Slashdot Mirror


User: spun

spun's activity in the archive.

Stories
0
Comments
12,219
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,219

  1. Re:Refuting the imaginary article in your head on How To Guarantee Malware Detection · · Score: 2, Informative

    If the malware let's itself get swapped out, then it can't hide it's memory footprint. Assuming we have started from a known clean machine, it is then trivial to figure out what the memory footprint should be. If it is larger than it should be, there is swapped out malware.

    The point is, the malware will be detected whatever it chooses to do.

  2. Re:Refuting the imaginary article in your head on How To Guarantee Malware Detection · · Score: 1

    Phony how? Good hygiene helps against real disease, too.

  3. Re:Refuting the imaginary article in your head on How To Guarantee Malware Detection · · Score: 1

    Wrong. Read the article. If the malware lets itself get swapped out, it can't hide it's memory footprint. We won't know what it is or what it does, but we will know there is something there that shouldn't be. Assuming we initialize this program on a known clean system, and use an external verifier to check for lag.

    "That's not a real time solution" Congratulations. You have found a valid critique of the actual technique.

  4. Re:There is something that can answer your questio on How To Guarantee Malware Detection · · Score: 1

    Your questions indicate that, although you may have read the article, you didn't understand it. I'm not saying this technique will work. I'm just looking for some decent criticism of the actual technique, but no one seems to have taken the time to understand it.

  5. Re:Refuting the imaginary article in your head on How To Guarantee Malware Detection · · Score: 1

    If the malware isn't active, then it can't hide it's tracks. We will see it's memory footprint.We know how much space everything else should be taking up, and we know more space than that is allocated, so we know something is afoot.

    The program would need to be initialized on a known clean system to work properly, I imagine. But it does seem as if it could detect anything coming along after that.

  6. Re:Refuting the imaginary article in your head on How To Guarantee Malware Detection · · Score: 1

    So, we know how much RAM we have. We know how much space all our valid stuff should be taking. If the malware can't cover it's tracks, it can't hide it's memory footprint. We won't know what it is or what it does, but we will know something extra is there.

  7. Re:Refuting the imaginary article in your head on How To Guarantee Malware Detection · · Score: 1

    Nope, I just reread both his posts above, and that wasn't soppsa's original point. However, the simple fact is, if the malware gets swapped out, it can no longer cover its tracks.

  8. Re:Refuting the imaginary article in your head on How To Guarantee Malware Detection · · Score: 1

    The assumption in the article is that the malware is trying to remain in RAM to actively hide its presence, hence the scan will detect that something's there that shouldn't be. Of course as pointed out elsewhere, the malware could just let itself be swapped out... float away with the rest of the garbage... so to speak.

    And then you could find it with a regular scan, because it wouldn't be actively interfering.

  9. Re:There is something that can answer your questio on How To Guarantee Malware Detection · · Score: 1

    In response to your post below, acknowledged that the time concern is valid, but that is not what you presented in the post above, is it? You obviously read the article in between the post above and the one below.

    However, the article DOES address your other concern, which is why I questioned whether you read it. We know how much RAM we have, right? Assume we have a rootkit. We ask the OS to overwrite ALL RAM execpt the scanner. The rootkit can either let itself be overwritten, or it can write those random bits to secondary storage, and read them back in when computing the checksum. But that would take quite a bit more time, which is what the external verifier is looking for.

    Get overwritten. Store the random bits to secondary storage and read them back in, which takes time. Those are the only two options for computing a valid checksum here, right?

  10. Re:Refuting the imaginary article in your head on How To Guarantee Malware Detection · · Score: 1

    That is a different point. And also not valid. If the malware lets itself get swapped out, it can not interfere with a scan.

  11. Re:Refuting the imaginary article in your head on How To Guarantee Malware Detection · · Score: 4, Insightful

    Protection from malware should function like the immune system, with many lines of defense and many avenues of detection and counter attack. Prevention will never be perfect by itself.

  12. Finally on How To Guarantee Malware Detection · · Score: 1

    A valid criticism. And if the malware is actively resisting the scan, by moving the random bits back in from secondary storage before the hash, the external verifier knows about it because it takes even longer. By design. So, unless you are running a load balanced cluster and can afford to take a server offline for a few minutes when you want to scan, yes, this is a problem with this approach.

  13. There is something that can answer your questions! on How To Guarantee Malware Detection · · Score: 0, Troll

    How COULD this work? There is an answer. You can find this answer in a foreign place, known by the mysterious and terrifying name of The Article. Here's what you do: you read it. When you read it, your questions will be answered.

    Basically, I can tell from the fact that you are asking irrelevant questions that you have not read the article. And you know what? I'm not going to explain it to you. To be clear, I am not saying, "This technique will work." I am saying "You are not criticizing this technique."

  14. Refuting the imaginary article in your head on How To Guarantee Malware Detection · · Score: 5, Informative

    Still haven't read the article, eh? The technique is to swap everything out except the scanner, then write random bits to the entire memory space, then hash the memory. I could explain it all in greater detail, but, you know, there's this article, already there. Please do try to constrain your criticisms to things that actually apply to the article that was written, you know, the one we can all read. Refuting the imaginary article in your head does nothing for the rest of us.

  15. Re:Litigious society on Court Rules Against Vaccine-Autism Claims Again · · Score: 1

    Okay, I can buy that.

  16. Re:Nice trolling! on Texas Approves Conservative Curriculum · · Score: 1

    I doubt that would work with the same efficiency as simply putting out the fire. Some customers would still get burned.

  17. Re:The only cognitive dissonance is your own on IBM Stops Disclosing US Headcount Data · · Score: 1

    Let's say I want to purchase a product. That product is called 'social justice.' It's an important product for me, and I'm willing to pay a lot for it. So I go to a corporation (in this case, a non-profit corporation) that will provide it for me. But they don't want money, they want to trade something else, my time. So I give them some of my time, and they help me get the product I want.

    It's still a free market transaction. There is a trade of value. There is a contract, and the basis of the free market is the contract. I agree to something, they agree to something, we both get something of value, it is a free market transaction.

    You might not like it, but that is a consequence of a free market: people might want things you don't want them to want. Tough.

    I don't have to play by your rules because this isn't a dictatorship, and you aren't the dictator. In any sane definition of a free market, I am free to associate with others, create contracts with them, and seek what I value.

    Go ahead, though, try to create a definition of a free market that forbids me to do what I want, and yet is still free. You'll fail.

  18. Re:Litigious society on Court Rules Against Vaccine-Autism Claims Again · · Score: 0, Redundant

    I chose to read it as written, rather than reading into it something that is, frankly, just not there.

  19. Nice trolling! on Texas Approves Conservative Curriculum · · Score: 1

    Honestly, I don't believe that you believe what you are writing for a second, but I love a good troll, so I'll play along.

    You really don't think through the consequences of your ideology, do you? What would happen if the fire department were privatized? It would fail. If you don't put out a fire blazing in a building that is not covered, what happens? Does the fire just go out on its own? Or does it spread to the buildings of those covered, as well?

    Fighting fires is a public good. Putting out your neighbor's fire helps you, as well. The free market can not efficiently allocate resources in the case where there are externalities, either public goods like fire fighting, public libraries, public schools, and roads; or public bads like pollution. To illustrate: an educated populace creates more value than an uneducated one. If everyone were forced to pay for their own education, we would have a less educated populace, as fewer people would be able to afford it, or would consider it valuable. We would have a less educated populace, creating less value, and we would be worse off overall.

  20. Re:Litigious society on Court Rules Against Vaccine-Autism Claims Again · · Score: 1

    I'm sorry, but a vaccine that gives people autism is pretty much the definition of 'defective in design or manufacture.' Not that there is such a thing, but if there were, the company that produced it would be at fault.

    I'm sure the manufacturers of thalidomide didn't intend to create web footed duck babies, and at the time, no one believed that drugs could cross the placental barrier and cause effects in developing fetuses, but they were held liable nonetheless.

  21. Re:Litigious society on Court Rules Against Vaccine-Autism Claims Again · · Score: 0, Redundant

    No, he said, "why should the parents be entitled to "reimbursement" even if the immunization did cause the autism? "

  22. Re:Litigious society on Court Rules Against Vaccine-Autism Claims Again · · Score: 2, Insightful

    It has been a central principle of legal systems world-wide, for several thousand years, that if one is wronged or harmed, one can expect to receive recompense from the perpetrator. When you buy a faulty product, do you expect to get your money back? If a drunk crashes into your car, would you not sue for damages?

    What you are advocating is not justice. You are advocating for a complete lack of responsibility for wrongdoers.

  23. The urge to lay blame on Court Rules Against Vaccine-Autism Claims Again · · Score: 2, Informative

    I can understand these parent's hurt and anger, and why they would seek to find a cause, a reason, someone to blame for their troubles. It's a natural human reaction in such a case, where so little is known of the real causes. And big Pharma has certainly proven, over and over, that it feels no responsibility towards it's customers and will choose 'making a buck' over 'doing the right thing,' pretty much all the time. But this is still ridiculous. At this point, you either have to buy into a full-blown whackadoodle conspiracy theory, or admit that vaccines do not, and never have caused autism.

  24. Re:More Of The Same? on DR Congo Ring May Be Giant Impact Crater · · Score: 1

    More of an offshoot of the Gaia Hypothesis.

    But the criticism is still valid. I would have to add 'reproduce her on other planets that do not already harbor life' although, as long as we are anthropomorphizing Mother Nature, I don't think the bitch would care if we offed other biospheres in order to reproduce her.

    But we're also her conscience as well as her eggs, so I think we should care. It's also logical, and in our self interest. Who knows when we might meet a superior race? If we have proven that we can play nicely with others, I think they will be more inclined to play nicely with us. If we've proven ourselves to be selfish, hegemonizing bastards, they might see us as a threat. Of course, they might be the hegemonizing bastards, but then we're screwed either way.

  25. Re:More Of The Same? on DR Congo Ring May Be Giant Impact Crater · · Score: 1

    She told me she liked it! Fickle woman.