has an advantage over virii and bacteria due to our greater cell specialization and intelligent response.
First of all, you're only half-right here. Our bodies evolve diverse ecosystems of bacteria, actually varying quite a bit from person-to-person. The difference is that when we transmit bacteria from person-to-person, we might make each other sick, but that's unavoidable and actually healthy, to an extent -- it boosts our immune response. Computer systems don't get smarter when they get owned, and the risk seems much higher. (It won't kill you, but it could ruin your life, and it could ruin many lives very quickly, while in first world countries, deadly epidemics are far less common.)
Also, Apple's approval process doesn't have to restrict users from having the option to install third-party software. It just has to provide a good, safe marketplace so that users can choose to only install Apple-vetted software.
Don't thank God, thank a doctor!
I think we are at a point where we cannot really distinguish between virus or spyware or scareware or whatever. Virus have already started doing what spyware doing a couple years ago. I mean, it sounds just pointless that we distinguish them. Bad program is a bad program. It does not matter what we call it. Guys at StopBadware came up with a good term a few years ago. It's a badware. It does not matter to the end user what it does!
The only solution.
'Cause nothing runs on a mac.
*gigglesnort*
I know evolution is a much-abused word, but TFA itself states "some malicious codes are a problem difficult to tackle because of their inherent complexity and an intelligent design". Let's give the Intelligent Designer some credit, even when he's a malevolent one. This virus is not going to "evolve" into another form any time soon, it has simple been designed to make limited adaptations to local circumstances.
No left turn unstoned.
Face it, thanks to Open Sores we all get to suffer more malware and more powerful malware. If even Microsoft with all their programmers has a hell of a time keeping up with patches and all of that, how are average users going to stand a chance? Tell me again why closed source is such a horrible thing??
Because closed source is equivalent to security through obscurity paradigm -- which never works and worse still - is illusory. You are only asking to live in your la-la land when the reality is different.
Malicious people are going to develop such sophisticated attacks regardless of whether software is closed-source or open-source.
Making such exploits open-source lets us know what sort of channels are exploited. This leads to a better understanding of the weaknesses in the underlying protocol. This is where you have improved software that won't fall down like a house of cards when kicked at the shins.
With closed source -- you are trusting what? An obscure programmer who is under a deadline to push something out the door??
You probably are not even aware of how many times Open Sourcing has saved your a$$. Just because you pretend the problem doesn't exist, does not mean that your ignorance is the truth.
... It might be time for the OS to compartmentalize the browser to have the net enclosed from the main system within a virtual machine. This way even if the "computer" were infected by malware it would disappear whne the VM was closed down, also a whitelist of Executables on the host machine would go a long way to stopping malware and the permanent logging/monitoring of executables or dlls being loaded that are unrecognized so they can be analyzed.
While not really an MS fanboy, the main reason why there's so little malware for OSS is because there's so little market. Malware is just like any software: They want to target a market as big as possible. Why are there so few commercial games for Linux? Same reason.
Besides, it's not anymore which system is more secure. The main question today is, which system has the bigger amount of completely ignorant users who click anything promising him dancing bunnies. And you can have the tightest, most restrictive security system in place, if the user has the root password and hands it to everything promising him a dancing bunny, the security is swiss cheese. Windows, Linux, MacOS or whatever, if the user is a doofus, the system is easily compromised.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
You're certainly right that a sufficiently motivated idiot can compromise any system, but the system designer could probably mitigate the problem of idiot users (dancing bunnies, etc. in their inbox) into irrelevance.
It's just shoddy design that .doc files with macros can be opened directly in MS Word without any kind of sandboxing of the file system to prevent macros from rooting around the file system for other documents to infect. The way I see it, you could have a more fine-grained privilege system where it isn't all-or-nothing, but where some documents (files) get more privilege to "do things" based on where they're from (inbox, local file system, remote file system, etc.). Of course you'd need some way to elevate/demote the amount of trust you (as a user) have in a document. This could perhaps be exploited by spammers/scammers, but but if most of the documents your average user receives in their email runs fine with the lowest possible privileges, then they'd at least be more likely to actually notice when a document in your inbox needed elevated privileges to function. (As opposed to now, where you'd get the exact same warning for every single document in your inbox regardless of the documents. So your average user just learns to click "Yes, I know what I'm doing" without even reading the dialog box.)
(I'm not saying things are much better in Linux land, it's just easier to make the point using MS Word .doc's as an example since Linux email clients don't tend to be quite as fast & loose with loading documents/attachments.)
HAND.
A summary that mentions "evolving" and "intelligent design" in the same sentence?
Now that really is impressive (and guaranteed to upset both Darwinists and Creationists at the same time )
Boffo! A good one!
"She's furniture with a pulse"
Care to back it up? I have here a rather extensive amount of samples per day flooding me, more than I can sensibly analyze away (fortunately 99% are just variants of something I already have). And nearly all of them rely on social engineering at some point. And all of them are for Windows.
These asshats writing malware are not "real hackers". They're businessmen, plain and simple. They don't give a fuck whether they compromise your machine or the one of the doofus next to you. Actually, the doofus is more interesting because he probably cares less about security than you do and hands him more info.
Of course, cracking the shell of a Linux box (pardon the pun) wins you the holy grail of hackerdom, and you gain cred by the truckload. But that's not the point here. Nobody writing malware cares for fame. Quite the opposite.
It's a business. Take a look at RBN, as a prime example of how it's done. Do you think these guys care about hacker cred? Do you think they aim high at the pole vault to "prove" something? They couldn't give less of a fuck about your opinion about them. They do it for the money. Plain and simple.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.