Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Who's Going To Win the Malware Arms Race?

Posted by Soulskill on from the not-you-and-not-me dept.

An anonymous reader writes: We've been in a malware arms race since the 1990s. Malicious hackers keep building new viruses, worms, and trojan horses, while security vendors keep building better detection and removal algorithms to stop them. Botnets are becoming more powerful, and phishing techniques are always improving — but so are the mitigation strategies. There's been some back and forth, but it seems like the arms race has been pretty balanced, so far. My question: will the balance continue, or is one side likely to take the upper hand over the next decade or two? Which side is going to win? Do you imagine an internet, 20 years from now, where we don't have to worry about what links we click or what attachments we open? Or is it the other way around, with threats so hard to block and DDoS attacks so rampant that the internet of the future is not as useful as it is now?

5 of 155 comments (clear)

  1. More of the same by gsslay · · Score: 5, Insightful

    No-one will "win", and it's not helpful to represent the issue as if it's "winnable" by either side.

    Malware, viruses, trojans and other malicious behaviour of yet unheard methods will always be around, and we'll always be inventing new ways of counteracting them. Which will in turn be circumvented, and so it goes on.

    1. Re:More of the same by fuzzyfuzzyfungus · · Score: 5, Insightful

      I'd be inclined to suggest that it will be worse than that:

      Barring some sort of radical change in priorities that causes the market to accept zero new features for, oh, a (human) generation or more, while vendors put out bugfix releases, 'winning' certainly isn't going to happen by doing conventional stuff; but harder.

      If 'winning' in fact occurs, odds are excellent that it will be on some wonderfully dystopian lockdown platform that shrinks the problem space considerably by forbidding basically everything that hasn't been cryptopgraphically blessed by the vendor, sandboxed to hell and back, or both. Naturally, the power afforded to the vendor in this scenario will never be abused.

  2. Nobody. And NSA etc. sabotage makes things worse by gweihir · · Score: 5, Insightful

    It is bad enough as it is with most software being insecure. Sabotage only makes things a lot worse. And for what? A zero-success track-record against terrorism? Industrial espionage? Having dirt on any possible future and present President, Congress Man, Senator?

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  3. Re:The future is now. by Anonymous Coward · · Score: 5, Interesting

    That model (locked down like ChromeOS or iOS) is already succeeding in the marketplace over more traditional computing models, because it's what most people want. It's safer for them, and they want their devices to "just work".

    It's the inevitable end result. Except for some techies, almost everybody I know just wants to surf the web and send pictures to their friends and have that "just work". They have almost all given up on Windows in favor of mobile OSs for 99% of what they do. They sometimes still "have a PC", but don't use it much out of fear of malware, where they feel free to use the tablet, which has the side benefit of a much simpler interface for them.

    Market pressure will drive this.

  4. Re:The future is now. by nukenerd · · Score: 5, Insightful

    Defining hackers as people who take control of your computer (in whatever form) for their own ends, then this scenario of a "secure walled garden" is a win for the hackers, not a win for security. My idea of security is to prevent exactly this crap happening.

    Never mind that the hacker is a corporate entity listed on the stock exchange, they are still hackers. Never mind that they will claim that you agreed to this scenario by buying their kit (as if it will be possible to buy anything else, except similar rivals' kit) - that sounds just like an old style hacker claiming you agreed to their adware/botnet/malware by clicking on their email attachment.

    I recently bought an Android tablet. I keep getting a full screen advert for some game pushed in my face without even a clear way to dismiss it. It is a game in the Android app store they want me to buy. It severely pisses me off; but it is not (by their definition) malware, it is "official". This takes place within what would be the "secure walled garden". I would rather take my chances in the shark pool - at least I am in control.