Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft To Automate Malware Classification

Zonk posted more than 8 years ago | from the virus-a947qalpha dept.

124

Kuzulu Kuhuru writes "Researchers in Microsoft's anti-malware engineering team are using distance measure and machine learning technologies to automate the process of classifying new strains of computer viruses, Trojans and other malicious software programs." From the article: "Microsoft's proposal will take a 'holistic approach' to tackle the classification problem, Lee said, pointing out that the machine learning aspects will deal with everything, from knowledge consumption, representation and storage, to classifier model generation and selection. It aims to consume knowledge about the malware sample efficiently and automatically and represent that knowledge in a form that results in minimal information loss. "

cancel ×

124 comments

Sorry! There are no comments related to the filter you selected.

Another Caterpillar! (1)

Whiney Mac Fanboy (963289) | more than 8 years ago | (#15317577)

(Offtopic warning!)

That eweek's "malware icon" [ziffdavisinternet.com] (just like slashdot's malware icon [slashdot.org] has a picture of something that's not a worm.

Unless I've missed the threat of 'caterpillars' crawling the internet (consuming all resources [amazon.com] . :-)

Anyway, back on topic - wouldn't it be easier for MS to simply write more secure software? It's rather disheartening to hear their response to the deluge of malware is a classification program.

Re:Another Caterpillar! (0)

tb3 (313150) | more than 8 years ago | (#15317678)

Anyway, back on topic - wouldn't it be easier for MS to simply write more secure software? It's rather disheartening to hear their response to the deluge of malware is a classification program.

You forget that Microsoft is driven solely by profit. To them, malware isn't a security issue, it's a potential revenue center.

Re:Another Caterpillar! (1)

tehshen (794722) | more than 8 years ago | (#15317822)

To them, malware isn't a security issue, it's a potential revenue center.

It's more than that, it's a whole new business model. I wonder how much "malware" will get automatically downgraded once Microsoft and the offending company become "partners".

Re:Another Caterpillar! (1)

krewemaynard (665044) | more than 8 years ago | (#15318322)

I said something similar once and got modded Troll. Anyway, imagine the whiny articles we'd get if MS did tighten up..."Symantec lays off 500, says reduced threat means less jobs." If only... :)

Re:Another Caterpillar! (1)

rbochan (827946) | more than 8 years ago | (#15317700)

clicky clicky [google.com]

HTH
HAND

Re:Another Caterpillar! (1)

Whiney Mac Fanboy (963289) | more than 8 years ago | (#15317853)

An inchworm [google.com] is a caterpillar.

Geometer moth (1)

tepples (727027) | more than 8 years ago | (#15318962)

True, the inchworm is a moth larva [wikipedia.org] , but it's still called a worm, just as the media calls a lot of worms "viruses."

Re:Another Caterpillar! (1)

Jerf (17166) | more than 8 years ago | (#15318602)

Actually, caterpillars [cat.com] are a well-known threat to the internet, although they tend to affect hardware more than software. (So you're still correct the icon is wrong, of course.)

Re:Another Caterpillar! (1)

iminplaya (723125) | more than 8 years ago | (#15319066)

Caterpillar? Nah. More like this [loudbassoon.com]

Re:Another Caterpillar! (1)

misleb (129952) | more than 8 years ago | (#15319114)

Anyway, back on topic - wouldn't it be easier for MS to simply write more secure software? It's rather disheartening to hear their response to the deluge of malware is a classification program.
You know what they say, when life gives you lemons...

-matthew

What could possibly go wrong? (0, Flamebait)

gEvil (beta) (945888) | more than 8 years ago | (#15317585)

I have every reason to be confident that this will work exactly as proposed with no problems whatsoever. After all, it's coming from Microsoft.

Re:What could possibly go wrong? (1)

RareButSeriousSideEf (968810) | more than 8 years ago | (#15318799)

But maybe we'll be able to customize the notification emoticon when we get sick of the "horrified Clippy" default.

Seriously though, I have to break from the consensus here; I think this can only be a good thing in the long run. At its least significant, this'll be just another Revolutionary Idea in Microsoft's ash heap(TM). At its best though, it will succeed & popularize the notion of a consolidated "process intent inference" platform. I don't think that would be a bad thing to have popularized, especially when FOSS picks up the gauntlet with a focus on distributed knowlege gathering with transparency as an organizing principle.

Easy (2, Insightful)

aadvancedGIR (959466) | more than 8 years ago | (#15317612)

Spyware provided by a big (or friend) corporation = GOOD
FOSS = malware

FFS (0)

Anonymous Coward | more than 8 years ago | (#15318062)

You, like most Slashdotters, would like to believe that Microsoft cared enough to sabotage FOSS wouldn't you? The truth is, they don't give a shit about it, and that's what really scares you.

Re:Easy (1)

Amouth (879122) | more than 8 years ago | (#15318373)

What do you want to bet that anything that is signed doesn't get checked. because it is trusted..

because by paying 300$ - the people must be legit.. sorry but the whole idea of root certs for by passing security measures is jsut dumb.

All this time and effort- (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#15317634)

To build better a/v solutions, classify spyware, etc etc etc.

Why not just, you know, FIX YOUR FUCKING OS BILL!

fix here. Re:All this time and effort- (1)

leuk_he (194174) | more than 8 years ago | (#15317998)

Hi,

You can download the fix here [ubuntu.com] . if this download gets marked by your antivirus please ignore it. Just trust me. You can also install the realvnc client and install it and post your ip here. Someone will fix it for you. I only need a small advance for this. Please pay by western union or use a cheque for this. I gues that you will trust me more if you payed for the service.

Priorities? (2, Insightful)

mrjb (547783) | more than 8 years ago | (#15317636)

Is it just me, or are there more people that think that instead of getting busy automating the process of classifying new strains of computer viruses, Trojans and other malicious software programs, maybe they should address the cause of the problem first?

Re:Priorities? (3, Funny)

Savage-Rabbit (308260) | more than 8 years ago | (#15317889)

Is it just me, or are there more people that think that instead of getting busy automating the process of classifying new strains of computer viruses, Trojans and other malicious software programs, maybe they should address the cause of the problem first?

I'm not sure that training enough high class .NET certified MSCA ratified ninja commando teams to assasinate all those thousands of malware authors and spam kings would be a financially viable proposition for Microsoft. Using a fully automated self classifying system to build a proper threat library which can later be fed to mass manufactured hunter killer bots and android terminators sounds like a much more cost effective approach.

Re:Priorities? (1)

snoopyowns (963875) | more than 8 years ago | (#15317963)

The only way to do that is to line the programmers who create such malicious software up against a wall and execute them. It doesn't matter what platform or piece of software, there will always be bugs or exploits.. Microsoft just tends to create an excessive amount of holes and exploits :P But we wouldn't have to worry about it if there wasn't anybody to take advantage of it. The fact is that most people act like idiots and immoral due to the anonymous nature of the internet. (Assuming that the ISPs don't already log every key you type and site you go to and send it out to the NSA)

Re:Priorities? (1)

archen (447353) | more than 8 years ago | (#15318091)

This is typical Microsoft bandaid the problem. I'm not saying it's a bad idea, but MS does this all over the place. Take the start menu. Any idiot in 95 could have seen that anyone who added more than 20 programs in that list would make things hard to find. Eventually Microsoft works around the problem by making the list scroll. Then they go to hideing stuff you don't use. Eventually they just stuffed the start menu for programs away with XP and give you the option of putting more programs up front. If they had given it 10 minutes worth of thought they would have come up with a simple heirarchy like KDE does. Same with the taskbar among many other problems Microsoft invents for itself because of lack of forthought.

Re:Priorities? (1)

Tony Hoyle (11698) | more than 8 years ago | (#15319641)

They've done a doozie with Vista.

Problem: Everyone logs in as administrator, so there's no security.

Obvious solution: Don't let people log in as administrator, implement password protected setuid (aka. OSX)

MS solution: Remove all privileges from the administrator. Have a passwordless setuid which is default 'yes' (so you *very* quickly learn to hit return by reflex when it appears) and invariably asks you if you want 'rundll32' to have privileges. Make this dialog pop up when you want to do *anything*.

Re:Priorities? (1)

IamTheRealMike (537420) | more than 8 years ago | (#15318640)

Maybe they should address the cause of the problem first?

What cause would that be? Maybe employing humans? Or maybe the fact that they use C and C++ heavily?

Hmm, what other projects are written by humans and use C/C++ heavily? Oh right .... all the competitors! How many "arbitrary code execution" vulnerabilities has Firefox had in the past year? How many privilege escalation bugs has the X server had in the past year? How many has MacOS X had that haven't been fixed for months? How short is the "dump encrypted form data from Safari" sample code again?

If you ask me Microsoft is way, way ahead of the competition in its approach to malware by now. Yeah Windows isn't very secure but if you think Linux or MacOS are then you are thinking wishfully I. Even if there were no privilege escalation exploits - ever - having limited user rights will never cut the mustard in my view. People can be socially engineered too easily, and the lack of a decent secure GUI system makes any OS that requires entering administrator passwords problematic.

Look at how Vista has to bend over backwards to prevent programs interfering with the LAU password dialogs - this isn't proof of the superiority of the competition, but rather an indication that said competition isn't really battle hardened yet. Fiddling with password entry dialog boxes on Linux at least is childs play (and there are so many things you can do without admin access on the Mac it's hardly even necessary).

Fair's fair (1, Funny)

overshoot (39700) | more than 8 years ago | (#15317639)

After all, the malware business is one of those "ecosystems" that's wholly dependent on Microsoft. Only fair that MS should offer a little direction to their clients.

Throwing in the towel (5, Funny)

noidentity (188756) | more than 8 years ago | (#15317648)

Too bad the research isn't being done on ways to prevent malware. Apple could make good use of this: "Windows has so many viruses they need a computer to help sort through them all!"

Simple Alog (1, Insightful)

Slipgrid (938571) | more than 8 years ago | (#15317650)

---snip trusted.txt---
ms
dell
hp
doj
dod
usgov
--- snip---

if (is_on_trusted_computing_list(this.product.vendor) ){
this.product.malflag = false;
} else {
this.product.malflag = true;
die();
}

Re:Simple Alog (1)

deadlinegrunt (520160) | more than 8 years ago | (#15317970)

It's a shame that you got marked troll. It's not like this is not a pattern of behavior going all the way back to the MS-DOS [internetnews.com] days of computing. ...Those who don't learn from history are doomed to repeat it I guess.

Re:Simple Alog (1)

ZachPruckowski (918562) | more than 8 years ago | (#15318751)

Don't forget to add RIAA, MPAA, and Sony to the trusted list. If we have only one anto-spyware/virus/malware company, then they will make the definitions of what is and isn't malware. So if Sony does another rootkit, but buys MS (or any monopolist in the anti-malware trade) off, then no one will be able to call it dangerous.

Quick and easy algorithm (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#15317652)

Nuke anything with the letters "G," "P," and "L" together in a row.

This has very good potential (2, Interesting)

SlappyBastard (961143) | more than 8 years ago | (#15317655)

IF ... and that's a big if ... Microsoft has the balls to leave it fully automated and let the system do its thing.

Now, if they start taking payola for delisting malware, then this will be no better than all the shit the current batch of jokers/anti-spyware companies pull every day.

Re:This has very good potential (1)

djsmiley (752149) | more than 8 years ago | (#15317719)

SO its going to stop lots of programs which spread....

Firstly it will be down goes youtube, myspace, and all the other sites powered by lots of people visiting them.

Then stuff like msn will start getting blocked (we can only hope?) i mean, will it block msn it if has the stupid smiley central stuff installed?

Microsoft would do well to listen (1)

SlappyBastard (961143) | more than 8 years ago | (#15317876)

Because even when Microsoft has the kernel of a good idea, it oftens takes a beating because:

1. Microsoft's long practice of anti-competitive behaviors calls its motives into question on every project.
2. Microsoft is prone to screwing things up even when they mean well.

I agree there are concerns. Most of those concerns stem, justifiably, from the word "Microsoft".

But, since we're not going to stop MS, it's worth seeing where the project pans out to.

Wouldn't they be better off... (2, Insightful)

PinkPanther (42194) | more than 8 years ago | (#15317667)

If they can classify the stuff, shouldn't they be able to stop it?

Or is classification going to allow them to have a flashier anti-malware tool to sell?

Can't you see it now...animation of the viruses being caught, sent down a chute that sorts them into different buckets. Different cute cuddlies for each type of virus, each with unique characteristics. They could then create an entire industry around stuffed animals and stickers the kids could trade! People would go around giving each other viruses on USB keys and via email just to watch the tool sort the cute things time and again!

This is marketing genius at work!!

Re:Wouldn't they be better off... (1)

Amouth (879122) | more than 8 years ago | (#15318425)

but which one will clippy represent???? or is he the dungeon master?

Re:Wouldn't they be better off... (1)

grammar fascist (239789) | more than 8 years ago | (#15318445)

If they can classify the stuff, shouldn't they be able to stop it?

Or is classification going to allow them to have a flashier anti-malware tool to sell?


It could give you an idea of exactly how hosed your system is, and what, if any, kinds of remedies might actually work. If your machine is infested beyond repair, wouldn't you want to know that?

Slashdot is entirely too pragmatic, and cynical about Microsoft in general. Your post is just one example. This is Microsoft Research, which is very active in theoretical computer science. I say good on them, especially since government spending on basic science has been reduced.

Doesn't the Slashdot Hive Mind also like basic research in general?

Re:Wouldn't they be better off... (1)

amliebsch (724858) | more than 8 years ago | (#15318802)

If they can classify the stuff, shouldn't they be able to stop it?

I'm sure they hope so. I doubt they are trying to classify it simply as an academic exercise. I'm guessing - going way out on a limb here - that Microsoft is planning to try to stop the malware they identify. Probably, they'll use some kind of special anti-malware software. They could call it "Windows Defender" or something.

Re:Wouldn't they be better off... (2, Insightful)

gmuslera (3436) | more than 8 years ago | (#15318933)

Was about to comment on the same lines... too much effort to put a bright, shiny and new label to a problem instead of worrying on solving/curing/fixing it,

Of course, you can say, oh, but a trojan is a different beast than a worm, so must be treated different by future development. Or better yet, this is a future-cool-name-that-implies-user-interaction that is really different from a future-cooler-name-that-implies-exploiting-net-ser vices-vulnerabilities. But i bet that will make things more confusing than the actual practice of putting a known label and a description of what it does or how it spread, there are a lot of virus/worms/etc that use several ways for spreading already, so thinking that this special name will solve something looks wrong.

This should be amusing (3, Funny)

PhotoBoy (684898) | more than 8 years ago | (#15317697)

How long till we get headlines like "Microsoft's Malware Software Deletes Windows after identifying it as a security risk"?

Re:This should be amusing (2, Funny)

Mostly a lurker (634878) | more than 8 years ago | (#15317931)

How long till we get headlines like "Microsoft's Malware Software Deletes Windows after identifying it as a security risk"?
Indefinitely. Why should we expect such accurate results from a Microsoft written tool?

Re:This should be amusing (1)

MrHeartbreak (959513) | more than 8 years ago | (#15317965)

How long till we get headlines like "Microsoft's Malware Software Deletes Windows after identifying it as a security risk"?

I doubt Microsoft would be able to come up with anything that works that well.

Re:This should be amusing (1)

archen (447353) | more than 8 years ago | (#15318129)

Actually what would be better is malware that gets "MS anti-malware" to identify itself as malware. Then it just removes itself. Or remove other stuff like windowsupdate.

Next Topic: Microsoft's plans to eliminate piracy (2, Funny)

PrescriptionWarning (932687) | more than 8 years ago | (#15317698)

To combat pirates Microsoft plans to employ a full clan of Ninjas. According to latest polls Ninjas always have at least a 2 to 1 following compared to those who prefer pirates. These Microsoft Ninjas will be trained in all the dark arts, including, but not limited to, poisoning Pirate rum, placing explosive powders in their parrots, and using biological weapons such as scurvy induced rats. Psychological war will also be waged as the Ninjas use cardboard cutouts of themselves hidden throughout the pirate ships.

Re:Next Topic: Microsoft's plans to eliminate pira (1)

the eric conspiracy (20178) | more than 8 years ago | (#15317941)

Unfortunatly there is only one living Ninja, and he is 76 years old.

http://www.mercurynews.com/mld/mercurynews/news/wo rld/14434176.htm [mercurynews.com]

Scurvy (0)

Anonymous Coward | more than 8 years ago | (#15318705)

Scurvy is caused by a lack of Vitamin C. English sailors were called "limeys" because they woudl suck on limes to prevent scurvy. It's not a communicable disease.

Re:Scurvy (0)

Anonymous Coward | more than 8 years ago | (#15319520)

I think rats don't get scurvy - they can synthesize vitamin C.

scurvy (1)

dino213b (949816) | more than 8 years ago | (#15319322)

Scurvy is a vitamin defficiency, not a contagious disease.

My favorite scurvy quote:
"I had a horrible rash, and I was afraid that it was scurvy! I couldn't understand it because I had been making sure to eat lots of spinach. Then I went to the doctor and he said that it was just genital herpes. What a relief!"

Re:scurvy (1)

PrescriptionWarning (932687) | more than 8 years ago | (#15319439)

wouldn't't scurvy induced rats still be ill-tempered? There's nothing worse than a bunch of ill-tempered rats preventing a pirate's crew from drinking rum.

Re:scurvy (1)

dino213b (949816) | more than 8 years ago | (#15319621)

I stand corrected.

Easy... (1, Funny)

WebfishUK (249858) | more than 8 years ago | (#15317716)

if (strcmp(product.ID, "MICROSOFT"))
      exec("DeleteTheBastard.bat");

Data gathering (2, Funny)

LoonyMike (917095) | more than 8 years ago | (#15317733)

How will they collect all the data they need for this? - what OS versions are infected, what are the worms trying to do, etc.

I bet a little help from the MSUpdate ActiveX will be welcome, after all "When you check for updates, basic information about your computer, not you, is used to determine which updates your programs need".
You don't need to know what's going on, just relax and trust them.

Re:Data gathering (0)

Anonymous Coward | more than 8 years ago | (#15317917)

They have a huge client farm that goes out trying websites automaticaly. They *KNOW* when a box has changed. So they can then look at the malware and tackle it. There have even been a few service updates that have come out of this. From vulins that people did not disclose but the malware writers were using. In addition to the stuff they are doing in vista and service packs. They at least know they have screwed up and where.

Re:Data gathering (1)

iminplaya (723125) | more than 8 years ago | (#15319132)

How will they collect all the data they need for this?

I'm sure they can work out a deal with the NSA. The data has already been collected.

Here's a thought! (2, Interesting)

danpsmith (922127) | more than 8 years ago | (#15317737)

Why not just not have the user run as root all the time?

The main difference I've noticed between Linux and Windows is that Linux makes it abundantly easy to run under limited access using password prompting, while Windows tries to prevent you from securing it.

People say that "well you shouldn't run things you don't know." Well, that argument works for computer professionals and people that know what's going on. But to the average user, you should be able to tell what is and isn't going to hurt the system.

If an application needs to access any critical areas of the OS, the running threads, the registry, or anything else deemed critical or potentially harmful, it should prompt for password. This would give IT people a clear message to send to users "If it asks you for your password, make sure you trust the program." While it might be easy to click "yes" or "ok" to everything, because windows is user prompt hell to begin with, typing in and remembering a password takes considerably more work.

Why you would continue to try to patch the holes in the Titantic this way is beyond me. Unless now MS just wants to sell insecure products and then sell you repair kits to fix them.

Re:Here's a thought! (1)

tehshen (794722) | more than 8 years ago | (#15317861)

MS just wants to sell insecure products and then sell you repair kits to fix them.

Bingo.

Re:Here's a thought! (1)

nachoboy (107025) | more than 8 years ago | (#15318636)

If an application needs to access any critical areas of the OS, the running threads, the registry, or anything else deemed critical or potentially harmful, it should prompt for password.

Ask, and it shall be granted [microsoft.com] .

However, the password-prompting behavior isn't the panacea you describe it to be. It works well for people who understand the underlying system including permissions and concepts like user vs. administrator. It doesn't work well for people who just want to get their work done, or download the latest music video. I believe it was Bruce Schneier who said "Given the choice between dancing pigs and security, users will choose dancing pigs every time."

Imagine this scenario:
ITAdmin: "OK, here's your new Vista machine. It has this great new thing that will prompt you for your password for anything potentially affecting the system. When you see the password prompt, make an informed decision about whether you trust the application before typing your password. That way, you'll stay safe against viruses and spyware."
LUser: "Uhh, OK"
(1 month goes by)
LUser: "My machine is running slow and it's got a lot of popups."
ITAdmin: (Examines machine, discovers massive spyware infestation) "Have you been typing your password in the dialogs that come up?"
LUser: "Maybe once or twice, I needed to when I was downloading stuff."
ITAdmin: "@*$%!"

The problem will never be solved by asking users to put in a password (or click an extra confirmation) to run something potentially dangerous, because they'll ALWAYS say yes (dancing pigs every time...). By giving users administrative rights to their own machines, you are saying "I trust you as an all-powerful administrator of this machine. Please make an informed security decision about every piece of software you download before you run it." This is a fundamentally flawed principle, because end users are NOT security professionals, and we shouldn't expect them to be. That is the job of the ITAdmin: he should be taking away administrative rights from end users so that they can't make system-wide changes.

For home users, the problem is much harder. Imagine the conversation above, but replace "ITAdmin" with "SalesGuy". Oh, and by the way, SalesGuy doesn't have a vested interest in the machine once you've handed over your money, so your spyware infection results in just another profit opportunity (replace the last line with "$$$$!").

Re:Here's a thought! (1)

Tony Hoyle (11698) | more than 8 years ago | (#15319742)

The user access control does *not* prompt for a password.

It's just a big dialog with 'OK' on it. Invariably filled with techincal gobbledegook involving Rundll32... we've had big dialogs with 'OK' before in IE and they weren't very effective either.

Re:Here's a thought! (1)

amliebsch (724858) | more than 8 years ago | (#15318709)

Why not just not have the user run as root all the time?

Is that rhetorical, or do you want a real answer? First, Windows has only had user-level permissions since NT. While these are present in XP, and limited users can be created, the default is to create admininstrators because so much legacy software requires it. Fortunately, as legacy software gets older and less common, this problem is decreasing. The upcoming Vista has further workarounds to help run legacy software in limited accounts, and will feature LUA as the default.

Second, LUA not a magic bullet for solving malware problem. Simply put, malware can still run in user space. While running as a limited user protects you against rootkits and comprimising the whole system, it doesn't stop the user from running adware, spyware, or any other code that is annoying or malicious but doesn't require write access to system resources.

Changes the exploits - Auto Immune Response (0)

Anonymous Coward | more than 8 years ago | (#15317811)

I recall another company talking about an automated computer immune system. Sounds like automated discovery and response may be the way the industry is going. I was wondering if this would change the nature of attacks. One possible approach would be to create malware to fake a system into believing some critical dll or exe was infected. Suppose you could create some sort of antisense malware that would behave in a manner indicating malfeasance, but wouldn't actually do anything bad itself. The structure of the malware would be made only to be recognized, but the checksums etc, would actually cause the automatic software to now recognize a critical dll or exe as a foreign invader, and create a sort of auto-immune response. It would be less likely that this approach could be used to execute code, but a DOS might be achieved.

Just once... (4, Insightful)

GigG (887839) | more than 8 years ago | (#15317875)

Just once I'd like to see a story run on /. that involves MS that starts a discussion of the issue in the story and not just collection of attacks on MS. I'm not a big MS fan but it does get old.

Re:Just once... (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#15318033)

Just once I'd like to see mickysoft put out a product that isn't riddled with bugs, holes and the like!

Re:Just once... (1)

snoopyowns (963875) | more than 8 years ago | (#15318057)

I agree. Only 1 out of 10 /. users posts something even relative to the article. 1 out of 10 of those users that posted about the article even have something insightful or interesting to say. Although a lot of people are skeptical about this, I can only hope it will lead to something good, but the thing is, how do you fully automate something like this without having a "Review team" to verify that it is truly a malicious software.

Re:Just once... (2, Insightful)

Billosaur (927319) | more than 8 years ago | (#15318134)

Just once I'd like to see a story run on /. that involves MS that starts a discussion of the issue in the story and not just collection of attacks on MS. I'm not a big MS fan but it does get old.

I suggest a trip to an alternate universe... look MS haters are a dime-a-dozen, but you have to admit it's pretty cheeky of MS to take these steps instead of just cutting down on the problem to begin with. It's like the people who say global warming needs more study, when the global average temperature is going up and the polar caps are shrinking. Do we wait until we're all under water before we do something?

Re:Just once... (0)

Anonymous Coward | more than 8 years ago | (#15318156)

But there is nothing to discuss. Everybody knows that the reason Windows is so vulnerable to "malware" is that users are essentially "encouraged" to run as an "Administrator". To prevent a malware attack, simply running as a limited user would be sufficient -- in fact, most users don't need to install new software anyway. Every time somebody comes to me with a computer and says, "I don't know what is wrong! I can't get online! I can't type reports!" I say, "OK, do you need to play games on this computer?" When the answer is "no", I install Linux. They type reports in OpenOffice and browse the web with Firefox. Since I give them KDE, they hardly notice much of a difference in terms of usability (to the point where they actually use the desktop as a place to store all their files -- just like they did in Windows!). Nobody I have done this for has had a problem, and as far as I know, their computers are still running Linux -- no viruses, no adware, no spyware, no worms.

Also, you should note another key problem with Windows -- the inclusion, by default, of server components. Why are these components included in Windows "Home Edition", whose name suggests that it is intended for people who do not intend to run a server? Why does such a person need to have Samba installed (granted, if they have two computers it might be useful, but why install it before they try to share folders?), and why do they need remote management capabilities? Any IT guy knows that as soon as something can be accessed remotely, it presents a potential security problem -- when I install Linux for people who just need to type reports and browse the web, I never install any servers except CUPS and X, and I never allow remote access to either one. Nobody has complained about being unable to remotely connect to their laptops yet.

Re:Just once... (1)

colinrichardday (768814) | more than 8 years ago | (#15318267)

Why does such a person need to have Samba installed?

When did Microsoft use Samba for file sharing?

Re:Just once... (1)

leuk_he (194174) | more than 8 years ago | (#15318623)

Because the article i quite light on details. There is not much to discuss about it. There is malware and they classify it. period (or "dot")

Re:Just once... (1)

mizhi (186984) | more than 8 years ago | (#15319131)

Perhaps you forgot: This is /.

Website of knee-jerk anti-microsoft rants.

Actual Commentary (1)

mizhi (186984) | more than 8 years ago | (#15319285)

For those that actually read the article, the link to Flake's [blogspot.com] research on this is actually good, meatier reading (though not much more meaty). Granted, it's for another company, not Microsoft, but I imagine that Microsoft will try some similar approaches.

Basically, at Flake's company they have a tool that tells the degree of similarity between two programs. I'm not sure of the actual mechanics of this (if it's 1-by-1 instruction comparison, on a functional level, etc), but it enables them to build taxonomies of malware programs. Trees of programs that are variants of eachother, if related; separate trees if not. It somewhat reminds me of stuff in bioinformatics, though my knowledge of that area is extremely weak.

It's neat stuff if you're interested in that sort of thing.

The rest of you all can go back to bashing Microsoft.

You wonder what department is responsible for it (0)

Opportunist (166417) | more than 8 years ago | (#15317966)

Marketing or acquisitions? I mean, considering the amount of spyware in Vista, I wouldn't deem it impossible that this is an attempt to scout what's to come in the next gen.

After all, when did MS really invent something themselves? :)

And in the next release.... (1)

jefu (53450) | more than 8 years ago | (#15318075)

Microsoft will include a program that determines if another (arbitrary) program will halt if run with no input.

Or maybe I'm way off base and this kind of automatic malware detection seems reasonably computable to people. I can think of so many ways (lots of which have been used in malware) to hide the malware in otherwise innocent programs. But what if I encoded my malware as a turing machine, how would they find out if it is malware without actually running it (or have I missed something?)?

Re:And in the next release.... (1)

colinrichardday (768814) | more than 8 years ago | (#15318296)

Microsoft will include a program that determines if another (arbitrary) program will halt if run with no input.

Miscrosoft solved the Halting Problem? Why am I skeptical?

Re:And in the next release.... (1)

Sam Nitzberg (242911) | more than 8 years ago | (#15318519)

For anyone who needs it, a simple description of why the "Halting Problem" is computationally undecideable.
http://www.csc.liv.ac.uk/~ped/teachadmin/algor/hal t.html [liv.ac.uk]

Re:And in the next release.... (1)

colinrichardday (768814) | more than 8 years ago | (#15319516)

<lovitz>Yeah, that's why I was skeptical!</lovitz>

Re:And in the next release.... (0)

Anonymous Coward | more than 8 years ago | (#15318956)

Or maybe I'm way off base and this kind of automatic malware detection seems reasonably computable to people.

You are just confusing theory with real life. I can tell an apple from and orange. Easy. While it's true, there are theoretically possible configurations of atoms which I can't tell if they are an apple or an orange, it's not really important to sorting the two in real life.

Microsoft doens't have to come up with something that's 100% for every possible computer program. They just need something that's reliable.

I recently heard someone say something was too hard to solve because it was equivalent to the knapsack problem. It was equivalent to ~10 sacks and 100 items. Very solvable.

I was trying to solve a different prolbem and also figured out it was NP hard and n was large (800000). I had no need for a perfect solution, so knowing this told me not to bother trying to find a perfect solution, just one that was good enough, but still fast.

I guess I'm trying to say, I've seen people ignore theory for real life and ignore real life for theory. Both are mistakes.

wtf! (3, Funny)

Observador (224372) | more than 8 years ago | (#15318076)

I was reading the slashdot feed on my cell and the title only showed:

microsoft to automate malware

and I went like: wtf! haven't they done enough already?

mind you, not an hour ago I was removing over a hundred pieces of malware that a client had. all of them on just two machines...

And we all know why (2, Funny)

tbone1 (309237) | more than 8 years ago | (#15318154)

It's easier to say something isn't a threat than to actually, you know, do something about it.

"That isn't cancer, Mrs. Jones, we've redefined it as a sniffle."

Stick to one thing and keep out of trouble. (1)

Monster_Juice (939126) | more than 8 years ago | (#15318167)

I don't have great confidence that Microsoft will plug security holes as fast if they SELL a product that can block Malware. I can see Microsoft updating their Malware detector to remove the threat and later patching Windows while Symantec and McAfee scream foul.

What is going to happen when Microsoft makes a more secure OS and the need for virus scanners and the like are no longer needed? Are we going to have another court case? I can just see a judge now saying that they have to have no less than one known vulnerability at a time so as not to run the anti-virus companies out of business.

Why not just chuck Windows and start over? (1, Interesting)

Anonymous Coward | more than 8 years ago | (#15318191)

Seriously. They're wasting billions on patching up what they've got and bolting on features to deal with its inherent problems. It's pretty clear to everyone at this point that pretty soon the whole house of cards is going to come crashing down.

Instead of trying to make the existing system smart enough to classify what's attacking it, why don't they just step back and make a whole new system secure enough that it doesn't needs an attacker classification system in the first place?

Vista is years overdue and has been gutted of all of its compelling features. When it's ships it's going to be XP+eyecandy, and as a result is going to be a flop-- so why not get a skunk works operation going now to develop a 100% new Windows OS, backward compatibilty be damned. Once they get that working, then add a 'classic' Windows compatibility environment to aid in the transition from old OS to new.

They have no qualms about copying anything else Apple does, so why not do that? It's arguably one of the things that saved Apple from oblivion and brought about their renaissance. Now it could do the same for Microsoft.

LOL! (0)

Anonymous Coward | more than 8 years ago | (#15318231)

When I opened /. this was the second story. Headline (before scrolling) read
"Microsoft to automate malware"

I don't know if you guys did that on purpose, but thanks, I needed a good laugh today.

Microsoft To Automate Malware (1)

Richard Frost (18848) | more than 8 years ago | (#15318258)

Has Microsoft not done enough to harm us? Now they have to go and automate malware?

(RTFA? This is slashdot! I didn't even finish reading the summary title!)

Slashdot To Automate Troll Classification (0)

Anonymous Coward | more than 8 years ago | (#15318277)

Kuzulu Kuhuru writes "Researchers in Slashdot's anti-troll engineering team are using distance measure and moderator learning technologies to automate the process of classifying new strains of offtopic posts, Flamebaits and other malicious posters." From the article: "Slashdot's proposal will take a 'holistic approach' to tackle the classification problem, Taco said, pointing out that the moderator learning aspects will deal with everything, from groupthink 'me-too' posters, verbal masturbation and karma whore-age, to Slashdot cliché generation and selection. It aims to consume knowledge about the troll sample efficiently and automatically and represent that knowledge in a form that results in minimal information loss. "

Super, a holistic approach (2, Funny)

LordSnooty (853791) | more than 8 years ago | (#15318288)

Now Microsoft engineers sound like my PHB.

Re:Super, a holistic approach (1)

50m31sl4sh. (854939) | more than 8 years ago | (#15318593)

No shit, their holistic approach will allow them to leverage the synergies, induce a paradigm shift, maximize the ROI, optimize critical deliverables, incubate ubiquitous technologies, enhance distributed solutions, deliver proactive applications, reinvent virtual applications, empower cross-platform experiences, grow global partnerships and recontextualize chair-throwing monkey methodologies!

Nonsense (1)

Tom (822) | more than 8 years ago | (#15318333)

Build a smarter virus-scanner and virus-authors will write smarter virus code. We've had that 20 years ago.

Automatically running any downloaded code in a sandbox until the user explicitly asks for it to be installed locally (say, after testing it out in the sandbox) would be a much simpler and much more effective step. There's 5-10 others, like not making the default user an admin, etc.

But maybe marketing just didn't "get" them as well as "look here, shiny new technology".

I wonder... (0, Redundant)

AlgorithMan (937244) | more than 8 years ago | (#15318516)

classifying new strains of computer viruses, Trojans and other malicious software programs.
I wonder how it would classify Windows XP and Vista... Spyware I guess...

but seriously - this would all be unneccessary if ms were able to develop an OS instead of swiss cheese... or people would stop using the swiss cheese...

But I thought... (0)

Anonymous Coward | more than 8 years ago | (#15318566)

Vista couldn't get malware

Talk about Fluffling up a Paper (1)

neonprimetime (528653) | more than 8 years ago | (#15318610)

The process of classifying malware samples into families is mainly driven by the following steps,
1. Analyze an Object (sample).
2. Represent and store knowledge of the object in a structured format.
3. Reference learned knowledge, apply classifiers to recognize familiar patterns and correlate similarities.


To me that's just like saying ...

The process of taking notes in class is,
1. Listen to the speaker
2. Write down what he's saying
3. Read it later to study for your exam

What a time saver (1)

dtfinch (661405) | more than 8 years ago | (#15318676)

Now some security researcher won't have to spend an hour a day classifying new viruses. They'll save thousands of dollars every year, minus the costs of training, debugging, and verification, and whatever it cost to write the thing.

Bloody marvellous! (1)

Dorsai65 (804760) | more than 8 years ago | (#15318686)

The number and severity of Windows viruses and malware has now reached the point where MS finds it worthwhile to automate the process --- presumably because doing it manually simply takes up too much (expensive) human intervention for them.

Maybe it's time that some authority figure(s) at MS took a step back and re-thought their security model? Nah.....

Free publicity?? (1)

throbi (958043) | more than 8 years ago | (#15318708)

Hey, people! At the time I write this only on this page I've found the name of that company 22 times. Could you just stop writing down that name? At least for a day?

Sung to the tune of "lolipop" (0)

Anonymous Coward | more than 8 years ago | (#15319454)

Microsoft, Microsoft, ooh Mi-mimi-mimimi-Microsoft!
Badum-dum-dum...

Seriously, though, if you think mentioning the name of a company that everyone here knows about is going to give free publicity in a discussion about said company........... well, you're just plain dumb.

Now THIS is funny! (2, Insightful)

ratboy666 (104074) | more than 8 years ago | (#15318736)

Imagine -- so much malware that there is a REAL TEAM working on the problem of automatically classifying it!

Wow...

Now that I am finished laughing (and it was a good one)...

Ratboy

This is excellent news! (1)

number6x (626555) | more than 8 years ago | (#15318782)

Now the black hats can

  • hack Microsoft's automated classification system
  • classify their own malware as benign
  • classify anything that detects their malware as malware
  • rent space on all the zombified Windows boxes to spammers
  • profit
  • retire early

Thanks Microsoft, you are working so hard to make all those black hat crackers life easy! (and for finally removing that pesky ???? that kept getting in the way of profit here at slashdot)

I think I'll invest in retirement villas in the Caspian Sea area.

Just like the M$ Firewall?? (1)

business_kid (973043) | more than 8 years ago | (#15318937)

Do we Remember the M$ Firewall? There's only so many compilers out there (m$ use Borland) so it was quickly decoded, and cracked. Then the Security advice was "Whatever you do, DON'T RUN THE M$ FIREWALL" There were guys out scouring the 'net for someone stupid enough to be running a m$ firewall. I think someone in there dreams of taking over the Internet one day... Thank goodness for GNU & Linux.

Ohhh, minimalist code contest!!!! (1)

tinkerghost (944862) | more than 8 years ago | (#15318985)

if ($program_info{'author'} != 'MS'){$program_info{'type'}=('Virus','Trojan','Spy ware')[rnd(0,3)];}
Whoot 1 line!

Re:Ohhh, minimalist code contest!!!! (1)

tinkerghost (944862) | more than 8 years ago | (#15319340)

ohh, look, just like MS I can do overflows with poorly written code --- does that make me worth 50Bn?
should be rnd(0,2)
bad fingers... bad fingers.

HOTMAIL 2.0 (1)

Bruteus (973833) | more than 8 years ago | (#15319164)

Automate Malware, sorry your current Hotmail account only accepts maleware! You can not use it for anything useful other than receive spam mail. Please upgrade to our newest release Hotmail 2.0. Watch the Butterfly fly faster!

whatever happened to.. (1)

lon3st4r (973469) | more than 8 years ago | (#15319367)

whatever happened to.. "It's not a bug, it's a feature"?

where's this heading? (1)

lon3st4r (973469) | more than 8 years ago | (#15319428)

step #1: create sw with large gaping holes for worms and viruses

step #2: wait till market is ripe for a/v software

step #3: buy an a/v software maker, offer a/v product for free

step #4: wait for ppl to get hooked

step #5: announce that a/v software may not be in the future

step #6: automate malware classification

step #7: ..???

Fix the problem (1)

PhYrE2k2 (806396) | more than 8 years ago | (#15319470)

Or you can protect the user in the first place by providing informed prompts and enabling the user to make the right and/or wrong choices. You can keep an outgoing firewall closed by default and authorize applications one by one, and be sure to protect the user from anything manipulating these dialog boxes.

Why start trying to identify it? Let the user identify it and you just keep it from doing any damage.

-M

First tell us what it does (1)

Beryllium Sphere(tm) (193358) | more than 8 years ago | (#15319761)

>distance measure and machine learning technologies
>take a 'holistic approach'
>knowledge consumption
>classifier model generation and selection
>consume knowledge

Could someone who speaks that language take a stab at translating it for us? Could someone familiar with the technology tell us whether the "knowledge consumption" might consumer mjore knowledge than it's supposed to and leave us dumber, as reading the article summary did?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?